Endpoint Protection

 View Only
Expand all | Collapse all

SEP 11 not updating from GUP

pete

peteJun 20, 2012 09:21 AM

Chetan Savade

Chetan SavadeJun 20, 2012 03:18 PM

  • 1.  SEP 11 not updating from GUP

    Posted Jun 20, 2012 08:18 AM

    Hey all,

    Strange situation here.

    We recently started to migrate all out SEPM machines to GUP machines apart from 2 management server ( we had about 15 management servers globally ) 

    Now we have one country where the servers are receiving their updates properly, but the clients don't

    Firewall isn't being a problem, we are able to manually telnet to the device, the client just does't try to get the updates from the GUP, any ideas ?

    Cheers,

    -S



  • 2.  RE: SEP 11 not updating from GUP

    Trusted Advisor
    Posted Jun 20, 2012 08:27 AM

    Hello,

    What version of SEPM are you running globally? From What version to which version was the migration taken place?

    Are the GUP clients updated as well?

    Are the Clients properly communicating to the SEPM Server and the GUP client machines?

    Are the GUP client machines updated with the Latest definitions?

    Troubleshooting Articles:

    Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)

    http://www.symantec.com/docs/TECH104539

    Symantec Endpoint Protection: LiveUpdate Troubleshooting Flowchart

    http://www.symantec.com/docs/TECH95790

    Troubleshooting Content Delivery to the Symantec Endpoint Protection client

    http://www.symantec.com/docs/TECH106034

    Could you upload us the sylink.log from 1 of the client machines which are not taking the updates. Check the Article on how to pull the sylink logs

    http://www.symantec.com/docs/TECH104758

    Hope that helps!!



  • 3.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 08:41 AM

    Are the clients/servers in the same or different group?

    Are you using a location awareness policy to denote which policy the machines will get and what location they should be in?

    Has the policy been applied?



  • 4.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 09:21 AM

    post the sylink log from the client



  • 5.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 09:40 AM

    Hi,

    After SEPM demoted did you change SEP clients sylink.xml? Did you point SEP clients to proper SEPM?

    If yes, check promoted GUP's are actually acting as a GUP or not.

    How to search for the clients that act as Group Update Providers ?

    http://www.symantec.com/docs/TECH96094

     



  • 6.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 11:17 AM

    to clarify, the machines are no longer allowed to download from a SEPM machine, the managers still exist, they are however forced to connect to the one in the centralized area.

    The GUPS are in a different group then the clients, however for all the other 16000+ machines in different countries this isn't a problem.

    When checking the SylinkMonitor, i actually don't see it trying to downloading anything, there is no connection attempt, nothing.

    The specific GUP is updated to the lastest updates and the servers that communicate to it have no problem geting updates themselves.

    Cheers for the replies so far.

    -S



  • 7.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 11:17 AM

    sylink log should give some more information about the connectivity between client & SEPM/GUP



  • 8.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 11:52 AM

    the client has requested the updates from SEPM.

    Is the client supossed to get the updates only from GUP i.e. have you set do not by pass GUP? if yes, then the client is unable to reach the GUP machine. Please check if the GUP machine is available for content distribuition.

     



  • 9.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 12:00 PM
      |   view attached

    The client is properly connected to the SEPM and receiving all information it should, it just never tries to download anything, and the definitations are 2 months old, it should be triggered by now.

    I refuse to do it manually as we allow downloads from Liveupdate@Symantec so it will be able to get the latest manually, i just prefer it to update automagically.

    The version being used is 11.0.5002.333 for SEPM GUP and Clients.

    -S

     

    EDIT:

    Attached the running Sylink logfile changed some names to standard names but that shouldn't make the data useless.

    -S

    EDIT 2:

    The ip of the GUP is 172.22.25.65
    The ip of the Client is 172.22.21.39

    Attachment(s)

    txt
    log_28.txt   413 KB 1 version


  • 10.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 12:03 PM

    The machine actually doesn't get updates from SEPM as it isn't allowed to, only from the GUP machines.

    I Edited the previous post with some more information.

    Thanks Pete for the effort so far.



  • 11.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 12:12 PM

    yeah, since the client always check with SEPM to know if new content is available . SEPM has the latest definition however client is not able to find the GUP hence it is not updated. You may test by allowing client to connect to SEPM  else you have make GUP available for the client.



  • 12.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 12:20 PM

    There are other machines using the GUP to update, they have no problems.

    There is actually no machine that is allowed to get updates from SEPM, and yet almost all machines are reasonably up to date.

    According to the log it should get a full update but the GUP isn't being contacted.



  • 13.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 12:28 PM

     

    check this link

    Troubleshooting the Group Update Provider (GUP) in Symantec Endpoint Protection (SEP)
    http://www.symantec.com/business/support/index?page=content&id=TECH104539
     



  • 14.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 12:37 PM

    Hi Pete,

    Already went through that link, didn't help me with resolving the problem to be honest, as said, there are machines using that specific gup to update, the local client is able to telnet to the gup on the ports used, no problem there.

    -S



  • 15.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 12:41 PM

    does this client have registry entry showing the GUP IP ?

    something like this?

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\LiveUpdate

    MasterClientHost"="192.168.2.4"
    "MasterClientPort"="2967"
     



  • 16.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 12:44 PM

    it does have the port, just not the IP, i did read somewhere that that will be empty in a multiserver area with multiple gups being responsible for the area.



  • 17.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 12:49 PM

    yep, if it is multiple GUP then it will be blank.

    umm do you ave the debug logs? i suggest to open a support case.



  • 18.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 12:52 PM
    Hey pete. Already opened a case i was however hoping that yhr community would be faster with the resolution..thanks for the support so far. When i have the solution i will post it here.


  • 19.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 01:28 PM

    Hi,

    Machine acting as a GUP will have "shared updates" folder inside SEP installed folder.

    Delete all the content inside shared update folders. 

    Repair SEP client & reboot the system.

     

     



  • 20.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 01:58 PM

    Dear Chetan,

    Already tried this, also the GUP is updating some machines just not most, so i doubt the gup itself should be the problem in this case ?

    Maybe a config setting that is wrong somewhere ?



  • 21.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 02:33 PM

    Hi,

    Try to run RX4Defs utility on 2-3 affected machines.

    How to determine if virus definitions of Symantec Endpoint Protection client (SEP) 11 or 12 Small Business Edition, are corrupted

    http://www.symantec.com/docs/TECH97677 

    How to clear out definitions for a Symantec Endpoint Protection 12.1 client manually

    http://www.symantec.com/docs/HOWTO59193 

    OR

    Try running utility "Rx4DefsSEP" on 2-3 affected machines & check.

    http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US



  • 22.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 02:41 PM

    Hi Chetan,

    Thank you for the information, can you please let me know if the Rx4Defs utility tries to connect to the symantec.com server when it isn't able to perform the repair from our local servers ?

    i'm trying to avoid using the symantec.com servers as a solution as that doesn't tell me if the problem is resolved or not.

    Also it is one specific country that isn't updating, performing a manual update towards Symantec.com updates the client once, so i doubt that the definitions themself are corrupted.

    According to the log file there isn't a connection created towards the GUP which makes me think it doesn't know it exists.



  • 23.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 02:57 PM

    Hi,

    Thank you for the information, can you please let me know if the Rx4DefsSEP utility tries to connect to the symantec.com server when it isn't able to perform the repair from our local servers ?

    -> Answer is No

    Rx4DefsSEP utility will remove only definitions, it won't touch to policies.

    There won't be any harm to run this tool on 2-3 machines.

     



  • 24.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 03:12 PM

    Hi Chetan,

    Thanks for the swift reply.
    The tool can only be received by contact support, i already have a support call open and i'm still waiting to be called, you happen to know a way to get the tool ?

    Cheers,

    -S



  • 25.  RE: SEP 11 not updating from GUP

    Broadcom Employee
    Posted Jun 20, 2012 03:18 PM

    Hi,

    Could you please share case number with me?



  • 26.  RE: SEP 11 not updating from GUP

    Posted Jun 20, 2012 04:03 PM

    Hi Chetan,

     

    No luck, still no updates received, the program itself is actually hanging ( i think ) on DETAILSAV

    The SyLink monitor still hasn't shown a connection attempt to the GUP

    As the gup is in a different subnet, i added the gup as a failsafe in the list but this is also not working.