This has been an issue that I thought was resolved but started happening again.
We run Symantec Antivirus Corp Edition 9.x here. I have 4 servers, 2 of which are legacy and haven't had managed clients moved off of them. The main server for the organization has not been getting updates from LiveUpdate properly.
The error that showed up regularly in the Event log was "Download of virus definition file from LiveUpdate server failed. 00000001". Try searching for this in Symantec's knowledge base and you will come up empty.
So, I did some digging on their site for just general LiveUpdate issues and found that the next thing to try is to manually run LiveUpdate from the AV client. Did this and kept getting the error "LU1814 error: LiveUpdate could not retrieve the catalog file of available Symantec product and component updates." Looked up this error and there were troubleshooting steps that you could follow.
At this point, I should also mention that originally this server had the LiveUpdate Administrator installed. Read another Symantec article that said that LiveUpdate Administrator was only needed for certain large deployments of Symantec CE and should not be used unless it's needed. So it was removed.
OK, so step one is to make sure you are running latest version of LiveUpdate. Did that. No effect.
Step two was to make sure you can connect to the internet. Oh wait, at this point I read that Corp users should go to the bottom of the page for troubleshooting tips. :)
OK so step two was to check the hosts file on the system. Did that and it was just the default hosts file. No joy with that one.
Step three was to delete the Settings.LiveUpdate files from (this is the default path) c:\documents and settings\all users\application data\symantec\liveupdate\. If you go there, you will see the Settings.LiveUpdate file, the 1.Settings.LiveUpdate, etc. After banging my head against a thick wall for a while going through these steps, doing more research, deleting LiveUpdate Administrator, doing more research and then going through these steps again LiveUpdate started working! Hallelujah!
But wait! Of course there's more to it, or I wouldn't be writing this.
So the problem started up again within the last week (just noticed it yesterday, yeah so I don't look to see if the virus defs get updated every day, shoot me :p). So I start looking at the contents of the Log.LiveUpdate file on that server and on other client/servers that work. I notice that the server is attempting to go to a null address as in FTP://. So I notice that in the Settings.LiveUpdate files on that server that subnet and subnet mask are set to 0. On the other servers/clients it's set to 0.0.0.0.
I change subnet and subnet mask on all the Settings.LiveUpdate files on the server and voila! It works again.
Now I just have to keep monitoring that server to make sure that it updates properly.
This has been another obscure fix brought to you by yours truly. Have a safe and fun Halloween.
Thanks for your blog/post it helped me resolve a live update issue. After my own digging/Google-ing I found a Symantec Article that directly addressed my problem and even included reference to the specific event log message you listed. (I was seeing the same event.) URL below. --David
http://service1.symantec.com/SUPPORT/ent-security.nsf/529c2f9adcf33a1088256e22005026f1/8cedf14e8959df0a88256d6300604bf1?OpenDocument&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=9.0&src=ent&pcode=sav_ce&dtype=corp&svy=&prev=&miniver=savce_9.0
Posted by: David Webster | Monday, November 15, 2004 at 08:46 AM
Thanks David!
Yes, my problem did reoccur, I tried the fix that you linked to, and now I can only hope that the issue will stay fixed.
Posted by: Alex Scoble | Thursday, November 18, 2004 at 03:30 PM
dear kevin,
i am a kid system administrator frm india
i am facing the same problme with my symantec av crop9.0 server
all these started whn i tried to install the liv update admin utility.
no my clients are not updating and i am sleepng with this server for 2 days
can u tell me wht the seettings excatly u changed in u r server
thanks and regards
gopa
Posted by: gopa | Tuesday, December 28, 2004 at 10:46 PM
Hi
My Symantec AV Client is not updating some time even though my parent servers are updated with latest virus defination update. Please give me some better solution for the same.
Posted by: Rajeev | Thursday, April 07, 2005 at 11:12 PM
We are trying to use the Symantec Liveupdate Administration Utility. We created the host file for each of the client machines. The Administration Utility server has the latest definitions. When we select liveupdate on the client machines, they connect just fine to the internal server, yet it comes back and says the definitions are up to date. When we go back to the main window of the antivirus software, it says that the definitions are out of date. What gives?
Posted by: Lewis Childers | Tuesday, April 19, 2005 at 08:35 AM
To whom it might concern, the following information from Alex Scoble's IT Notes resolved a problem that prevented updating Symantec Norton AntiVirus Corporate Edition: "Step three was to delete the Settings.LiveUpdate files from (this is the default path) c:\documents and settings\all users\application data\symantec\liveupdate\" I deleted those files and successfully updated NAV. Well-done, Alex.
Posted by: Jim Isbell | Monday, May 02, 2005 at 05:13 PM
Cannot get live update to work. Same as you guys. How do i edit the settings. Can you be a little more specific for me.........like give the Live Update Fix for DUMMIES. Thanks
Posted by: Frank Foote | Thursday, June 16, 2005 at 06:26 AM
Correct Link
http://service1.symantec.com/SUPPORT/ent-security.nsf/529c2f9adcf33a1088256e22005026f1/8cedf14e8959df0a88256d6300604bf1?OpenDocument&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=9.0
Posted by: Avinash | Thursday, June 16, 2005 at 09:55 PM
Thanks for your info, too
Some things I want to mention I figured out in addition:
I had some trouble to determine where the settings will be stored and when they are applied to LiveUpdate so I tested some things.
