LiveUpdate on the Symantec Security Information Manager (SSIM) cannot connect to the LiveUpdate servers

book

Article ID: 177382

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

LiveUpdate on the Symantec Security Information Manager cannot connect to the LiveUpdate servers.

Symptoms
LiveUpdate fails and logs connection errors in the LiveUpdate log


 

Cause

A Firewall blocking HTTP, HTTPS, and/or FTP ports. The SSIM cannot resolve the LiveUpdate servers IP Address.

Resolution

Find out if the SSIM can resolve the LiveUpdate servers IP Address.

Testing Domain Name Resolution (DNS)

    1. Connect to the SSIM with an SSH client or login to the console.
      If you connected with an SSH client, you must su - to root once logged in as db2admin.
    2. At the command prompt, type: nslookup and press Enter.
    3. At the prompt, type: liveupdate.symantec.com and press Enter.
      You should see the following
      • Server displaying the hostname or FQDN of your DNS server.
      • Address displaying the IP Address of your DNS server
      • A non-authoritive answer providing the IP Address(s) for liveupdate.symantec.com


Possible Outcome and Meaning

    • If Server or Address does not show information, the SSIM appliance does not have DNS servers specified.
    • If Server and Address display the correct information, but the DNS request times out, your DNS server(s) cannot resolve an IP Address for liveupdate.symantec.com. This is a problem on your DNS server(s).
    • If Server and Address display the correct information, but you receive a message that the connection timed out, the SSIM is unable to communicate with the specified DNS server(s). Make sure the IP Address for the DNS server(s) are correct, and there is no firewall blocking UDP port 53 traffic between the SSIM and your DNS server(s).


Analyzing Traffic

    1. Connect to the SSIM with an SSH client or login to the console.
      If you connected with an SSH client, you must su - to root once logged in as db2admin.
    2. Follow the steps for Testing DNS for both liveupdate.symantec.com, and liveupdate.symantecliveupdate.com to retreive all possible IP Addresses.
    3. At the command prompt, type the command:

      tcpdump -i eth0 host <ip address of liveupdate.symantec.com> or host <ip address of liveupdate.symantec.com> or host <ip address of liveupdate.symantec.com>

      You must have all of the IP Addresses that were returned in the Testing DNS section because there is no way to tell which will be used. You must also add the or host between each IP Address.
       
    4. Press Enter.
    5. Login to the HTTPS Configuration Page and run LiveUpdate.


Possible Outcome and Meaning

    • No traffic is seen leaving the SSIM - Double-check the IP Addresses in the tcpdump to make sure you added all of them that were returned whith the nslookup.
    • Traffic is sent, but there is no return traffic - This is a network problem. Possibly a routing issue, contact your network department.
    • Traffic is sent. and is a reset is received immediately - A firewall is blocking the traffic. You must allow HTTP (port 80) traffic from the SSIM for LiveUpdate to work.