We finished our migration to RU5 (servers being last) about a month ago. Today, both of our W2k3 SP2 (Vpshere 4.0) domain controller|global catalog|dns|dhcP, vmware guests locked up with 0 percent idle time for CPU. After investigating, it looks like their might be a conflict between SEP RU5 and IAS service in Windows. The process taking all of the CPU idle time was svchost.exe. Using process explorer to troubleshoot, it appears that the following process is causing the problem: msvcrt.dll!endthreadex+0x2f. Stack information is as follows:
Stack info for msvcrt.dll
0 ntkrnlpa.exe+0x8db2e
1 ntkrnlpa.exe+0x281f6
2 ntkrnlpa.exe+0x1526ee
3 ntkrnlpa.exe+0x2dfe3
4 hal.dll+0x6199
5 hal.dll+0x63d9
6 hal.dll+0x6577
7 ntkrnlpa.exe+0x8d8fd
8 SymRasMan.dll+0x3570
I'm totally not ready to upgrade to RU6a (particularly because the scarlet letter a), but I do notice an acknowledgement of an issue relating to SymRasMan.dll.
IAS authentication issue caused by Symantec RasMan plug-in
Fix ID: 1862222
Symptom: When Symantec RasMan plug-in is loaded by multiple processes, the plug-in will crash or consume 100% of the CPU.
Solution: Improved synchronization of Symantec RasMan plug-in when loaded by multiple processes.
Has anyone else experienced this? Also, is there a way to deal with this through an exclusion by chance? Any help would be appreciated.