SCSP & Citrix
Updated: 29 Jun 2011 | 2 comments
Hi all,
I'm having trouble with SCSP & Citrix.
When I apply an IPS policy (prevention enabled) to a Citrix desktop server, login to the Citrix servers takes 5-7 minutes.
When I disable prevention all is well.
Does anybody encountered a similar problem?
SCSP Ver. 5.2 RU7 MP3
Citrix Server: w2k8 32Bit/64Bit (Happens on both, doesn't happen on w2k3 with same Citrix setup).
THX
Discussion Filed Under:
Comments
Open a case with Symantec.
Open a case with Symantec. The drivers could be the culprit in the case.
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Tune tune tune
As Pete mentioned this very well may be a driver issue due to the one note of differences in the OS (one working, 2k8 not).
How much tuning have you performed with the policy in log only mode? What types of resource blocking are you seeing? Are you starting with Core or full strict? This may just be a tuning issue. Remember all blue events = will be blocked if prevention is enabled. From my experience there is alot of tuning that needs to occur with using CSP and Citrix because Citrix makes unique system calls that often fall outside the bounds of normal behavior from applications.
Also the larger tuning item in w2k8 is UAC can sometimes get in the way of things, ensure the UAC is not enacting for a priv command on log in.
I would start with Core on the W2K8 Box in log only mode, log in and review the events in blue. Blue events will be blocked therefore you can use CSP's wizards to go ahead and tune the policy to Citrix's needs (each environment may be different). We can assist a bit on here if you post the blue events.
If you are see an "all is quite" on log in with core in log only, then enable the driver and receive the same performance issues, then its def. a driver issue.
Would you like to reply?
Login or Register to post your comment.