I've had this issue a few times over the past couple of weeks and on multiple devices. I am running 11.0.6300 on all my devices. The GUPs are Windows 2003 servers and they are also set to be unmanaged detectors.
I get calls from users saying that they can't get connected to the server and when I run netstat, I see hundreds of established connections between the GUP and the SEPM server. Running the netstat with the "-b" switch shows that the executable is SMC.exe. Below is a small sample of the results of netstat. During this particular netstat collection, there were almost 1,600 connections to the SEPM server, going up to TCP port number 4998. When this happens, the connections stop at port 5000.
It appears that the server is overwhelmed with these connections and will not respond to any network requests - mail, shared folders, pings, etc. After 5 - 10 minutes the server will respond again, however the connections to the SEPM are still established and within 30 minutes, the server will appear offline again. Shutting down Symantec will get the server to respond normally again, however once Symantec is turned back on, within a few minutes it is again unresponsive. The only way to completely resolve the issue is to reboot the server, after which everything is fine for days until it happens again. I should mention that during these times, CPU and memory use are normal - it is only the number of TCP ports in use that is abnormal.
There doesn't seem to be any warning as to when it will happen, either. After it happened the first time, I manually checked the server for a couple of days after and would see only 3 - 5 connections to the SEPM. Then one day, users called and it was back up in the 1,000+ connections range.
As I mentioned, this has happened on multiple servers, however for most of them, a reboot about a week ago fixed the issue and is has not reappeared. On one particular server, this is happening every couple of days. When this happened to that same server again today (948 connections), I checked one of the servers that I previously had this same issue with and had been rebooted 7 days ago - that server showed 6 connections to the SEPM server
Anyone know what's going on here and how to resolve?
Thanks!