Endpoint Protection

 View Only
Expand all | Collapse all

Server hangs after LiveUpdate

  • 1.  Server hangs after LiveUpdate

    Posted Jun 16, 2009 03:50 AM
    We recently upgraded to Symantec_Endpoint_Protection_11.0.4202_MR4_MP2 since that point our server hangs after every automatic LiveUpdate start. A manual start of LiveUpdate doesn't cause the problem.

    The server is running Small Business Server 2003 with latest patches and service packs. When the server is backup up and running the last 2 event logs before the crash are:

    Event ID: 7036
    The LiveUpdate service entered the running state.

    Event ID: 7035
    The LiveUpdate server was successfully sent a start control.

    We de-installed LiveUpdate and during that period (6 days) the server was running normally. I've tried downgrading to version 3.2 but that didn't solve the problem. With version 3.2 it doesn't happen ever attempt LiveUpdate wants to update, with version 3.3 it does happen each attempt.

    Anyone have any idea what to do or where I should start looking?

    With kind regards,

    Mark Pot
     


  • 2.  RE: Server hangs after LiveUpdate

    Posted Jun 16, 2009 02:13 PM
    Can you open the LU log, at C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate?
    Search for Errors then paste those lines here.

    Thomas



  • 3.  RE: Server hangs after LiveUpdate

    Posted Jun 16, 2009 03:11 PM
    Hi Thomas,

    Since I removed LiveUpdate to keep the server running the log file have been removed aswell.

    I'll re-install LiveUpdate and post the lines as soon as it has happend again.

    Mark


  • 4.  RE: Server hangs after LiveUpdate

    Posted Jul 02, 2009 12:27 PM
    Hi Mark,

    Are you still experiencing issues? Can you give us an update?

    Thanks,
    Thomas


  • 5.  RE: Server hangs after LiveUpdate

    Posted Jul 13, 2009 08:53 PM
    Hi,
    I am having the same problem with my environment.
    I have 280 servers and 3 or more servers hangs every day.
    When I saw the logs I found the hang after new definitions arrived to server.

    Anybody has an idea?

    Here is my LU Log:

