Video Screencast Help

Upgraded from SEPM from 11.0.6 to 12.1, SEPM not updating

Created: 17 Jan 2013 | 20 comments

Hi,

Upgrade went on successfully, but SEPM is not downloading new virus definitions. Virus definitions are still on the last day before the SEPM was upgraded. When I launch liveupdate, as per log extract below I get message 'No updates found for Symantec Endpoint Protection Win32 11.0.7000.975 (English).'

 January 17, 2013 10:45:09 AM GST:  No updates found for SONAR scan engine Win64 11.0.

January 17, 2013 10:45:09 AM GST:  No updates found for Submission Control signatures 11.0.

January 17, 2013 10:45:09 AM GST:  No updates found for Submission Control signatures 12.1.

January 17, 2013 10:45:09 AM GST:  No updates found for SONAR scan data 11.0.

January 17, 2013 10:37:36 AM GST:  Symantec Endpoint Protection Manager could not update SONAR scan whitelist Win32 11.0.

January 17, 2013 10:37:36 AM GST:  Symantec Endpoint Protection Manager could not update TruScan proactive threat scan commercial application list Win64 11.0.

January 17, 2013 10:37:36 AM GST:  No updates found for SONAR scan commercial application engine 11.0.

January 17, 2013 10:37:36 AM GST:  Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win64 12.1.

January 17, 2013 10:30:05 AM GST:  No updates found for SPC AntiVirus Client Mac 11.0 (English).

January 17, 2013 10:24:49 AM GST:  LUALL.EXE has been launched.

January 17, 2013 10:23:55 AM GST:  No updates found for Symantec Endpoint Protection Win64 11.0.7000.975 (English).

January 17, 2013 10:23:55 AM GST:  No updates found for Symantec Endpoint Protection Win64 12.1 (English).

January 17, 2013 10:23:54 AM GST:  No updates found for Symantec Endpoint Protection Win32 11.0.7000.975 (English).

January 17, 2013 10:23:54 AM GST:  No updates found for Symantec Endpoint Protection Win32 12.1 (English).

January 17, 2013 10:20:07 AM GST:  No updates found for SONAR scan engine Win32 11.0.

Any help will be most welcomed.

Arvind

Comments 20 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Try to reinstall latest live update.

 

indows LiveUpdate Client for Use with Symantec Endpoint Protection Manager 12.1

Article:TECH181305  |  Created: 2012-02-13  |  Updated: 2012-11-20  |  Article URL http://www.symantec.com/docs/TECH181305
 

 

How to Uninstall and Reinstall LiveUpdate on SEPM 12.1 (Enterprise Edition or Small Business Edition)

Article:TECH171060  |  Created: 2011-10-04  |  Updated: 2013-01-02  |  Article URL http://www.symantec.com/docs/TECH171060
 

 

Thanks In Advance

Ashish Sharma

 

 

SebastianZ's picture

Try to reinstall and re-register the Liveupdate with SEPM as per steps below:

 

1. Remove Live update from "Add/ Remove Programs"

2. Reboot the machine

3. In Windows Explorer, if they are present delete the following folders, without saving the existing content:

- C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate

- C:\ProgramData\Symantec\LiveUpdate

- C:\ProgramData\Application Data\Symantec\LiveUpdate

- C:\Program Files\Symantec\LiveUpdate

4. Install LU using lusetup.exe from the SEPM 12.1 install media (execute with local admin rights - build in administrator)

5. in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin:

- Type lucatalog -cleanup and press Enter.

- Type lucatalog -forcedupdate and press Enter.

6. in  C:\Program Files (x86)\Symantec\LiveUpdate start luall.exe (execute with local admin rights)

 

...additionaly check the logliveupdate.log on the SEPM (http://www.symantec.com/docs/TECH92881) -> there you should see some more detailed errors.

Rafeeq's picture

Post the log.liveupdate found under

and make sure to set the proxy and re-register liveupdate

http://www.symantec.com/business/support/index?pag...

http://www.symantec.com/business/support/index?pag...

whats the current version of definitions you see in the management console?

