Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Symantec Endpoint Protection Manager 11.0.6a 64 bit client not updating

Created: 01 Jun 2010 | 30 comments

In Brief,
Test server is in an isolated environment with no internet access.
Background info:

Brand new install 2k8 64 bit non R2
SEPM 11.0.6a

Test clients : 2003 r2 sp2 x86, 2008 64bit non r2, 2003 r2 sp2 x64, win7 x64

Issue :

After deploying the jdb file, x86 definition got installed on SEPM.
x64 definition got an error when trying to update.

According to "Admin" tab --> "servers" section --> local site, it should constantly "rapid response content failed to install".

Any clue guys ?

Thanks in advance.

Comments 30 CommentsJump to latest comment

Ken2639's picture

Sorry for the typo,

According to "Admin" tab --> "servers" section --> local site, it should constantly "rapid response content failed to install".

should be :-

According to "Admin" tab --> "servers" section --> local site, it's constantly showing "rapid response content failed to install".

instead.

Thanks.

sandra.g's picture

Is the JDB the Rapid Release defs, or the Certified Daily definitions?

From another post I made, may not all be relevant, but what the hey...

1- Try emptying this folder; are you using LiveUpdate Administrator, too?
C:\Program Data\Symantec\LiveUpdate\Downloads

2- Make sure the following folder exists:
C:\Program Data\Symantec\Definitions\SymcData\sesmvirdef32
(there should also be a sesmvirdef64 folder there too)

(https://www-secure.symantec.com/connect/forums/sep...)

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Ken2639's picture

To all, I will try the opinions one by one.
Thanks for all the reply.

I will response as I progress. Thanks all :)

pete_4u2002's picture

do let know if the link is helpful in addressing the issue

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009050115353048

AravindKM's picture

Try this
How to clear corrupt Virus Definitions from SEPM

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Ken2639's picture

Thanks for the link. I tried it out. Doesn't work for my case.

Thanks for the info. If you have further info regarding to this . feel free to let me know.

Thanks !

P_K_'s picture

1. Stop   the SEPM server service.

2. Go to "…\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and deleted all the sub folders

3)  Go to C:\Program Files\Common Files\Symantec Shared\SymcData\ and delete the following folders:
sesmipsdef32
sesmipsdef64
sesmvirdef32
sesmvirdef64

4)In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps.
Delete these keys
SymcData-sesmipsdef32
SymcData-sesmipsdef64
SymcData-sesmvirdef32
SymcData-sesmvirdef64

5). In the registry, navigate to and delete the following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64

6). Start the SEPM service back up.

7). Apply the jdb

Symantec Endpoint Protection Manager 11.x is not updating 32 or 64 bit virus definitions.http://service1.symantec.com/support/ent-security.nsf/docid/2008041516215948

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Ken2639's picture

It doesn't seem to have an impact on the issue.

Any other suggestion you may have ?

Thanks :)

Ken2639's picture

Tried  doesn't do the trick. I'll keep trying. if you happen to come across any further suggestion let me know. thanks again . ! :)

Rafeeq's picture

when your downloading JDB make sure you are downloading one for 64 bit sepm;
there is two one is for 32 bit sepm and one is for 64 bit sepm
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

restart sepm service one you put the jdb file

sandra.g's picture

The JDB is listed in two different places, but there is no 64-bit-specific JDB file.  It is the same file.  The MD5 hash is exactly the same in both places.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Ken2639's picture

Thanks for the suggestion,

jdb folder looks clean in my scenerio. Thanks for the advice. If you come up with other suggestion. Feel free to let me know. Thanks again :)

Ken2639's picture

JDB file are for SEPM use and they contain both 32bit and 64bit definition embedded.

Rafeeq's picture

yes sir; I know that; since your manager is in 64 bit did u download the jdb file for 64 bit manager???

Ken2639's picture

The same jdb file can be applied on both 32bit or 64bit management console..... unless they changed now. I had been using this method since 11.0.2x. It will be a bad news to know if thy changed now.... anyway, I will try it out and get back to you.

Thanks for the suggestion.

Vikram Kumar-SAV to SEP's picture

Yes.. but it depends if your sepm is installed on 32 or 64 bit machine
check the link below
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Ken2639's picture

The same jdb file can be applied on both 32bit or 64bit management console ..... unless they changed now. I had been using this method since 11.0.2x. hopefully they didn't changed now.... anyway, I will give it a shot and get back to you.

