After an in-place upgrade from Symantec Sygate Enterprise Protection 5.1 to Symantec Endpoint Protection 11.0, a machine takes noticeably longer to boot up.

Article:TECH141653  |  Created: 2010-10-11  |  Updated: 2011-01-03  |  Article URL http://www.symantec.com/docs/TECH141653
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution



Issue



After an in-place upgrade from Symantec Sygate Enterprise Protection (SSEP) 5.1 to Symantec Endpoint Protection (SEP) 11.0, a machine takes noticeably longer to boot up. The slowness is mostly experienced after Windows logon screen and before the desktop is properly displayed.


Error



At each boot up, an error event similar to below is logged in Windows system event log:

-----------------------------------------

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Date:  10/12/2010
Time:  8:53:32 AM
User:  N/A
Computer: Machine-Name
Description:
The Symantec Network Access Control service hung on starting.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
------------------------------------


Environment



  • Symantec Network Access Control (SNAC) LAN enforcement is used.
  • If SSEP 5.1 is removed before installing SEP 11.0, the issue goes away.

Cause



This is caused by the difference in WGX driver load order in SSEP 5.1 and SEP. In SSEP 5.1, WGX driver is installed in NDIS group. However, in SEP, it needs to be in PNP_TDI group or SNAC service won't start properly (hence the error event above).

During an in-place upgrade, WGX driver is not reinstalled so it's left at NDIS group.


Solution



This issue is resolved in Symantec Endpoint Protection 11 Release Update (RU) 6 Maintenance Patch (MP) 1. For information on how to obtain the latest build of Symantec Endpoint Protection, read Obtaining the latest version of Endpoint Protection or Network Access Control 11.

 
Obtaining the latest version of Endpoint Protection or Network Access Control 11

To workaround this issue without upgrading, please follow the steps below.

Note: as precaution, please backup the registry before modification.

  1. Launch Regdit.
  2. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\WGX subkey.
  3. In the right pane, change value data for value name Group from NDIS to PNP_TDI.
  4. Reboot the system twice.

 


Supplemental Materials

Description
  • WGX driver (WGX.sys) is the SNAC supplicant driver. It is responsible to intercepting, encapsulating, and sending all EAP data to the 802.1x Authenticator.
  • How to control device driver load order.


Article URL http://www.symantec.com/docs/TECH141653


Terms of use for this information are found in Legal Notices