I've seen this issue reported before but none of the suggestions I've found seemed to help.

I have a closed network (no internet/external access) and run SEPM and am on version 12.1.4013.4013.

My servers is Windows Server 2012R2.

I manually download the jdb files from http://www.symantec.com/security_response/definitions/download/detail.jsp?gid=sep

Drop the file in the  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\inbox\content\incoming

It creates the upzip directory, but eventually the install dies and I get a xxxx.jdb.err file.   Sometimes ~1 in 10 it leaves the unpack directory after failing.

the semlu.log relevant info.... 

09/09 11:07:36 [2890:22f4] INFO(Med)   SesmLu Notifying server about new LiveUpdate content
09/09 11:07:36 [2890:22f4] INFO(Low)   ProductUtil ConfProp: scm.http.port=9090
09/09 11:07:36 [2890:22f4] INFO(Med)   TomcatServerXml Entered Init().
09/09 11:07:36 [2890:22f4] ERROR       ProductUtil Initialize Tomcat server xml file failed.
at ProductUtil.cpp[1046]
09/09 11:07:36 [2890:22f4] INFO(Med)   SesmLu http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&FilePath=C:\Program%20Files%20(x86)\Symantec\Symantec%20Endpoint%20Protection%20Manager\data\inbox\content\tmp38531088.tmp&Hash=125FE26C613A7FA8B86F4126EBBFF4EA&Language=SymAllLanguages&Product=SEPM%20Virus%20Definitions%20Win32%2012.1%20RU2%20H&SequenceNum=140825025&SequenceTag=CurDefs&ServerMoniker={D2EE983B-0AB4-F6D4-00BE-1539CD0C259E}&Version=MicroDefsB.CurDefs&action=UploadLuContent
09/09 11:07:36 [2890:22f4] ERROR       SesmLu InternetOpenUrl failedat SesmLu.cpp[1713]
09/09 11:07:36 [2890:22f4] ERROR       SesmLu Failed to notify SESM servlet of new LiveUpdate package.at SesmLu.cpp[1465]
09/09 11:07:36 [2890:22f4] INFO(Med)   SesmLu Notified server about new LiveUpdate content
09/09 11:07:36 [2890:22f4] ERROR       SesmLu Fail to notify server of new content.at SesmLu.cpp[621]

I uninstalled/reinstalled the LiveUpdate component. 

I found and followed  a procedure that suggested deleting folders from C:\program files\symantec\symantec endpoint protection manager\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and move all of the subfolders to another place, such as C:\Temp if you want a backup, otherwise delete the sub-folders.   And then deleting the registry shared defs directory and shared def registry entries, but I did not have those shared defs folders/ or registry settings (so I did not go further with that assuming that procedure is very old and no longer relevant). 

So I am not really sure where to look next. 

Interesting, I have a mirror suite of equipment (same install base) and those jdb files install correctly.

Thanks.

Dave

Can you run the symhelp tool on the SEPM to if anything funky shows up?

Download the Symantec Help (SymHelp) diagnostic tool to detect Symantec product issues

How much disk space available in SEPM server ?

See this articles

Symantec Endpoint Protection Manager is unable to update Virus Definitions via JDB with an Error: "Failed to initialize COM" in SesmLu.log

According your log find the below article and detail for troubleshoot.

LiveUpdate and Content Troubleshooting for the Symantec Endpoint Protection Manager

Issue 2: SesmLu is unable to connect to Tomcat over loopback to port 9090

07/16 15:22:18 [0524:18a4] INFO(Med)   SesmLu http://127.0.0.1:9090/servlet/ConsoleServlet?ActionType=ConfigServer&action=PublishLuInventory

07/16 15:22:19 [0524:18a4] ERROR       SesmLu InternetOpenUrl failedat SesmLu.cpp[1713]

07/16 15:22:19 [0524:18a4] ERROR       SesmLu Server failed to publish the LU inventory.at SesmLu.cpp[1465]

07/16 15:22:19 [0524:18a4] WARNING     SesmLu Request for server to publish the LuConfig.xml, LuDownloadedContentArray.xml and LuSesmContentCatalog.xml returned error. One or more of these files may be out of date, potentially resulting in partial or incorrect LiveUpdate downloads.

Reconfiguring the Source for LiveUpdate Content

1. Log into the Symantec Endpoint Protection Manager console
2. Click the Admin button on the left margin
3. Click the Servers button and then click the Local Site
4. In the task section, click Edit Site Properties
5. Click the LiveUpdate tab
6. Select the Edit Source Servers button

Note: For most customers, it is appropriate to use the default, publicly accessible Symantec LiveUpdate server. This requires that the SEPM have internet access. If the SEPM does not have internet access, then it is also possible to configure the SEPM to connect to a LiveUpdate Administrator server to download content updates. If you have set up an internal LiveUpdate server, verify it is configured properly and that this machine can resolve the specified address.

Re-registering/Resetting Symantec Endpoint Protection Manager content with LiveUpdate

The following steps should only be performed if troubleshooting steps indicate that the problem is due to Symantec Endpoint Protection Manager content not being properly registered with LiveUpdate. This may solve issues seen when Symantec Endpoint Protection Manager is not downloading a specific type of content (notably, AV and IPS content).

1. Click Start > Run
2. Enter the following command including the quotes: "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\LuCatalog.exe" -cleanup
   1. This command will unregister all Symantec Endpoint Protection Manager content from LiveUpdate. We will then proceed to re-register the content again with LiveUpdate
   2. Note: If the SEPM is installed to a custom location, adjust the path in the command to the location of the LuCatalog.exe executable.
3. Click Start > Run
4. Enter the following command including the quotes: "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\LuCatalog.exe" -update

All thanks for the quick responses.

@James007 -the server in question has ~30GB free.  Less than the 100GB recommended, but more than the 16GB minimum (per the symhelp tool as suggested above).   I am not thinking this is the issue because I have another suite of equipment that is not experiencing the issues, and it has only 21GB free.

@Summit G -  My errors don't exactly match what you posted...  and Reconfiguring the Source for LiveUpdate Content is really not an option here, as this suite has no internet connection at all, so creating an alternative Live Update Administration server does not help any because there are no servers with outside internet connections. 

And for the 2nd part, I did try the LuCatalog.exe -cleanup and LuCatalog.exe -update without any luck.

@.Brian - I ran the sym help and found out I have a conflict on port 9090 (web console)  I ran the update.bat, and the sca.bat (Management Server configuration tool) and changed the Web Console port to 9091.  After a reboot, the jdb file worked and it looks like the reported update in the Manager was updated.

So success....  A big thank you to everyone for all your help.   Now to see what is conflicting with the port...  and to see if tomorrow’s jdb file works.  

See below articles and manage disk space.

Disk Space Management procedures for the Symantec Endpoint Protection Manager