Group Update Providers (GUPs) are not caching complete content and Endpoint Protection clients not updating from GUPs

book

Article ID: 170083

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You noticed that your Symantec Endpoint Protection (SEP) 12.1.x clients are no longer able to get content definitions from their Group Update Providers (GUPs). When looking at the GUPs SharedUpdates folder, many of the full and delta definitions show as 1 KB in size.

GUPs SharedUpdates folder location:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\<version>\Bin\SharedUpdates\

SEP client debug.log from GUP:

2017/08/25 11:58:56.261 [6352:5928] GUProxy - **downloadHelper.CreateUrlRequest Succeed to GET://<SEPM IP Address>:8014/content/TempCache/{07B590B3-9282-482f-BBAA-6D515D385869}/170723008/xdelta170723008_To_170824021.dax, begin from 0 with size 1048576

2017/08/25 11:58:56.261 [6352:5928] GUProxy - Download failed GET://<SEPM IP Address>:8014/content/TempCache/{07B590B3-9282-482f-BBAA-6D515D385869}/170723008/xdelta170723008_To_170824021.dax  ResponseStatus=416

HTTP/1.1 416 Requested Range Not Satisfiable

Connection: close

 

Cause

In this case, customer using a Layer 7 firewall appliance that does HTTP Header checking that manipulated the traffic between the Symantec Endpoint Protection Manager (SEPM) and the GUPs.

Resolution

The Layer 7 firewall appliance was configured to ignore HTTP Header checking for traffic between the SEPM and the GUPs.