search cancel

14.2 Endpoint Protection clients fail to update through a Group Update Provider until after a service restart

book

Article ID: 175101

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

14.2 Endpoint Protection (SEP) clients fail to update through a Group Update Provider (GUP) until after the SepMasterService is restarted.  (i.e. smc -stop / -start)  The specifics of this issue are as follows:

  1. The client must have a current LiveUpdate policy that points to a GUP that is not actually a GUP or that the client cannot connect to.
  2. The LiveUpdate policy is updated to point to a working GUP that the client can connect to.
  3. The client is able to download the updated LiveUpdate policy, but ultimately never attempts to connect to the new GUP even after the policy updates. 
  4. Restarting the SEP service or the operating system results in the client using the new policy and successfully updating through the GUP. 

Old LiveUpdate Policy: GUP configured for 10.7.180.103
New LiveUpdate Policy: GUP configured for 10.7.180.102

Logs show the client still attempting to update through the old GUP long after the policy has updated.  

cve.log
[2019-Jun-05 10:46:18.118560] [INFO ] SEP::SmcContentProvider::DetermineContentChannel: GUP 10.7.180.103 selected for {151387BE-8D1C-467D-8B7A-AC215B16A144} [thread:1804]
[2019-Jun-05 10:46:18.118560] [DEBUG] Setting CURL to use system proxy =  [thread:1804]
[2019-Jun-05 10:46:18.340575] [DEBUG] Scheduler sleeping for 00:00:59.999003 seconds [thread:2568]
[2019-Jun-05 10:46:19.319644] [DEBUG] Get CURL code CURLE_COULDNT_CONNECT with proxy  [thread:1804]
[2019-Jun-05 10:46:19.319644] [DEBUG] Setting CURL to use system proxy =  [thread:1804]
[2019-Jun-05 10:46:20.521711] [DEBUG] Get CURL code CURLE_COULDNT_CONNECT with proxy  [thread:1804]
[2019-Jun-05 10:46:20.521711] [ERROR] cve::SylinkCommunicatorImpl::ActuallyGetContent: Unknown exception ocurred for {151387BE-8D1C-467D-8B7A-AC215B16A144} on channel GUP [thread:1804]
[2019-Jun-05 10:46:20.522703] [DEBUG] Fetching and incrementally saving/content/TempCache/{151387BE-8D1C-467D-8B7A-AC215B16A144}/190522001/xdelta190522001_To_190605001.dax [thread:1804]
[2019-Jun-05 10:46:20.522703] [WARN ] cve::SylinkCommunicatorImpl::ActuallyGetContent: Content download for {151387BE-8D1C-467D-8B7A-AC215B16A144} skipped. No available GUP and failover disabled. [thread:1804]

Environment

SEP client 14.2 - 14.2 RU2 using GUP

Resolution

This issue is fixed in Symantec Endpoint Protection 14.2 RU2 MP1 (14.2.5587.2100). For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec software here.

Additional Information

Fix ID: ESCRT-1705

https://knowledge.broadcom.com/external/article/184179/