After an in-place upgrade from Symantec Sygate Enterprise Protection 5.1 to Symantec Endpoint Protection 11.0, a machine takes noticeably longer to boot up.
|Article:TECH141653|||||Created: 2010-10-12|||||Updated: 2011-01-04|||||Article URL http://www.symantec.com/docs/TECH141653|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
After an in-place upgrade from Symantec Sygate Enterprise Protection (SSEP) 5.1 to Symantec Endpoint Protection (SEP) 11.0, a machine takes noticeably longer to boot up. The slowness is mostly experienced after Windows logon screen and before the desktop is properly displayed.
At each boot up, an error event similar to below is logged in Windows system event log:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Time: 8:53:32 AM
The Symantec Network Access Control service hung on starting.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
- Symantec Network Access Control (SNAC) LAN enforcement is used.
- If SSEP 5.1 is removed before installing SEP 11.0, the issue goes away.
This is caused by the difference in WGX driver load order in SSEP 5.1 and SEP. In SSEP 5.1, WGX driver is installed in NDIS group. However, in SEP, it needs to be in PNP_TDI group or SNAC service won't start properly (hence the error event above).
During an in-place upgrade, WGX driver is not reinstalled so it's left at NDIS group.
This issue is resolved in Symantec Endpoint Protection 11 Release Update (RU) 6 Maintenance Patch (MP) 1. For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining the latest version of Endpoint Protection or Network Access Control 11.
To workaround this issue without upgrading, please follow the steps below.
Note: as precaution, please backup the registry before modification.
- Launch Regdit.
- Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\WGX subkey.
- In the right pane, change value data for value name Group from NDIS to PNP_TDI.
- Reboot the system twice.
Article URL http://www.symantec.com/docs/TECH141653