Endpoint Protection

I support several Windows Small Business Servers (2003 and 2008). After upgrading them to SEP 11 RU7 MP2, at least 3 of them are dedicating an entire CPU core to running SemSvc.exe. For example, on a quad-core server, this means 25% CPU is dedicated to SemSvc.exe - on a dual-core, 50%.

On all of these servers, entering the SEP Management Console results in a myriad of errors. Sometimes, I am able to login, other times I get a message "Failed to connect to the server". Restarting the Symantec Embedded Database and Symantec Endpoint Protection Management services seems to get things running again (for a while). Even when I am able to login to the management console, after a few minutes, the CPU spike occurs and I am eventually returned to the management console login screen where I am unable to login without getting the aforementioned error message. It appears that SEP clients are unable to connect to the SEP server with the SEP server in this state (although other network traffic appears to be OK) - SEP client updates don't get pushed out, etc.

I've read several online posts about Data Execution Prevention, but all of the posts I've seen refer to SEP 12.1. Is there something I should add to the DEP exclusions on these servers to get SEP 11.x running reliably again? Are there other things I should consider?

Any help is much appreciated - thanks in advance.

hmm so basically issue is happening only on servers with SEPM 11 RU7 MP2 installed?

what about servers with normal SEP RU7 MP2 client installed?

On the servers this is happening on, two still have the SEP RU7 MP1 client installed (one has no client installed at present). All SEP clients on these LANs (including the SEP clients installed on the server machines) are failing to connect to the SEP server long enough to update the clients.

As these are all SBS servers, there are no other servers on these LANs which have only the SEP clients without having SEPM installed.

I have EXACTLY the same problem as described in first post.

SBS 2003 with SEP manager installed with about 20 SEP clients and after upgrading the manager from RU7 MP1 to MP2 i have high (25% cpu usage in SEMSVC -4 cpu's in server), high memory load in SEMSVC (see attachment) , slow response in manager console GUI and frequent disconections while working with sep manager console. Restarting the SEP manager service solves the problem but only temporarily.

I have upgraded some of the clients  to MP2 and they are working fine. The problem is on the SEP manager 

I also get a "tamper protection alert" for an executable in php folder of sep manager, while trying to log on in sep manager console as it is shown in the attached screenshot

Any help will be much appreciated

I would log a support case to have Symantec look into these since RU7 MP2 is the latest..

one thing you may try is to repair the SEPM installation and see if got any difference

It seems i have solved the problem for now by applying the registry fixes in this article http://www.symantec.com/business/support/index?page=content&id=TECH105179

I can now log into sepm console without problems and without any erros in sepm logs.Still have to check again (just to be sure)  after deploying sep ru7 mp2 to all clients

Thanks

So it's a java finetune issue?

hmmm

https://www-secure.symantec.com/connect/forums/70-memory-utlization-normal

@Ioannis Mallios: That really doesn't seem to change anything for me. My LANs are pretty small - one has only 3 workstations and a server. No replicated groups or enterprise-sized environments.

@Ashish Sharma: THe link you referenced (which has not yet been marked "solved") doesn't really have any information that applies to my LAN, except for a link to a comment instructing me to make sure to exclude SQL Server databases. In fact, on at least one of these servers, there is no SQL Server running.

I'm still in need of a solution.

hi,

Have you check this forums

https://www-secure.symantec.com/connect/forums/taking-high-memory-utilization

What i proposed in my post was probably a workaround so now i'm able again to log into SEPM console without JAVA VM memory errors in the log files

The only problem i have now is that semsvc is still consuming aprox 500 MB of memory (this is probably because of the large values in java registry settings mentioned in the article). My network is also small , about 25 SEP clients

The main issue for me is still , why the upgrage from RU7 MP1 to RU7 MP2 caused SEPM to stop functioning properly and if there is a better solution than tuning the java settings in the registry.

Thanks  

Ioannis, your proposal may have worked after all.

After not seeing any initial change, I rebooted one of my SBS 2003 servers (5 workstations, 1 server) and - VOILA! - I can now get back into the SEPM console without the high CPU usage and console errors I posted in my original message. This has allowed me to push out the SEP client updates to the workstations overnight.

Like you, I still have high MEMORY usage by SemSvc.exe (847MB on this particular server), but at least things are functional again and the CPU usage is as-expected. Seeing that this is a 32-bit server (4GB RAM max.), this is obviously not a perfect solution, as I'm using almost 25% of the server's physical RAM for SEP.

I will try to reboot the other servers that were exhibiting this behavior after adjusting the Java heap entries and see if they also behave better. I will post results here, but it may take some time as the other servers are in other locations and the reboots will have to be coordinated with the end users.

Hi,

Finally the below adjustments worked for my installation and now everything works ok with semsvc.exe at aprox 250 MB

HKLM\System\CurrentControlSet\Services\semsrv\Parameters\
JVM Option Number 0=-Xms128m
JVM Option Number 1=-Xmx512m
JVM Option Number 2=-XX:MinHeapFreeRatio=40
JVM Option Number 3=-XX:MaxHeapFreeRatio=70
 

Dont forget to change also :
%ProgramFiles%\Symantec\Symantec Endpoint Protection Manager\bin\sesm.bat

Good Luck

Hi loannis,

What do you mean about :

Dont forget to change also :
%ProgramFiles%\Symantec\Symantec Endpoint Protection Manager\bin\sesm.bat. I not undestand about this state.

i have some problem, can u help me, below link for my troouble

https://www-secure.symantec.com/connect/forums/why-my-sepm-7-vm-memory-usage-high

Thanks Before,

Helmy

Hello,

What i mean is that if you have the same problem that i had, you need to make the java adjustments in two places to solve it

1. In the registry by changing the bellow parameters :

HKLM\System\CurrentControlSet\Services\semsrv\Parameters\
JVM Option Number 0=-Xms128m
JVM Option Number 1=-Xmx512m
JVM Option Number 2=-XX:MinHeapFreeRatio=40
JVM Option Number 3=-XX:MaxHeapFreeRatio=70
 

2. In the %ProgramFiles%\Symantec\Symantec Endpoint Protection Manager\bin\sesm.bat

mine looks now like this

@start "SESM" "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\jre\bin\javaw.exe" -Xms128m -Xmx512m -XX:MinHeapFreeRatio=40 -XX:MaxHeapFreeRatio=70  -Dcatalina.home="C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat" -Dscm.console.conf="C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties" -jar "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\root\clientpkg\scm-ui.jar"

Hope this helped you