Endpoint Protection

 View Only

  • 1.  Crash while patching my AD servers

    Posted Aug 28, 2012 07:16 PM

    Okay, this has happened 3 times now.  I've had SEP 11.0.7 on a Win2003 AD server, and it had been running fine.  But when appying a MS patch, it never came back up.  We uninstalled SEP and reimaged the server, and even applied the patch, and its working fine.  We didn't install SEP just to be safe.  

    The same this has now happened to two other Win2008 AD servers.  I can get into Safe Mode, but cannot restore anything from the original installation.  So there is nothing to recover or troubleshoot with.  

    Should I open a case?

    Should I not install SEP on AD servers?

    Should I uninstall SEP before patching AD servers?



  • 2.  RE: Crash while patching my AD servers

    Posted Aug 28, 2012 07:29 PM

    You would need open a case with support and provide a full memory dump of the crash.

    Make sure you're running the latest version of SEP:

    https://www-secure.symantec.com/connect/forums/sep-1107000975-domain-controller-failures#comment-6327391

    Do you only have the AV component installed. I would only install that if not currently the case.

     

    Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers

    http://www.symantec.com/business/support/index?page=content&id=TECH92440

     

     



  • 3.  RE: Crash while patching my AD servers

    Posted Aug 29, 2012 08:36 AM

    Only install AV and AS feature and as Unmanaged client offcourse . While doing MS update do stop services for SEP client on your machine you can do this from start run smc -stop later start it once the machine is booted up by typing smc -start .

    Try it i assume it should be good then.



  • 4.  RE: Crash while patching my AD servers

    Posted Aug 29, 2012 01:12 PM

    The server was unrecoverable.  There is no crash dump.

    Are you suggesting that SONAR, Download Insight, Insight, Bloodhound, Location Awareness, Tamper Protection, Auto Protect, etc. all be turned off for Domain Controllers?  If so, that is fine.  Is there a published best practice that states this specifically?

    Because if this is published, and I missed it, then this Domain Controller failure may be my fault.  I may need to know in order to help with a possible investigation.



  • 5.  RE: Crash while patching my AD servers

    Posted Aug 29, 2012 01:33 PM

    For servers I only install AV.

    Location awareness is configured via the SEPM, there is no component to uninstall.

    I would leave tamper protection alone, just pay attention to your logs in case exceptions are needed.

    See this article:

    http://www.symantec.com/business/support/index?page=content&id=TECH92440&locale=en_US

    I don't know of any specific articles for domain controllers but there are some links in here which may help.



  • 6.  RE: Crash while patching my AD servers

    Posted Aug 29, 2012 01:54 PM

    Is this a known best practice?  Is there a link?



  • 7.  RE: Crash while patching my AD servers

    Posted Aug 29, 2012 02:11 PM

    I don't have any links.

    It was a recommendation made to me in the past. Start with the AV component only on servers. Of course all components are supported on servers but if running into issues than remove all but AV.