 

Gavinash's picture

Current version of definition is 13/01/2013 r9. I have uninstalled Liveupdate, installed LUSETUP_3.3.1.23.EXE and ran command lucatalog but SEPM is still not updating. I am still having same message:

January 17, 2013 6:45:58 PM GST:  No updates found for SPC AntiVirus Client Mac 11.0 (English).
January 17, 2013 6:45:57 PM GST:  No updates found for Symantec Endpoint Protection Win64 11.0.7000.975 (English).
January 17, 2013 6:45:57 PM GST:  No updates found for Symantec Endpoint Protection Win64 12.1 (English).
January 17, 2013 6:45:56 PM GST:  No updates found for Symantec Endpoint Protection Win32 11.0.7000.975 (English).
January 17, 2013 6:45:56 PM GST:  No updates found for Symantec Endpoint Protection Win32 12.1 (English).
January 17, 2013 6:42:09 PM GST:  No updates found for SONAR scan engine Win32 11.0.
January 17, 2013 6:19:17 PM GST:  No updates found for SONAR scan engine Win64 11.0.
January 17, 2013 6:19:17 PM GST:  No updates found for Submission Control signatures 11.0.
January 17, 2013 6:15:31 PM GST:  No updates found for SONAR scan data 11.0.
January 17, 2013 6:00:30 PM GST:  No updates found for SONAR scan commercial application engine 11.0.
January 17, 2013 4:21:58 PM GST:  LiveUpdate succeeded.

I have also tried to apply the latest certified definitions.
Moved the latest .jdb file (vd3c6210.jdb) to folder
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming; the folder vd3c6210.jdb.2013-01-18-10-27-51 appears, but no update is done; the .jdb file is renamed to vd3c6210.jdb.err

I am attaching the Log.LiveUpdate. Any help will be most welcomed.

Arvind

AttachmentSize
Log.zip 66.57 KB
SebastianZ's picture

The entries from 18.01 show 21 updates installed - can you confirm that on the SEPM?:

 

1/18/2013, 6:09:37 GMT -> EVENT - SESSION END SUCCESSFUL EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 21 updates available, of which 21 were installed and 0 failed to install.  The LiveUpdate session exited with a return code of 1800, Success

 

...what looks odd though is that the version of installed definitions is in each of those updates reported as "0":

1/18/2013, 6:09:37 GMT -> EVENT - PRODUCT UPDATE SUCCEEDED EVENT - Update available for SEPM Virus Definitions Win64 (x64) v12.1 - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 0 to 130117016. Server name - liveupdate.symantecliveupdate.com, Update file - 1358468970jtun_emt64sep12enccur26.m26, Signer - cn=Symantec Corporation,ou=Locality - Culver City,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1800, => Success

 

Can you check following patch what version of definitions is reported there:

 

- c:/[SEPM install folder]/Inetpub/content/[535cb6a4......]/ - what is the name of latest folder? Does it have any files in it?

- c:/ProgramData/Symantec/Definitions/SymcData/spcvirdef32 (or spcvirdef64)/ - same question as above?

Gavinash's picture

Dear Sebastian,

The folder c:/[SEPM install folder]/Inetpub/content/[535cb6a4......]/ does not exist on the server; I am attaching a screen shot of the folders available.

As for C:\Program Files\Common Files\Symantec Shared\SymcData\spcvirdef32 (or spcvirdef64), both folder exist and have data as at 18/01/13 13:27.

Will I be able to get the SEPM to update or not? There are 425 clients connected to the SEPM with definition of 13/01/13.

Please help me to sort out this issue. Thanks.

Arvind

Inetpubcontent folder.jpg spcVirDef32.jpg spcVirDef64.jpg
Rafeeq's picture

do a repair of sepm from add/remove programs and run liveupdate from SEPM.

pete_4u2002's picture

till the time can you manually update the SEPM using the jdb file?

How to update definitions for Symantec Endpoint Protection Manager using a JDB file

http://symantec.com/docs/TECH102607

SebastianZ's picture

Something went wrong during the upgrade - the following monikers should be available in the inetpub folder:

{535CB6A4-441F-4e8a-A897-804CD859100E}: SEPC Virus Definitions Win32 v12.1
{07B590B3-9282-482f-BBAA-6D515D385869}: SEPC Virus Definitions Win64 (x64) v12.1

{C60DC234-65F9-4674-94AE-62158EFCA433}: SESC Virus Definitions Win32 v11
{1CD85198-26C6-4bac-8C72-5D34B025DE35}: SESC Virus Definitions Win64 (x64)

...from the screenshots we see only [c60...] and [1cd...] seem to be about ok - both created about same time on the 14.01 - this would be as well the seen by you last available revision of 13/01/2013 r9.

 

As mentioned above please try repair of SEPM and the start liveupdate again.

subhashsa222's picture

Hi friends...

you can get latest live update for SEPM 12.1 RU1 MP1 from below link. you need to install LUSETUP_3_3_2_2.EXE.

http://www.symantec.com/business/support/index?pag...

Regards
Subhash Savarkar

Gavinash's picture

I tried to repair the SEPM, but I do not know the DBA password for the sem5 db. Is there a method to know the DBA password?

