Video Screencast Help

Management Console freezes after logging on

Created: 22 Jan 2010 • Updated: 21 May 2010 | 7 comments
tetranet's picture
This issue has been solved. See solution.

Good Evening Everyne,

I recently did a new install of Symantec Endpoint Protection 11.0.5 on an existing Windows 2000 (SP4) server. It worked quite well, until I rlled out the SEP client on the machine. The clien tis configured with Anti-Virus/-Spyware, proactive protection against threats and protection against netwotrks threats. I although configured the site within the management console (back when it worked), to prohibit the modification of Symantec registry keys.
When I now try to log on (no matter if locally or through RDP); I can enter my credentials, but shrtly afterwards, the progress bar freezes; no error message whatsoever is displayed.

Since this behaviour started right after I installed the SEP client on the management server, I think that zthis might be the problem's root.
Unfortunately, I am unable to uninstall the SEP client, since the uninstall routine freezes in the middle of the process as well, again, no error messages shows.

In the Windows logs are no entries specific to this issue, so I am somewhat struck, as how to drill down to what isactually happening. The SEP clienht logs show the blocking of registry keys for Symantec specific registry entries as well as for the IIS. What is puzzlng me about IIS, too, is that I can't find any logs in C:\WINNT\system32\LogFiles (The subflder W3SVC1 does not even exist

Could anybody please give me a hint on how to fix this issue.
Since I already rolled out cleints for LAN and remte users, I would like to preserve the management server if somehow possible.

Any input is highly welcome.

Thank you very much in advance.

Best regards

Tobias
 

Comments 7 CommentsJump to latest comment

AravindKM's picture

Fist assure that the user which you logged in having sufficient permissions to do this operations.
Then try by rebooting if not helps try this
Configure Data Sources (ODBC) for a Test Connection "Successful" result:

Start>Control Panel>Administrative Tools>Data Sources (ODBC)

Select the SystemDSN tab

Select SymantecEndpointSecurityDSN and choose Configure...

Select the Login tab and set it to Supply user ID and password and enter this information:

User ID: dba

Password: The Password you use to login to the SEPM

Select the Database tab and enter in this information:

Server Name: Name of Server (does not need to be FQDN, the host name will suffice)

Database name: sem5

Select the Network tab and enter in this information:

Check TCP/IP and enter: host=ipaddressofserver

Choose OK at the bottom

Select Configure... again and choose Test Connection under the ODBC tab

What is the result? Hopefully Connection Successful

Next this issue can sometimes be caused by a permissions issue in IIS, usually the IUSR_xxx account.

Try this for me:

Start>Control Panel>Administrative Tools>Internet Information Services (name may be slightly different)

Expand your computer

Expand Web Sites

Right-click the website hosting the SEPM and choose properties

Select the Directory Security tab

Under Authentication and Access Control (name may be slightly different) choose Edit...

Check Integrated Windows Authentication

Choose OK

Choose OK again

Next open the Services panel (Start>Run>Services.msc) and restart the IIS Admin service and its dependencies. Try logging in and see if this affected the results at all.

 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

If above suggestion not helps reinstall IIS ,repair SEPM from add/remove programs 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

tetranet's picture

Good Morning Aravind,

thank you for your quick reply.
I followed your advises with the following results:

- rebooting the server
  --> issue does not change

- ODBC connection
  --> it onhly works if the hostname is set to "spc_<hostname>" (is was set to that value vefore. The ODBC connection test is successfully, but logging on to the SEPM console ist still not possible

- IIS authentication
  --> the configuration (intigrated Windows authentication) was exactly as you requested. To see, if there might be a rights problem, I replaced the server's IIS-user with an account that has administrative rights on the server and restarted the IISAdmin service and its dependencies, however this does not improve the situation (I changed that IISUsers password to a known value afterwards, and entered it again in the IIS Admin console as the account used for the intigrated windows authentication.

- SEPM repair installation
  IIS removal and re-installation works like a charm, however when trying to repair the SEPM installation from system control, it freezes after it displays "the installed is checked" (might be somewhat different, since I got the German version here).

Since I have a backup of the database, the file "sylink.xml", the keystore certificate, keystore passwaord and domain-id, would be be possible to set the whole server up anew, and have the already rolled out clients connected to it, when imprting the database, and replacing the the respective files and IDs within the version from backup ?

Best regards

Tobias

AravindKM's picture

This may be the problem "I although configured the site within the management console (back when it worked), to prohibit the modification of Symantec registry keys"
Disable Application and Device Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant

Change the Value of Start to 4 . 1 –means Application and Device Control enabled.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

SOLUTION
tetranet's picture

Godd Morning Aravind,

bootinbg into safe mode and changing the registry key as you said, slved the problem.
Thank you very much.

Best Regards

Tobias

AravindKM's picture

Good morning ,happy to hear your problem got solved.Now you can remove the policies which created problem for you,get it applied to your SEP client which present in SEPM ,then you can enable application and device control and enjoy it's benefits... 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture

If you are planning to reinstall refer below doc

Best Practices for Disaster Recovery with Symantec Endpoint
Protection

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind