Clients fail to update contents and sylink monitor log shows "Download file failed due to wrong file size... Expected file size: 0".
search cancel

Clients fail to update contents and sylink monitor log shows "Download file failed due to wrong file size... Expected file size: 0".

book

Article ID: 152538

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Some Symantec Endpoint Protection (SEP) clients, most likely clients in a remote site, fail to update their contents from either Symantec Endpoint Protection Manager (SEPM) or Group Update Provider (GUP). When you investigate with sylink monitor log, you see "Download file failed due to wrong file size... Expected file size: 0"

In sylink monitor log, you see messages similar to below:
----------------------------------------------
06/17 15:26:53 [3728] <mfn_RequestLUContentInfo:>Received LU Info :  Moniker: {1CD85198-26C6-4bac-8C72-5D34B025DE35} Target Seq:100616022 Response header: HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.0
Sem-LUPath: /content/{1CD85198-26C6-4bac-8C72-5D34B025DE35}/100616022/Full.zip
Sem-LUFull: 1
Sem-LUDeltaBaseSeqName:
Sem-PackageType: 1
Sem-DeltaMethod: 1
X-Powered-By: ASP.NET
Date: Thu, 17 Jun 2010 03:26:52 GMT
Content-length: 82426172
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
...
...
06/17 15:31:05 [1348] <LUThreadProc>@@@@@@@@@ LU DEBUG ONLY- Download file failed due to wrong file size.
 FileName:C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\LiveUpdate\LUF{1CD85198-26C6-4bac-8C72-5D34B025DE35}1006160221.TMP Expected file size: 0
----------------------------------------------
Please note: In the above, "Content-length" has a lower case "l" and Expected file size is 0

Cause

The clients communicate with SEPM through a proxy. The HTTP header containing content information sent out by SEPM is re-written by the proxy. The proxy changes "Content-Length" in the header to "Content-length". However, prior to Release Update (RU) 6 Maintenance Patch (MP) 2, SEP uses case sensitive search to obtain the content length information hence it fails to recognize it. The HTTP header out of SEPM is similar to below:

---------------------------------------------
Content-Length: 82426172
Content-Type: text/html
Server: Microsoft-IIS/7.0
Sem-LUPath: /content/{1CD85198-26C6-4bac-8C72-5D34B025DE35}/100616022/Full.zip
Sem-LUFull: 1
Sem-LUDeltaBaseSeqName:
Sem-PackageType: 1
Sem-DeltaMethod: 1
X-Powered-By: ASP.NET
Date: Thu, 17 Jun 2010 03:26:52 GMT
Connection: close
--------------------------------------------
 

Resolution

This issue is resolved in Symantec Endpoint Protection 11 Release Update (RU) 6 Maintenance Patch (MP) 2. For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining the latest version of Endpoint Protection or Network Access Control 11.

 
Obtaining the latest version of Endpoint Protection or Network Access Control 11

As a workaround without upgrading, configure clients to bypass proxy server. You may need to configure bypassing for the system account.


Applies To

There is a proxy server in the environment and clients are configured to use proxy server for HTTP.

Powered by Wolken Software