Screencasts - Hilfsvideos

Download of virus definition file from LiveUpdate server failed. 00000001

Created: 10 Sept. 2007 • Aktualisiert: 09 Aug. 2010 | 10 Kommentare
I have SAV 10.1 installed on a Windows Server 2003 R2 SP2 acting as a secondary server in my server group. I want this server to be able to collect it's updates (virus defs etc.) directly from LiveUpdate rather than via the Primary server. I've configured the LiveUpdate for the server entry in the Symantec System Center console to collect it's updates from the "Symantec LiveUpdate Server" daily at 6am.
I've also configured the Virus Definitions Manager for the same server in the console to "Update individually each server in this group" and configured this to update from the source "LiveUpdate (Win32)/FTP (Netware)" again daily at 6am.
I'm finding that the updates don't seem to be happening.
If I attempt to force an update via the console (my server->All tasks->Symantec Antivirus->Update definitions now... OR my server->All tasks->Symantec Antivirus->Virus Definition Manager->(Update each server individually)Configure->Update Now
the update again doesn't work and the symantec antivirus event log shows the following error:
"Download of virus definition file from LiveUpdate server failed.  00000001"
I've found this same error in the log files, but there is no further detail as to exactly what has gone wrong.
Can anyone advise as to what I might have done wrong (I've confirmed this server can ftp to and/or provide some advice as to how I can get SAV to give me more information about what has gone wrong during the attempted update (error "00000001" doesn't really help me).
Kategorien für Diskussion:

Kommentare KommentareZum neuesten Kommentar

das Bild der Todd Fitkins

Hi David,

The seven zero's and a one error means LiveUpdate (LU) failed (as I'm sure you've guessed ;). To get more information, have someone go to that secondary server and run LiveUpdate through the SAVCE GUI. If it fails, you have an LU error message you can use to find documenation on troubleshooting, if it works, my guess would be a problem with credientals being passed to the proxy/firewall.

With LiveUpdate, the default setting is to use the IE proxy/firewall settings. I believe that when LU is scheduled from the SSC, it uses the SYSTEM account... the SYSTEM account doesn't have a user hive and, therefore wouldn't have specified LU settings. If this is the case, go into the control panel applet for LU and set the firewall/proxy info manually.

Hope this helps!

das Bild der Todd Fitkins

Just some clarification on what's quoted below. IE would not have any settings specified if the SYSTEM account launched LiveUpdate. This would cause LiveUpdate not to have IE settings available, hence the need to specificy the proxy/firewall information manually.

OJ wrote:
the SYSTEM account doesn't have a user hive and, therefore wouldn't have specified LU settings. If this is the case, go into the control panel applet for LU and set the firewall/proxy info manually.

Hope this helps!

das Bild der David Griffins
Having installed the latest version of LiveUpdate (downloaded from the Symantec web site) on this secondary server (NOTE: I made no changes to the configuration), the liveupdate now seems to be working. I'll monitor it over the next couple of days and reply back to this thread to confirm for certain. I'm not sure why installing a newer version of LiveUpdate would have fixed the issue, but perhaps there was a related bug fix in this latest version of LiveUpdate.
Thanks for the advice to date.
das Bild der Brian Hodgess
I am having the exact same error:  "Download of virus definition file from LiveUpdate server failed.  00000001."
I am seeing this message in my client logs when I try to push virus defs from the server to an outdated client.  The funny thing is, some of our clients are picking up virus defs automatically, so I know it's working for some, just not everyone.  The server is running v9 and clients are configured to pull defs from the parent server.  Does that mean when we initiate a push that the defs come from our parent server?  Or do they come from LU??  The error message indicates they are trying to hit LU, but I'm not sure why......
Any further input on this would be greatly appreciated.  Thank You!!!!
das Bild der Todd Fitkins

The VDTM (pushing definitions from parent) doesn't use LiveUpdate. You can go into the Symantec System Center and disable LiveUpdate from running. If you don't want LiveUpdate to run on the clients, please review the following doc:

Title: 'Preventing Symantec AntiVirus Corporate Edition clients from running LiveUpdate'
Web URL:

That said, if your clients are not updating definitions automatically, I found another doc that maybe helpful:

Title: 'Troubleshooting communication problems with Symantec AntiVirus Corporate Edition 9.x'
Web URL:

das Bild der Info_Secs
This error is no fun.  Still getting errors "Download of virus definition file from LiveUpdate server failed.  00000001" when I try to manually push definitions.  I did notice as mentioned above that the SYSTEM account is used in the timed intervals, but when done manually the client user's credentials show up in the logs.  Even when I do it from the parent server.  And this does not appear to be a firewall/proxy problem.  I tried modifying the LU settings on the server to no avail.  Here's a netstat done at the same time i tried to manually push defs to the client:
netstat -a
Active Connections
  TCP    SERVER:3313          client:2967  ESTABLISHED
  TCP    SERVER:3451          client:2967  ESTABLISHED
  TCP    SERVER:2967          client:4771  ESTABLISHED
Any help would be good
das Bild der Todd Fitkins

Hi InfoSec,

VDTM (the 2967 communciations that push defs from parent to child) is different communications than the 00000001 issue as that uses LiveUpdate. The port in use would depend on the protocol LiveUpdate is configured to use. The manual push may be different than the LiveUpdate related error. If this is happening on all your clients, is your main update method VDTM or LiveUpdate?

To look at the 00000001error, I have a question:

If you manually run LiveUpdate when physically at the client does is it a successful run?

  • If yes, add the firewall proxy info to the LU client's settings (start + run, luall -control) and try it from the SSC or scheduled.
  • If no, use the LU error code to look further at the issue.

das Bild der Ramilas


I have 3 servers that they are not directly connected to the live update servers because of that they don’t update automatically and I have to every day push the bottom live update manually. They are 64 bits servers how can I make it automate to  garb update  Symantec antivirus ?

das Bild der Vikram Kumar-SAV to SEPs

Managing 64-bit clients with Symantec System Center

I would recommend always open a new thread for your rather than asking questions on old threads like this ( 2 yrs 21 weeks old ) thread.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search use it.