Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1 SMC service set to manual, sometimes not starting on boot of citrix servers

Created: 04 Feb 2013 • Updated: 04 Feb 2013 | 9 comments

https://www-secure.symantec.com/connect/forums/are-these-services-normal-and-where-get-more-info

Carrying on from the above discussion.

If you are used to SEP11.x you will expect "Symantec Endpoint Protection" SEP and "Symantec management client" SMC services both set to automatic so that they start when the system boots.
However in 12.1 you will have noticed that SMC is set to manual and as suggested in the previous conversation that SMC is dependant on SEP and that SEP, once loaded, calls the SMC service to start.

You'll perhaps have noticed that SEP is now called "SepMasterService" it seems to work as an overseer for other SEP services on the system.

Now onto the issue we are having.
We have a citrix environment where each server is scheduled to reboot each night and we're receiving a significant number of alerts for the SMC service being in a 'stopped' state. SEP is loading fine, but it is failing to start SMC, not every night, but enough to cause concern for our customer.

There is a system event log indiciating that 'one or more services failed to during startup' but there is no corresponding application or system events describing that it was SMC (there may have been others as well) which failed to load.

Anticipating some of the responses...Yes the citrix whitepaper has been consulted throughout the implementation of our 12.1 RU1 MP1 SEPM and client setup.

The Citrix servers are Server 2003 64bit running Citrix Presentation Server for Windows 4.5.7.

We have disabled BASH, EFA and SymTDI drivers using "Sc config <service> start=disabled" commands across these citrix boxes. Is this workaround perhaps causing this issue?

I've reviewed http://www.symantec.com/business/support/index?page=content&id=TECH199676 for 12.1 RU2 fixes and see nothing related to this issue (they are not confgured as GUPs).

So what could cause SEP to not start SMC on system boot and if information cannot be gleaned from windows event logs, where might we look for more possible causes?

Comments 9 CommentsJump to latest comment

.Brian's picture

I believe due to the changes recommended in the Terminal Services whitepaper, SMC will be disabled so this may be expected.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ltelric's picture

Hi Brian81,

I've just re-checked the whitepaper at:

http://service1.symantec.com/support/ent-security.nsf/841ef36170d8f9148825703600668010/f5e1baf6ca2b5d638025750b00511265/$FILE/SEP%20Citrix-Terminal%20Servers.pdf

and the description smc.exe (the process associated with the Symantec Management Client service is "Symantec Management Component –
connects SEP client to SEPM".

I can't see anything in th document which suggests that this could/would/should be disabled; how would the client communicate with the SEPM?

Perhaps, I'm missing your point? Thanks in advance.

.Brian's picture

Let me check a few of our TS boxes that we applied the recommendations to from the whitepaper. I do know that the service being set to Manual is hard coded into 12.1 and cannot be changed.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ltelric's picture

Hi Pete_4u2002,

I established that in the third sentence on my original post, but thanks for re-iterating.
SEP starts SMC - That's a given.

What could cause SEP to fail to start SMC on boot and not log any error for it in:

- Windows application event log
- Windows system event log
- SEP GUI system log

And where could additional information be found on the cause of SEP failing to start SMC.
That is the pertinent part of this conundrum.

Rafeeq's picture

Do you see event ID 33

SMC Service cannot be started due to eventid 33 error (error 14001 Side by Side Configuration invalid)

http://www.symantec.com/business/support/index?page=content&id=TECH154574
Ltelric's picture

Hi Rafeeq,

Not in this instance, we do see sidebyside eventID 32 and 2 x eventID 59 after every reboot, but we see these both when SMC starts as expected and when it does not start.

I gone through 2 hours of logs in both system and application event log on each server and there is nothing which refers to SMC.

Luckily we've appriased the customer that protection is not compromised by this issues and that it is merely the reporting (to the SEPM) functionality which is lost until the service is manually started and the priority of the incidents has been lowered.

Something that occurs, is perhaps using SMC debug mode with Sylink debug to see if this turns up anything (http://www.symantec.com/business/support/index?pag...)
The difficulty will be catching this intermittant issue.

I'll will keep this thread updated, if I do find anything further.

.Brian's picture

From the whitepaper, p.20:

From this point onwards, SmcGui.exe, ProtectionUtilSurrogate.exe (on 64 bit servers) and
ccApp.exe will no longer load for any new user sessions. There may however still be instances of
ccApp.exe already running on the server that have not been closed. You can either kill these tasks
from Task Manager or wait for the user to log off – ccApp.exe will close and will not be re-launched
at the next logon.

I checked with our TS admin and he made all the changes per the whitepaper. SMC doesn't load and doesn't communicate with the SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ltelric's picture

Hi Brian81,

Thank you for your effort speaking to your guys.
We also suppress the smcgui and have no issues with it.

This however is an issue with the Symantec Management Client (SMC) service:
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe" /prefetch:1

...rather than the SEP client interface (the application):
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\SymCorpUI.exe"

Or the systray "shield" icon:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\SMCGUI.exe