why does liveupdate fail with several errors when run from endpoint security client installed on w2000 server?
Posted on 2008-06-11
The installation consists of w2000 server and xp client pcs. The server is an sbs2000 domain server. Exchange services are disabled, but sqlserver services are running.
The installation was previously running Symantec Corporate Antivirus v8, which could not be migrated to Endpoint v11. V8 was removed from the server and clients. V11 was then installed from scratch.
Since installation of v11, the server is low on memory. This is causing some services not to start, but V11 services are starting ok. I dont think it is the cause of the liveupdate problem.
On the clients:
When opening Endpoint Security client, both "Antivirus and Spyware Protection" and "Proactive Threat Protection" are ON and definitions are up to date.
"Network Protection" (firewall) was not deployed since there was a reference somewhere in the documentation that this could cause problems with 3rd party firewalls including windows firewall.
On the server:
I assume it is necessary to have the client on the server? This was certainly required in v8/9/10.
"Antivirus and Spyware Protection" has got "Warning" instead of "ON" and the defiitions are 3 months old. "Proactive Threat Protection" is "OFF" and derfinitions shows "Waiting for Updates".
On the server, the "liveupdate" button is enabled by default. On the clients, the "liveupdate" button is disabled by default, but I have enabled it from the Management Console. This seemed like the only way to get the clients to update. The clients are all up to date, but they seemed to updated in an inconsistent unpredictable manner, some of them required livepdate to be run manually, some appeared to update automaticall, I am not sure if they are getting updated from the local server or the symantec internet server.
When I click "liveupdate" on the server, the liveupdate windows appears. It starts off "conecting to xxxxsymantec.com". It rattles through dozens lines "downloading catalog files", all of which seem to be "up to date". There are several error messages such as "liveupdate did not know what to do with this update". The final message is something like "all updates were downloaded, but all of them failed to install", which disappears quickly.
The log file "log.liveupdate" shows "the product was aborted because liveupdate was unable to launch is callback helper process", "liveupdate couldnt expand replacement path", "E_DIS_SCRIPT_SYNTAX_ ERROR".
The installation came from a trialware package which was downloaded a week ago. As far as I can tell, it is the latest version 11.0.2000.1567, which I think is v11 maintenance release 2, possibly patch 1. We have bought licenses as well, but dont have installation media. There is a quarantine server as well as a liveupdate administrator which are supposed to be installed from cd, but dont have the option of installing these from the trialware.
I have tried looking up some of the errors on Symantecs support site, there were some matches, but no effective result. In some cases the links led to downloading the latest release/patch, which I think I already have. In one case it referred to "proxy server settings". We dont use a proxy server. If I try to put in proxy settings where it suggests, liveupdate gets nowhere at all.
Tried phoning symantec but too long on hold, then outside of support hours.
All the indications are that the server definitions are not up to date, and the servers security is compromised, while the symantec threat level has been elevaed.
Should the client be installed on the server?
Do I have the latest version?
What is the problem?