Endpoint Protection

 View Only
Expand all | Collapse all

SEP for Mac Internal LiveUpdate server, Java requirements?

  • 1.  SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 15, 2010 05:08 PM

    Hey guys!
       I currently setting up a test environment to run SEP (11.0.6) on my Macintosh machines.  I have LUA 2.2.2.9 set up and correctly configured.  We are moving our Macintosh machines to 10.6.4 (snow Leopard) and I am testing on this platform.  I've created a client install package off of my Symantec Endpoint Protection Manager console and have install this successfully on my test machine.  I have also exported the java client settings from LUA and have placed the liveupdt.hst file into "\Library\Application Support\Symantec\LiveUpdate".  Both my LUA server and SEP Manager console are on two seperate VMs.  The issue that I am encountering is an error while running liveupdate from snow leopard to my LUA:





    My liveupdt.log indicates:

    Jul 15, 2010 8:41:59 AM A LiveUpdate server could not be selected.

    Jul 15, 2010 8:41:59 AM

    Jul 15, 2010 8:41:59 AM The Java LiveUpdate session did not complete successfully.

    Jul 15, 2010 8:41:59 AM Return code = -2,001

    Which I believe means that I need to update my version of jre.  I am currently running jre update 1 which needs to be inplace for other software on our machines.  If we upgrade to jre update 2 it will break other programs.  My question would be, is it possible to run liveupdate on snow leopard and not update the jre?  I havent been able to find much on this, and any info would be very helpful! thanks in advance.

    -Paul




  • 2.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 15, 2010 05:13 PM
    Check this article

    Title: '"There was an error performing the update" when running Macintosh LiveUpdate retrieving updates from an IIS server'
    Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009021311350848


  • 3.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 15, 2010 05:38 PM
    I added to my mime types before I exported the package/.hst file.  heres some shots of my mime types.  I believe that these are correct but please advise.











    These were the only extensions located in my clu-prod share.


  • 4.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 15, 2010 06:32 PM

    -2,001 just means that Java LiveUpdate could not connect and download the catalog file from any server.  For a few lines above what you've pasted in, is there any indication that a site is actually being attempted to be connected to?

    I haven't really encountered Java compatibility issues--so you have not applied Java updates via Software Update?

    Rather than use the .hst file, I would recommend putting the URL to your LUA server in a LiveUpdate policy, provided these are managed clients.

    Just to clarify, your distribution center is being hosted by IIS rather than the built-in Apache?

    Also, this can occur if the SEP for Mac content is not correctly selected and being distributed (i.e. the correct catalog file is not present).  If you haven't already looked at this document, please do so.  I revised it heavily after inhouse testing.

    Title: 'Using the LiveUpdate Administrator on a PC to download updates for Symantec Endpoint Protection/Symantec AntiVirus 10 for Macintosh clients'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007152728050998

    sandra


  • 5.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 15, 2010 06:33 PM
    These should be sufficient -- the .osi and .osx are the definition file types.

    sandra


  • 6.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 15, 2010 07:03 PM

    I'll second Sandra's suggestion of using a Live Update policy in SEPM.  I have rolled SEP for Mac out to about 70 clients (10.5.8 & 10.6.3) and they have not had any trouble getting updates from my LUA using the LiveUpdate Policy.

    Sandra, thanks for updating that document, hope it saves someone else all the trouble I had finding those settings!

    -Chris


  • 7.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 16, 2010 10:22 AM
      |   view attached

    thanks for the quick responses guys! :)

    Sandra, I ran into your document while designing my test and It was very helpful.  I looked it over again and I believe that I have everything in place that is in your instructions.

    I am using IIS to host my files rather then Apache, because I know a lot more about IIS then Apache, but I would be will to switch if recommended. 

    I believe that I have the content for my Macintoshes correctly downloaded and distributed.  It is showing this in the event log of my LUA here:



    For my download I only have these selected for Symantec Endpoint Protection v11.0 English, because our PCs are currently being updated by our Management Console.

       -LiveUpdate Updates
          -LiveUpdate for Macintosh 5.1.2 English

       -Product Updates
          -Symantec Endpoint Protection Client Macintosh 11.0.6000 English
          -Symantec Scheduler for Macintosh 4.0.3 English

       -Virus Definitions
          -Symantec Endpoint Protection for Mac Virus Defs

    I have a different download Schedule for LiveUpdate, Product Updates, and Virus Definitions to help spread out the load on the network; I have one distribution schedule for all three of these download schedules.

