?
Solved

Symantec LiveUpdate blocked by ISA2004

Posted on 2009-04-06
8
Medium Priority
?
1,797 Views
Last Modified: 2013-11-22
I have an SBS2003 SP2 Premium install with ISA2004 that is running Symantec Endpoint Protection v11.0.4. My LiveUpdates have stopped working. When I monitor ISA2004 for denied connections, I see requests from Symantec servers denied with unidentified IP traffic.

I am not sure what has changed. This was working.

Anyone have any ideas?

0
Comment
Question by:dcadler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 14

Assisted Solution

by:Raj-GT
Raj-GT earned 800 total points
ID: 24085232
I can't guess what might have changed, but this is what I would recommend.

1. Create a new domain name set with *.symantecliveupdate.com entry.
2. Create a new firewall policy and allow FTP, HTTP, HTTPS for All Users from internal to the new domain name set above.
3. Move this rule above your standard internet access rule.

This should allow LiveUpdate working again through ISA.

0
 

Author Comment

by:dcadler
ID: 24089611
I set up the domain and rule with no luck. I have another server that is still using ISA2000. It is running the same version of Symantec and it updates just fine. I have the proxy parameters set the same, relative to the site specifics.

Dave
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24091978
Since ISA is saying unidentified IP traffic, can you change the rule to allow all outbound protocols and try again? I would also like to see the ISA logs for these attempts.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 5

Assisted Solution

by:bRvO
bRvO earned 800 total points
ID: 24109542
0
 

Author Comment

by:dcadler
ID: 24109630
Raj-GT, I opened up the rule to allow all outbound protocols and runing LiveUpdate from within SEPM still failed.

I beloieve now that the issue is not ISA2004 because...

From the SBS 2003 Server I was able to browse to http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce and download the most recent SEPM .jdb file

From the SBS 2003 Server, I was able to point my browser at ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/jdb/ and also download the latest SEPM .jdb file.

I was able to do this with and without the specific Symantec firewall access rule enabled.

I am pointing the proxy to the LAN IP of the SBS2003 server and referencing ports 8080 for HTTP and 21 for FTP. This is similar to what I have configured for another client who is running SBS2003 with ISA2000.

To me, this seems to be an issue with Symantec. In SEPM rather than ISA.

Dave



0
 
LVL 5

Expert Comment

by:bRvO
ID: 24109686
On your SEPM Server , check the liveupdate log file

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate

does it give any errors in here ?

Do you have SEP Firewall installed ? In version MR4 MP1 there are known issues with the Network Access Control component. That version was pulled from distribution just after release ( not acknowledged by Symantec to the general public though =p) ..

try MR4 MP1a from file.connect ( if you have a support agreement )
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24111384
When you launch the browser and access the update url, the browser will pass your credentials to ISA; this may not be the case with an autoupdate process. The rule should allow "All outbound protocols" to "All Users" and not "All Authenticated Users"; can you confirm this?
0
 

Accepted Solution

by:
dcadler earned 0 total points
ID: 24230842
It turned out that I needed to reinstall LiveUpdate from the CD1 disk of SEP 11.0.4000 MR4. Once I did this, everything started working as expected. The process involved deleting all references to LiveUpdate in several folders before reinstalling. This problem was finally identified by a Symantec Engineer who remotely connected to the server and ran several tests. I believe that if LiveUpdate is in progress and you have a server crash or (in my case) the user power cycles the server, it can corrupt the process and require a complete re-installation of the LiveUpdate software.

I appreciate all of your feedback.

Dave
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question