Start with the LiveUpdate log to determine the failure. LiveUpdate logs will be named the following for different SEP products.
Symantec Endpoint Protection Manager (SEPM): lux.log (\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs\lux.log)
Symantec Endpoint Protection (SEP) client: Log.Lue (ProgramData\Symantec\Symantec Endpoint Protection\<product version>\Data\Lue\Logs\Log.Lue)
Symantec Linux Agent (14.3 RU1 and up): lux.log (/opt/Symantec/sdcssagent/AMD/sef/Logs/lux.log)
Symantec Endpoint Protection (SEP) for Mac: lux.log (/Library/Application Support/Symantec/Silo/MES/LiveUpdate/Logs/lux.log)
Client connection failures
The most common failure is a failure to connect to the LUA.
- Verify that the URL for the distribution center in Configure>Distribution Centers matches what was entered in the LiveUpdate policy
- Verify Firewalls between the client and allowing the traffic. The default port is 7070.
- If there is a proxy, either bypass the proxy and ensure that the appropriate proxy settings are entered in the LiveUpdate policy.
Download/Distribution schedule failures
- Review either the Home or Event Log tab of LUA and verify that the Download and Distribution schedules are completing successfully. Debug logs and other data should be collected when opening a case. The instructions can be found here:
- The most common failure is due to not enough space. If space is an issue, consider adjusting the purging options.
- Schedules may timeout due to either a slow connection or trying to Download/Distribute too much in one schedule. Consider breaking the schedules up into smaller jobs and running multiple smaller jobs instead of one big job.
- Firewall/Proxy blocking LUA traffic. Ensure the LUA can reach the source server configured in Configure>Source Servers. The default is http://liveupdate.symantecliveupdate.com:80/. Also, make sure that certain extensions are not getting blocked such as .m30, .m35 and .7z. You may see an error such as the following if an extension is blocked: "The following updates were found missing on source server Symantec LiveUpdate during download: 1639484601jtun_sepflen211130008.m35, 1639484601jtun_sepflen211208023.m35, 1639484601jtun_sepflen211208024.m35, 1639484601jtun_sepflen211209002.m35, 1639484601jtun_sepflen211205002.m35. Download request id is 5"
Download/Distribution jobs are succeeding, but clients are not getting updated
- Older SEPMs and SEP clients are updating, but new versions are not. Likely the Download/Distribution schedules have product lists that have not been updated to include the new version. Update schedules to include content for the new version. If that version cannot be found when attempting to add it to the product list, update the product catalog by clicking the 'Configure' tab and choosing the Update Symantec Product Catalog link under 'My Symantec Product Tasks'.
- Product lists are correct for Download/Distribution Schedules and they run successfully, but clients still show no update available when running LiveUpdate. This will happen if the product list for the Distribution Center does not have the new version updates added. Go to Configure>Distribution Centers, Select the appropriate Distribution Center and click the 'Edit' button. Review the Product List and add any missing updates. If that version is not visible when attempting to add it, update the Symantec Product catalog as outline in the bullet point above.