    Regarding the LiveUpdate Policy of these machines, I do also have the url to my clu-prod share in a policy, set to a group, in my Management Console, that has my Macintosh in it.  My error might be having the policy inplace and the .hst file?






    I have attached my java update file that was provided by our in house Mac tech.  We have to run this one over the jre update 2 that shows up in Software Update because jre update 2 will break other programs that we will be running on our Macs.

    heres the section of my log file that I origionally posted before:

    ============================================================

    Jul 15, 2010 8:41:58 AM Java LiveUpdate launched with the command line = -c /Library/Application Support/Symantec/LiveUpdate/liveupdate.conf --abort-on-file-exists /private/tmp/liveupdate.0.GnFAUu --available-list /private/tmp/liveupdate.1.SDCEUa [ -p Symantec Endpoint Protection for Mac Virus Defs -v MicroDefsB.Full -l SymAllLanguages -z 0 -t IntelVirusDef ] [ -p Symantec Endpoint Protection for Mac Virus Defs -v MicroDefsB.CurDefs -l SymAllLanguages -z 2010031832 -t IntelVirusDef ] [ -p LiveUpdate for Macintosh -v 5.1.2 -l English -z 0 -t MacUpdate ] [ -p LiveUpdate for Macintosh -v 5.1.2 -l English -z 0 -t Update ] [ -p Symantec Endpoint Protection Client Macintosh -v 11.0.6000 -l English -z 0 -t MacUpdate ] [ -p Symantec Endpoint Protection Client Macintosh -v 11.0.6000 -l English -z 0 -t Update ] [ -p Symantec Scheduler for Macintosh -v 4.0.3 -l English -z 0 -t MacUpdate ] [ -p Symantec Scheduler for Macintosh -v 4.0.3 -l English -z 0 -t Update ]

    Jul 15, 2010 8:41:58 AM Symantec Endpoint Protection for Mac Virus Defs, MicroDefsB.Full, SymAllLanguages, IntelVirusDef, 0

    Jul 15, 2010 8:41:58 AM Symantec Endpoint Protection for Mac Virus Defs, MicroDefsB.CurDefs, SymAllLanguages, IntelVirusDef, 2010031832

    Jul 15, 2010 8:41:58 AM LiveUpdate for Macintosh, 5.1.2, English, MacUpdate, 0

    Jul 15, 2010 8:41:58 AM LiveUpdate for Macintosh, 5.1.2, English, Update, 0

    Jul 15, 2010 8:41:58 AM Symantec Endpoint Protection Client Macintosh, 11.0.6000, English, MacUpdate, 0

    Jul 15, 2010 8:41:58 AM Symantec Endpoint Protection Client Macintosh, 11.0.6000, English, Update, 0

    Jul 15, 2010 8:41:58 AM Symantec Scheduler for Macintosh, 4.0.3, English, MacUpdate, 0

    Jul 15, 2010 8:41:58 AM Symantec Scheduler for Macintosh, 4.0.3, English, Update, 0

    Jul 15, 2010 8:41:58 AM Using character set UTF-8

    Jul 15, 2010 8:41:58 AM Command-line Product Selections to update:

    Jul 15, 2010 8:41:58 AM (ProdName, Version, Lang, ItemSeqName, SeqNum)

    Jul 15, 2010 8:41:58 AM Adding JLU to the current command line

    Jul 15, 2010 8:41:58 AM JLU Macintosh, 3.6, English, LiveUpdateSeq, 20

    Jul 15, 2010 8:41:59 AM Java Version 1.6.0_17.

    Jul 15, 2010 8:41:59 AM Mac OS X 10.6.4

    Jul 15, 2010 8:41:59 AM Java LiveUpdate version 3.6 Build 20.

    Jul 15, 2010 8:41:59 AM ProductInventory: parsed default inventory file: /etc/Product.Catalog.JavaLiveUpdate

    Jul 15, 2010 8:41:59 AM Inventory File Product Selections to update:

    Jul 15, 2010 8:41:59 AM (ProdName, Version, Lang, ItemSeqName, SeqNum)

    Jul 15, 2010 8:41:59 AM The property maxZipFileSize in config file is 614,400

    Jul 15, 2010 8:41:59 AM The property maxTriFileSize in config file is 10,485,760

    Jul 15, 2010 8:41:59 AM The property maxPackageSize in config file is 734,003,200

    Jul 15, 2010 8:41:59 AM The property maxPackageContentSize in config file is 734,003,200

    Jul 15, 2010 8:41:59 AM Cache is disabled.

    Jul 15, 2010 8:41:59 AM Checking to see if JLU can connect to its own listener thread.

