5 Replies Latest reply on Mar 25, 2008 7:05 AM by ellishagy

    SuperDAT stops Updates

      I have an issue that is causing my head to pop off. I checked in a superdat to aid in the update of engine 5200 deployment. The SDAT was 5221. The problem is I have roughly 1000+ workstations that are not updating now. They are stuck on 5221 and the log shows them not updating because the have the current DAT file. Even though the rest of the enterprise is at 5243.

      I have tried running the executable dat with no luck, stopping and restarting the services...no luck.

      HELP!

      BTW,

      XP Prof w/ VSE 8.5
      CMA 3.6 patch 3
      ePO 3.6.1
        • 1. RE: SuperDAT stops Updates
          tonyb99
          They have rebooted since the superdat?
          Can you post some client logs?
          • 2. Here's the Agent log
            Yes I did reboot, but no change. Here is the (scrubbed) agent log from one of the workstations.


            20080306042906 I #3716 InetMgr ------------------------------------------------------------
            20080306042906 I #3716 InetMgr Moving C:\WINDOWS\TEMP\mfe1E\PkgCatalog.z to C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\VSCANENG1000\PkgCatalog.z
            20080306042906 I #3716 InetMgr Moving file succeeded
            20080306042906 I #3716 InetMgr Deleting C:\WINDOWS\TEMP\mfe1E
            20080306042906 I #3716 InetMgr Deleting directory succeeded
            20080306042906 i #1456 Script Verifying PkgCatalog.z.
            20080306042906 i #3752 Script Extracting PkgCatalog.z.
            20080306042906 i #3716 Script Loading update configuration from: PkgCatalog.xml
            20080306042907 i #1456 Script Verifying V2EngDet.mcs.
            20080306042907 i #3716 Script Searching available updates for Engine.
            20080306042907 i #3752 Script Product(s) running the latest Engine.
            20080306042907 i #1456 Script Downloading PkgCatalog.z.
            20080306042907 I #3716 InetMgr Downloading File: -->
            20080306042907 I #3716 InetMgr <filename = PkgCatalog.z>
            20080306042907 I #3716 InetMgr <dwFlags = 0x4>
            20080306042907 I #3716 InetMgr <localdir = C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\VSCANDAT1000>
            20080306042907 I #3716 InetMgr <remotedir = Current\VSCANDAT1000\DAT\0000>
            20080306042907 I #3716 InetMgr <sitename = den_XPS>
            20080306042907 I #3716 InetMgr Connecting to site = den_XPS,
            20080306042907 I #3716 InetMgr server = denserver
            20080306042907 I #3716 InetMgr UNC Session initialized
            20080306042907 W #3716 InetMgr Connecting to UNC Server: denserver
            20080306042907 I #3716 InetMgr Domain name=US, User name=denEPOUPDATE
            20080306042907 I #3716 InetMgr Mapping network share \\denserver\SHARE using NetUseAdd
            20080306042907 I #3716 InetMgr Network Share \\denserver\SHARE mapped
            20080306042907 W #3716 InetMgr Connected to UNC Server: denserver
            20080306042907 I #3716 InetMgr Trying to download from site = den_XPS, server denserver
            20080306042907 I #3716 InetMgr localfile = C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\VSCANDAT1000\PkgCatalog.z, remotefile = Current\VSCANDAT1000\DAT\0000\PkgCatalog.z
            20080306042907 W #3716 InetMgr Downloading file: \\denserver\SHARE\VIRUSSCAN\PERIODICUPDATE\Current\VSCANDAT1000\DAT\0000\PkgCat alog.z from UNC Server
            20080306042907 I #3716 InetMgr Downloaded file Current\VSCANDAT1000\DAT\0000\PkgCatalog.z successfully
            20080306042907 I #3716 InetMgr After calling download()
            20080306042907 I #3716 InetMgr return code = 0
            20080306042907 I #3716 InetMgr Disconnecting UNC Server \\denserver\SHARE using NetUseDel(), Force = 1
            20080306042907 I #3716 InetMgr Using unicode UseName for NetUseDel
            20080306042907 I #3716 InetMgr NetUseDel() returned 0
            20080306042907 I #3716 InetMgr Network share \\denserver\SHARE deleted successfully(1)
            20080306042907 I #3716 InetMgr UNC Session closed
