As from today my NIS 2009 is showing no update for 1 day and then gives this message - ."Unable to locate valid Norton Liveupdate server - Code 8921, 246"  I note that others have a similar issue but although I have followed most of the suggestions (full scan, various config changes, DNS flush / fix etc etc) I cannot find the remedy.  I have version 16.5.0.135.

I can ping "liveupdate.symantecliveupdate.com" sucessfully from my PC, and using Vista 32 into a router.  

As this appears to have happened following a recent patch, I assume that Symantec are as I write this, busily creating another patch to sort the problem out!

Can a Symanatec employee kindly confirm the current status, and when my software will be returned to a fully working copy and my equipment is again fully protected.

PS  My laptop (running XP) has just updated from 16.2.0.7 to 16.5.0.135 and it has exactly the same error message - so now I have two machines with the same fault and without up to date protection!

Thanks!

I am not a Symantec employee and therefore cannot answer your questions to your satisfaction.

However, I make the following suggestions. Firstly, it is worth posting in the other thread. If you need the link please aask. It is best, I find that users with similar problems post in the same thread and different problems are posted in different threads.

I am not aware of any revised patch to resolve the roll out because to date, afaik, no acceptance has been made that there is a problem.

What is the date of Definition updates shown on the main panel. i.e. Latest Virus definitions update?

Do you get this when you manually run LU or also when pulse updates or automatic lu takes place?

Have you tried changing the DNS in your router or network connection?

Hi CG and thanks for the response....  I have made no changes whatsoever to my DNS settings either on the PC or laptop (both have the same issue), or the router so it does point strongly towards the latest patch being the cause.  I see no reason to fiddle in that area!

There is more than one other similar thread - which do you suggest (I always thought this would be a "hijack" of the other thread!).

I get the problem when I manually run the update - because I am being warned that updates are 1 day overdue.  I assume that pulse updates arn't working''''

Sorry to be dumb but where is latest virus update info??

I also note that my codes are 8921, & 246, rather than 8921 & 301.

I had this exact same issue after applying the 10.66MB program update this morning. I spent a considerable amount of time removing and reinstalling Norton 2009 (v.16.0.0.125) with support only to find the 10.66MB program update to v.16.5.0.134 resulted in the same problem.

I installed the patch on another PC and noticed the problem didn't show up on that PC. The only difference between the two PC's is where they are connected to the internet. One is behind a Transparent Proxy and the other directly connected to the internet.

I disabled my proxy server to test, sure enough the error 8921, 246 didn't show up. LiveUpdate completed successfully.

I have since tried both Transparent and Authenticated modes on my Proxy server, neither of which are working with LiveUpdate (yes the Proxy settings have been added to the Norton config screen)

I feel the problem lies with the Proxy settings of the new update as both Proxy modes worked fine prior to this update.

In the mean time, I've turned off my Proxy server and all is well for now.

Meerkat

No I was not trying to imply that you had changed DNS. I hadnt either. No it seems a change of DNS worked for me. Later we could reason why this might be, I just wanted people to try it, since it worked for me. Of course the patch may be the problem or it could be the servers delivering the patch.

However, even better, I just found another thing that worked, I disabled the router's firewall and then it all worked. Although for how long I have yet to restablish. Here is a temp workaround I would suggest anyone having either of the two LU errors try

TO ALL

ANOTHER TEMPORARY WORKAROUND

Once again I ask affected users to please try the following and advise

1.   This workaround applies only if you have a router/modem with an inbuilt (hardware) firewall.

2.    Start by closing all known programs that access the internet, IE, ITunes, Utorrent etc. Ideally close all applications.

3.   Access your router (usually via a web browser e.g. http://192.168.2.1, login in and disable Firewall

4.   Re-try liveupdate, if necessary twice. If successful, please post in this thread giving the make and model of the router/modem.

5. I suggest in all events to reset your router firewall, unless you are satisfied that you no longer require such functionality. In short disable the firewall for a short period to test the LU.

