Video Screencast Help

Client Removal = Event ID 20035 Remote Access Connection Manager failed to start

Created: 28 Dec 2007 • Updated: 22 Jun 2010 | 14 comments

After uninstalling the Endpoint client from an XP SP2 Pro machine, I began to receive Event ID 20035:

Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.

Preceding this was Event ID 20070:

Point to Point Protocol engine was unable to load the C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll module. The specified module could not be found.

And Event ID 20151:

The Control Protocol EAP in the Point to Point Protocol module C:\WINDOWS\System32\rasppp.dll returned an error while initializing. The specified module could not be found.

 

The funny thing is... it was uninstalled off the machine after the stability issues began occuring immediately after the client was installed. The system would completely lock up. No errors in the log. Nothing.

 

rasppp.dll is there and a sfc /purgecache and sfc /scannow and whatnot has been done. Error is still occuring.

Comments 14 CommentsJump to latest comment

Paul Murgatroyd's picture
Can you please take a look on your machine, under the following registry key:
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP
 
you should see several folders.  In 13, 25 and 88 you should see references to our NAC dll's.  What you should also see there is the original Microsoft dll references with the word "Backup" added to their name.  It would appear that on some systems when we remove SEP we don't revert these keys (I've tested many times and its always worked for me) - you can however manually change these back and that will restore functionality.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Rajackar's picture

Could you please tell me what the keys should be reverted to? We have uninstalled SEP 11 comany wide because of its many problems and went back to sav 10.2 but now even when removed SEP is giving us problems :S

lauracc's picture

Hi Paul, on that post you never said what it was supposed to look like WITHOUT SEP. What are the keys supposed to look like without it?
thanks,

Paul Murgatroyd's picture
where you have duplicate values, but one is appended with Backup - delete or rename the old value (containing the link to the Symantec dll) and remove Backup from the other key and its back to MS defaults.

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

Jeff Burgess's picture

Paul,

I installed the product by pushing out an installation package. Then I pushed another one out per Symantec tech support. That 2nd installation overwrote the backup registry entries, so the backup registry entries also contain references to the Symantec DLLs. I suspect others are experiencing a similar scenario.

The question these folks have is, what was it before the SEP client was installed? According to the screen shot you posted, SEP client replaces the following DLL:

C:\WINDOWS\system32\rastls.dll

...so this is what should be in the ConfigUiPath, IdentityPath, etc. registry entries.

Does this sound correct?

-Jeff

Paul Murgatroyd's picture
Hi Jeff,
 
Yes, thats correct - my registry screenshots contain how the registry *should* look (and does) after the first install of SEP.  Any subsequent changes or upgrades made to the client will be "re-backed up" which means customers will end up with two Symantec registry keys, rather than one Symantec and one Microsoft one.
 
This is a bug, and we have created a defect for it.
 
thanks

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

KC-SA's picture
I've tried what you said about the "backup" file, but as you can see below...I'm not sure that's my case here?  You can the contents for 13, 25 & 88 as shown & then below that you can see the event message I am getting about every minute.
 
I have also been dealing with the current liveupdate issues...plus others that I have to get to one at a time.  :smileysad:
 
I am running SEP v11.0.1000.1375 with ONLY antivirus turned on & all else off.
 
Thanks for any help!
 
 
KC-SA's picture
Is that for a laptop/mobile computer?  I am getting this on desktop clients.
 
That script is way above my head & I dare not use it without knowing what I'm doing.  I also checked the link posted for manually removing SEP, but that's pitifully long & painful.
 
So does this mean I need to remove SEP completely from this machine? 
Yada's picture

I guess its a little different on Win64...

 

I have only 13, 25, 26, and 4 keys at the registry location, and all the paths read...  C:\windows\syswow64\rastls.dll.  There are no 'backup' keys.

 

*putz

 

*tinker

 

Ahhh..  I changed syswow64 to system32 and all is well.

 

Dang even removing this thing is a bad experience :(

 

 

 

 

 

 

lbboe's picture

As others pointed out I just had to change the paths in the registry back to C:\windows\system32\rastls.dll for ConfigUiPath, IdentityPath, etc.

wcheefan's picture

Hi all,

recently i have install the SEP to my server windows 2003,services pack 1. after install it, i encounter a lot the problem.
fiel server ,
intermittent user cannot access the file, after unistall it,is working fine now.

exchanges server,
after install, the user pc intermittent when download the email,hang,access this server,client pc hang.after unstall it,the microsoft diap up vpn not working. i have follow the step to remove it from the registry,still encounter the same problem
 anybody can help me,urgent issue
pls do email to me,ben@gmsent.com

thanks a lot for your help