            20080306042907 I #3716 InetMgr ------------------------------------------------------------
            20080306042907 I #3716 InetMgr Moving C:\WINDOWS\TEMP\mfe20\PkgCatalog.z to C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Current\VSCANDAT1000\PkgCatalog.z
            20080306042907 I #3716 InetMgr Moving file succeeded
            20080306042907 I #3716 InetMgr Deleting C:\WINDOWS\TEMP\mfe20
            20080306042907 I #3716 InetMgr Deleting directory succeeded
            20080306042907 i #3752 Script Verifying PkgCatalog.z.
            20080306042907 i #1456 Script Extracting PkgCatalog.z.
            20080306042907 i #3752 Script Loading update configuration from: PkgCatalog.xml
            20080306042908 i #1456 Script Verifying V2datdet.mcs.
            20080306042909 i #3716 Script Searching available updates for DATs.
            20080306042909 i #1456 Script Product(s) running the latest DATs.
            20080306042909 i #3752 Script Verifying PcrDet.mcs.
            20080306042909 i #3716 Script Searching available updates for PCR.
            20080306042909 i #1456 Script Verifying PatchDet.McS.
            20080306042909 i #3716 Script Verifying RSS100Det.McS.
            20080306042909 i #1456 Script Verifying SuperDATDet.mcs.
            20080306042909 i #3752 Script Searching available updates for SuperDAT.
            20080306042909 i #3716 Script Product(s) running the latest SuperDAT.
            20080306042911 i #3716 Script Update Finished
            20080306042920 i #3752 Script Closing the update session.
            20080306042926 I #3716 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #1456 Sched >>--CSchedule::GetTask
            20080306042926 I #1456 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #1456 Sched >>--CSchedule::GetTask
            20080306042926 I #1456 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #1456 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #1456 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306042926 I #1456 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #1456 Sched >>--CSchedule::GetTask
            20080306042926 I #1456 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #1456 Sched >>--CSchedule::GetTask
            20080306042926 I #1456 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #1456 Sched >>--CSchedule::GetTask
            20080306042926 I #1456 Sched <<--CSchedule::GetTask
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #3752 Sched >>--CSchedule::GetTask
            20080306042926 I #3752 Sched <<--CSchedule::GetTask
            20080306042926 I #1456 Sched >>--CSchedule::GetTask
            20080306042926 I #1456 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 FrmSvc User SID is S-1-5-18 and SessionID is 0
            20080306042926 I #1456 Sched >>--CSchedule::GetTask
            20080306042926 I #1456 Sched <<--CSchedule::GetTask
            20080306042926 I #3716 Sched >>--CSchedule::GetTask
            20080306042926 I #3716 Sched <<--CSchedule::GetTask
            20080306043004 I #148 Manage Failed to get path for Plugin <VIRUSCAN6500> error=-64
            • 3. Any ideas?
              ?????
              • 4. By George!!! I think I got it!!!
                I think I figured it out. The root cause stems from the upgrade leaving behind old registry keys when the product VSE was upgraded. It seems that there is a key located at HKLM\Software\Network Associates\ePolicy Orchestrator\Application plugins\viruscan6500 or viruscan7100 or viruscan8000 that gets left behind. Once the key is deleted the updating resumes.

                I just used a reg delete command in a batch file. Now to figure out how to run it on 1100 workstations. My biggest concern is that the local workstation's security posture has locked down the c: and shut out remote registry.

                I gonna try to drop a batch file into the temp directory and then use the agent policy to run the executable after an update.

                Cross your fingers!!!
                • 5. It works!!!
                  Just a quick note to let you all know that the fix worked...at least on 800+ workstations. =)