Please read on and see attachments (links below) for details............
I'm now thinking that SEP is actually responsible for most of our network slowdown issues.......... mostly because of what I see with GHOST interaction, and the fact SEP's firewall is alerting about things that can't possibly be happening! WE DO NOT HAVE IPV6 installed!
It's simply not here! but when we try to use a notebook, XP at that, as a ghost server, SEP chokes it down terribly, shows issues in the logs via Teredo hits (IPv6), and causes CPU and memory to spike, network throughput to tank.
Here goes - see below and attachments for many details and screenshots!!!
SEP has a problem and I think I can prove it.
SEP kills ghost processes and causes huge network traffic choking on some computers here, causing the ghosting process to choke, SMC shoots up in CPU and memory use.
We are trying to use notebooks as portable ghost servers, please read on, and see the attached documents for screenshots and more details.
------------------------
4 notebooks total:
Group A - 2 of the notebooks are HP 6730B with WWAN (Verizon over Agere modems supplied in the HP notebooks by HP)
Group B -
1 notebook is a HP 6730b with no WWAN support, no Agere modem, strictly Broadcom wired and Intel wireless support.
1 notebook is an HP 6320 with Broadcom wired and Intel wireless support.
---------------------------------------
The three 6730 notebooks are running the same Broadcom drivers (2 in groupA, 1 in groupB).
The top two have Cisco VPN software installed but NOT in use during the issues seen.
(I have actually tested with the VPN software removed and it made no difference.REMOVING the VPN software shows it's not involved)
All 4 notebooks are in the same domain, the same groups in the domain, and are running the same version of SEP in the same SEP group with the SAME policies applied. As far as SEP is concerned there are no differences between the 4 notebooks, none. All 4 are running SEP RU5 - the latest.
All 4 are Windows XP with SP3.
Ghost server is installed on all 4 notebooks, both group a and group b.
Same version, installed the same way.
The notebooks are used as portable ghost servers to prevent us from having to image computers out in the field across our WAN structure. They connect the notebook to the office network, start ghost server, and ghost their client's computers from there on the local network in that office.
Two of the notebooks work PERFECTLY, it takes only about 9 minutes to ghost a desktop computer using the GROUP B notebooks as ghost servers.
The notebooks in GROUP A have issues - SEP chokes the process, nearly killing it, causing a 9 minute ghost session to take an hour!
If we right-click and choose "disable SEP", the process works fine. However, all that is doing is disabling the NTP or firewall, as when you open SEP, the top two items are still running and enabled. Only the bottom, or NTP, is not running.
Ghosting from all takes only 9 or 10 minutes with SEP disabled, or the NTP disabled (the AV portion is still enabled in all cases)
On the two GROUP B notebooks there are no issues, speed of ghosting FROM them is good - there are no issues, it stays fast, the network shows a load, CPU is normal, SMC.EXE is not in the list using CPU or memory.
On the two GROUP A notebooks, it starts out quickly, then in 3 or 4 seconds, you can see the estimated time grow and the speed (meg per minute) drop quickly! SMC.EXE is hogging the CPU and memory!
When this happens, you can see the network traffic or load on those notebooks drop. The CPU load increases to 50% or better and the memory usage shoots up very fast. If you disable SEP (again, all this does is stop NTP) CPU used drops dramatically, memory use drops dramatically, and network load increases again (like expected as SEP is not choking the network)
If you ENABLE SEP again, CPU shoots up, memory shoots up, network load drops to a trickle and the ghost process slows to a crawl.
When SEP is enabled on the group A computers, their logs shows TEREDO traffic! There are numberous entries stating that IPv6 traffic is being logged. IPv6 isn't even INSTALLED on these ocmputers - they are XP machines! NOT vista.
SEP states IPv6 Teredo on the two notebooks in GRP A but not in group B! Yet it's the SAME SEP, same profiles/policies, etc.!
Woops - guess I can't attach these documents, limited to pretty small files size.......... please see these documents I've placed on my web server:
http://antique-engines.com/documents/ghost-Doc1.doc
and
http://antique-engines.com/documents/ghost-sep-interaction.doc