Not to excuse them, because, as you stated should have been caught by QA...
Most best practices for SEP indicate not to install NTP on Servers.
Regardless of that fact, there is something broken in SMB 2 on all platforms connecting to 2008 server. MAC OS 10.x requires an SMB (Samba) share to be written out "SMB://[servername]:139/[share name] ONLY when connecting to Windows 2008 box. Port number required because it is not handling NETBIOS sessions properly.
One would think that SMB 2 to SMB 2 from M$ would work right, but you are not the first to experience issues and a few hotfixes (KBs) have been released addressing several of the issues.
Have you tried connecting with a Client that has NTP enabled, but not installed Server side?
I don't personally use NTP at all here, had too many issues in the past, but would you consider a FW rule (I know it's redundant) allowing all traffic from internal to internal ono port 139.
One other thing, I have been considering, and probably going to build a TEST LAB for, is to test the SPI factor of the NTP Firewall from Symantec. Often times, people have complained about issues related to large files. If the system is not allowing a certain MTU through, it could cause this issue. Some SANs use Jumbo frames for example to pass along traffic, fiber connections, MUXes , etc. All hypothetical at this point, but definitely would like to get some Answers if these things were tested in the Symantec Labs or if we have to do the testing for them...
Fun with Firewalls... *sigh*