Installing Java LiveUpdate (JLU) Manually after Symantec Mail Security for Domino (SMSDOM) has been installed Larry Wall Sr. Principle Software Support Engineer Installing Java LiveUpdate (JLU) Manually after SMSDOM 1 We Will Cover The Following Topics 1 Introduction 2 Downloading/Installing Java 3 Downloading/Installing Java Crypto Extensions (JCE) 4 Install Java LiveUpdate (JLU) 5 Replace the liveupdate.conf file 6 Replace the Product.Catalog.JavaLiveUpdate file 7 Problems you may encounter Installing Java LiveUpdate (JLU) Manually after SMSDOM 2 Introduction • You may be installing JLU after SMSDOM because – When SMSDOM was originally installed Java/JCE was not installed – Definitions were originally coming from another Symantec product like SEP but this is no longer the case – During the installation you forgot to check to install LiveUpdate • The basics to installing Java LiveUpdate are – Install Java – Install Java Cryptography Extensions (JCE) – Install Java LiveUpdate (JLU) Installing Java LiveUpdate (JLU) Manually after SMSDOM 3 While this presentation is specifically tailored for installing JLU after SMSDOM, the same steps with some minor modifications can be done to work with other products. Your paths could be different depending on OS version and bit version. It is more confusing when on a 64bit machine because 64bit and 32bit applications can both run. Minimally you need the same bit version of Java to match the bit version of SMSDOM. But you can simplify this by just installing both 32bit and 64bit versions of Java. Also, the Product.Catalog.JavaLiveUpdate file may need to be changed. It needs to contain the correct moniker and product name in order to download the proper definitions. Lastly, the steps listed are specifically for Windows. JLU works across different types of operating systems because it is a Java program. But the basics are still the same, install java, java cryptography extensions (if required), install Java LiveUpdate, and then make sure the configuration files are okay. As of this writing JCE is not needed on AIX for example because the program will not try to encrypt/decrypt the liveupdate.conf file. Installing Java LiveUpdate (JLU) Manually after SMSDOM 4 Download Java JRE and JCE The newer versions of JLU require Java 5 (also called 1.5) or higher. You can download this from java.com but because you may also need to download JCE a better location http://www.oracle.com/technetwork/java/javase/downloads/index.html. You want to download the JRE (need runtime environment minimally) and then down near the bottom you will see the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. • Note There is only one JCE package for each major version of Java. For example, JCE 6 will work for all builds of Java 6 including 32bit and 64bit versions as well. Installing Java LiveUpdate (JLU) Manually after SMSDOM 5 Installing Java JRE When installing Java JRE just accept the default settings. Depending on bit version and the OS version will depend on where the files have installed to. Typically you will find 32bit Java installed to C:\Program Files\Java and 64bit to C:\Program File (x86)\Java. – You can install both 32bit and 64bit versions of Java if you like on a 64bit OS. This is a good idea to do if you are testing both bit versions on one machine or you just have a combination of 32bit and 64bit applications that require Java. – After installing you should be able to go to DOS prompt and run java commands. If you type “java –version” it should return version information for the first found version of java. Installing Java LiveUpdate (JLU) Manually after SMSDOM 6 Installing Java JCE Installing Java JCE is easy. You just open the zip file, go into jce folder, and copy the two jar files (US_export_policy.jar & local_policy.jar) to the proper location. The files can be used for both 32bit and 64bit Java but the versions must match. So JCE 6 jar files must be used for Java 6 (32bit or 64bit). – If Java is installed to C:\Program Files\Java go to C:\Program Files\Java\jre\lib\security and put both jar files there. – If Java is installed to C:\Program Files (x86)\Java go to C:\Program Files (x86)\Java\jre\lib\security and put both jar files there. – Also, if Java is installed to both of those locations you should just go ahead and apply the two JCE jar files to both locations to keep from having one that works and one that doesn’t which could be confusing. Installing Java LiveUpdate (JLU) Manually after SMSDOM 7 Installing Java LiveUpdate • If you installed SMSDOM from a self uncompressing, self executing file then this would have to be uncompressed first so that you have access to the data1.cab file. For example, Symantec_Mail_Security_Domino_8.0.9.151_Win64_IN.exe. If your installation package is already uncompressed go to the next slide. 