Crash while patching my AD servers
Created: 28 Aug 2012 | 6 comments
Okay, this has happened 3 times now. I've had SEP 11.0.7 on a Win2003 AD server, and it had been running fine. But when appying a MS patch, it never came back up. We uninstalled SEP and reimaged the server, and even applied the patch, and its working fine. We didn't install SEP just to be safe.
The same this has now happened to two other Win2008 AD servers. I can get into Safe Mode, but cannot restore anything from the original installation. So there is nothing to recover or troubleshoot with.
Should I open a case?
Should I not install SEP on AD servers?
Should I uninstall SEP before patching AD servers?
Discussion Filed Under:
Comments 6 Comments • Jump to latest comment
You would need open a case with support and provide a full memory dump of the crash.
Make sure you're running the latest version of SEP:
https://www-secure.symantec.com/connect/forums/sep-1107000975-domain-controller-failures#comment-6327391
Do you only have the AV component installed. I would only install that if not currently the case.
Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers
http://www.symantec.com/business/support/index?page=content&id=TECH92440
SEP Knowledge Base
Endpoint SWAT
The server was unrecoverable. There is no crash dump.
Are you suggesting that SONAR, Download Insight, Insight, Bloodhound, Location Awareness, Tamper Protection, Auto Protect, etc. all be turned off for Domain Controllers? If so, that is fine. Is there a published best practice that states this specifically?
Because if this is published, and I missed it, then this Domain Controller failure may be my fault. I may need to know in order to help with a possible investigation.
For servers I only install AV.
Location awareness is configured via the SEPM, there is no component to uninstall.
I would leave tamper protection alone, just pay attention to your logs in case exceptions are needed.
See this article:
http://www.symantec.com/business/support/index?pag...
I don't know of any specific articles for domain controllers but there are some links in here which may help.
SEP Knowledge Base
Endpoint SWAT
Is this a known best practice? Is there a link?
I don't have any links.
It was a recommendation made to me in the past. Start with the AV component only on servers. Of course all components are supported on servers but if running into issues than remove all but AV.
SEP Knowledge Base
Endpoint SWAT
Only install AV and AS feature and as Unmanaged client offcourse . While doing MS update do stop services for SEP client on your machine you can do this from start run smc -stop later start it once the machine is booted up by typing smc -start .
Try it i assume it should be good then.
Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.
Swapnil
Would you like to reply?
Login or Register to post your comment.