Endpoint Protection

 View Only

  • 1.  GUProxy - Download failed

    Posted May 14, 2014 04:56 AM

    I have just run into an issue with a GUP not downloading content from the SEPM.

    The SEPM (10.4.71.47) and GUP (10.4.71.51) are running on Windows 2012 standard edition with SEP 12.1 RU4a (12.1.4104.4130) on the SEPM and SEP 12.1 RU4 (12.1.4100.1426) on the GUP client.

    The GUP has correctly identified itself as a GUP, but has been unable to download content.  I have enabled debugging on the GUP and discovered the following.

    ******************************** Start of log File ********************************

    2014/05/14 09:47:43.737 [2232:3704] GUProxy: Current GUP 10.4.71.51 staus is 1
    2014/05/14 09:47:43.737 [2232:3704] GUProxy: GUP 10.4.71.51 chosen
    2014/05/14 09:47:43.737 [2232:3704] AH: Setting the Browser Session end option & Resetting the URL session ..
    2014/05/14 09:47:43.737 [2232:3588] GUProxy: accepted socket 3584 for 10.4.71.51 port 6610
    2014/05/14 09:47:43.737 [2232:3212] GUProxy: Begin to handle accepted socket 3584
    2014/05/14 09:47:43.737 [2232:3212] GUPROXY - GUProxy HTTP in - GET /content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip
    2014/05/14 09:47:43.737 [2232:3212] GUPROXY - GUProxy File - /content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip
    2014/05/14 09:47:43.737 [2232:3212] GUPROXY - GUProxy mangled file - #content#{810D5A61-809F-49c2-BD75-177F0647D2BA}#140513035#Full!zip
    2014/05/14 09:47:43.737 [2232:3212] GUProxy - Add request into download queue.
    2014/05/14 09:47:43.737 [2232:3172] GUProxy - Throttle changed to [0X0000000000098968] BPS since Thread Count added to [1]
    2014/05/14 09:47:43.737 [2232:3172] GUPROXY - GUProxy - TARGET_IP: - 10.4.71.47;
    2014/05/14 09:47:43.737 [2232:3172] GUProxy - GET SEPM info from SYLINK(1) ,GET /content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip  BEGIN with 0,total with 0
    2014/05/14 09:47:43.753 [2232:3172] GUProxy - Download failed GET://10.4.71.47:8014/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip  ResponseStatus=403
    HTTP/1.1 403 Forbidden

    Connection: close

    Date: Wed, 14 May 2014 09:47:43 BST

    Content-Length: 2171

    Content-Type: text/html

    Mime-Version: 1.0

    Proxy-Connection: close

    ******************************** End of log File ********************************

    If you copy the url http://10.4.71.47:8014/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/140513035/Full.zip in to a internet browser it allows you to download the file.

    Has anyone else come across a similar issue?



  • 2.  RE: GUProxy - Download failed

    Posted May 14, 2014 05:24 AM

    Hi,

    How to confirm if SEP Clients are receiving Live Update content from Group Update Providers (GUPs)

    http://www.symantec.com/docs/TECH97190

    I would also suggest you to check the Articles below which may interest you:

    Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

    http://www.symantec.com/docs/TECH104539

    Group Update Provider(GUP): Sizing and Scaling Guidelines

    http://www.symantec.com/business/support/index?page=content&id=TECH95353&locale=en_US

    SEP Content Distribution Monitor / GUP monitoring tool

    http://www.symantec.com/business/support/index?page=content&id=TECH156558



  • 3.  RE: GUProxy - Download failed

    Posted May 14, 2014 06:20 AM

    The only other instance I can find of this particular error (http 403 forbidden error on a GUP "get" request) is in the below thread:

    https://www-secure.symantec.com/connect/forums/updating-gups-manually

    If everything else can download that file without issue, and other clients and GUPs are working correctly, I reckon a good starting point would be to remove this machine from the GUP LU Policy, run a repair on it, and add it back in as a GUP.

    Also, the onfirmation you've provided seems to suggest this GUP has two NICs connected to the same subnet, is that correct?  Have you tested disabling one?



  • 4.  RE: GUProxy - Download failed

    Posted May 14, 2014 06:33 AM

    Sorry the SEPM and GUP are on seperate boxes.  The GUP only has one active network connection.



  • 5.  RE: GUProxy - Download failed

    Posted May 14, 2014 06:40 AM

    Whoops, I meant that you said the GUP is on both 10.4.71.52 and 10.4.71.51.  Is that correct?



  • 6.  RE: GUProxy - Download failed

    Posted May 14, 2014 08:43 AM

    Thats me and a copy and paste error .... the GUP is 10.4.71.51.



  • 7.  RE: GUProxy - Download failed
    Best Answer

    Posted May 16, 2014 04:58 AM

    I thought I had fixed this issue, I was wrong.

    I thought it could have been the IE 10 and the security zones.



  • 8.  RE: GUProxy - Download failed

    Posted May 21, 2014 05:19 AM

    That's a shame.

    I can't think of any legitimate reason why a 403 error would get returned by the SEPM to a request from a GUP.  Have you tried my earlier suggestions?

    Also, can you grab the sylink logs (see below article on how to enabling sylink logging on the GUP) and any error logs on the SEPM itself under "\<Program Files>\Symantec\Symantec Endpoint Protection Manager\apache\logs".

    How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry

    Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2013-02-26  |  Article URL http://www.symantec.com/docs/TECH104758