    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // Start LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    7/13/2009, 14:29:03 GMT -> LuComServer version: 3.3.0.61
    7/13/2009, 14:29:03 GMT -> LiveUpdate Language: English
    7/13/2009, 14:29:03 GMT -> LuComServer Sequence Number: 20070811
    7/13/2009, 14:29:03 GMT -> OS: Windows 2003 Standard, Service Pack: 1, Major: 5, Minor: 2, Build: 3790 (32-bit)
    7/13/2009, 14:29:03 GMT -> System Language:[0x0409], User Language:[0x0409]
    7/13/2009, 14:29:03 GMT -> IE 6 Support
    7/13/2009, 14:29:03 GMT -> ComCtl32 version: 6.0
    7/13/2009, 14:29:03 GMT -> IP Addresses: 10.8.16.200
    7/13/2009, 14:29:03 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    7/13/2009, 14:29:03 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    7/13/2009, 14:29:03 GMT -> Account launching LiveUpdate is not a logged in user's account
    7/13/2009, 14:29:03 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    7/13/2009, 14:29:03 GMT -> LiveUpdate flag value for this run is 0
    7/13/2009, 14:29:03 GMT -> C:\WINDOWS\system32\Drivers\etc\hosts is either unreachable or not modifiable for cleaning work, no further processing
    7/13/2009, 14:29:04 GMT -> **** Starting a Silent LiveUpdate Session ****
    7/13/2009, 14:29:04 GMT -> *********************** Start of New LU Session ***********************
    7/13/2009, 14:29:05 GMT -> The command line is -S
    7/13/2009, 14:29:05 GMT -> EVENT - SESSION START EVENT - The LiveUpdate session is running in Silent Mode.
    7/13/2009, 14:29:06 GMT -> Check for updates to: Product: LiveUpdate, Version: 3.3.0.61, Language: English. Mini-TRI file name: liveupdate_3.3.0.61_english_livetri.zip
    7/13/2009, 14:29:06 GMT -> LiveUpdate is about to launch a new callback proxy process for product SESC Virus Definitions Win32 v11 with moniker {C60DC234-65F9-4674-94AE-62158EFCA433}.
    7/13/2009, 14:29:06 GMT -> Starting Callback Proxy Worker thread.
    7/13/2009, 14:29:06 GMT -> The callback proxy for moniker {C60DC234-65F9-4674-94AE-62158EFCA433} was successfully registered with LiveUpdate.
    7/13/2009, 14:29:06 GMT -> LiveUpdate successfully launched a new callback proxy process for product SESC Virus Definitions Win32 v11.
    7/13/2009, 14:29:06 GMT -> LiveUpdate is about to execute a PreSession callback for product SESC Virus Definitions Win32 v11.
    7/13/2009, 14:29:23 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Successfully created an instance of an luProductReg object!
    7/13/2009, 14:29:24 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Path for calling process executable is C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe.
    7/13/2009, 14:29:25 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Setting property for Moniker = {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}, PropertyName = SEQ.HUBDEFS, Value = 80318034
    7/13/2009, 14:29:25 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Setting property for Moniker = {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}, PropertyName = SEQ.CURDEFS, Value = 90713002
    7/13/2009, 14:29:25 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Setting property for Moniker = {C60DC234-65F9-4674-94AE-62158EFCA433}, PropertyName = SEQ.CURDEFS, Value = 90713002
    7/13/2009, 14:29:25 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Destroyed luProductReg object.
    7/13/2009, 14:29:26 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Successfully created an instance of an luProductReg object!
    7/13/2009, 14:29:26 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Path for calling process executable is C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe.
    7/13/2009, 14:29:26 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Setting property for Moniker = {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}, PropertyName = VERSION, Value = MicroDefsB.Old
    7/13/2009, 14:29:27 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Setting property for Moniker = {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}, PropertyName = SEQ.HUBDEFS, Value = 80318034
    7/13/2009, 14:29:28 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Setting property for Moniker = {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}, PropertyName = SEQ.CURDEFS, Value = 90713002
    7/13/2009, 14:29:28 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Destroyed luProductReg object.
    7/13/2009, 14:29:28 GMT -> The callback proxy finished executing the callback with a result code of 0x0
    7/13/2009, 14:29:28 GMT -> The PreSession callback for product SESC Virus Definitions Win32 v11 completed with a result of 0x0
    7/13/2009, 14:29:28 GMT -> Progress Update: TRYING_HOST: HostName: "liveupdate.symantecliveupdate.com" URL: "http://liveupdate.symantecliveupdate.com" HostNumber: 0