LiveUpdate Downloads.jpg
Gavinash's picture

I have repaired the SEPM and launched liveupdate, but SEPM is still not updating. The SEPM is on a VM and I still have an image before upgrade. I will thus put the image back on. I will then try to run dbunload on the SEPM 11.0.6005 and then re-launch the upgrade.

Another solution I found is to do a fresh install of SEPM 11.0.6005, pull the client on it; then re-launch the upgrade.

What do you think is best to do? Any other solution?

SebastianZ's picture

Another possible scenario would be to start with a clean SEPM 12.1 install - and then reconnect the existing SEP clients to it - here some articles about how is this done

 

- Sylinkreplacer: http://www.symantec.com/docs/TECH105211
- Custom client installation packages with replacement of communications settings: http://www.symantec.com/docs/TECH104955
- Communication Update Package Deployment available in SEPM 12.1 RU2 - http://www.symantec.com/connect/articles/sep-121-ru2-and-reset-client-communication

Gavinash's picture

Hi Sebastian,

When deploying client install package will I need to enter the Windows password of each PCs/laptops?

Arvind

Ashish-Sharma's picture

 

hi,

If you are using Domain ID you can provide each pc's laptop password..

If you are using Local Administrator Password you can provide only one time (It's applicable when local admin user name and password are same)

Thanks In Advance

Ashish Sharma

 

 

SebastianZ's picture

Only one time should be fine as per Ashish comment above - you should see already in the deployment wizard if the credentias have been accepted or not.

Gavinash's picture

Hi,

I uploaded image of server 11.0.6 and did the upgrade again, but same problem; SEPM 12.1 not updating.

What I have done is to uninstall the SEPM 12.1, keeping a copy of the file recovery_timestamp.zip found in (
Drive:\\Program Files\Symantec\ Symantec Endpoint Protection Manager\Server Private Key Backup\recovery_timestamp.zip) and as well keeping note of the DomainId.

After installation of SEPM 12.1, when the Management Server Configuration Wizard runs, I have chosen "Custom configuration" and "Use a recovery file". I have also added the DomainId.

The problem now is the clients cannot connect to the SEPM, error I am getting is 'Signature verification FAILED for Index File Content.. '

01/31 16:27:57 [2244] 16:27:57=>Send HTTP REQUEST
01/31 16:27:57 [2244] 16:27:57=>HTTP REQUEST sent
01/31 16:27:57 [2244] SMS return=200
01/31 16:27:57 [2244] 200=>200 OK
01/31 16:27:58 [2244] Content Lenght => 734640
01/31 16:27:58 [2244] Siganture NOT specified to verify ..
01/31 16:27:58 [2244] Signature verification FAILED for Index File Content..
01/31 16:27:58 [2244] RECEIVE STAGE COMPLETED
01/31 16:27:58 [2244] COMPLETED
01/31 16:27:58 [2244] GetIndexFile handling status: 101
01/31 16:27:58 [2244] Switch Server flag=0
01/31 16:27:58 [2244] HEARTBEAT: Check Point 5.1
01/31 16:27:58 [2244] new scheduled heartbeat=64 seconds
01/31 16:27:58 [2244] HEARTBEAT: Check Point 8
01/31 16:27:58 [2244] Selecting a random server
01/31 16:27:58 [2244] Get Next Server!
01/31 16:27:58 [2244] switch to another server
01/31 16:27:58 [2244] New scheduled heartbeat=32 seconds
01/31 16:27:58 [2244] HEARTBEAT: Check Point 1
01/31 16:27:58 [2244] HEARTBEAT: Check Point 2
01/31 16:27:58 [2244] going to post event=EVENT_SERVER_CONNECTING
01/31 16:27:58 [2244] done post event=EVENT_SERVER_CONNECTING, return=0
01/31 16:27:58 [2244] HEARTBEAT: Check Point 3
01/31 16:27:58 [2244] Setting the session timeout on Profile Session to 30000
01/31 16:27:58 [2244] HEARTBEAT: Check Point 4

I have found that the problem could be because of Keystore, I have a lot of them; which 1 should I use? Please help me out. Otherwise, I will need to put the SEPM 11.0.6 image back, update it to 12.1 and backup the certificate to know exactly which 1 is being used. Any comments most welcomed.

Keystore.jpg
A. Wesker's picture

Hi,

At the same occasion:

Did you install a SEP client on your VM where SEPM Console is installed ?

If so, did you install SEP 12.1 client ?

If not, do it as some known issues and unexpected behaviors could occur in this type of situation (especially with client on 11.0 RU6 version).

 

Kind Regards,

A. Wesker