LiveUpdate is failing: unable to locate valid Norton LiveUpdate server.

galionlibrary · ‎03-24-2009

Executive summary: LU says "Unable to locate a valid Norton LiveUpdate server. Please run a full system scan and try again." After a full system scan, and a restart of Windows, the problem persists. This is happening to multiple workstations on the same network segment. Product is Norton AntiVirus 2009 with Antispyware Small Office Pack (10 User).

The primary symptom is that the NAV icon in the system tray goes to the x-on-red overlay instead of the checkmark-on-green. In the past this has happened sometimes when an update required manual intervention (wanted to prompt the user for some reason -- Windows Update does the same thing from time to time), but usually, in the past, this was easily cleared up by logging into the workstation as an administrative user (limited accounts are normally used on a day-to-day basis, for security reasons) and running LiveUpdate. However, this solution is now failing, as follows: "Unable to locate a valid Norton LiveUpdate server. Please run a full system scan and try again." As noted, doing a full system scan and trying again does not resolve the problem. We still get that same error message.

I used the NAV support thingy on one of the affected workstations, and Issue Detection says, "The issue is: 8921, 246". I have as yet not been able to turn up any useful information via web search about what these numbers mean.

Unfortunately, I'm not certain precisely when this started happening, but I believe it to be at least a week or so ago, and probably not very much longer than that, though, as noted, I'm not certain. It's been long enough that Windows Security Center has picked up on the fact that the AV is out of date and is starting to complain.

Most of the systems are running XP Pro and are joined to a Windows "domain" (PDC is running WS2003). There's also an XP HE system (not joined to the domain, obviously) which DOES also have the problem, and a Vista system which I haven't looked at yet to see if it is experiencing the problem. I also haven't exhaustively checked whether all of the XP Pro systems are having the problem, but the ones I have checked so far all have it.

I have tried a fresh install of NAV, since I was rebuilding a computer anyway (hard drive died last week), so I can report that doing a fresh install of NAV on a fresh install of Windows XP does not solve the problem. LiveUpdate works at first, but then it stops working and gives the above error message. I have not yet checked whether all the systems give these same numbers. Help-and-support -> About on that system currently says 16.5.0.134. I have not yet checked whether the version number is the same on all of the systems.

I've also tried a different name resolution server. Most of the systems use the PDC for this, but the XP HE system instead uses offsite name servers (the ones provided by the state library), and that doesn't appear to make any difference.

The whole subnet is connected to the rest of the LAN only through an external firewall (IP Tables, Debian oldstable at the moment, but will probably be updated to lenny soon), but the ruleset passes outgoing traffic along and EXISTING/RELATED traffic back. Additionally, the LAN is connected to the rest of the world through another IP Tables firewall (a rather older distro based loosely on Slackware), with a similar configuration except that port 80 goes through a transparent Squid proxy, which also does content filtering (NetSweeper). Connection tracking is in place so that both active and passive ftp work as you would want them to do, though both firewalls, and of course normal website traffic works fine as well (I am typing this from one of the PCs with the problem). Port 443 traffic is passed through unproxied. The internet service provider is OPLIN, an organization that provides the connectivity for all public libraries in the state of Ohio.

The content filtering on port 80 can be turned off temporarily at will, or specific sites can be permanently whitelisted (by URL or by FQDN; not by IP address, for arcane reasons), but taking the proxy out of the loop completely is probably off the table, since it would be something of a pain to do on a per-workstation basis (think: special firewall ruleset for each case, all of which would have to be kept in sync with the main one in every other respect), and doing it site-wide would kill our eligibility for certain kinds of funding, a decision the IT department cannot make.

I'm pretty well stumped. I can keep fiddling, reinstalling, and so on, but I'm not really getting anywhere. Any suggestions of avenues to explore?

Is there documentation as to what ports and protocols LiveUpdate uses?

yogesh_mohan · ‎07-29-2008

LiveUpdate for the previous versions - Lucomserver.exe requires access to ports 80 (HTTP), 21 (FTP) and 443 (HTTPS). The protocol used by the LiveUpdate is TCP. The domains that LiveUpdate accesses are symantec.com, symantecliveupdate.com, and akamai.net for HTTP and speedera.net for FTP. I think, the same will be used by the new LiveUpdate Engine used in NIS/NAV 2009.

Rohit1gupta · ‎09-30-2008

This is problem i m trying to shout but nobody listning from symantec.

