Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Problems with SEP 11 on SQL 2008 server

Created: 08 Jul 2011 | 4 comments
Alex Jilitsky's picture
Alex Jilitsky
0 0 Votes
Login to vote

Hi,

 

We have recently installed SEP 11 RU6 in our organization. A couple of days after installation, we have experienced several hanged servers which we had to reboot in order to return to functionality. The SEP installation is our immediate suspect, as no other changes had been made to the servers recently, and they have been working for quite a while without any special problems, until those incidents.

 

The main common denominator is that the hung servers are all running MSSQL 2008 on Windows 2008 servers. No such effects had been recorded (so far) on any other server in our organization. For the time being we have decided to disable SEP for a week and see if the problem reoccures, but anyways - are there any known issues with SEP 11 RU6 with MSSQL 2008 servers? If so - are there any patches/fixes for the problem?

 

Thanks,

Alex

Discussion Filed Under:
,

Comments

Joao Costa's picture
08
Jul
2011
1 Vote +1
Login to vote
Joao Costa
Symantec Employee
Accredited

Hi Alex, I have a few

Hi Alex, I have a few questions to ask if you don't mind:

  • Are you using the latest RU6 MP3?
  • Do the servers simply hang (stop responding) or are you getting bluescreens? 
  • What features are you installing (AV only, AV+Firewall etc..) Can you test installing AV only and check if that helps?
  • Does it happen immediately after installing the SEP Client or does the server run fine for a while before hanging? How often does it hang?

Alex Jilitsky's picture
08
Jul
2011
0 Votes 0
Login to vote
Alex Jilitsky

I'm actually not that

I'm actually not that familiar with the SEP installation as it was conducted by another department.

 

What I can tell regarding your questions is:

1. I'm not sure which version exactly is installed, other than it's RU6.

2. The servers hang without BSOD. Weird thing is, they lose communication (no ping, telnet/rclient won't work) but the OS stays on and I was able to log on to one of them, but loading my profile took about 30 minutes. It's like the server was utilizing all its CPU so hard that it took 30 minutes to load.

3. The installation consists of SEP 11 AV, Symantec Live Update, Symantec Management Agent 7.1 and an Altiris task-based handler 7.1. No firewall. Currently it's impossible to uninstall and re-install, but perhaps it will be possible next week.

4. It happened 3 - 4 days after the installation. In a period of 3 days we had 4 such hangs, two of which were on the same server, and two others occured on two other servers (total of 4 hangs on 3 servers in 48 hours).

 

Alex

Mithun Sanghavi's picture
08
Jul
2011
0 Votes 0
Login to vote
Mithun Sanghavi
Technical Support
Accredited

Valid Questions

Hello,

"Thumbs up" to those very valid Questions!!!

Again, I hope you had worked on the Best practices..

 

Best Practices guide for installing the SEPM 11 RU5 and later using SQL Server 2008 Database
 
 
I personally would not recommend you to disable the SEP on those machines... rather I would say try creating an exception to the SQL files.
 
How to exclude MS SQL files and folders using Centralized Exceptions
 
 
NOTE: Symantec Endpoint Protection cannot scan the proprietary database files of MS SQL 2000, MS SQL 2005 or MS SQL 2008. To enhance performance and avoid any chance of corruption or files being locked when the SQL service must use them, administrators are recommended to create exclusions to prevent scanning of the directories containing these database files.

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3

Follow me on Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo

Ghent's picture
09
Jul
2011
0 Votes 0
Login to vote
Ghent
Symantec Employee
Accredited

Check for a port leak

Is it really using 100% CPU? If so, what process is using all the CPU?

One rare issue I thought you should check for is a port leak. The reason I bring this up is because you mention it won't respond to network traffic.

When you log into a machine in this 'stuck' state. Run netstat -anop tcp from the command prompt. If the local ports go up to about 5,000 then you probably have a port leak. Note the PID (last column listed) and find this process in Task Manager.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,009