Endpoint Protection

Hello

I have found that if I install EndPoint Protection Client (11.0.4202) onto a domain controller (2008 SP2 x64) it then takes accounts with folder redirection 30 minutes to log in if they have not logged into that particular pc before.

The user profile share is also located on the domain controller.

After removing SEP it is back to only taking a few seconds to log in.

It worked fine on one server but I then installed a new domain controller and decommisioned the old one. For some reason SEP did not find a problem with the old server however it was causing major issues on the new server.

Other problems were slow access to shares, i.e. taking ages to open and save Word documents and things not responding and locking up for a bit.

I did a custom install of SEP in both occasions and only installed the antivirus and antispyware components as the firewall component has always caused issues for me since it was introduced in SEP 11.

I worked with Microsoft on the issue as I did not think to try uninstalling SEP as it had worked fine on the old server.

The old server was a Dell Optiplex 330 with 6GB of RAM and the new one is a Dell Optiplex 960 with 8GB of RAM.

It was hard ti identify the issue as no event log errors or warnings appeared and everything did work in the end but just extremly slowely!

Can someone confirm that SEP is supported on a Server 2008 Domain Controller. According to the documentation it would appear to be.
If it is what troubleshooting can I do? I am not too keen to reinstall it again.

Thanks
Robin

Try to install the SEP client with only Anivirus & AntiSpyware feature & see if that helps you.

Yes SEP is supported on Server 2008 Domain Controller.

Is UAC Enabled or disabled? If enabled Please try  to disable it and see.

Disable Tamper Protection:

Uncheck Protect Symantec security software from being tampered with or shut down.

Click the Clients Tab.

Select the client group you would like to modify.

Click the Policies tab.

If this is not the Global group, uncheck Inherit policies and settings from parent group. Ensure that Policy inheritance is OFF.

Under Location-independent Policies and Settings, with in the Settings box, click General Settings.

Click the Tamper Protection tab.

Apart from being a DC does the server has any othe role?

 

Kavin: As I said above I did a custom install of SEP in both occasions and only installed the antivirus and antispyware components as the firewall component has always caused issues for me since it was introduced in SEP 11.

Prachand: I have uninstalled SEP at the moment and it has already caused a lot of disruption so I need to schedule a time to try installing this againor maybe set up a test domain configured the same. When I get a chance I will try installing it again and try what you have suggested. Thanks for your feedback.
The client was actually an unmanaged client. I tried to get the management console to work on Server 2008 but could not at the time so gave up with it. I believe the issues with IIS 7 have now been fixed and it works correctly.
UAC is enabled. Did you mean on the server or on the client? Or both?
As well as being the primary DC the server is the file server, DHCP server and DNS server. It was set up with exactly the same roles as the last one as the were transfered across one by one.
I don't believe it has any other roles.

I had the same problem over a year ago and ended up re-installing the whole domain as I could not work out the issue. Even Microsoft could not when  they were helping me troubleshoot the issue. I must have tried everything else except removing SEP. I even bought new networking equipment as reinstalling the domain was the last resort. Other things I tried were new network cards, changing the configuration of the cards, turning off IPv6 and the extra networking features of Server 2008 and Vista such as tcp chimney offload and others. In total it has cost me weeks of work.

Has no one else experienced any issues with this. I can't believe it is only me. I can't be 100% sure this was the cause last time but the symptoms were exactly the same.
I was horrified when it started happening a second time!

As with this time network analysing tools just show no or very little network activity from or to the server - like it was connected on an unstable dial up connection.
There are no errors logged or anything in event viewer or anywhere else. The problem was a lot worse last time though with existing users unable to log in as well as it took about 30 minutes for them and a few hours for a new profile. File copying to and from the server would start fast but drop to a few kilobytes as well.
Clients and the server became so unresponsive that I was forced to do a hard reset of clients and the server as things would lock up and it would get progressively worse until even the taskbar and explorer would freeze so I could not do anything. This had started happening a bit this time. Again this was only with roaming profiles.

Even though I have uninstalled SEP can I get any logs anywhere and would attaching them here help you to identify what exactly causes this to happen as I would be interested to know.

Thanks
Robin

I am unsure if this is related, though the only known items I can come across for Windows 2008 and Domain Controllers is listed below:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008010816442248?Open&seg=ent

I  was taking about the UAC on the server.

It seems that the issue is  crtical. In my opnion I will ask to call Support and get a  case Created so that we can get some logs:

1. Symbatch log
2. Memory dump

To isolate the issue.

The issue requires   some anlaysis, so the logs  would be relevant.

Thanks for getting back to me.

After I reinstall SEP assuming I get the same issue again how would I go about generating/retrieving the symbatch log and the memory dump and where should I upload them.

John_Prince: I am unsure what the issue is that that kb article resolves. Do you think that policy needs to be set in order for SEP to function correctly on a domain controller?

Could the fact that it was installed as an unmanaged client have anything to do with it?

Thanks
Robin