Thank you and I await postings please.

.....

I think you have posted in both threads if I am not mistaken. So thats fine.

Open Norton Internet Security
On the right pane, you will see Definition Updates: 2 minutes ago (example)
click “2 minutes ago” or whatever you have and a popup will display

Similar to a hardware appliance but installed on a PC instead, I am using SmoothWall Express 3.0 - Release 4 as a gateway for my network.

Same problem. but solved now.

1 Disabled the firewall in my router : LINKSYS WRV200

2.Upgraded the NIS 2009

3. Re enabled nis .... and not its working ok.

I think it was a BUG in the upgrade file from nornon on 19.03.2009

greets

Meerkat

I see you have marked this as solved. How did you solve this because the msg that is the solution proposes no solution!

OLiver_S

Congrats! You are the first to confirm the temp workaround works. You disabled the firewall in the router.

I know you say its working OK. But can you please check for me two things. When everything is uptodate

how long does a manual live update take. Second, can you please examine your log.lue and at the bottom for the last entry can you search for any ERR lines and advise please.

cgoldman:

I think your posts about DNS and firewall appliances along with the post from gkward about Proxies and HTTP/1.0 vs. HTTP/1.1 are related:

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=41743

I have tried the 5 steps where appropriate with my SmoothWall and had the same result with LiveUpdate.

To explain what I found, I've broken it down into two parts:

First: I ran a Wireshark capture with my Proxy server enabled and observed the TCP connection to LiveUpdate. LiveUpdate initiates a GET request for /minitri.flg via HTTP/1.1 as per gkward's post. However the response is being returned via HTTP/1.0. The response is then denied and the connection is reset. Error code 8921, 246 makes sense to me now as the transmission does appear to be modified if it is expecting HTTP/1.1 in return.

GET /minitri.flg HTTP/1.1
Cache-control: max-age=0
Cache-Control: no-cache
Cache-Control: max-stale=0
Cache-Control: min-fresh=1000
Accept: */*
HOST: liveupdate.symantecliveupdate.com
User-Agent: jTzb1DLqrsVp8xIdwzWiFOUsRJ46X3JSQAAAAALUE
Connection: Keep-Alive

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Content-Length: 1
Content-Type: text/plain
Last-Modified: Fri, 29 Jul 2005 20:24:32 GMT
ETag: "1-42ea9080"
Accept-Ranges: bytes
Date: Wed, 25 Mar 2009 00:42:17 GMT
Cache-Control: public,must-revalidate,max-age=3600
X-Cache: MISS from Guardian
Via: 1.0 Guardian:800 (squid/2.7.STABLE5)
Connection: keep-alive

And the portion of my lob.lue file showing this failure:

20:31:28.191 INF - *** Perform Server Selection - BEGIN ***
20:31:28.191 INF - Attempting to download minitri flag file.
20:31:28.206 EVT - Sending request to Server: liveupdate.symantecliveupdate.com:80 for File: minitri.flg
20:31:28.206 EVT - Start: Waiting to download minitri flag file.
20:31:28.534 ERR - Specified LU server does not support HTTP/1.1.
20:31:28.612 EVT - End: Waiting to download minitri flag file. Status 3
20:31:28.612 ERR - Download Error for minitri flag file. SERVER DOES NOT EXIST or some network issue.
20:31:28.612 ERR - Unsupported protocol.
20:31:28.612 INF - No potentially-malicious entries for the primary LiveUpdate server were detected in the HOSTS file.
20:31:28.612 INF - *** Perform Server Selection - END ***

Some firewall appliances may use a transparent proxy to filter content (parental controls, etc.). Appliance features like these may be using a proxy without explicitly stating that they are. It is possible they could be defaulting responses to HTTP/1.0 regardless of the HTTP/1.1 request. I see now that my Proxy server is doing just that... 

