why does liveupdate fail with several errors when run from endpoint security client installed on w2000 server?

The installation consists of w2000 server and xp client pcs.  The server is an sbs2000 domain server. Exchange services are disabled, but sqlserver services are running.  

The installation was previously running Symantec Corporate Antivirus v8, which could not be migrated to Endpoint v11.   V8 was removed from the server and clients.  V11 was then installed from scratch.  

Since installation of v11, the server is low on memory.  This is causing some services not to start, but V11 services are starting ok.  I dont think it is the cause of the liveupdate problem.

On the clients:
When opening Endpoint Security client, both "Antivirus and Spyware Protection" and "Proactive Threat Protection" are ON and definitions are up to date.
"Network Protection" (firewall) was not deployed since there was a  reference somewhere in the documentation that this could cause problems with 3rd party firewalls including windows firewall.

On the server:
I assume it is necessary to have the client on the server?  This was certainly required in v8/9/10.
"Antivirus and Spyware Protection" has got "Warning" instead of "ON" and the defiitions are 3 months old. "Proactive Threat Protection" is "OFF" and derfinitions shows "Waiting for Updates".

Live update:
On the server, the "liveupdate" button is enabled by default.  On the clients, the "liveupdate" button is disabled by default, but I have enabled it from the Management Console.  This seemed like the only way to get the clients to update.  The clients are all up to date, but they seemed to updated in an inconsistent unpredictable manner, some of them required livepdate to be run manually, some appeared to update automaticall, I am not sure if they are getting updated from the local server or the symantec internet server.

When I click "liveupdate" on the server, the liveupdate windows appears.  It starts off "conecting to xxxxsymantec.com".  It rattles through dozens lines "downloading catalog files", all of which seem to be "up to date". There are several error messages such as "liveupdate did not know what to do with this update".  The final message is something like "all updates were downloaded, but all of them failed to install", which disappears quickly.

The log file "log.liveupdate" shows "the product was aborted because liveupdate was unable to launch is callback helper process", "liveupdate couldnt expand replacement path", "E_DIS_SCRIPT_SYNTAX_ ERROR".  

The installation came from a trialware package which was downloaded a week ago. As far as I can tell, it is the latest version 11.0.2000.1567, which I think is v11 maintenance release 2, possibly patch 1.  We have bought licenses as well, but dont have installation media.  There is a quarantine server as well as a liveupdate administrator which are supposed to be installed from cd, but dont have the option of installing these from the trialware.

I have tried looking up some of the errors on Symantecs support site, there were some matches, but no effective result.  In some cases the links led to downloading the latest release/patch, which I think I already have.  In one case it referred to "proxy server settings".  We dont use a proxy server.  If I try to put in proxy settings where it suggests, liveupdate gets nowhere at all.

Tried phoning symantec but too long on hold, then outside of support hours.

All the indications are that the server definitions are not up to date, and the servers security is compromised, while the symantec threat level has been elevaed.

Should the client be installed on the server?
Do I have the latest version?
What is the problem?


Who is Participating?
manu4uConnect With a Mentor Commented:
Looks like the Server is dying ..  Kidding ...

You should clean up your Server.
Uninstall all of your AV applications and antispywares, firewalls etc ...
Run a registry cleaner software to clean the mess.
Reboot the Server.
Do a Windows update.

Now install the AV fresh... it should work..
Mohammed HamadaConnect With a Mentor Senior IT ConsultantCommented:
Apparently there's leftovers on registry by SEP v8... when you uninstalled v8, have you applied the un-installiation tool provided by symantec ? or you did it manually ?
have you faced any problems during the un-installation process?
grwallaceAuthor Commented:
The current situation is that the clients are updating automatically, but the client on the server still is not updating automatically.  I have run the Intelligent Updater a couple of times, this gets the antivirus defs updated, but the proactive protection still says "waiting for updates".

Also the customer is going to upgrade their server next month, so this takes the pressure off a bit.  Hopefully it will just work, but it will probably be win2008 server which is a worry because of problems with backupexec v12 running on win2008.

Also, I have installed the trialware on a spare sbs2000 server.  The server client looks better (antivirus on "on" and green, proactive protection is green but "off"), but still does not update automatically.  The messagebox at the bottom-right corner says "liveupdate failed, return code = 4".  

I have just searched for this text and got a result on the Symantec forums.  It seems the problem is with the Liveupdate version, but there are also issues reinstalling Livepdate itself.  I will have (another?) go at this.  

Thanks.  What (hopefully free) registry cleaner would you recommend?  In my limited experience (of "RegClean" I think), they exaggerate the amount of things that need fixed?  And may possibly be treated as antivirus software as suspect?

Moh10ly:  I think I simply removed the components from Control Panel - Add/Remove Programs.  I dont recall any problems during uninstallation, but I did have even more bizarre problems the first time I installed the Manager, though I cant remember what kind of problems.  It was much better after I removed and reinstalled it.  I think the only option of any significance that I selected differently was the type of database - second time I chose the native or less secure one for smaller installations (default).  

Certainly the instance I have running on a spare server was a fresh installation, and this has less problems than the customer installation.

Mohammed HamadaConnect With a Mentor Senior IT ConsultantCommented:
I would agree on reinstalling Liveupdate,, Try downloading the latest version of live update for your endpoint production from symantec website....
grwallaceAuthor Commented:
Installed latest liveupdate on spare / testr server but still not updating the server client automatically.  Tried installin latest lievupdate on production server but it said it did not need upgrading, which is strange since it is an older version,  

So have have left it as follows:
Manual application of intelligent updater on the production server until the customer decided to upgrade their server.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.