Desktop icons don't load
We are seeing an intermittent issue on our machines (primarily laptops) where the desktop icons won't load (I was told it loads after about 45 minutes). After logging into the domain, the taskbar is active and you can go into Start > Programs (some programs will open), open programs on the quick launch bar etc.. but the desktop icons will not load.
Now I don't have any proof that Symantec is the cause here, but it seems to happen after SAV to SEP upgrade.
- During this time, the SEP icon has a red circle thru it.
- If you look in task manager, you can see luall and 3 copies of lucallbackproxy running.
I thought it was a stuck LU process, but you get "Access is denied" when you try to end any of the LU processes.
- SMC -stop doesn't do anything.
This has happened twice on my own laptop and for countless other users in our company. The only fix is to do a hard shutdown on the machine since nothing else seems to work.
We are on the version prior to the RU5 release (can't remember the version since I'm not at work). Clients running XP with a mix of SP2 and SP3. I saw some posts that are about a year old with somewhat the same problem, but no new posts.
Simple question, did you
Simple question, did you deploy the SEP upgrade via SEPM or via some other deployment method?
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
University of Northern Iowa
Also, just for root cause
Also, just for root cause analysis, Disable SEP Services, reboot the computer, let us know if the issue persists.
We would like to confirm weather the issue is with the services not loading properly or some device driver not working properly.
Best,
Aniket
Also, please use the
Also, please use the instructions below to enable boot logging on a client and get the logs:
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Using "Process Monitor" for "Boot Logging"
1. Login with using set of credentials with administrative privilege (for example "Administrator")
2. Enter the folder in system drive (for example C: ) named "monitor"
3. Double Click on the file "Procmon.exe"
4. Click on the "Capture" icon to stop the capture process.
5. The "Capture" icon now has a red cross, meaning that the program is non capturing events.
6. Go into the "Options" menu and select "Enable Boot Logging"
7. A new windows appear. Now "Process monitor" is configured to log activity during the next boot. Select the "OK" button.
8. Close the program
9. Reboot the system
10. Login with the same user used before (for example "Administrator")
11. Wait until all the programs are loaded ( suggested time: 5 minutes )
12. Enter the folder in system drive (for example C: ) named "monitor"
13. Double Click on the file "Procmon.exe"
14. As soon as you click on the icon a new window appears.
15. Click "Yes" to save the collected data.
16. A new window appear requesting the file name to use for the file containing the collected data.
17. Insert in the "File name" file a descriptive name like "bootlog001.pml" and select the button "Save"
18. As soon as you select the button "Save" a progress bar appear reporting boot-time event conversion
19. Then another progress bar appears reporting filters application
20. When the program finishes converting all of the data return available the normal console, with the button "Capture" disabled by default.
21. The collected file is saved in the folder specified in the preparation phase ("C:\monitor" )
22. The file saved will be the following: "C:\monitor\bootlog001.pml"
Best,
Aniket
Hello I think this will solve
Hello I think this will solve your issue:
http://service1.symantec.com/support/ent-security....
If that is not the case then I would also like to know how much CPU is being used during the boot when the computer hangs? And If alot of the CPU is being used then which process(s) are using it?
Cheers
Grant
Please don't forget to mark your thread solved with whatever answer helped you : )
Cannot Locate Setting
Grant, can you give specific directions on where to find the "Auto-Protect load setting"? I've seen that suggestion before but I cannot seem to find it in the "AntiVirus and Antispyware" policy under File System Auto-Protect.
Snekul,It was deployed
Snekul,
It was deployed using SMS 2003. Upgraded from SAV 10.1.5000 to 11.0.4202.75.
Aniket,
The problem is that it is an intermittent issue. Not something that I can reproduce at will.
Grant,
We have Dell machines, so the HP software is not installed.
I was told our wait times are over 45 minutes(although I never waited, just too long for me)
The strange thing is that during these episodes, CPU and Memory usage is normal.