    7/13/2009, 14:29:28 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0 Downloading LiveUpdate catalog file
    7/13/2009, 14:29:28 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.61_english_livetri.zip
    7/13/2009, 14:29:28 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    7/13/2009, 14:29:28 GMT -> Progress Update: PRE_CONNECT: Proxy: "(not-available)" Agent: "Symantec LiveUpdate" AccessType: 0x0
    7/13/2009, 14:29:29 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "e6Z4FpE2xYIu0Sht5shn8KONDiwr0RbSgAAAAA" AccessType: 0x0
    7/13/2009, 14:29:29 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.61_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
    7/13/2009, 14:29:51 GMT -> CSendHTTPRequest::SendRequest - Timed out while communicating with server.
    7/13/2009, 14:29:51 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantecliveupdate.com/liveupdate_3.3.0.61_english_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.61_english_livetri.zip" HR: 0x802A0045
    7/13/2009, 14:29:51 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    7/13/2009, 14:29:51 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0045, Num Successful: 0
    7/13/2009, 14:29:51 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    7/13/2009, 14:29:51 GMT -> EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server liveupdate.symantecliveupdate.com at path via a HTTP connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
    7/13/2009, 14:29:51 GMT -> Progress Update: TRYING_HOST: HostName: "liveupdate.symantec.com" URL: "http://liveupdate.symantec.com" HostNumber: 1
    7/13/2009, 14:29:52 GMT -> Progress Update: DISCONNECT
    7/13/2009, 14:29:52 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0 Downloading LiveUpdate catalog file
    7/13/2009, 14:29:52 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.61_english_livetri.zip
    7/13/2009, 14:29:53 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    7/13/2009, 14:29:53 GMT -> Progress Update: PRE_CONNECT: Proxy: "(not-available)" Agent: "e6Z4FpE2xYIu0Sht5shn8KONDiwr0RbSgAAAAA" AccessType: 0x0
    7/13/2009, 14:29:53 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "e6Z4FpE2xYIu0Sht5shn8KONDiwr0RbSgAAAAA" AccessType: 0x0
    7/13/2009, 14:29:53 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "http://liveupdate.symantec.com/liveupdate_3.3.0.61_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
    7/13/2009, 14:30:14 GMT -> CSendHTTPRequest::SendRequest - Timed out while communicating with server.
    7/13/2009, 14:30:14 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "http://liveupdate.symantec.com/liveupdate_3.3.0.61_english_livetri.zip", Full Download Path: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\liveupdate_3.3.0.61_english_livetri.zip" HR: 0x802A0045
    7/13/2009, 14:30:14 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    7/13/2009, 14:30:14 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0045, Num Successful: 0
    7/13/2009, 14:30:14 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    7/13/2009, 14:30:14 GMT -> EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server liveupdate.symantec.com at path via a HTTP connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
    7/13/2009, 14:30:14 GMT -> Progress Update: TRYING_HOST: HostName: "update.symantec.com" URL: "ftp://update.symantec.com/opt/content/onramp" HostNumber: 2
    7/13/2009, 14:30:14 GMT -> Progress Update: DISCONNECT
    7/13/2009, 14:30:14 GMT -> Progress Update: TRIFILE_DOWNLOAD_START: Number of TRI files: 0 Downloading LiveUpdate catalog file
    7/13/2009, 14:30:14 GMT -> LiveUpdate will download the first Mini-TRI file, liveupdate_3.3.0.61_english_livetri.zip
    7/13/2009, 14:30:14 GMT -> Progress Update: DOWNLOAD_BATCH_START: Files to download: 1, Estimated total size: 0
    7/13/2009, 14:30:15 GMT -> Progress Update: PRE_CONNECT: Proxy: "(not-available)" Agent: "e6Z4FpE2xYIu0Sht5shn8KONDiwr0RbSgAAAAA" AccessType: 0x0
    7/13/2009, 14:30:15 GMT -> Progress Update: CONNECTED: Proxy: "(not-available)" Agent: "e6Z4FpE2xYIu0Sht5shn8KONDiwr0RbSgAAAAA" AccessType: 0x0
    7/13/2009, 14:30:15 GMT -> Progress Update: DOWNLOAD_FILE_START: URL: "ftp://update.symantec.com/opt/content/onramp/liveupdate_3.3.0.61_english_livetri.zip", Estimated Size: 0, Destination Folder: "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads"
    7/13/2009, 14:30:36 GMT -> CstInetGetFile::DoTransfer - Timed out while communicating with server.
    7/13/2009, 14:30:36 GMT -> Progress Update: DOWNLOAD_FILE_FINISH: - NOTE - URL: "ftp://update.symantec.com/opt/content/onramp/liveupdate_3.3.0.61_english_livetri.zip", Full Download Path: "(null)" HR: 0x802A0045
    7/13/2009, 14:30:36 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    7/13/2009, 14:30:36 GMT -> Progress Update: DOWNLOAD_BATCH_FINISH: HR: 0x802A0045, Num Successful: 0