Thanks for the suggestion. :)

sandra.g's picture

FYI, regarding that document, I went through it and updated errors I found that were present.

Title: 'How to update definitions for Symantec Endpoint Protection Manager using a JDB file'
http://service1.symantec.com/SUPPORT/ent-security....

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

sandra.g's picture

The sesmlu.log file should record what happened when the JDB was applied.  (Default location: %program files%\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\)

Bear in mind that the other types of content have no similar off-line method of updating as the JDB does for Antivirus definitions.  Is your production machine going to be isolated in the same way?

There is only one JDB file.  It happens to be noted in two places on the download page, but the MD5 hashes are the same, file names are the same, file sizes are the same.   The download links are the same. From the definition download page:

Symantec Endpoint Protection Manager installations on Windows platforms (32-bit)
File Name     Creation Date     Release Date     File Size     MD5 | all
vd318402.jdb | FTP     06/02/2010     06/02/2010     80.12 MB     6F8AE060DD5A23CDFF6ECA2D255885D6
Download link: http://definitions.symantec.com/defs/jdb/vd318402.jdb

Symantec Endpoint Protection Manager installations on Windows platforms (64-bit)
File Name     Creation Date     Release Date     File Size     MD5 | all
vd318402.jdb | FTP     06/02/2010     06/02/2010     80.12 MB     6F8AE060DD5A23CDFF6ECA2D255885D6
Download link: http://definitions.symantec.com/defs/jdb/vd318402.jdb

It is possible that when the document was created there were two separate JDBs, but that is not the case now.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Ken2639's picture

Thanks for clairifying about the JDB file. We had been using the .jdb file for deployment method since MR2.

Yes, my test environment is isolated to internet access . This is the default production environment as well.

I will go gather the log and attach back on my next reply.

Thanks !

Ken2639's picture

here's the SesmLu.log.

In the mean time, I will try uninstall and reinstall live update see if it will help after this post.

Thanks.

AttachmentSize
SesmLu.zip 330.97 KB
Ken2639's picture

I took a look on the log. It looks like the liveupdate is missing or cannot locate a module.

I will proceed with uninstall and reinstall liveupdate and "reconfig" the database and see how it goes.

I will keep everyone updated.

Thanks for everyone's involvement.

Appreciated.

Vikram Kumar-SAV to SEP's picture
SesmLu: CoCreateInstance failed to create an IluProductReg instance: (-2147024770) The specified module could not be found.
 
 at .\SesmLu.cpp[677]

Give full permission on data folder (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data)..and try the commands below

"C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\LuCatalog.exe" -cleanup

"C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\LuCatalog.exe" -update

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Ken2639's picture

Thanks for the suggestion,

I confirmed it already has full permission.

Cheers.

Vikram Kumar-SAV to SEP's picture

For re-installing liveupdate follow this doc
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100907303548

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

sandra.g's picture

I see this and immediately think DCOM permissions...

[0910:0620] Jun 02 10, 11:58:36 AM ERROR  SesmLu: Failed to initialize COM. Aborting. at .\SesmLu.cpp[144]

See the bottom section of this document, "Checking DCOM settings":

Title: 'Troubleshooting Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection installations: Checking rights and permissions'
http://service1.symantec.com/SUPPORT/ent-security....

Fingers crossed,
sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

Ken2639's picture

I eventually did couple things.

  1. Build another server with same h/w spec and install SEPM on it and confirm installation steps are correct.

  2. Applied June 2 , 3 , 4 definition on the new build server to confirm definition are working correctly.
  3. Compared security and permission setting as suggested by Sandra (http://service1.symantec.com/SUPPORT/ent-security....)
  4. Make the changes on the non working machine referencing to the working one.
  5. Uninstall liveupdate the add / remove program on the not working machine.
  6. Rebuild the DB on SEPM
  7. Reinstall Live update 3.3 from the Installation CD.
  8. Reapply definition file from June 2, 3, 4 .
  9. Verify with the test clients will they update to the above 3 definitions.
  10. Completed. Problem Solved.

Thanks for everyone help along the way.

Appreciated.