SEP 11.0.6 - NTP, IPS cause iSCSI connections to drop and hang.
Created: 26 Oct 2010 | 9 comments
We are using SEP 11.0.6. We have a number of servers that write data to a SAN device via iSCSI connections. When the volume of data is high (or even when a single large file is copied , 1+ GB) the iSCSI connections to the SAN are dropped and a server restart is required to resolve. We have traced the cause of the issue to SEP (NTP and IPS seem to be the culprits).
Do you have a patch or some other fix for this issue?
Discussion Filed Under:
Group Ownership:
Comments 9 Comments • Jump to latest comment
Did you check the firewall logs which is causing the issue?
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Firewalls are disabled (for both Windows and SEP). It is very easy to verify that it is SEP causing the problem. I set up a small test environment, if NTP is enabled the connections drop and the file transfer is locked up. If I turn NTP off and run the same test there is no problems.
do you mean disabling NTP resolves your issue?
is it the firewall or IPS signature? tweak the rules if it appears in the logs
can you post the logs?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Yes, disabling NTP resolves the issue.
Another side effect is that there doesn't seem to be a way to disable NTP via the SEPM, so whenever a machine with SEP is rebooted, NTP re-enables itself (the default setting).
you can assign a new package with NTP removed if you dont want NTP in your environment.
http://www.symantec.com/business/support/index?page=content&id=TECH90936&locale=en_US
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
We deployed SEP to our servers without NTP. We were advised by Symantec to deploy AV only to our servers.
It's pretty common to NOT deploy NTP to servers. I do that in many cases for servers that see more than 20% link utilization on average during production hours. If the server is barely used/accessed, and has very little to no LAN traffic, I do enable NTP, or if the server is public facing in a DMZ, I do enable NTP.
In your case with iSCSI, you will want to probably disable NTP, or find a way to unbind those services from the actual adapter if possible. It escapes me if that is possible in SEP, I dont think so, so I would advise to just turn off NTP on the iSCSI enabled hosts.
There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."
Thanks to everyone for your input. My initial thought was to create another client group for the servers and disable NTP for that group. I first wanted to verify that there wasn't a patch, exception or setting that would resolve the issue while leaving NTP enabled.
We are also getting errors relating to LiveUpdate. I don't thinks it's related to the NTP issue because were are getting it on servers that don't use the iSCSI connections. The error repeats all day long (I imagine because it is continually retrying the updates). Anyone have any insight for reolving this issue?
Event Type: Error
Event Source: SescLU
Event Category: None
Event ID: 13
Date: 10/26/2010
Time: 1:21:41 PM
User: N/A
Computer: STPDC1
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.
See this KB for Event ID 13 errors-
http://www.symantec.com/business/support/index?pag...
Ooyala Community Manager - Take our Video Poll
Would you like to reply?
Login or Register to post your comment.