    7/13/2009, 14:30:36 GMT -> HR 0x802A0045 DECODE: E_UNABLE_TO_REACH_SERVER
    7/13/2009, 14:30:36 GMT -> EVENT - SERVER SELECTION FAILED EVENT - LiveUpdate failed to connect to server update.symantec.com at path /opt/content/onramp via a FTP connection. The server connection attempt failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
    7/13/2009, 14:30:36 GMT -> Progress Update: HOST_SELECTION_ERROR: Error: 0x802A0027
    7/13/2009, 14:30:36 GMT -> LiveUpdate did not find any new updates for the given products.
    7/13/2009, 14:30:36 GMT -> EVENT - SESSION END FAILED EVENT - The LiveUpdate session ran in Silent Mode. LiveUpdate found 0 updates available, of which 0 were installed and 0 failed to install. The LiveUpdate session exited with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
    7/13/2009, 14:30:37 GMT -> LiveUpdate is about to execute a PostSession callback for product SESC Virus Definitions Win32 v11.
    7/13/2009, 14:30:39 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Successfully created an instance of an luProductReg object!
    7/13/2009, 14:30:39 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Path for calling process executable is C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe.
    7/13/2009, 14:30:40 GMT -> ProductRegCom/luProductReg(PID=5700/TID=4104): Destroyed luProductReg object.
    7/13/2009, 14:30:40 GMT -> The callback proxy finished executing the callback with a result code of 0x0
    7/13/2009, 14:30:40 GMT -> The PostSession callback for product SESC Virus Definitions Win32 v11 completed with a result of 0x0
    7/13/2009, 14:30:40 GMT -> Successfully released callback {855BA5F4-6588-4F09-AE61-847E59D08CB0}
    7/13/2009, 14:30:40 GMT -> LiveUpdate has called the last callback for product SESC Virus Definitions Win32 v11, so LiveUpdate is informing the callback proxy that it can exit.
    7/13/2009, 14:30:40 GMT -> The callback proxy executable for product {C60DC234-65F9-4674-94AE-62158EFCA433} is exiting with no errors
    7/13/2009, 14:30:41 GMT -> *********************** End of LU Session ***********************
    7/13/2009, 14:30:43 GMT -> LuComServer version: 3.3.0.61
    7/13/2009, 14:30:43 GMT -> LiveUpdate Language: English
    7/13/2009, 14:30:43 GMT -> LuComServer Sequence Number: 20070811
    7/13/2009, 14:30:43 GMT -> OS: Windows 2003 Standard, Service Pack: 1, Major: 5, Minor: 2, Build: 3790 (32-bit)
    7/13/2009, 14:30:44 GMT -> System Language:[0x0409], User Language:[0x0409]
    7/13/2009, 14:30:44 GMT -> IE 6 Support
    7/13/2009, 14:30:44 GMT -> ComCtl32 version: 6.0
    7/13/2009, 14:30:44 GMT -> IP Addresses: 10.8.16.200
    7/13/2009, 14:30:44 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    7/13/2009, 14:30:44 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    7/13/2009, 14:30:44 GMT -> Account launching LiveUpdate is not a logged in user's account
    7/13/2009, 14:30:44 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    7/13/2009, 14:30:44 GMT -> LiveUpdate flag value for this run is 0
    7/13/2009, 14:30:44 GMT -> ProductRegCom/luProductReg(PID=4268/TID=4916): Successfully created an instance of an luProductReg object!
    7/13/2009, 14:30:44 GMT -> ProductRegCom/luProductReg(PID=4268/TID=4916): Path for calling process executable is C:\Program Files\Symantec AntiVirus\SescLU.exe.
    7/13/2009, 14:30:44 GMT -> ProductRegCom/luProductReg(PID=4268/TID=4916): Destroyed luProductReg object.
    7/13/2009, 14:30:45 GMT -> LuComServer version: 3.3.0.61
    7/13/2009, 14:30:45 GMT -> LiveUpdate Language: English
    7/13/2009, 14:30:45 GMT -> LuComServer Sequence Number: 20070811
    7/13/2009, 14:30:45 GMT -> OS: Windows 2003 Standard, Service Pack: 1, Major: 5, Minor: 2, Build: 3790 (32-bit)
    7/13/2009, 14:30:46 GMT -> System Language:[0x0409], User Language:[0x0409]
    7/13/2009, 14:30:46 GMT -> IE 6 Support
    7/13/2009, 14:30:46 GMT -> ComCtl32 version: 6.0
    7/13/2009, 14:30:46 GMT -> IP Addresses: 10.8.16.200
    7/13/2009, 14:30:46 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    7/13/2009, 14:30:46 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    7/13/2009, 14:30:46 GMT -> Account launching LiveUpdate is not a logged in user's account
    7/13/2009, 14:30:46 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    7/13/2009, 14:30:46 GMT -> LiveUpdate flag value for this run is 0
    7/13/2009, 14:30:46 GMT -> ProductRegCom/luProductReg(PID=4268/TID=4848): Successfully created an instance of an luProductReg object!
    7/13/2009, 14:30:46 GMT -> ProductRegCom/luProductReg(PID=4268/TID=4848): Path for calling process executable is C:\Program Files\Symantec AntiVirus\SescLU.exe.
    7/13/2009, 14:30:46 GMT -> ProductRegCom/luProductReg(PID=4268/TID=4848): Destroyed luProductReg object.
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // End LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////

