Video Screencast Help

SEP Slow Network Logins

Created: 14 Jan 2008 • Updated: 22 May 2010 | 4 comments
My DC (Windows Server 2003 Enterprise) is running SEPM. My clients are running SEP with only AV / AP. Since I have deployed SEP to my production environment logging on to the domain has become extremely slow. At times the user will only see their desktop background after the Windows login dialog disappears.
 
At first it appeared that proactive threat protection was causing the issue. I have since removed it and the issue continues.
 
My clients are all running Windows XP Pro (2.8 P4 w/ HT, 512MB of RAM). Our desktops are clean and a couple programs load at startup.
 
 
Any help would be appreciated.



Message Edited by CTTek on 01-14-2008 08:01 AM

Comments 4 CommentsJump to latest comment

gnarbucketz's picture

I'm experiencing similar issues in my domain, but wasn't sure whether it's being caused by SEP, or the fact that WSUS 3.0 is "catching up" and my workstations have all received thousands of updates.  They lag on "Running Startup Scripts" for an extended period of time.  Unplugging the network cable speeds things right along.

I'm also noticing problems with my Exchange and print servers.  They stop responding at random.  Both are 2003 Server SP2, and in the event logs I see a bunch of Service Control Manager events talking about LiveUpdate stopping and starting repeatedly in a short length of time.

Foard's picture

Have you also installed the SEP client on the Windows 2003 machine?  There is a bug which causes loss of connectivity in Server 2003.

http://service1.symantec.com/SUPPORT/ent-security....

M Strong's picture
Hello All,
     I've also noticed that my workstations and servers (since deploying SEP clients accross the board) experience a 'slower than I was used to' logon time.  I've got only AV deployed to the servers and the full client suite deployed to the clients (workstations).  I'm not really noticing any degraded performance aside from that.
     I've been guessing that since the SEP client reports to the SEPM server the username of who's currently logged into the pc, and I can reliably review this information (pretty much realtime) using the management console, that the client is checking for possible policy changes based on the authenticating user due to the 'mode' of the client (user mode vs computer mode).  ('User Mode' of the client will allow given policies to follow given users regardless of logon location.)
     This is just a guess, based on what I've learned about new functionalities of the SEP client.  I'm not sure by any means if this is the reality of the situation, but it seems like a logical explination for my symptom.  The delay in logon is no more than about 20-30 seconds tops.  I don't have any clients deployed beyond VPN or any other external network link yet, so i can't really test this theory using network latency to cause the process to be even slower.  I am using a Gigabit backbone in my production environment (even though the workstation's NICs are 10/100 still, i've noticed that the backbone makes a HUGE difference with regards to file copies and other standard network traffic).
     I just wanted to add my 2 cents, as I've been noticing the same 'quirk' with my systems post deployment of the SEP client.
     Let us know if anyone's figured this one out yet.  Good luck to all!!

-M