Endpoint Protection

 

Only Antivirus and Antispyware is supported on servers.  I saw a post from Paul M the other day saying one more part of the SEP client was supported on servers but I can't remember what it was.  Try installing AV and AS only and see if that clears up your problem.

Network Threat Protection is Supported on SEP 11 on servers were  another firewall is not installed.

On servers are not supported Proactive Threat Protection and antivirus for e-mail and Outlook Scanner.

I have red tis in Administrator Guade of Sep 11

 

Try withdrawing the firewall policy for that server to see if it clears up.  If it does, you will have to add rules to allow certain types of traffic when you enable the policy.  I came across a post from Paul M saying that NTP will work on domain controllers, but you need to tweak the rules (didn't say what exactly).

You used to have to tweak the rules for servers and DC's but the out of the box rules now should allow all communications anyway, so there shouldn't be an issue...  

Out of interest, have you tried it without Network Threat Protection, to eliminate that possibility?  We have plenty of customers running everything on servers without any issues.

 I am wondering if new IPS engine Krypton is causing problems. <o p=""></o>

Because I have enabled all traffic between DC and Exchange server 2003 in rules section. (I have added rule to allow all traffic between DC and exchange server 2003 ). Even with MR3 there was logs in network treat protection that stated that IPv6 over IPv4 teredo packets blocked from Exchange 2003 server to DC server. This was strange because I am not using IPv6 protocol but everything was working ok so it was no big issue for me.<o p=""></o>

I am using GFI mail Essentials and GFI mail Security for exchange server 2003  maybe it is the issue but if it the cause for this problems it should be corrected from your side because it is a great products for exchange 2003.<o p=""></o>

Another thing I am suspicions of causing problems is that I have updated my exchange server 2003 with latest Microsoft patch related to some critical vulneribites (I don’t remember KB number)<o p=""></o>

Alsso if accessing mailbox from OWA (Outlook Web Access) it crashes Exchange Server 2003 and makes server were exchange is running temporarily unresponsive.<o p=""></o>

P.S if this problem is not related to Krypton blocking communications between DC and exchange Servers maybe someone can provide me with link to download SEP11MR3<o p=""></o>

 

 

I have tried without NTP and it seems that exchange was working (with Outlook) but after accessing Exchange with Outlook Web Access (OWA) Exchange Server crashes down. I am accessing it from client workstation so don’t tell me to uninstall NTP also from Client commuters.<o p=""></o>

<o p=""></o>

We are still having issues with some of our users and network applications, even with the MP1a build.  I have even resorted to using cleanwipe, and a handful of clients are still having issues.  One PC in our IT department is having issues even when rolling back to the original MR4 build.

I cannot seem to isolate anything unique about the machines still having issues, but it clearly is SEP related, since disabling/removing NTP fixes the issue in all cases.

Were there any issues with connecting to Exchange prior to MR4 MP1?  We are currently at MR4 and not planning on upgrading anytime soon with the issues everyone else is having with MP1, MP1a, etc.  Our Exchange server is the last machine that needs to be upgraded from SAV 10.1.  I was planning on installing a package that contained the Antivirus and Antispyware as well as Network Threat Protection so I could do Application and Device Control log policies on it.  I take it that I should not be installing TrueScan Proactive Threat Scan or any of the E-mail Protection in the package.  Any advice with regard to best practices/procedures would be greatly appreciated.  I don't want to be picking up the pieces of a busted Exchange server after installing the SEP client on it.

Thanks.

From the Symantec_Endpoint_Protection_11.0.4000_MR4_AllWin_EN_CD1 Readme.txt file:

 

Make sure to turn off the Windows firewall... a GPO would probably be the best way to do it in a domain.

 

I can confirm that after upgrading one DC/Exchange/SEPM server, clients that use this server are talking to another domain controller/Exchange server (a lot of traffic).  I don't know what kind of traffic, but for one site, it's maxing out my fractional T1 (clients with no server).  I only installed AV and AS on the server and clients are mixed MR4 and MR4 MP1A.  SEPM on the server is MR4 MP1.

 

Hi Rick,

You installed AV/AS only on your server but did you withdraw firewall and IPS policies from a group which your server resides?  

 

No, I didn't.  Was I supposed to?  When I look at the client on the server, NTP and PTP do not show as being installed.  If I was supposed to withdraw the policies, why has this been working since MR2 and suddenly give me problems going from MR4 to MR4 MP1A?  I think I may be missing something.

Before I uninstalled MP1A, I tested OWA and it worked on my DC/Exchange/SEPM server.  This was an Exchange 2003 sp2 Backend server while the Frontend server (nothing but Exchange 2003 sp2) was running SEP MR4 for the client.  HTH

 

 

 

RickJDS

Do not withdraw firewall polices from group!!! I have tried this and it has catastrophic result for Server where Exchange was installed (I mean not only exchange software but whole server). It's better to uninstall NTP from Add/Remove.

Now I'm not sure what to do.  Firewall policies are inherited but NTP was never installed on the server I'm having problems with.  I've never had problems until I tried to upgrade the server's SEP client from MR4 to MR4 MP1A.

I'm now working on purchasing and installing Netflow Analyzer so I can see what kind of traffic is generated.  Just have to get the purchase approved.

Rick - if you are fairly certain that it's traffic between your Exchange box / DC, then Wireshark should be a much free'er option than netflow for a 'one off' analysis.

nick

 

 

Don' t use host groups for exclusions and rules, and don't exclude the DCs from Intrusion prevention under the excluded hosts button.
It seems to choke up name resolution.

Injecting Firewall in servers is equal to injecting plenty of risks in your servers!!
No doubt! eliminate anything that may role as firewall such as the Network Threat Protection, IPS and application and Device control.

Next is that when you apply such policies to your servers, the transaction to the the SEP Server will be impact by the rules. Therefore retrieving new policies willo be affected by the present rules. hence, try to apply the new plicies on a normal computer that you are 100% sure it recieves them, and then export the policies from this one. Then you can save and transfere the exported policy to your mulfunctioning server and then import them to the SEP Client.

I hope it helps you get rid of the hell you described!!