Symantec AntiVirus Corporate Edition 10.x server fails to update clients and Symantec System Center 10.x is slow to respond

Article:TECH101532  |  Created: 2005-01-27  |  Updated: 2011-08-15  |  Article URL http://www.symantec.com/docs/TECH101532
Article Type
Technical Solution


Environment

Issue



Symantec AntiVirus 10.x is installed. You may experience one or more of the following problems:

- Clients do not receive virus definitions from the parent server.
- Symantec System Center is slow to respond or does not open.
- Clients disappear from Symantec System Center.

A Vpdebug.log from the parent server shows repeated entries of the following errors:

- PKT: SSL send COM_GET_VALUES to failed with 0x80018022
- PKT: UDP send COM_GET_VALUES to failed with 0x80018009

  ( To enable debugging, please refer to: http://www.symantec.com/docs/TECH101219 )


Solution



This problem is fixed in Symantec AntiVirus 10.0.2 and Symantec Client Security 3.0.2. For information about how to obtain the latest build of Symantec AntiVirus or Symantec Client Security, read Obtaining an upgrade or update for Symantec AntiVirus Corporate Edition or Symantec Client Security.

If you cannot upgrade to Symantec AntiVirus 10.0.2 or Symantec Client Security 3.0.2, use one of the following workarounds.

Workarounds
To fix the problem, try one or more of the following workarounds in the order in which they appear.

To reset the LoginCaCertIssueSerialNum registry value on the primary server

  1. Restart the Symantec AntiVirus service.
  2. In the Windows Registry Editor, go to the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LanDesk\VirusProtect6\CurrentVersion\ScSComms\LocalData

     
  3. In the right pane, double-click the LoginCaCertIssueSerialNum value.
  4. Under Base, click Decimal.
  5. If the Value data box shows a number that is larger than 256, press Backspace and then type 1
  6. Click OK.
  7. Exit the Registry Editor.


To disable the Client Track feature

  1. In the Windows Registry Editor, go to the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion

     
  2. In the left pane, right-click the CurrentVersion key, and then click New > Key.
  3. For the name of the new key, type ClientTrack
  4. In the left pane, right-click the ClientTrack key, and then click New > DWORD Value.
  5. For the name of the new value, type Enabled
  6. In the right pane, double-click the Enabled value.
  7. In the Value data box, type 0
  8. Click OK.
  9. Restart the Symantec AntiVirus service.


TCP requires the operating system to maintain state information for each connection. As client numbers rise, the number of concurrent TCP connections must be allowed to increase. If you manage more than 5,000 clients, Symantec recommends that you tune the MaxUserPort and TcpTimedWaitDelay registry values for better scalability and performance. See the Technical Information section of this document for details about the MaxUserPort and TcpTimedWaitDelay registry values.

To create and edit the MaxUserPort registry value on the primary server

  1. In the Windows Registry Editor, go to the following key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\

     
  2. In the left pane, right-click the Parameters key, and then click New > DWORD Value.
  3. For the name of the new value, type MaxUserPort
  4. In the right pane, double-click the MaxUserPort value.
  5. Under Base, click Decimal.
  6. In the Value data box, type 50000
  7. Click OK.
  8. Exit the Registry Editor.
  9. Restart the computer.


To create and edit the TcpTimedWaitDelay registry value on the primary server

  1. In the Windows Registry Editor, go to the following key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\

     
  2. In the left pane, right-click the Parameters key, and then click New > DWORD Value.
  3. For the name of the new value, type TcpTimedWaitDelay
  4. In the right pane, double-click the TcpTimedWaitDelay value.
  5. Under Base, click Decimal.
  6. In the Value data box, type 30
  7. Click OK.
  8. Exit the Registry Editor.
  9. Restart the computer.






Technical Information
About the LoginCaCertIssueSerialNum registry value

The LoginCaCertIssueSerialNum registry value is incremented each time you open any copy of Symantec System Center on the network. If the network includes many copies of Symantec System Center, this registry value can increase quickly. If you set Symantec System Center to automatically unlock, the value the increases each time that Symantec System Center starts.

You can find information about TCP parameters in the following articles on the Microsoft Web site:


About the MaxUserPort registry value
Registry value: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort
Value type: REG_DWORD
Benchmark setting: 50000

Windows servers limit the number of outbound TCP connections. Because the Symantec AntiVirus server initiates outbound connections during a virus definition push, this key should be set to a very large number. The maximum allowable is 65535, which is the highest possible port number. However, good practice leaves space for inbound connections. Changes to this setting require that you restart the computer.

About the TcpTimedWaitDelay registry value
Registry value: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay
Value type: REG_DWORD
Benchmark setting: 30

TCP puts closed connections into the "timed wait" state to prevent stray packets (from a connection that may be on the network due to retransmissions) from interfering with any subsequent connections that use the same port. The default is two times the maximum segment lifetime, which is typically four minutes. A common practice In LAN environments is to reduce that setting to the minimum of 30 seconds. This reduction allows Windows to free up TCP ports more quickly for outbound connections, which speeds up a Symantec AntiVirus server's content rollout. Changes to this setting require that you restart the computer.


 


Supplemental Materials

Value1-4SWULB

Legacy ID



2005092714023548


Article URL http://www.symantec.com/docs/TECH101532


Terms of use for this information are found in Legal Notices