Endpoint Protection

Hi,

We have recently installed SEP 11 RU6 in our organization. A couple of days after installation, we have experienced several hanged servers which we had to reboot in order to return to functionality. The SEP installation is our immediate suspect, as no other changes had been made to the servers recently, and they have been working for quite a while without any special problems, until those incidents.

The main common denominator is that the hung servers are all running MSSQL 2008 on Windows 2008 servers. No such effects had been recorded (so far) on any other server in our organization. For the time being we have decided to disable SEP for a week and see if the problem reoccures, but anyways - are there any known issues with SEP 11 RU6 with MSSQL 2008 servers? If so - are there any patches/fixes for the problem?

Thanks,

Alex

Hi Alex, I have a few questions to ask if you don't mind:

• Are you using the latest RU6 MP3?
• Do the servers simply hang (stop responding) or are you getting bluescreens? 
• What features are you installing (AV only, AV+Firewall etc..) Can you test installing AV only and check if that helps?
• Does it happen immediately after installing the SEP Client or does the server run fine for a while before hanging? How often does it hang?

Hello,

"Thumbs up" to those very valid Questions!!!

Again, I hope you had worked on the Best practices..

I'm actually not that familiar with the SEP installation as it was conducted by another department.

What I can tell regarding your questions is:

1. I'm not sure which version exactly is installed, other than it's RU6.

2. The servers hang without BSOD. Weird thing is, they lose communication (no ping, telnet/rclient won't work) but the OS stays on and I was able to log on to one of them, but loading my profile took about 30 minutes. It's like the server was utilizing all its CPU so hard that it took 30 minutes to load.

3. The installation consists of SEP 11 AV, Symantec Live Update, Symantec Management Agent 7.1 and an Altiris task-based handler 7.1. No firewall. Currently it's impossible to uninstall and re-install, but perhaps it will be possible next week.

4. It happened 3 - 4 days after the installation. In a period of 3 days we had 4 such hangs, two of which were on the same server, and two others occured on two other servers (total of 4 hangs on 3 servers in 48 hours).

Alex

Is it really using 100% CPU? If so, what process is using all the CPU?

One rare issue I thought you should check for is a port leak. The reason I bring this up is because you mention it won't respond to network traffic.

When you log into a machine in this 'stuck' state. Run netstat -anop tcp from the command prompt. If the local ports go up to about 5,000 then you probably have a port leak. Note the PID (last column listed) and find this process in Task Manager.