Sie sind auf Seite 1von 18

Managing Distribution Points

with LiveUpdate
Administrator 2.1
GEA IT Services GmbH
Stefan Brexel
Werner-Habig-Strae 1
D-59302 Oelde, Germany

Symantec (Deutschland) GmbH


Presales Consulting
Kaiserswerther Str. 115
D-40880 Ratingen
Phone: +49 (0) 2102 7453 0

Your Contact:
Patrick Heinen
Principal Presales Consultant
Phone: +49 (0) 2102 7453 868
Mobile: +49 (0) 172 219 7041
pheinen@symantec.com
Version: 1.1
Bearbeiter: PH

Copyright 2008, Symantec Corporation (Symantec). Dieses Dokument darf ohne ausdrckliche
schriftliche Genehmigung durch Symantec weder vervielfltigt, noch weiter verteilt, noch auf andere
Weise vollstndig oder teilweise offengelegt oder weitergegeben werden.

Table of Content
Table of Content .............................................................................................................................................. 2
Executive Summary......................................................................................................................................... 3
Active Directory preparations .......................................................................................................................... 4
Define new users ......................................................................................................................................... 4
Internet Information Server settings ................................................................................................................ 5
General IIS Settings:.................................................................................................................................... 5
Setting up the IIS Website: .......................................................................................................................... 5
Setting up read and write permissions......................................................................................................... 7
Anonymous access.................................................................................................................................... 10
Define Mime-Types for LiveUpdate ........................................................................................................... 11
Live Update Administrator settings................................................................................................................ 12
Test the distribution center with a manual distribution request.................................................................. 16
Troubleshooting ......................................................................................................................................... 18

Executive Summary
This document describes the setup and installation of a Distribution Point with the LiveUpdate Administrator
2.1 to a Microsoft Internet Information Server Version 6 via HTTP.
The LiveUpdate Administrator 2.1 is a web based tool to manage the virus definition updates internally. It
allows downloading LiveUpdate content from the Symantec FTP Server and distributing the content to
different distribution points within your company.
A distribution point could be a HTTP site where you are allowed to push content, a FTP site where are you
allowed to push files or a UNC path which could be a file share on computer or server.

Active Directory preparations


In order to prevent users from deleting or changing the content of the distribution points you should create
two different accounts within the Active Directory. One Account is for pushing the updates to the different
distribution accounts and one is for reading the updates from the distribution points via Live Update.

Define new users

Go to Active Directory Users and Computers

Create a new user e.g. LUA_PUSH with a password.


If you do not want to change the password at regular intervals like your password policy could contain you
should define that the given password should never expire. When you want to change the password on
regular intervals you will have to change the read accounts given in the LiveUpdate policy for every single
user!

Create a new user e.g. LUA_PULL with a password.

The LUA_PUSH user is defined for pushing the updates from the LiveUpdate Administrator to the different
distribution points and the LUA_PULL user is reading the new updates with a LiveUpdate client.

Internet Information Server settings


You will have to define a folder on the server where the updates will have to be stored. This folder could
contain a lot of data (up to multiple gigabytes) depending on how long you want to store older updates. You
can define how long the LiveUpdate Administrator should store older updates.

General IIS Settings:


In order to be able to push and pull updates with the LiveUpdate Administrator to an IIS Server you must
have WebDav enabled in the IIS Web Server Extensions.

Setting up the IIS Website:


Move to the file system area where you want to store your updates. Define a new folder.

Open the Internet Information Services (IIS) Manger. Browse to Web Sites and define a new Virtual
Directoy

Define the name of the new Web Site directory e.g. LiveUpdateLiveUpdate

Browse to the folder which you have created for the LiveUpdate files before.

For the LUAdmin you have to define read, write and browse Access Permissions in order to be able to
retrieve and push the updates to the distribution points.

Setting up read and write permissions


When you right click on the new defined Virtual Website go to Permissions.

Add the new users LUA_PULL and LUA_PUSH.

Define read Access NTFS permissions for the LUA_PULL user

and write or full access for the LUA_PUSH user

Again check the settings. You can define IIS logging if it is wanted.

You will have to choose basic authentication in the directory security settings.

Anonymous access
If you want to enable anonymous access for the LiveUpdate distribution point it is possible but you will be
able do set up anonymous access for read only.
You have to set different NTFS permission to the LiveUpdate folder which you have defined as content
folder.

You will have to add the standard IIS anonymous user with read
only access.
e.g.: Internet Guest Account

Open the Internet Information Services (IIS) Manger. Move to the Directory Security Tab and enable Edit
Authentication and access control.

Add the standard IIS anonymous user

Ensure that basic authentication is enabled.


You will now be able to read the LiveUpdate definitions without authentication but you must authenticate
when you want to update the content of the web folder.

Define Mime-Types for LiveUpdate


You need to define a new mime-type that the LiveUpdate Client will be able to download all file types
Symantec distributes with LiveUpdate. The mime-type has to be set to * because we cannot know today if
there will be some changes in the future regarding different file types. To be able to retrieve all kind of file
types we need to add a *. You can add a mime-type for every single file type you see today but then you
have to change it if Symantec pushes out new file types with LiveUpdate.

Define a new mime-type with extension: * and mime-type: application/octet-stream#


Press ok then you are finished. The mime-type has to be set for the LiveUpdate folder only.

Live Update Administrator settings


Open the LiveUpdate Administrator 2.1 (http://your_luadmin_machine:8080/lua)

To define a new distribution point move to configure and Distribution Centers

Click add and define a new Distribution center name, if it is for testing or production and maybe a
description.

Move to Locations an add a new location

Fill out all fields and add the user LUA_PUSH which has write access to the LiveUpdate folder. Define the
HTTP Port which you have chosen in the IIS Settings. The standard port is 80.

You will immediately see if the result is okay. If you will not see a ready in the status field the permissions
might not be set right. You then might see unreachable

You must define the Products which you want to make available for this distribution point.

You are now ready with the distribution point setup.

You should see your new defined distribution center

Test the distribution center with a manual distribution request


To test if your new defined distribution center is working and if you are able to push the updates to the
distribution center you can start a manual distribution request.

Move to Download & Distribute and start a Manual Distribution Request

Define the products you want to push to the distribution point.

Define a subset and add your distribution point.

Select the updates that you want to distribute

You will see the Activity Monitor with the status of distributing.

Troubleshooting
When a distribution point has the status unreachable there might be some permission settings which have
to be corrected.
You have to ensure that all Internet Information Server settings are enabled as described in the IIS Settings
part of this document.
You can troubleshoot the IIS by looking into the IIS logfile. Do do this you have to ensure that IIS logging is
enabled for the specified folder.
You can find the standard logfile in: C:\WINDOWS\system32\LogFiles\W3SVC1
The logfile shows the IIS error code at the end.

You will find a detailed description of all error codes in the Microsoft Technet Site for IIS troubleshooting.
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/624fb32a-d0ac-48b1-b6bf238aa5b4a70a.mspx?mfr=true