    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // Start LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    7/13/2009, 20:44:59 GMT -> LuComServer version: 3.3.0.61
    7/13/2009, 20:44:59 GMT -> LiveUpdate Language: English
    7/13/2009, 20:44:59 GMT -> LuComServer Sequence Number: 20070811
    7/13/2009, 20:44:59 GMT -> OS: Windows 2003 Standard, Service Pack: 1, Major: 5, Minor: 2, Build: 3790 (32-bit)
    7/13/2009, 20:44:59 GMT -> System Language:[0x0409], User Language:[0x0409]
    7/13/2009, 20:44:59 GMT -> IE 6 Support
    7/13/2009, 20:44:59 GMT -> ComCtl32 version: 6.0
    7/13/2009, 20:44:59 GMT -> IP Addresses: 10.8.16.200
    7/13/2009, 20:44:59 GMT -> Loading C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
    7/13/2009, 20:44:59 GMT -> Opened the product inventory at "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate".
    7/13/2009, 20:44:59 GMT -> Account launching LiveUpdate is not a logged in user's account
    7/13/2009, 20:44:59 GMT -> Combined Product Inventory Flags 0, Permanent Flags 0, Permanent Flags Filter 0
    7/13/2009, 20:44:59 GMT -> LiveUpdate flag value for this run is 0
    7/13/2009, 20:44:59 GMT -> ProductRegCom/luProductReg(PID=2396/TID=5116): Successfully created an instance of an luProductReg object!
    7/13/2009, 20:44:59 GMT -> ProductRegCom/luProductReg(PID=2396/TID=5116): Path for calling process executable is C:\Program Files\Symantec AntiVirus\SescLU.exe.
    7/13/2009, 20:45:00 GMT -> ProductRegCom/luProductReg(PID=2396/TID=5116): Setting property for Moniker = {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}, PropertyName = SEQ.HUBDEFS, Value = 80318034
    7/13/2009, 20:45:00 GMT -> ProductRegCom/luProductReg(PID=2396/TID=5116): Setting property for Moniker = {B36CDA3C-B15B-421c-A2A4-7EC70E3B852B}, PropertyName = SEQ.CURDEFS, Value = 90713002
    7/13/2009, 20:45:00 GMT -> ProductRegCom/luProductReg(PID=2396/TID=5116): Setting property for Moniker = {C60DC234-65F9-4674-94AE-62158EFCA433}, PropertyName = SEQ.CURDEFS, Value = 90713002
    7/13/2009, 20:45:00 GMT -> ProductRegCom/luProductReg(PID=2396/TID=5116): Destroyed luProductReg object.
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////
    // End LuComServer
    ////////////////////////////////////////////////////////////////////////////////
    ////////////////////////////////////////////////////////////////////////////////

