Symantec Endpoint Protection clients are not getting content updates from configured Group Update Providers

book

Article ID: 178144

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Some or all Symantec Endpoint Protection 11.0.5002 (RU5) clients or higher are not getting content updates from configured Group Update Providers.

Symptoms
A group of Symantec Endpoint Protection 11.0.5002 (RU5) clients or higher are configured with a "Single" or "Optional" Group Update Provider (GUP).

  • There are no Group Update Providers on the local subnet of the affected clients, so the Single or Optional GUP is required for the client updates.
  • The same LiveUpdate Settings policy is configured to allow the clients to fail over from the GUP to the Symantec Endpoint Protection Manager (SEPM).

 

Cause

Under the very specific circumstance set out in the above Symptoms section, a client does not attempt to contact the GUP.

 

Resolution

This problem is fixed in Symantec Endpoint Protection 11.0.6300.803 (RU6-MP3). For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining an upgrade or update for Symantec Endpoint Protection - http://www.symantec.com/docs/TECH103088.


Technical Information

In the client sylink log, you will see the client obtain the GUP list from the SEPM.  Since no GUP is on the client's subnet, it will not use any GUP from the GUP list.  At this point the client should instead use the GUP assigned as the "Single" or "Optional" GUP.  Instead, it re-randomized the download timer (if download randomization is configured) and requests the GUP list again.  This will repeat until the client fails over to the SEPM after the configured bypass timer configuration.

If the GUP bypass timer is configured for "Never", the client will immediately access the Single/Optional GUP once it determines that none of the GUPs contained within the GUP list are on the same subnet as the client.