SEP client fails to download defs with "Error: server returned 503 (unavailable)" in cve logs
search cancel

SEP client fails to download defs with "Error: server returned 503 (unavailable)" in cve logs

book

Article ID: 162596

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP 12.1 client fails to download defs with "Error: server returned 503 (unavailable)" in sylink logs

Sylink.log shows following entries:
 
10/23 10:39:18.720 [2348] Request> http://<SEPM IP>:8014/content/{810D5A61-809F-49c2-BD75-177F0647D2BA}/151022037/Full.zip
10/23 10:39:18.751 [2348] </CHttpConnector::SendRequest()>
10/23 10:39:18.751 [2348] <CHttpFileDownload::Do> Error: server returned 503 (unavailable)
10/23 10:39:18.751 [2348] </CHttpFileDownload::Do()>
10/23 10:39:18.751 [2348] <CHttpFileDownload::~CHttpFileDownload()>
10/23 10:39:18.751 [2348] </CHttpFileDownload::~CHttpFileDownload()>
10/23 10:39:18.751 [2348] [Content]<LUThreadProc>Server overloaded, backing off...

Cause

Prevent Clients from downloading full definition packages enabled:

SEPM configuration: Admin > Servers > right-click Server > Properties > Full Definitions Download tab

- Disabled by default
- Disables full.zip downloads from SEPM for all content types except for Host Integrity

* Workflow when the feature is enabled:

- A new Apache filter is inserted on SEPM.
- When client sends a content request to SEPM for a full.zip, Apache returns a 503 error (Service Unavailable).
- Client interprets this as SEPM being overloaded. Client download thread enters a back off routine and sleeps.
- Each time the client gets another 503 error, it increases the back off time. Increments in seconds are 32, 64, 128, 256, 512, 1024, 2048. 2048 seconds is about 34 minutes. The back off time does not increase beyond this.
- As client successfully downloads updates, it decrements its back off time back to 0.
GUP does not support this logic, but it already uses a bandwidth throttling feature.
 

Resolution

Disable option "Prevent Clients from downloading full definition packages" in SEPM configuration: Admin > Servers > right-click Server > Properties > Full Definitions Download tab 

Updated for Sensitive Data review - Shane Smith