Endpoint Protection

 View Only

  • 1.  SEPM Liveupdate is running too long

    Posted Oct 28, 2014 06:07 PM

    We have just updated to SEP 12.1.5, everything was going ok until yesterday and again this morning.

    Liveupdate started at 5am this morning and is still running at 9:03am causing the network to slow down.

    Yesterday it finished at 10:30am.

    It is scheduled to start at 3:30am every morning.

    Any suggestions as to why it is taking so long and how to improve the performance.



  • 2.  RE: SEPM Liveupdate is running too long

    Posted Oct 28, 2014 06:13 PM
    Any errors showing in the log? Or log.liveupdate? Does everything seem normal aside from the long time it takes? Is performance of the box ok? Did this just start?


  • 3.  RE: SEPM Liveupdate is running too long

    Posted Oct 28, 2014 06:33 PM

    No errors in the Liveupdate Log or Event Viewer.

    Everything else seems normal, just takes a long time.

    It started last week on Monday when we had SEP 12.1.4 and we upgraded successfully to SEP 12.1.5 on Sunday, everything was operating a lot faster and freed up at least 10Gb of HDD with the upgrade.

    Available HDD is 55Gb with 2 processors 1.87GHz, HP Proliant Server with Server 2008, 16Gb Ram, 64 Bit Operating System.

    CPU Usage avg around 25% to 30%, Physical Memory 58%

    When the SEPM Liveupdate is running the Console Manger takes an extremely long time to response when logging in (sometimes up to 30mins) and once logged on a long time to select the Admin Menu to check the logs.

    The last log on the Event Viewer was at 8:29am - downloaded successfully to the server Vircus & Spyware def and no logs since.

     

     



  • 4.  RE: SEPM Liveupdate is running too long

    Posted Oct 28, 2014 06:56 PM

    No errors showing in the Event Log or the SEPM Console Log.

    Yes everything seems normal just takes a long time.

    When liveupdate is not runing the Server operates well - HP Prolaint with Server 2008, 2 processors 1.87GHz, 16Gb Memory Ram, 55Gb HDD space free, HP LiO shows no hardware faults, operating temps all ok.

    It originally started last Monday when we had SEP 12.1.4 and was advise to upgrade, we upgraded / migrated successfully on Sunday and the performance improve including clearing up approx 10Gb HDD space, liveupdate seem to be operating ok until yesterday when it started take a long time again.

    CPU Usages when SEPM Liveupdate runs on avg is bet 25% - 30%, Physical Memory 59%.

    It also can take 30mins plus to log onto the SEPM Console when liveupdate is running.

    The last Windows Event Log for SEPM was at 8:29 for Content download sucessfuly to the server (Virus & Spyware def Win32 12.1.RU5)

    In the Event Log I notice Version 11.0 for some products eg; SONAR scan whitelist Win32 11.0...is this correct?



  • 5.  RE: SEPM Liveupdate is running too long

    Posted Nov 06, 2014 03:18 PM

    I've had nothing but trouble since upgrading the SEPM servers to the latest - what is that, RU5? 12.1.5 or whatever.

    First it totally trashed the SEPM2 server as far as Apache. It won't finish complaining that it can't install or upgrade the apache stuff, then the definitions start falling behind on clients. At first it was just 64 bit - the server group in SEP, then I had to kill SEPM2 as it just plain stopped working and I let all clients find and connect to SEPM1.

    That was fine for a couple of weeks but now the defs are falling behind again and I see errors with every LU session
    November 6, 2014 2:06:01 PM CST:  Symantec Endpoint Protection Manager could not update Virus and Spyware definitions Win32 12.1 RU5.  [Site: IVRS-SEP01]  [Server: xxxxxsepm1]
    I've followed the document TECH166923 to the letter, exactly as it's outlined on SEPM1 - our only running and functional (make that semi-functinal) SEPM.
    I have read over the other related documents and those don't relate, don't have the same errors - in fact an 8-pager 105924 simply shows how to look in the logs for trouble but doesn't say what the errors mean or how to correct them. In any case, the problem was not shown in that document either!

    I get this in the Log.LiveUpdate file:

    11/6/2014, 5:26:02 GMT -> ProductRegCom/luProductReg(PID=4160/TID=1872): Setting property for Moniker = {2B6323DE-0AB4-F6D4-00BE-153983F159FA}, PropertyName = Version, Value = MicroDefsB.Error
    11/6/2014, 5:26:02 GMT -> ProductRegCom/luProductReg(PID=4160/TID=1872): Set property error -- Moniker {2B6323DE-0AB4-F6D4-00BE-153983F159FA} is not found.

    11/6/2014, 5:26:02 GMT -> ProductRegCom/luProductReg(PID=4160/TID=1872): Setting property for Moniker = {307D2C61-0AB4-F6D4-00BE-15391E224ABA}, PropertyName = SEQ.CURDEFS, Value = 0
    11/6/2014, 5:26:02 GMT -> ProductRegCom/luProductReg(PID=4160/TID=1872): Setting property for Moniker = {307D2C61-0AB4-F6D4-00BE-15391E224ABA}, PropertyName = SEQ.HUBDEFS, Value = 0
    11/6/2014, 5:26:02 GMT -> ProductRegCom/luProductReg(PID=4160/TID=1872): Setting property for Moniker = {2B6323DE-0AB4-F6D4-00BE-153983F159FA}, PropertyName = SEQ.CURDEFS, Value = 0
    11/6/2014, 5:26:02 GMT -> ProductRegCom/luProductReg(PID=4160/TID=1872): Set property error -- Moniker {2B6323DE-0AB4-F6D4-00BE-153983F159FA} is not found.

    I had a feeling about this update and unfortunately they came true. There were some issues with the updates on the second server, which ultimately saw it fail and this one can't keep the definitions in order.

    I am also noting that firewall and other logs are not getting to the SEPM now but that's another topic. all was fine until I upgraded the SEPMs, now we have a lot of LU issues, not slow like this person's case but failing.