I've attached a screenshot of the desktop.
I'm guessing that you have
I'm guessing that you have enough of these machines you might be able to grab one for some testing. I'm wondering how well the removal of the old SAV actually went (and for that matter the install of the new one). It be interesting to see if an uninstall of all A/V with CleanWipe and then a reinstall fixes it. If it does, then that points us in the right direction as to finding a solution.
Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
University of Northern Iowa
Can you access the Desktop
Can you access the Desktop Icons using windows explorer, or by going to Start->Run->C:\
Aniket
I believe I can run some
I believe I can run some programs (unfortunately I can't test). From what I recall, some things load while others won't. I remember trying to bring up services.msc and it wouldn't, but I was able to bring up a CMD window after the second try.
The version before RU5 was
[Edit: Just saw the version number in your 2nd post. That's MR4 MP2. Never mind.]
The version before RU5 was MR4 MP2. But...
then what you're describing sounds very familar. (Been there, done that, just about a year ago.)
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/acb1ac0cabfc43278825746c006bc61a?OpenDocument
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/83c0c86ee25d3cd3802574d500432c6a?OpenDocument
Can't explain the 45 minute delay that way, unless someone reboots the folder redirection server every 45 minutes, or maybe you use DFS and that's how long it takes DFS to fail over when WS2008 shares are in that semi-available state. Not sure I ever waited 45 minutes myownself back when we had that problem. OTOH, symptoms would often appear 45 minutes or so after the WS2008 server was rebooted.
Quickest solution is install the SEP WS2008 hotfix on the server, but these articles don't mention it any more. Symantec Support might give it to you to help you get past the hurdle quickly if you open a support incident...don't know. If not, your only fix is upgrade to MR4 MP2 or RU5.
Jeff, Thanks for the reply.
Jeff,
Thanks for the reply. Unfortunately (or fortunately) we don't use folder redirection and are not using 2008. Well my SEPM is on 2008, but I don't think that matters. The network drives that the users would map to are running 2003.
Same Problem
Experiencing the same issue here. I'm about at the point of rebuilding the two (XP SP3) workstations that are experiencing the issue most frequently. Running 11.0.4202.75, SEP Manager on Windows Server 2003 Standard Edition. I've researched this to death and tried all suggestions I've come across, including:
Reinstalled Symantec Endpoint
Removed Symantec Endpoint (& awaited next occurrence)
Deleted local User Profiles
"Repaired" Windows (sfc /scannow)
Ran spyware scan
Ran HijackThis and reviewed results
Adjusted GPO settings, toggled "Run startup scripts asynchronously" setting
Adjusted GPO settings, toggled "Run logon scripts synchronously" setting
Toggled "Launch folder windows in a seperate process" setting in Windows Folder Options
Checked for missing "USERINIT" registry value
Checked for incorrect/invalid "EXPLORER.EXE" entries in registry
Checked for missing "EXPLORER.EXE" entry in registry
Confirmed correct shell value in HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
jkornhiser, Is your issue
jkornhiser,
Is your issue isolated to laptops? Mine only seems to be with laptops, but it could also be the fact that we turn our desktops ON at 5:30 AM (way before the users come in)
As far as I can tell, my issue only seems to happen if the users logs into the domain. logging in as local admin seems to work ok when this happens.
Nope
bjohn,
I only have one laptop at the site, which is mine, and it at times experiences a 10-15 delay loading the Desktop, but never an extended problem. Also, I never see this issue when I logon to the workstations with the domain admin account. If you're experiencing this with only domain accounts, then you might look into the GPO settings for the logon and startup scripts. I have seen some feedback in other places (besides Symantec forums) that indicate one of these settings should be toggled, but I can't seem to find the articles any more:
Run startup scripts asynchronously
Run logon scripts synchronously
HI try to re-create your user
HI try to re-create your user profile then try to log in again using your new profile the look how it goes
:-)
Would you like to reply?
Login or Register to post your comment.