why does liveupdate fail with several errors when run from endpoint security client installed on w2000 server?

Posted on 2008-06-11
Last Modified: 2013-12-09
The installation consists of w2000 server and xp client pcs.  The server is an sbs2000 domain server. Exchange services are disabled, but sqlserver services are running.  

The installation was previously running Symantec Corporate Antivirus v8, which could not be migrated to Endpoint v11.   V8 was removed from the server and clients.  V11 was then installed from scratch.  

Since installation of v11, the server is low on memory.  This is causing some services not to start, but V11 services are starting ok.  I dont think it is the cause of the liveupdate problem.

On the clients:
When opening Endpoint Security client, both "Antivirus and Spyware Protection" and "Proactive Threat Protection" are ON and definitions are up to date.
"Network Protection" (firewall) was not deployed since there was a  reference somewhere in the documentation that this could cause problems with 3rd party firewalls including windows firewall.

On the server:
I assume it is necessary to have the client on the server?  This was certainly required in v8/9/10.
"Antivirus and Spyware Protection" has got "Warning" instead of "ON" and the defiitions are 3 months old. "Proactive Threat Protection" is "OFF" and derfinitions shows "Waiting for Updates".

Live update:
On the server, the "liveupdate" button is enabled by default.  On the clients, the "liveupdate" button is disabled by default, but I have enabled it from the Management Console.  This seemed like the only way to get the clients to update.  The clients are all up to date, but they seemed to updated in an inconsistent unpredictable manner, some of them required livepdate to be run manually, some appeared to update automaticall, I am not sure if they are getting updated from the local server or the symantec internet server.

When I click "liveupdate" on the server, the liveupdate windows appears.  It starts off "conecting to".  It rattles through dozens lines "downloading catalog files", all of which seem to be "up to date". There are several error messages such as "liveupdate did not know what to do with this update".  The final message is something like "all updates were downloaded, but all of them failed to install", which disappears quickly.

The log file "log.liveupdate" shows "the product was aborted because liveupdate was unable to launch is callback helper process", "liveupdate couldnt expand replacement path", "E_DIS_SCRIPT_SYNTAX_ ERROR".  

The installation came from a trialware package which was downloaded a week ago. As far as I can tell, it is the latest version 11.0.2000.1567, which I think is v11 maintenance release 2, possibly patch 1.  We have bought licenses as well, but dont have installation media.  There is a quarantine server as well as a liveupdate administrator which are supposed to be installed from cd, but dont have the option of installing these from the trialware.

I have tried looking up some of the errors on Symantecs support site, there were some matches, but no effective result.  In some cases the links led to downloading the latest release/patch, which I think I already have.  In one case it referred to "proxy server settings".  We dont use a proxy server.  If I try to put in proxy settings where it suggests, liveupdate gets nowhere at all.

Tried phoning symantec but too long on hold, then outside of support hours.

All the indications are that the server definitions are not up to date, and the servers security is compromised, while the symantec threat level has been elevaed.

Should the client be installed on the server?
Do I have the latest version?
What is the problem?


Question by:grwallace
  • 2
  • 2

Accepted Solution

manu4u earned 200 total points
ID: 21767869
Looks like the Server is dying ..  Kidding ...

You should clean up your Server.
Uninstall all of your AV applications and antispywares, firewalls etc ...
Run a registry cleaner software to clean the mess.
Reboot the Server.
Do a Windows update.

Now install the AV fresh... it should work..
LVL 23

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 300 total points
ID: 21773835
Apparently there's leftovers on registry by SEP v8... when you uninstalled v8, have you applied the un-installiation tool provided by symantec ? or you did it manually ?
have you faced any problems during the un-installation process?

Author Comment

ID: 21816598
The current situation is that the clients are updating automatically, but the client on the server still is not updating automatically.  I have run the Intelligent Updater a couple of times, this gets the antivirus defs updated, but the proactive protection still says "waiting for updates".

Also the customer is going to upgrade their server next month, so this takes the pressure off a bit.  Hopefully it will just work, but it will probably be win2008 server which is a worry because of problems with backupexec v12 running on win2008.

Also, I have installed the trialware on a spare sbs2000 server.  The server client looks better (antivirus on "on" and green, proactive protection is green but "off"), but still does not update automatically.  The messagebox at the bottom-right corner says "liveupdate failed, return code = 4".  

I have just searched for this text and got a result on the Symantec forums.  It seems the problem is with the Liveupdate version, but there are also issues reinstalling Livepdate itself.  I will have (another?) go at this.  

Thanks.  What (hopefully free) registry cleaner would you recommend?  In my limited experience (of "RegClean" I think), they exaggerate the amount of things that need fixed?  And may possibly be treated as antivirus software as suspect?

Moh10ly:  I think I simply removed the components from Control Panel - Add/Remove Programs.  I dont recall any problems during uninstallation, but I did have even more bizarre problems the first time I installed the Manager, though I cant remember what kind of problems.  It was much better after I removed and reinstalled it.  I think the only option of any significance that I selected differently was the type of database - second time I chose the native or less secure one for smaller installations (default).  

Certainly the instance I have running on a spare server was a fresh installation, and this has less problems than the customer installation.

LVL 23

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 300 total points
ID: 21817073
I would agree on reinstalling Liveupdate,, Try downloading the latest version of live update for your endpoint production from symantec website....

Author Comment

ID: 21918863
Installed latest liveupdate on spare / testr server but still not updating the server client automatically.  Tried installin latest lievupdate on production server but it said it did not need upgrading, which is strange since it is an older version,  

So have have left it as follows:
Manual application of intelligent updater on the production server until the customer decided to upgrade their server.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
best n secure practice to transfer large files if usb port is disabled 13 78
Norton antivirus 11 73
Different types of mobile security tests 3 103
Sophos EC migration to Cloud. 1 86
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now