Second: Both internal and explicit DNS queries are failing. Here is a portion of my lob.lue file:

20:31:33.003 INF - *** Perform Server Selection - BEGIN ***
20:31:33.003 ERR - DnsQuery() with internal public DNS server list failed; err = 1460
20:31:33.003 ERR - Unable to resolve LU server name through explicit DNS query.
20:31:33.003 INF - *** Perform Server Selection - BEGIN ***
20:31:33.003 ERR - DnsQuery() with internal public DNS server list failed; err = 1
20:31:33.003 ERR - Unable to resolve LU server name through explicit DNS query.
20:31:33.003 ERR - LiveUpdate Server Selection has finally failed after explicit DNS resolution. No files will be downloaded
20:31:33.003 ERR - Error downloading files. Error Code: 0x8C048001
20:31:33.003 ERR - Inventory SetAbort called on Moniker {E6941702-E564-4caf-84E1-572AEB95826F} (Inventory Module), with code 512
20:31:33.019 INF - *** Get Available Update List - END ***

For some reason the internal DNS is not returning another server for LiveUdpate to try so it tires explicit DNS queries. This will fail on some appliances that don't allow outgoing DNS queries directly from PC's on the network. This is the case in my network as we want all DNS queries to go through the intneral DNS server.

I suppose I could try opening outgoing DNS to PC's on the network but that isn't really an ideal go-forward solution.

My next option is to try and change my Proxy server default to HTTP/1.1... I know that isn't an option for users with firewall devices but I hope this information helps lead to a solid solution.

16:22:09.041 INF - *** Perform Server Selection - BEGIN ***
16:22:09.041 ERR - DnsQuery() with internal public DNS server list failed; err = 1
16:22:09.041 ERR - Unable to resolve LU server name through explicit DNS query.
16:22:09.041 ERR - LiveUpdate Server Selection has finally failed after explicit DNS resolution. No files will be downloaded
16:22:09.041 ERR - Error downloading files. Error Code: 0x8C048001

If i switch of  under firewall the :

then it works  fine. I have 3 computer on the same network and only one have this problem.

Silence

Perfect. First time I am seeing the log details that makes it very clear whats happening. Thanks also for the heads up on Wireshark, I will consider using this tomorrow. Today Symantec will contact me to run diagnostics. I will see what tools they use.

Oliver_s

Sorry I am not clear. Your previous msg said the workaround worked but you re-enabled the hardware firewall.

Are you then getting errors in your log.lue when you run LU after re-enabling the hardware firewall?

When you say your switch off web block, proxy etc, are you referring again to the hardware firewall?

yes , it worked but after a short time  get the error again(if switsh back the firewall), i downloaded today a big upgrade  ower 40MB will reboot and test it again.

Oliver_S

Sorry but I am going to say "good", because it shows that there is a continued problem with the firewall and the firewall must remain disabled for Norton to work. Hopefully in time Symantec will realise that this is unacceptable. I always recommend to users to buy routers with inbuilt firewall for extra protection but never expected that one day I would have to tell them to turn it off!

How come this thread is marked solved.

I did't c any solution here.

Moreover the network connection which my service provider gives is a proxy network with http/1.0

There is no way i can workaround coz it will mean to bypass their proxy and its te work oif hackers.

I have no admin right i m simply a client.

So, what is the proper solution? 

CG...

I did absolutely nothing!! 

NB  My code was 8921.246 and not 301 so perhaps not the same issue exactly although I received the same message re being unable to contact valid server etc.

I rather assumed that it was a local regional issue with the DNS servers not having updated their info on new Symantec IPs following the patch upgrade. All I can say is that both my laptop and PC updated yesterday morning with no error and pulse updates are now working correctly.

All very weird!!

Hi Ro...

I marked this thread solved as I raised this problem thread and, for whatever reason, yesterday morning my updates resumed correctly on both my laptop and PC and thus, for me at least, the problem has been resolved!

Best of luck with resolving your issues - which seem to me to fall clearly within the realms of Symantec to sort out......

if ur prob is solved then u have to mark the solution as solved, but the solution doesn't seem aprropriate.

No offence, but a valid and accepted sol sud be marked.