    Jul 15, 2010 8:41:59 AM Checking to see if a session of JLU is running at port [port number].

    Jul 15, 2010 8:41:59 AM An active JLU session has been detected.

    Jul 15, 2010 8:41:59 AM JLU was able to successfully connect to its own listener thread.

    Jul 15, 2010 8:41:59 AM Downloading minitri.flg to /private/tmp/liveupdate/1279201319275/minitri.flg ...

    Jul 15, 2010 8:41:59 AM Connecting to [xxx.xxx.xxx.xxx]:7070 via HTTP ...

    Jul 15, 2010 8:41:59 AM Connected to [xxx.xxx.xxx.xxx] sending request ...

    Jul 15, 2010 8:41:59 AM Waiting for response ...

    Jul 15, 2010 8:41:59 AM Downloading livetri.zip to /private/tmp/liveupdate/1279201319275/livetri.zip ...

    Jul 15, 2010 8:41:59 AM Connecting to [xxx.xxx.xxx.xxx] via HTTP ...

    Jul 15, 2010 8:41:59 AM Connected to [xxx.xxx.xxx.xxx] sending request ...

    Jul 15, 2010 8:41:59 AM Waiting for response ...

    Jul 15, 2010 8:41:59 AM A LiveUpdate server could not be selected.

    Jul 15, 2010 8:41:59 AM

    Jul 15, 2010 8:41:59 AM The Java LiveUpdate session did not complete successfully.

    Jul 15, 2010 8:41:59 AM Return code = -2,001

    Jul 15, 2010 8:41:59 AM 

    I edited out addresses n' such, but I hope its helpful for the cause.  Thanks for your time.

       -Paul

     





    Attachment(s)

    zip
    JavaForMacOSX10.6Update1.zip   78.79 MB 1 version


  • 8.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 16, 2010 10:37 AM
    After posting this I believe that I may have found my error, Ill be back in a bit to see if this fixes things


  • 9.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 16, 2010 10:47 AM

    Thanks for the additional information.  If you're comfortable with IIS there's no reason not to use it.

    Jul 15, 2010 8:41:59 AM Downloading minitri.flg to /private/tmp/liveupdate/1279201319275/minitri.flg

    So it was able to get the minitri.flg?  There's a "..." indicating something was snipped out.

    Jul 15, 2010 8:41:59 AM Downloading livetri.zip to /private/tmp/liveupdate/1279201319275/livetri.zip ...
    Jul 15, 2010 8:41:59 AM Connecting to [xxx.xxx.xxx.xxx] via HTTP ...
    Jul 15, 2010 8:41:59 AM Connected to [xxx.xxx.xxx.xxx] sending request ...
    Jul 15, 2010 8:41:59 AM Waiting for response ...
    Jul 15, 2010 8:41:59 AM A LiveUpdate server could not be selected.
    
    
    Where it says "Downloading", that is slightly misleading--it is really requesting to download that file from that location.  After the "Waiting for response", what should happen next is a "Receiving file" / "transfer completed" exchange, but that's not happening.

    So the client has the right information to make the connection (providing the obfuscated IP is the same :7070 number in the policy screenshot), is trying to make the download, but it pretty much is being shut down immediately, with unfortunately no error reporting as to why. :-/

    Is the file livetri.zip present in your distribution site share?  If you try to download this file via a browser does it succeed? (i.e. http://xx.xx.xx.xx:7070/livetri.zip)  Alternately, what do the IIS logs reveal?

    Is the shared directory set to read/write/browse?  There's some info on configuring IIS for use with LUA in this doc.  You've probably already seen this, but in case not:

    Title: 'LiveUpdate Administrator 2.x installation walk through'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110713575648

    Hope this helps!

    Thanks,
    sandra


  • 10.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 16, 2010 10:48 AM
    Heh, while I was typing...

    sandra


  • 11.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 16, 2010 10:51 AM
    While referring back to Sandra's Document, I realized that my address in my policy on my Management Console should of been http://xxx.xxx.xxx.xxx:7070/clu-prod.  proving once again that the pros are always right.  after changing this and re-exporting my client (which I probably just could of updated the policy from my Mac), uninstall/reinstall the client, I have a working LiveUpdate on a Mac that is running jre LiveUpdate 1, on snow leopard.  Thanks for your paitence guys!

       -Paul


  • 12.  RE: SEP for Mac Internal LiveUpdate server, Java requirements?

    Posted Jul 16, 2010 11:36 AM

    You're welcome!

    sandra