Video Screencast Help

High ping response DC's

Created: 12 Nov 2012 • Updated: 13 Nov 2012 | 8 comments
This issue has been solved. See solution.

Hi there,

I have 2 domaincontrollers in our network, for a kopple of months now these DC's have very high ping response times, only a part of the day.
Strange thing is when is remove my Symantec Endpoint Protection client the high ping response times are gone.

Im running version 11.0.7200.1147 but also have this problem when i use 12.1.
Any idea how to fix this issue?

Regards,

LEVD

Comments 8 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

What sep feature do you have installed in DC ?

Thanks In Advance

Ashish Sharma

 

 

levd's picture

I have managed clients installed with:

Antivirus and antispyware protection 

Proactive threat protection (standard disabled on servers)

Network threat protection 

Ashish-Sharma's picture

Hi,

Try to Disable NTP feature ?

Thanks In Advance

Ashish Sharma

 

 

levd's picture

Hello,

I guess this should fix it but this doesnt look like a good solution for me.

Disabling the firewall is not a good idea. Any recommended firewall setting on DCs?

 

LEVD

Ashish-Sharma's picture

HI,

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 1

http://www.symantec.com/business/support/index?page=content&id=TECH174565

 

Ping time increases every 5-10 pings when SEP 12.1 is installed
Fix ID:
2497875
Symptom: When SEP 12.1 client is installed, the ping time increases every 5-10 pings.
Solution: The SEP client was modified to increase performance of ping times

Thanks In Advance

Ashish Sharma

 

 

levd's picture

im running a managed version of 11.0.7 mp2, 12.1 was just a test.

Im reading here: that it is recommened not to enable NTP / FW on servers? Strange... but i guess i have to disable it on servers having issues.

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-domain-controller

_Brian's picture

You can have NTP running on servers however much more care and attention to detail is needed. If you have the time than you can monitor and add the necessary rules but if you don't than it's best to remove NTP.

levd's picture

Its adviced to disable FW rules on servers... pretty strange i think https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-domain-controller

 

Well i think im going to disable the FW rules on my servers having trouble.

 

Thanks All,

 

LEVD

SOLUTION