Norton new version i.e. 16.5 version doesn't support proxy connections.

LU servers are different and do not have HTTP/1.1 support.

I can't live update too.

Is symantec deaf or what, 4 days till i reported matter nothing is happenening no updates on the matter watsoever.

I tries tech suppor, forum, email and pms nothing works.

Nobdy replies. What a great support they give.

----------------------------------------------------------------

NIS 2011 beta 18.0.0.107 Win 7 7600 RTM 32-bit

galionlibrary · ‎03-24-2009

Norton new version i.e. 16.5 version doesn't support proxy connections. LU servers are different and do not have HTTP/1.1 support.

Ah, now that is information I did not have, and potentially useful. We need to update the proxy, so if the problem is that HTTP/1.1 isn't good enough for LiveUpdate, maybe an upgrade... What's the latest version of HTTP these days? [checks]

Wait, *is* there a newer version of HTTP than 1.1? Surely there must be, since 1.1 is certifiably older than dirt, but I can't find any reference to one.

Another thought: port 443 is unproxied here. Is there a way I can force LiveUpdate to use https?

cgoldman · ‎06-25-2008

galionlibrary.

I think there is a mistake by the previous poster, I think he mean to say LU no longer supports 1.0 not 1.1

Here is the Symantec response

"

The LiveUpdate engine was updated with the release of NAV/NIS 16.5 and Norton 360 v3. The new version of LiveUpdate engine will check if it receives HTTP 1.1 server responses, and explicitly reject HTTP 1.0 server responses. This was done to ensure that you are receiving updates from a valid LiveUpdate server. If you are using a proxy server, it could be configured to return HTTP 1.0 responses, and thus LiveUpdate will see this as an improperly configured connection.

A workaround for this issue is to disable the proxy server, or to reconfigure it. Most proxy servers can be configured to return HTTP 1.0 or 1.1 responses. We understand that this may not be possible for some users that are experiencing this issue. We are still working on a good solution for this issue. Thanks for your patience. "

However, be advised that I also consider there is a firewall issue, and it anyone is able to temporarily disable hardware firewalls in router/modems this may resolve the issue. Take a look at the log.lue and search for ERR lines and advise what you see.

OscarL · ‎08-19-2008

galionlibrary,

In case it wasn't clear, in the other thread, one of the possible workarounds is to disable or to reconfigure your proxy server to return HTTP 1.1 responses. Can you try this and then see if you are still having the problem?

galionlibrary · ‎03-24-2009

I think he mean to say LU no longer supports 1.0 not 1.1

Now, that does make sense. I will check the Squid configuration and see what it's doing in that regard.

However, be advised that I also consider there is a firewall issue, and it anyone is able to temporarily disable hardware firewalls in router/modems this may resolve the issue.

If either of the firewalls is disabled, these computers are then not connected to the internet at all until it's back up. There's SNAT going on, and besides that there's line-of-business software in use on this network that absolutely dursn't be directly connected to the internet because of its security properties (or lack thereof).

galionlibrary · ‎03-24-2009

Confirmed: When I access Google through the proxy, the header comes back HTTP/1.0.
When I do it from a system that is not behind the proxy, it comes backHTTP/1.1.

So yeah, I definitely need to have a look at our Squid configuration. I'm not likely going to have time to get that done until tomorrow afternoon, but I will post back to the thread once I do and indicate whether it gets me anywhere.

cgoldman · ‎06-25-2008

galionlibrary

Ok glad yours appears to be a proxy issue with HTTP. Yes I appreciate not everybody can disable firewall. In any event it works for some users because it is confirmed in another thread. However, clearly there are more than one issue going on here. Since I am unsure of what a hardware firewall is doing viz vi http I cant say if the two are related in any way...yet!

galionlibrary · ‎03-24-2009

Would you believe Squid doesn't fully support HTTP 1.1?

Color me flabbergasted. I was surely not aware that any software in widespread use, let alone something as major as Squid, still does not support a version of HTTP that came out during the first browser war.

But it's true. Apparently Squid supports retrieving content from servers via HTTP 1.1, but its server aspect doesn't quite support all of the client request features of 1.1, and so that's why it tells the client it's using HTTP 1.0. For the curious here's a link to a recent mailing list thread related to this issue.

So I ask again: is there a way to tell LiveUpdate to forget about port 80 and just use 443 for updates? I cannot imagine HTTP 1.1 would provide any relevant security that HTTPS wouldn't provide even better.