Endpoint Protection

 View Only
Expand all | Collapse all

Symantec Endpoint Clients not Updating

  • 1.  Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 12:03 PM

    Currently have around 300 clients deployed over various sites. One site in particular is having some issues. There are currently 5 systems that are not updating at that site, the only way they are updating is for me to go in and force a live update. These systems dont have internet access so they are getting updates from the SEPM. All the other systems at the site are updating automatically. I thought maybe the definitions folder was corrupt so i recreated those and did the live update and the defenitions showed up to date for that day. Two days later i come in and all the other systems are up to date except the 5 i did the fix on. If you try to update the content from the console or the client it wont update anything. Everything seems to be communicating well, i ran the support tool also and no major errors come up, gives me a warning about the proxy but thats probably because we set some proxy settings and disable internet access through group policy. Otherwise i can hit the SEPM Server just fine.

    Attached are the Syslink log and the system log. Any help would be appreciated.



  • 2.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 01:12 PM

    Are you running a GUP? This error:

    (LU file download failed due to HTTP error:0) points to possible GUP issues.
    
    See - 
    

    Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

     

    http://www.symantec.com/business/support/index?page=content&id=TECH104539&actp=search&viewlocale=en_US&searchid=1287594345166

     

    Moving this thread to the Endpoint forum.

     

    Best,

    Thomas

     



  • 3.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 01:47 PM

    Yeah, this seems to be GUP related:

    10/20 10:32:02 [4872] Request> http://137.185.136.211:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/101019039/Full.zip
    10/20 10:32:04 [4872] SendRequest() failed.
    

    Is port 2967 open on the IP noted above?

    sandra



  • 4.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 03:09 PM

    yeah it is getting its updates from the GUP. The port is open, i have to double check but i can almost be sure since all the other systems in that same area are updating, i dont suspect it to be the port.



  • 5.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 03:11 PM

    On a machine that is not getting an update, try visiting the link in a web browser:

    http://137.185.136.211:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/101019039/Full.zip

    Do you get a prompt to run/save?



  • 6.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 03:24 PM

    It cannot display the webpage, so it does not prompt for anything.

     

    Also this is an information note i am being prompted when running the support tool. Not sure if there are some settings that are missing that is not allowing it to connect properly. Tried going to another system that was updating but it is similar to this one.

    The registry value 'GlobalUserOffline' in the registry key: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings was not found.



  • 7.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 03:52 PM

    I think its my proxy settings, even though it is checked to bypass proxy server for local addresses, for some reason it does not like that setting. once i disable that i can download the definition file at

    http://137.185.136.211:2967/content/{C60DC234-65F9-4674-94AE-62158EFCA433}/101019039/Full.zip

     

    strange thing here is that other systems have the same setting, cant get to that address and are receving updates just fine.



  • 8.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 04:03 PM

    Are you by chance running IE9 beta on these systems?

     

    https://www-secure.symantec.com/connect/forums/warning-ie9-beta-causes-sep-client-not-update-virusdefinitions

     



  • 9.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 04:09 PM

    nope, we are on IE 8. Our current approved patch level does not allow IE9.



  • 10.  RE: Symantec Endpoint Clients not Updating

    Posted Oct 20, 2010 04:31 PM

    We had done a tech refresh from serve 2003 to server 2008 and it seems that our Group Policy is acting funny ever since. I went ahead and disabled the proxy settings and they started updating right away. another note is that i had the GUP for these computers set to the SEPM, i changed it to download from the management server instead which is actually the same but it did not like having it set to the GUP.