Hi Guys,
Im having trouble with my GUP clients at a state office not getting updates.
Current setup:
I am running SEP MR4
The local file server is the GUP and the server at head office is the SEPM (Connected via VPN)
The GUP machine never has trouble getting the latest defs however GUP clients are having trouble getting definitions.
The SEPM Group contains all state office clients and the GUP is in the same group.
The LU policy specifies to use a GUP - bypassing after 8 hours (dont really ever want to bypass)
I have confirmed the client, GUP and SEPM are all set to the same policy revision (no issue with obtaining policies from the server).
Please note: the GUP is 10.0.43.1 - no firewall
The clients can telnet to the GUP on port 2967 and port 80
The clients can connect to
http://<SEPM>/secars/secars.dll?hello,secars - OK
I have enabled sylink debugging on a state office
client (not the GUP) and restarted the SEP service (smc -stop/start) and have noted some interesting issues in the sylink output:
06/10 10:55:22 [2196] <LUThreadProc>Starting LU download.
06/10 10:55:22 [2196] <LUThreadProc>Got a valid context from GetCurrentServerEx
06/10 10:55:22 [2196] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
06/10 10:55:22 [2196] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90609022/Full.zip
06/10 10:55:22 [2196] <GetLUFileRequest:>IIS URL: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90609022/Full.zip
06/10 10:55:22 [2196] <GetLUFileRequest:>
http://10.0.43.1:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90609022/Full.zip
06/10 10:55:22 [2196] <GetLUFileRequest:>NEW download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF6.tmp
06/10 10:55:22 [2196] <UpdateLUFileList:>Updating existing Download File List with : {C60DC234-65F9-4674-94AE-62158EFCA433}90609022
06/10 10:55:22 [2196] <UpdateLUFileList:>Updating existing Download File List Temp file name from: to C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF6.tmp
06/10 10:55:38 [3260] <CSyLink::mfn_DownloadNow()>
06/10 10:55:38 [3260] </CSyLink::mfn_DownloadNow()>
06/10 10:55:41 [2196] <GetLUFileRequest:>
Send Request failed.. Error Code = 12029
06/10 10:55:41 [2196] <ParseErrorCode:>12029=>The attempt to connect to the server failed.
06/10 10:55:41 [2196] <GetLUFileRequest:>IIS return=0
06/10 10:55:41 [2196] <ParseErrorCode:>12029=>The attempt to connect to the server failed.
06/10 10:55:41 [2196] <GetLUFileRequest:>COMPLETED
06/10 10:55:41 [2196] <LUThreadProc> -
GETLUFILE_CONNECTION_ERROR getting content moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}; revision: 90609022 from server: 10.0.43.1
06/10 10:55:41 [2196] LU file download failed due to HTTP error:0
06/10 10:55:41 [2196] <CExpBackoff::Increment()>
06/10 10:55:41 [2196] Backoff index incremented
06/10 10:55:41 [2196] Backoff wait index: 1
06/10 10:55:41 [2196] </CExpBackoff::Increment()>
06/10 10:55:41 [2196] <CExpBackoff::Wait()>
06/10 10:55:41 [2196] CExpBackoff wait time in seconds: 32
06/10 10:56:11 [2196] </CExpBackoff::Wait()>
It appears to try this 3 times each time doubleing the backoff wait time to 64 and 128 with the same errors each time. Then this happens.
06/10 10:57:51 [2196] CExpBackoff wait time in seconds: 128
06/10 10:58:34 [3260] <CSyLink::mfn_DownloadNow()>
06/10 10:58:34 [3260] </CSyLink::mfn_DownloadNow()>
06/10 10:59:33 [3260] <CSyLink::mfn_DownloadNow()>
06/10 10:59:33 [3260] </CSyLink::mfn_DownloadNow()>
06/10 10:59:53 [2196] </CExpBackoff::Wait()>
06/10 10:59:53 [2196] SyLinkDeleteConfig => Deleting instance: 019F5600
06/10 10:59:53 [2196] <IsLUTempFileValid:> File: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF6.tmp is currently used
06/10 10:59:53 [2196] <IsLUTempFileValid:> File: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF7.tmp is currently used
06/10 10:59:53 [2196] <IsLUTempFileValid:> File: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF8.tmp is currently used
06/10 11:00:32 [3260] <CSyLink::mfn_DownloadNow()>
06/10 11:00:32 [3260] </CSyLink::mfn_DownloadNow()>
06/10 11:00:52 [2196] SyLinkCreateConfig => Created instance: 019F5600
06/10 11:00:52 [2196] Importing ConfigObject: 01A8FE78 into: 019F5600
06/10 11:00:52 [2196] <LUThreadProc> Got ConfigObject to proceed the operation.. pSylinkConfig: 019F5600
06/10 11:00:52 [2196] <LUThreadProc>Starting LU download.
06/10 11:00:52 [2196] <LUThreadProc>Got a valid context from GetCurrentServerEx
06/10 11:00:52 [2196] <LUThreadProc>Setting the session timeout on LUSession to 2 min.
06/10 11:00:52 [2196] <mfn_MakeGetLUFileIISUrl:>Requested Content Path is: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90609022/Full.zip
06/10 11:00:52 [2196] <GetLUFileRequest:>IIS URL: /content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90609022/Full.zip
06/10 11:00:52 [2196] <GetLUFileRequest:>
http://10.0.43.1:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/90609022/Full.zip
06/10 11:00:52 [2196] <GetLUFileRequest:>RESUME download: C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\
LUF6.tmp
06/10 11:00:52 [2196] <GetLUFileRequest:>@@@@@@@@@ LU DEBUG ONLY-
Download file failed due to wrong file size.
FileName:C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF6.tmp Expected file size: 50642232 Actual file size: 0
06/10 11:00:52 [2196] <GetLUFileRequest:>COMPLETED
06/10 11:00:52 [2196] <LUThreadProc> - GETLUFILE_WRONG_FILE_SIZE_ERROR getting content moniker: {C60DC234-65F9-4674-94AE-62158EFCA433}; revision: 90609022 from server: 10.0.43.1
06/10 11:00:52 [2196]
LU file download failed due to HTTP error:0
06/10 11:00:52 [2196] <CExpBackoff::Increment()>
06/10 11:00:52 [2196] Backoff index incremented
06/10 11:00:52 [2196] Backoff wait index: 4
06/10 11:00:52 [2196] </CExpBackoff::Increment()>
06/10 11:00:52 [2196] <CExpBackoff::Wait()>
06/10 11:00:52 [2196] CExpBackoff wait time in seconds: 256
This happens 3 times for LUF6 - LUF7 and LUF8
The C:\Program Files\Symantec\Symantec Endpoint Protection\LiveUpdate folder on the client (not the gup) trying to update has a single LUF6.tmp file of 0 bytes in it.
I am not sure what the problem is here, on the Group update provider, 10.0.43.1, the Shared Updates direcory is populated with a number of files including one labelled:
"#content#
{C60DC234-65F9-4674-94AE-62158EFCA433}#90609022#xdelta90608051!dax" - 301KB - which was published Today. Numerous references are made to this file in the Sylink log above.
Can anyone who has expertise in these debug logs please let me know if there is anything I can check to get this working.
This is happening on numerous pcs.
Thank you very much.
Edit:
I have discovered this:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040113243148
Which has a section clearly showing my error logs under the heading:
"Below is what you will see in the Sylink if the GUP is off line:"
I am not sure how it believes the GUP is offline...
Investigating...still hoping for some tips guys.