Endpoint Protection

We have a SEPM (11 RU6MP1) that had stopped updating all content a few days ago.  Running liveupdate from the SEPM console resulted in failure with 'return code = 4'.  I therefore attempted to run LUALL in interactive mode and received a failure (LU1835) stating the server did not respond in a timely fashion.  Eventually I discovered that if I deselect TruScan proactive threat scan whitelist WIN32 11.0 and TruScan proactive threat scan whitelist WIN64 11.0 then it would update all the other components. 

So now I'm stuck with how to update these two components.  Anyone got any ideas?

P.S. There is no Proxy server or firewall

can you post the log.liveupdate?

for lu 1835 issue, check if this link

http://www.symantec.com/business/support/index?page=content&id=TECH101807

Pete, I've attached log and will start working through the solutions on the link you posted

thanks

Adey

Attachment(s)

Log.LiveUpdate_17.txt   5.44 MB 1 version

ok, if the article does not help.

browse to the path :\document and settings \All users\Application Data\Symantec\Liveupdate folder in setting.liveupdate file, uncheck "Read only" and then edit the following lines

preferences\internet_connect_timeout = (increase default time) to 600
preferences\internet_read_data_timeout = (increase default time) to 600

save the file and then make it "Read only". This should solve the problem

SEPM (11 RU6MP1)

I really recommend upgrading to the latest available release.  RU6 MP1 is very old at this point.  There are hundreds and hundreds of fixes, enhancements and improvements that you can avail of by upgrading to RU7 MP2.

Release notes for Endpoint Protection and Network Access Control 11
Article: TECH103087   |  Created: 2007-01-12   |  Updated: 2012-04-26   | 
Article URL http://www.symantec.com/docs/TECH103087
 

Here's how to upgrade:

Migrating to Symantec Endpoint Protection 11.0.7200 (RU7 MP2)
Article: TECH187333   |  Created: 2012-04-25   |  Updated: 2012-04-25   | 
Article URL http://www.symantec.com/docs/TECH187333 
 

Hope this helps!!

A success of sorts. LiveUpdate now completes and does update AV defs etc but is still failing to update the 'whitelists'.

A manual interactive LU will returns the following:

Also attached is the latest liveupdate log if this helps

thanks,

Adey

can you please attach the logs?

We will more than likely upgrade to SEP 12.1 in the future and I read somewhere that there was no supported upgrade path from 11 RU7 to 12.1.  I would only want to upgrade as a last resort if I can't get this fixed as it isn't isolated to just one site.  I've since found out that colleagues around the city are also experiencing this problem on some of the SEPMs they look after, but it is my job to find a fix for them and asking them to upgrade on the hope that it will fix it, will not go down too well.

Thought I'd attached it. Doh!

Attachment(s)

Log.LiveUpdate_19.txt   2.89 MB 1 version

suggest to open a support ticket, two content out of 7 failed. the error seen is "

17/05/2012, 12:52:48 GMT -> CSendHTTPRequest::SendRequest - Unhandled WinInet Error occurred: err=  12152; desc = The server returned an invalid or unrecognized response

17/05/2012, 12:52:48 GMT -> HttpSendRequest (status 500): Request failed - The LiveUpdate server encountered an error, which prevented it from completing the requested operation.

"

Ok, thanks for your help

Hello,

Upon checking the Logs: we see the below error:

I increased the timeouts to 6000 secs as suggested by Mithun and this morning found the SEPM had updated all components.  So, thinking this was the fix, I informed my colleagues and advised them to change the timeouts as well.  However, they have reported back to me that all their SEPMs updated last night too, without any changes being made?!

So now I'm thinking it was probably a LiveUpdate server comms issue?

Anyhow, many thanks to you all for your input on this.  It's just a shame we can't diagnose what the actual problem was.

Kind regards

Adey

it is not that you will face the issue all the time, if the times out then you will encounter,

Hello,

I agree with Pete. This is not a usual behaviour of Liveupdate Failing.

However, you could keep this issue under observation and check if the next few updates happen without any issue.

Hope that helps!!