Hey all,
Just wondering if anyone has seen this while working with DS.
Setup:
- SMP 7.1 with DS 7.1A
- SEPP 11.0.6200.x
During my first ever Create Image task for Windows 7 Pro (64bit), I noticed that it kept failing, since the PC I am grabbing it from is on ESXi, I was able to easily see the network usage graphs while it took the image. Every time it failed, this graph looked identical (same peaks and valleys), and basically lasted the same amount of time.
After jumping on the Altiris box, I noticed that SEPP started tossing some Intrustion prevention alerts:
1 2/10/2012 11:37:06 AM Intrusion Prevention Critical Incoming TCP 192.168.1.121 00-00-00-00-00-00 192.168.1.174 11-11-11-11-11-11 C:\Windows\system32\ntoskrnl.exe ^SERVICE ACCOUNT^ ^DOMAINMANE^ Internal Servers 1 2/10/2012 11:35:47 AM 2/10/2012 11:35:47 AM [SID: 24254] OS Attack: SMB MS CVE-2011-0661 2 detected.
*NOTE: replaced account name and domain where noted by ^^'s
This alert seemed to have caused this, as it would get thrown every time I tried to start the create image task.
Once I disabled SEP's Network Threat Protection, the image creation task finished successfully.
Some notes from my testing:
1) This happened during a create image task that was 64bit
2) Create image task was setup to use RDEPLOY
3) This didn't happen when I created an image of a 32bit OS after this completed (and after turning SEP NTP back on)
Has any one else seen this?
I meant the solution is pretty simple (disable NTP for the Altiris box), but was interested to see if this is a bug in the 64bit RDEPLOY create image process.
Thanks!