Executive summary: LU says “Unable to locate a valid Norton LiveUpdate server. Please run a full system scan and try again.” After a full system scan, and a restart of Windows, the problem persists. This is happening to multiple workstations on the same network segment. Product is Norton AntiVirus 2009 with Antispyware Small Office Pack (10 User).
The primary symptom is that the NAV icon in the system tray goes to the x-on-red overlay instead of the checkmark-on-green. In the past this has happened sometimes when an update required manual intervention (wanted to prompt the user for some reason – Windows Update does the same thing from time to time), but usually, in the past, this was easily cleared up by logging into the workstation as an administrative user (limited accounts are normally used on a day-to-day basis, for security reasons) and running LiveUpdate. However, this solution is now failing, as follows: “Unable to locate a valid Norton LiveUpdate server. Please run a full system scan and try again.” As noted, doing a full system scan and trying again does not resolve the problem. We still get that same error message.
I used the NAV support thingy on one of the affected workstations, and Issue Detection says, “The issue is: 8921, 246”. I have as yet not been able to turn up any useful information via web search about what these numbers mean.
Unfortunately, I’m not certain precisely when this started happening, but I believe it to be at least a week or so ago, and probably not very much longer than that, though, as noted, I’m not certain. It’s been long enough that Windows Security Center has picked up on the fact that the AV is out of date and is starting to complain.
Most of the systems are running XP Pro and are joined to a Windows “domain” (PDC is running WS2003). There’s also an XP HE system (not joined to the domain, obviously) which DOES also have the problem, and a Vista system which I haven’t looked at yet to see if it is experiencing the problem. I also haven’t exhaustively checked whether all of the XP Pro systems are having the problem, but the ones I have checked so far all have it.
I have tried a fresh install of NAV, since I was rebuilding a computer anyway (hard drive died last week), so I can report that doing a fresh install of NAV on a fresh install of Windows XP does not solve the problem. LiveUpdate works at first, but then it stops working and gives the above error message. I have not yet checked whether all the systems give these same numbers. Help-and-support -> About on that system currently says 16.5.0.134. I have not yet checked whether the version number is the same on all of the systems.
I’ve also tried a different name resolution server. Most of the systems use the PDC for this, but the XP HE system instead uses offsite name servers (the ones provided by the state library), and that doesn’t appear to make any difference.
The whole subnet is connected to the rest of the LAN only through an external firewall (IP Tables, Debian oldstable at the moment, but will probably be updated to lenny soon), but the ruleset passes outgoing traffic along and EXISTING/RELATED traffic back. Additionally, the LAN is connected to the rest of the world through another IP Tables firewall (a rather older distro based loosely on Slackware), with a similar configuration except that port 80 goes through a transparent Squid proxy, which also does content filtering (NetSweeper). Connection tracking is in place so that both active and passive ftp work as you would want them to do, though both firewalls, and of course normal website traffic works fine as well (I am typing this from one of the PCs with the problem). Port 443 traffic is passed through unproxied. The internet service provider is OPLIN, an organization that provides the connectivity for all public libraries in the state of Ohio.
The content filtering on port 80 can be turned off temporarily at will, or specific sites can be permanently whitelisted (by URL or by FQDN; not by IP address, for arcane reasons), but taking the proxy out of the loop completely is probably off the table, since it would be something of a pain to do on a per-workstation basis (think: special firewall ruleset for each case, all of which would have to be kept in sync with the main one in every other respect), and doing it site-wide would kill our eligibility for certain kinds of funding, a decision the IT department cannot make.
I’m pretty well stumped. I can keep fiddling, reinstalling, and so on, but I’m not really getting anywhere. Any suggestions of avenues to explore?
Is there documentation as to what ports and protocols LiveUpdate uses?