Endpoint Protection

In Brief,
Test server is in an isolated environment with no internet access.
Background info:

Brand new install 2k8 64 bit non R2
SEPM 11.0.6a

Test clients : 2003 r2 sp2 x86, 2008 64bit non r2, 2003 r2 sp2 x64, win7 x64

Issue :

After deploying the jdb file, x86 definition got installed on SEPM.
x64 definition got an error when trying to update.

According to "Admin" tab --> "servers" section --> local site, it should constantly "rapid response content failed to install".

Any clue guys ?

Thanks in advance.

Sorry for the typo,

According to "Admin" tab --> "servers" section --> local site, it should constantly "rapid response content failed to install".

should be :-

According to "Admin" tab --> "servers" section --> local site, it's constantly showing "rapid response content failed to install".

instead.

Thanks.

Is the JDB the Rapid Release defs, or the Certified Daily definitions?

From another post I made, may not all be relevant, but what the hey...

1- Try emptying this folder; are you using LiveUpdate Administrator, too?
C:\Program Data\Symantec\LiveUpdate\Downloads

2- Make sure the following folder exists:
C:\Program Data\Symantec\Definitions\SymcData\sesmvirdef32
(there should also be a sesmvirdef64 folder there too)

(https://www-secure.symantec.com/connect/forums/sepm-not-updating-antivirus-definitions#comment-3392471)

sandra

do let know if the link is helpful in addressing the issue

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009050115353048

Try this
How to clear corrupt Virus Definitions from SEPM

1. Stop   the SEPM server service.

2. Go to "…\Inetpub\content\{C60DC234-65F9-4674-94AE-62158EFCA433}" folder and deleted all the sub folders

3)  Go to C:\Program Files\Common Files\Symantec Shared\SymcData\ and delete the following folders:
sesmipsdef32
sesmipsdef64
sesmvirdef32
sesmvirdef64

4)In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps.
Delete these keys
SymcData-sesmipsdef32
SymcData-sesmipsdef64
SymcData-sesmvirdef32
SymcData-sesmvirdef64

5). In the registry, navigate to and delete the following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmipsdef64
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef32
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\SymcData-sesmvirdef64

6). Start the SEPM service back up.

7). Apply the jdb

Symantec Endpoint Protection Manager 11.x is not updating 32 or 64 bit virus definitions.http://service1.symantec.com/support/ent-security.nsf/docid/2008041516215948

To all, I will try the opinions one by one.
Thanks for all the reply.

I will response as I progress. Thanks all :)

Tried  doesn't do the trick. I'll keep trying. if you happen to come across any further suggestion let me know. thanks again . ! :)

Thanks for the suggestion,

jdb folder looks clean in my scenerio. Thanks for the advice. If you come up with other suggestion. Feel free to let me know. Thanks again :)

when your downloading JDB make sure you are downloading one for 64 bit sepm;
there is two one is for 32 bit sepm and one is for 64 bit sepm
http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce
restart sepm service one you put the jdb file

The JDB is listed in two different places, but there is no 64-bit-specific JDB file.  It is the same file.  The MD5 hash is exactly the same in both places.

sandra

Thanks for the link. I tried it out. Doesn't work for my case.

Thanks for the info. If you have further info regarding to this . feel free to let me know.

Thanks !

JDB file are for SEPM use and they contain both 32bit and 64bit definition embedded.

It doesn't seem to have an impact on the issue.

Any other suggestion you may have ?

Thanks :)

yes sir; I know that; since your manager is in 64 bit did u download the jdb file for 64 bit manager???

Yes.. but it depends if your sepm is installed on 32 or 64 bit machine
check the link below
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048

The sesmlu.log file should record what happened when the JDB was applied.  (Default location: %program files%\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\)

Bear in mind that the other types of content have no similar off-line method of updating as the JDB does for Antivirus definitions.  Is your production machine going to be isolated in the same way?

There is only one JDB file.  It happens to be noted in two places on the download page, but the MD5 hashes are the same, file names are the same, file sizes are the same.   The download links are the same. From the definition download page:

Symantec Endpoint Protection Manager installations on Windows platforms (32-bit)
File Name     Creation Date     Release Date     File Size     MD5 | all
vd318402.jdb | FTP     06/02/2010     06/02/2010     80.12 MB     6F8AE060DD5A23CDFF6ECA2D255885D6
Download link: http://definitions.symantec.com/defs/jdb/vd318402.jdb

Symantec Endpoint Protection Manager installations on Windows platforms (64-bit)
File Name     Creation Date     Release Date     File Size     MD5 | all
vd318402.jdb | FTP     06/02/2010     06/02/2010     80.12 MB     6F8AE060DD5A23CDFF6ECA2D255885D6
Download link: http://definitions.symantec.com/defs/jdb/vd318402.jdb

It is possible that when the document was created there were two separate JDBs, but that is not the case now.

sandra

Thanks for clairifying about the JDB file. We had been using the .jdb file for deployment method since MR2.

Yes, my test environment is isolated to internet access . This is the default production environment as well.

I will go gather the log and attach back on my next reply.

Thanks !

The same jdb file can be applied on both 32bit or 64bit management console..... unless they changed now. I had been using this method since 11.0.2x. It will be a bad news to know if thy changed now.... anyway, I will try it out and get back to you.

Thanks for the suggestion.

The same jdb file can be applied on both 32bit or 64bit management console ..... unless they changed now. I had been using this method since 11.0.2x. hopefully they didn't changed now.... anyway, I will give it a shot and get back to you.

Thanks for the suggestion. :)

Same issue still presist. :(
Any idea welcome

Same issue still presist. :(
Any idea welcome

here's the SesmLu.log.

In the mean time, I will try uninstall and reinstall live update see if it will help after this post.


Thanks.

I took a look on the log. It looks like the liveupdate is missing or cannot locate a module.

I will proceed with uninstall and reinstall liveupdate and "reconfig" the database and see how it goes.

I will keep everyone updated.

Thanks for everyone's involvement.

Appreciated.

For re-installing liveupdate follow this doc
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100907303548

Thanks for the suggestion,

I confirmed it already has full permission.

Cheers.

FYI, regarding that document, I went through it and updated errors I found that were present.

Title: 'How to update definitions for Symantec Endpoint Protection Manager using a JDB file'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007100820002048

sandra

I see this and immediately think DCOM permissions...

[0910:0620] Jun 02 10, 11:58:36 AM ERROR  SesmLu: Failed to initialize COM. Aborting. at .\SesmLu.cpp[144]

See the bottom section of this document, "Checking DCOM settings":

Title: 'Troubleshooting Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection installations: Checking rights and permissions'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002103013521548

Fingers crossed,
sandra

Thanks for your time,

I will double check that as well.

Thanks :)

I eventually did couple things.

1. 
   
   Build another server with same h/w spec and install SEPM on it and confirm installation steps are correct.
2. Applied June 2 , 3 , 4 definition on the new build server to confirm definition are working correctly.
3. Compared security and permission setting as suggested by Sandra (http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002103013521548)
4. Make the changes on the non working machine referencing to the working one.
5. Uninstall liveupdate the add / remove program on the not working machine.
6. Rebuild the DB on SEPM
7. Reinstall Live update 3.3 from the Installation CD.
8. Reapply definition file from June 2, 3, 4 .
9. Verify with the test clients will they update to the above 3 definitions.
10. Completed. Problem Solved.

Thanks for everyone help along the way.

Appreciated.