    Thanks,
    Fernando Aleixo


  • 6.  RE: Server hangs after LiveUpdate

    Posted Jul 14, 2009 02:37 AM
    I'm still having the same issue. I'm working with a Symantec technician at the case at the moment. But the replies are really slow. So we haven't found the issue so far.

    As work around for now I install liveupdate twice a week, update the management server and remove liveupdate afterwards again. This is the only way to keep the server up to date and running.

    As soon as I know more I'll post it.

    Regards,

    Mark Pot


  • 7.  RE: Server hangs after LiveUpdate

    Posted Jul 20, 2009 05:32 AM
    Migrated 130 servers to to Symantec_Endpoint_Protection_11.0.4202_MR4_MP2 .
    I have 3 servers hanging after live update runs.
    Case still open with Symantec


  • 8.  RE: Server hangs after LiveUpdate

    Posted Jul 20, 2009 06:09 AM

    hello Mark,

    i see that the log say " Account launching LiveUpdate is not a logged in user's account"
    which could be correct when its a scheduled update, coz system account launches the Liveupdate
    I tried this once and it worked for somereason, when u r free please try this.
    go to services.msc
    select liveupdate service
    in the log on
    just put in current logged in user account id and password
    dont start the service
    now configure livedupdate with the manager

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin>lucatalog.exe
    -cleanup

    and then do

    C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin>lucatalog.exe
    -update
    do a scheduled liveupdate and check if the server still hangs


    P.S: its not a solution , just to check where the problem is so that we can get a solution

     



  • 9.  RE: Server hangs after LiveUpdate

    Posted Jul 20, 2009 10:52 AM
    what is the hardware specification of the server encountering this problem?
    What is the bandwidth alloted to these server

    Have you check the windows event viewer?


  • 10.  RE: Server hangs after LiveUpdate

    Posted Jul 22, 2009 04:55 AM
    I have found what is causing my server to hang on def update, plus hang on scheduled scan. have fixed 3 servers will tackle the other 2 today. if all lokks ok I will post my finding here


  • 11.  RE: Server hangs after LiveUpdate

    Posted Jul 22, 2009 05:14 AM
    Can you please update us with your findings.
    And also to add to it does your server has lots of files under the Qurantine folder?


  • 12.  RE: Server hangs after LiveUpdate

    Posted Jul 22, 2009 09:34 AM

    go to "view Quarantine" on the servers that have this problem and check if specifically the W32.Harakit Virus has been Quarantined.
    If this virus has been Quaratined, check if one of the original folders where it was found is C:\windows\temp.
    go and check your windows\temp folder for any files named DWHxxx.tmp (where xxx can be numbers or characters).

    if the above is true do the following:
    • Delete all W32.Harakit detected files form the Quarantine.
    • Reboot the server is safe mode as trying to delete the DWHxxx.tmp files will hang your Explorer
    • Once in "safe mode" delete all these DHWxxx.tmp files from c:\windows\temp
    • probably a good idea to scan all folders in "safe mode" just to make sure its clean
    • restart server and check Quarantine to make sure no W32.Harakit virus were found and check that no DHWxxx.tmp file exist in C:\windows\temp
    • hopefully after this you can sleep better at night


    This solved my problems of some servers hanging after def. updates and
    some servers auto-protect not running after def updates and
    some servers scheduled scan hanging(when trying to scan the DHWxxx.tmp).

    this issue seems to be when Symantec does a def update it rescans the quaratine folder as this causes the issues with that virus in Quarantine as the DHWxxx.tmp file is created just after live-update has completed.

    If Symantec engineers read this , please look into this bug



  • 13.  RE: Server hangs after LiveUpdate

    Posted Dec 14, 2009 11:42 AM
    I am having the same problem.  My Windows 2003 Server hangs after liveupdate.  I have checked the liveupdate log and I do not see any errors.  The last line says "liveupdate completed successfully" or something similar.  After that, the system hangs and I have to press the power button to get it to restart again, so I am assuming it is failing somewhere during a reboot.  Unfortunately, this always seems to happen at night or over a weekend, so it could be a day or so before I know it has happened.  Did you have any success working with Symantec?  I am going to implement your liveupdate uninstall/reinstall procedure to keep my server working in the meantime.

    Thanks,
    Christine