1. 2. 3. 4. 5. 6. Create a folder called uncompressed on your desktop Doubled click to execute the program Press OK to when window pops up saying “This program installs Mail Security x.x for Domino.” In the next window Browse to and select your uncompressed folder and then uncheck “When done unzipping open: Setup.exe.” This way it uncompresses to your folder but does not try to install SMDOM. Next Close the installer. Goto your uncompressed folder. Installing Java LiveUpdate (JLU) Manually after SMSDOM 8 Note: If you uncompressed the 64bit version of SMSDOM, go to uncompressed folder and then double click the Data1.cab file to open it so that you can access the files inside. If you had uncompressed the 32bit version of SMSDOM, you will see two folders called SMSDOM and SMSDOM-x64 and this may be confusing. The SMSDOM-x64 is still 32bit compilation but was specifically compiled as a 32bit application to run on a 64bit OS. You can choose either folder to go into because the jlu.jar file we are looking for is the same in both folders. Once in that folder open the Data1.cab file by double clicking it. 7. Copy the jlu.jar.54E561A0_BE49_4E56_B71C_FC93C7BAF85D to your desktop. The numbers and letters after as part of the file name after jlu.jar may be different. 8. Rename the file to just jlu.jar 9. Now copy jlu.jar to the root of your C:\ drive. 10. Bring up a Command Window to enter DOS commands and go to the root by typing “cd \” and pressing enter. 11. Type “java -classpath jlu.jar Installer” and press enter. JLU should install. 12. Can now delete the jlu.jar file by typing “del jlu.jar” and press enter. Installing Java LiveUpdate (JLU) Manually after SMSDOM 9 Replace liveupdate.conf file Some important notes about the liveupdate.conf file and JLU. • More than likely if you have been running without JLU then there is a possibility that your liveupdate.conf file is incomplete, empty, or just plane 0 bytes in size. • Newer versions of SMSDOM will try to encrypt the liveupdate.conf file after installing and so if JCE is not installed prior, the liveupdate file could be 0 bytes in size right from the start. • JLU can open and understand a readable text or encrypted version of liveupdate.conf file. So if you want to test a proxy setting keep a text version of this file, add the settings, then copy this over to the one used by JLU. • Most of the generic settings like host/0, host/1,host/2, workdir, and logging are built into JLU. If they do not exist in the liveupdate.conf file then the defaults are used. For this reason a 0 byte liveupdate.conf file will not prevent JLU from trying to run with the defaults. • If JCE is not present the liveupdate.conf file will become 0 bytes in size after JLU runs. This is because after JLU has determined its settings and has run it will then pass the settings to JCE for encryption. If JCE is not present Java will return 0 bytes of encrypted data. And then we overwrite the file with 0 bytes. Example problem – customer puts proxy settings in so that LiveUpdate works. They report it works one time and then no longer works. What happened was that they added their own liveupdate.conf file with the proxy settings and because JCE did not exist here is what happened. First JLU reads the settings, including the proxy settings in and works. But after running, JLU sends the settings to Java to be encrypted. JCE does not exist and so liveupdate.conf file becomes 0 bytes. Installing Java LiveUpdate (JLU) Manually after SMSDOM 10 Default liveupdate.conf file for OSs older than Windows 2008 Server. ############################################################ # # # livepdate.conf - Symantec LiveUpdate configuration file # # # # This file is used to configure the settings used by # # LiveUpdate # # # ############################################################ hosts/0/url=http://liveupdate.symantecliveupdate.com:80 hosts/1/url=http://liveupdate.symantec.com:80 hosts/2/login:ENC=b3effdd10d982d2c7339c9604c67c34c hosts/2/password:ENC=18d2e2d4c1445548f8a5ef124ed20bfd hosts/2/url=ftp://update.symantec.com/opt/content/onramp logfile=C:\Documents and Settings\All Users\Application Data\Symantec\Java LiveUpdate\liveupdt.log workdir=C:\Documents and Settings\All Users\Application Data\Symantec\Java LiveUpdate\Downloads serverlogging=true cacheMode=false Installing Java LiveUpdate (JLU) Manually after SMSDOM 11 Default liveupdate.conf file for Windows 2008 Server and Newer. ############################################################ # # # livepdate.conf - Symantec LiveUpdate configuration file # # # # This file is used to configure the settings used by # # LiveUpdate # # # ############################################################ hosts/0/url=http://liveupdate.symantecliveupdate.com:80 hosts/1/url=http://liveupdate.symantec.com:80 hosts/2/login:ENC=b3effdd10d982d2c7339c9604c67c34c hosts/2/password:ENC=18d2e2d4c1445548f8a5ef124ed20bfd hosts/2/url=ftp://update.symantec.com/opt/content/onramp logfile=C:\ProgramData\Symantec\Java LiveUpdate\liveupdate.conf workdir=C:\ProgramData\Symantec\Java LiveUpdate\Downloads serverlogging=true cacheMode=false Installing Java LiveUpdate (JLU) Manually after SMSDOM 12 You can go ahead and copy the liveupdate.conf file from one of the last couple slides and use this as your default liveupdate.conf file. You can then modified as needed in the future. You do need to make sure the paths are correct for the workdir and logging parameters. The settings in the liveupdate.conf file are also case sensitive. So the cacheMode line must have that M capitalized or else it will not work. If cacheMode equals false JLU will remove cache files when it is done. This will help prevent running out of disk space. If you use a text based liveupdate.conf file and then run JLU the file will become encrypted. Once encrypted you can either overwrite this with another text based copy or you can use the ConfigEditor parameter to bring up a GUI for making changes. To run this editor find where jlu.jar installed itself to. Could be one of the following paths: C:\Program Files\Common Files\Symantec Shared\Java LiveUpdate C:\Program Files (x86)\Common Files\Symantec Shared\Java LiveUpdate Go to this folder with command window DOS prompt and then run the following command: java -classpath jlu.jar ConfigEditor If this does not work you may have to type the whole Java path inside of quotes like this for example: “C:\Program Files (x86)\Java\jre\bin\java.exe” -classpath jlu.jar ConfigEditor Installing Java LiveUpdate (JLU) Manually after SMSDOM 13 Replace Product.Catalog.JavaLiveUpdate file Some important notes about the Product.Catalog.JavaLiveUpdate file and JLU. • This file is located where you would find the liveupdate.conf file. On servers older than Windows 2008 it would be: %AllUsersProfile%\Application Data\Symantec\Java LiveUpdate And for Windows 2008 and newer it would be: %AllUsersProfile%\Symantec\Java LiveUpdate • There is a possibility that this file is 0 bytes in size. This can happen if someone tried to run LiveUpdate and it was not installed. • JLU will look at this file first to see if liveupdate is needed to run. If you run LiveUpdate now and new defs come in and then turn around and run LiveUpdate again, JLU will be able to quickly determine this is not needed. We have seen weird scenarios where JLU failed to download new definitions but still updated this file. And so when you then try to test LiveUpdate again it just says you have the latest defs. If you experience this just replace the file with a default copy. • If you keep a copy of the file just remember that the moniker and product listed in the file is different for 32 and 64bit versions. These are also different for other products as well. If you use the 32bit version on 64bit SMSDOM it will cause an initialization failure because the 64bit files will not be there like expected. Installing Java LiveUpdate (JLU) Manually after SMSDOM 14 Default Product.Catalog.JavaLiveUpdate file for 32bit SMSDOM on Windows [{6B9B12D6-93E0-460e-BF4E-0A7251925D80}] MONIKER={6B9B12D6-93E0-460e-BF4E-0A7251925D80} PRODUCTNAME=SMSDOM Windows Virus Definitions PRODUCT=SMSDOM Windows Virus Definitions VERSION=8.0 LANGUAGE=English SEQ.VirusDef=0 [{C498C4FD-B2DE-4415-BE68-5CA2BD9D113F}] MONIKER={C498C4FD-B2DE-4415-BE68-5CA2BD9D113F} PRODUCTNAME=SMSDOM VSP PRODUCT=SMSDOM VSP VERSION=2.0 LANGUAGE=SymAllLanguages SEQ.VSP=0 Installing Java LiveUpdate (JLU) Manually after SMSDOM 15 Default Product.Catalog.JavaLiveUpdate file for 64bit SMSDOM on Windows [{17199101-194A-4883-85F9-B6FA33381C03}] MONIKER={17199101-194A-4883-85F9-B6FA33381C03} PRODUCTNAME=SMSDOM Windows64 Virus Definitions PRODUCT=SMSDOM Windows64 Virus Definitions VERSION=8.0 LANGUAGE=English SEQ.VirusDef=0 [{C498C4FD-B2DE-4415-BE68-5CA2BD9D113F}] MONIKER={C498C4FD-B2DE-4415-BE68-5CA2BD9D113F} PRODUCTNAME=SMSDOM VSP PRODUCT=SMSDOM VSP VERSION=2.0 LANGUAGE=SymAllLanguages SEQ.VSP=0 Installing Java LiveUpdate (JLU) Manually after SMSDOM 16 Default Product.Catalog.JavaLiveUpdate file for 32bit SMSDOM on AIX [{5C5CD07E-2B50-4a23-A410-F3A935AB5920}] MONIKER={5C5CD07E-2B50-4a23-A410-F3A935AB5920} PRODUCTNAME=SMSDOM AIX Virus Definitions PRODUCT=SMSDOM AIX Virus Definitions VERSION=8.0 LANGUAGE=English SEQ.VirusDef=0 [{A7F40636-A387-49da-8C21-8CDAC9FB79B9}] MONIKER={A7F40636-A387-49da-8C21-8CDAC9FB79B9} PRODUCTNAME=SMSDOM VSP PRODUCT=SMSDOM VSP VERSION=2.0 LANGUAGE=SymAllLanguages SEQ.VSP=0 Installing Java LiveUpdate (JLU) Manually after SMSDOM 17 Default Product.Catalog.JavaLiveUpdate file for 64bit SMSDOM on AIX [{5C5CD07E-2B50-4a23-A410-F3A935AB5920}] MONIKER={5C5CD07E-2B50-4a23-A410-F3A935AB5920} PRODUCTNAME=SMSDOM AIX64 Virus Definitions PRODUCT=SMSDOM AIX64 Virus Definitions VERSION=8.0 LANGUAGE=English SEQ.VirusDef=0 [{A7F40636-A387-49da-8C21-8CDAC9FB79B9}] MONIKER={A7F40636-A387-49da-8C21-8CDAC9FB79B9} PRODUCTNAME=SMSDOM VSP PRODUCT=SMSDOM VSP VERSION=2.0 LANGUAGE=SymAllLanguages SEQ.VSP=0 Installing Java LiveUpdate (JLU) Manually after SMSDOM 18 Problems you may encounter • Product.Catalog.JavaLiveUpdate is 0 bytes in size. This can happen if someone tries to run LiveUpdate and LiveUpdate was not installed. Replace file with correct default to correct issue. • When running LiveUpdate it returns quickly with status saying you already have the latest definitions. Product.Catalog.JavaLiveUpdate may have been updated even though JLU failed. Replace file with correct default and look at the last logs in the livupdt.log to figure out and fix issue with JLU then try running LiveUdpate again. • liveupdate.conf file is 0 bytes in size. JCE is not installed. Install JCE, replace liveupdate.conf file with default plus any additional changes, and then try LiveUpdate again. • After new definitions have downloaded SMSDOM fails saying SMSDOM ERROR: Unable to initialize SMSDOM engine. on the Domino console. Either bad set of definitions or you have incorrect Product.Catalog.JavaLiveUpate file that caused JLU to get wrong definitions. When this causes nntask to fail it can also cause mail to backup as dead with our dead failure reason. • If when you run LiveUpdate from the GUI and see the error Could not locate installation directory then SMSDOM cannot find Java. This could be related to multiple versions of Java installed or bad registry settings. You can add the SAVJava= line to your notes.ini to inform SMSDOM which folder java.exe is located. The path must end with a backslash (\). On 64bit Windows it may be something like this: SAVJava=C:\Program Files\Java\jre6\bin\ Installing Java LiveUpdate (JLU) Manually after SMSDOM 19 Conclusion There are a lot of variables that can make installing and troubleshooting Java LiveUpdate seem like a difficult task. But really when it comes to just installing after a install of SMSDOM, you just need to install java, jce, jlu, and replace the two configuration files. If you have each of these already in front of you and on the machine intended for this process can be done in just a few minutes. Essentially the same requirements are needed for AIX without the need for JCE. But you do need good running Java, JLU and configuration files. Installing Java LiveUpdate (JLU) Manually after SMSDOM 20 Thank you! Larry Wall Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Installing Java LiveUpdate (JLU) Manually after SMSDOM 21