Here the outcomes:
1. LiveUpdate always downloads the Settings.LiveUpdate file from the Parent Server right before it runs so if the file is false on the parent server you can change the file manually as often as you want. The next time you start LU the changes are gone!
2. There are several positions where you can configure the settings for the clients: Globally on the Level of the Server Group and individually on the Server/ Client-level. I figured out that the behaviour is a bit strange what config is downloaded to the client (group-level or client-level)
3. It is important that you fill in all values with 0 for the subnet/ subnetmask. Else it will try to download the LU files from Symantec.
I tried also the right values for the subnet and subnetmaks but then nothing works!
4. The passwords are stored always encrypted
Regards
Xantho
Posted by: Xantho | Tuesday, June 21, 2005 at 03:42 AM
Here is what worked for me:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2001041710420013
Posted by: D Romej | Wednesday, June 29, 2005 at 08:15 PM
THANK YOU!!!
Posted by: Tommy | Friday, February 10, 2006 at 06:27 AM
This tip is very useful cudos to you. You saved me about 5 hours worth of research. One question what is the difference between updating live update from the server group or the server icon. they have diff. options. Again thanks for the CBT Nugget lol.
Posted by: Marc | Wednesday, April 26, 2006 at 10:02 PM
i ha Symantec corporate ed. 10, i installed Live update administration utility on my server... it downloads the update, but the clients can't update the defination files only.
Posted by: Jasmeet | Tuesday, November 14, 2006 at 03:04 AM
hi all
i have symantec antivirus server 10.1 & clients pc's having symantec antivirus 8.0 . my problem is that even when i update my server it could not update clients computers.
& in server console maximum number of client pcs having old defination file
please help me
Posted by: vijay shinde | Monday, January 15, 2007 at 01:50 AM
This one resolved my issue. Just rename "C:\Program Files\Symantec\Liveupdate\S32LUHL1.DLL" to S32LUHL1.DLL.bak or something. My humble $.02.
Message: "HOST_SELECTION_ERROR" in log.liveupdate file
Situation: LiveUpdate fails to download product updates. You see the message "HOST_SELECTION_ERROR" in your log.liveupdate and have recently installed Norton AntiVirus Corporate Edition.
Solution: If LiveUpdate cannot connect to a server, you will see the error message "HOST_SELECTION_ERROR" in the log.liveupdate file. The two possible reasons for not being able to connect are:
LiveUpdate may not have proper rights or permissions to go out through the firewall or proxy.
The presence of S32LUHL1.DLL in the "C:\Program Files\Symantec\Liveupdate" folder or, on some servers, the "C:\Program Files\SAV" folder.
To resolve the problem, ensure that you have the proper rights or permissions to pass through the firewall or proxy, or rename S32LUHL1.DLL, located in "C:\Program Files\Symantec\Liveupdate" or C:\Program Files\SAV.
Posted by: nchosen | Sunday, May 27, 2007 at 04:43 AM
You absolute star. Thanks so much for that tip - I hadn't thought to check the Documents and Settings folders for All Users, and I probably would've missed the subnet being screwed if I had. Thanks!
Posted by: Peter Lowe | Wednesday, June 20, 2007 at 11:16 AM
Oh, wow - only just realised that this post is from 2004! Jesus H. Almighty, it amazes me when bugs like this hang around for such a long time. No wonder there's so many viruses and trojans and malware and nasty shit around.
Posted by: Peter Lowe | Wednesday, June 20, 2007 at 02:18 PM
What are the correct subnet and subnetmask numbers supposed to be in the Settings.Liveupdate file? I have all 0's there...thanks for the help ...btw I use Norton AV 2007 only...
Posted by: Neur | Tuesday, August 14, 2007 at 05:32 AM
I have 11 separate Settings.Liveupdate files from 1.Settings .... to 10.Settings...question do I have to change the subnet and subnet mask in everyone of these files...they all have 0's listed? Thanks
Posted by: Neur | Tuesday, August 14, 2007 at 05:37 AM
THANK YOU, THANK YOU, THANK YOU... I've been beating my head over and over on this one, as this is still an issue with ver 10.x. I've gotten to the point of uninstalling and reinstalling, cleaning up all files in between, and even manually going in and cleaning the registry. I knew there had to be a file somewhere that just wasn't getting setup right, and low and behold there it was Settings.LiveUpdate. I stopped the tamper protection service and copied it from a server that was working and then restarted tamper protection and launched live update and boom it worked.
Thanks again.
Posted by: Bruce | Friday, February 08, 2008 at 08:05 AM
Found another useful link for the above problems mentioned.
http://service1.symantec.com/support/ent-security.nsf/docid/2006042008465548
This link along with the info Alex posted helped me solve my problem.
Thanks everyone and especially Alex for pointing me in the right direction.
Posted by: EzPc | Sunday, March 30, 2008 at 06:23 PM
Not sure if this is methioned elsewhere in the comments (too many to read since I have solved my issue), but in All Tasks -> LiveUpdate -> configure in SYmantec System Center, the LiveUpdate source for the server is listed as Symantec LifeUpdate Server. AND, there is a little check box at the bottom: Apply settings to clients not in client groups. This was not checked, and I had not put the client with the LiveUpdate errors in a group. Duh!
Posted by: Jim | Monday, December 01, 2008 at 10:01 AM
6 years later and this thread is still amazingly useful. Thanks everyone.
Posted by: Jesse Fuller | Friday, December 03, 2010 at 11:57 AM