search cancel

Endpoint Protection Manager fails LiveUpdate when configured to use NT LAN Manager Authentication

book

Article ID: 174256

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Threat Defense for Active Directory

Issue/Introduction

When the Symantec Endpoint Protection Manager (SEPM) is configured to run LiveUpdate via the "NT LAN Manager Authentication" method, the LiveUpdate session fails with an error code 4.

Per the LiveUpdateTask-0.log, LUALL.EXE is terminated due to errors while processing updates:

019-03-13 15:56:07.442 THREAD 30536 WARNING: SemLaunchService> parseServiceReturnText>> launch service return code: 4
2019-03-13 15:56:07.509 THREAD 30536 INFO: LiveUpdateTask>> LiveUpdate encountered one or more errors. Return code = 4.
2019-03-13 15:56:07.734 THREAD 30536 INFO: LiveUpdateTask>> LUALL.EXE finished running.
2019-03-13 15:56:07.785 THREAD 30536 INFO: LiveUpdateTask>> LiveUpdate failed.

 

3/13/2019, 10:26:02 GMT -> LiveUpdate couldn't expand replacement path [spcIronRl-incr-InstallDir].
3/13/2019, 10:26:02 GMT -> Progress Update: PATCH_ERROR: Patch File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Updt715\1552468457jtun_irev190312053.7z", Script File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Updt715\IrvSP12i.dis", HR: 0x802A0006
3/13/2019, 10:26:02 GMT -> HR 0x802A0006 DECODE: E_DIS_SCRIPT_SYNTAX_ERROR
3/13/2019, 10:26:02 GMT -> Progress Update: PATCH_FINISH: Patch File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Updt715\1552468457jtun_irev190312053.7z", Script File: "C:\ProgramData\Symantec\LiveUpdate\Downloads\Updt715\IrvSP12i.dis", HR: 0x802A0006
3/13/2019, 10:26:02 GMT -> HR 0x802A0006 DECODE: E_DIS_SCRIPT_SYNTAX_ERROR
3/13/2019, 10:26:02 GMT -> EVENT - PRODUCT UPDATE FAILED EVENT - Update available for SEPM Iron Revocation List 14.2 RU1 - MicroDefsB.CurDefs - SymAllLanguages. Update for CurDefs takes product from update 190312053 to 190313003. Server name - liveupdate.symantecliveupdate.com, Update file - 1552468457jtun_irev190312053.7z, Signer - cn=Symantec Corporation,ou=Locality - Tuscon Prod 1 and 2,ou=Product Group - LiveUpdate,ou=SymSignature 2005,o=Symantec Corporation, package install code 0. The Update executed with a result code of 1825, => The install script for this product had a syntax error, so LiveUpdate could not install it.
3/13/2019, 10:26:03 GMT -> Progress Update: PATCH_PROCESSING_FINISH: Number of patches: 1, Num successful: 0
3/13/2019, 10:26:03 GMT -> Product = SEPM Content Catalog, Version = 14.2 RU1, and Language = SymAllLanguages was aborted from this LiveUpdate session.
3/13/2019, 10:26:03 GMT -> Reason for product being aborted => This product was not updated due to a processing error.

 

Environment

SEPM 14.2 RU1

Resolution

You will need to apply the following work around for the user account designated in the SEPM for NT LAN Manager Authentication:

  1. In your Domain Controller, open group policy settings (gpedit.msc).
  2. Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options.
  3. Ensure the following 3 policies are set as:
    • User Account Control: Admin Approval Mode for the Build-in Administrator account = Disabled / Not Defined
    • User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode = Elevate without prompting / Not Defined
    • User Account Control: Run all administrators in Admin Approval Mode = Disabled
  4. Restart the SEPM server.
  5. Launch LiveUpdate from the SEPM console and verify contents are updated.