Once again we need some help from all you forum "experts"... I searched the forum and couldn't find anything close to what we are seeing.
We have been running SEPM and SEP 11.0.05 (latest) on Server 2008R2 for over a month flawlessly with one exception.
We have two Server 2008R2 DataCenter Core hosts with 8 Hyper-V guest O/S's also running Server 2008R2 DataCenter full install. SEPM runs on a dedicated guest server (only other app. is VMM 2008R2). All of our servers (including DC's) are virtual with the exception of Exchange, which runs on a Windows 2003R2 box. All Guest servers have SEP installed via push.
Almost every other day (and at different times), usually once only per day, SMC.exe terminates unexpectedly. It restarts by itself and by the time we see the error log entries all is running fine with the green ball on the shield.
We get two critical log entries in the local machine Windows logs, one in the application log and one in the system log (see below).
Is there something I missed during setup? The faulting seems to happen on all of the "guest" servers, but not everyday. It may just be a coincidence, but I have seen the faulting mostly on our two DC's (but that might just be because I am in them the most...). CPU utilization on all of the machines never gets above 3% to 6%.
This is not a big deal, but I would like to understand what is going on.
Thanks for the advice.
Charlie
System error:
Log Name: System
Source: Service Control Manager
Date: 10/27/2009 4:54:37 AM
Event ID: 7031
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: V-PDC1.ad.xxxxxxxxxxxxxxxxcom
Description:
The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7031</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-10-27T08:54:37.946323400Z" />
<EventRecordID>9605</EventRecordID>
<Correlation />
<Execution ProcessID="556" ThreadID="3828" />
<Channel>System</Channel>
<Computer>V-PDC1.ad.xxxxxxxxxxxxxxxm</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Symantec Management Client</Data>
<Data Name="param2">1</Data>
<Data Name="param3">1000</Data>
<Data Name="param4">1</Data>
<Data Name="param5">Restart the service</Data>
</EventData>
</Event>
Application Error:
log Name: Application
Source: Application Error
Date: 10/27/2009 4:54:37 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: V-PDC1.ad.xxxxxxxxxxxxx.com
Description:
Faulting application name: Smc.exe, version: 11.0.5002.301, time stamp: 0x4ab2df5e
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b
Exception code: 0xc0000005
Fault offset: 0x000000000005036a
Faulting process id: 0x180
Faulting application start time: 0x01ca55d056e8a088
Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5a604e79-c2d6-11de-bc13-00155d01fd00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-27T08:54:37.000000000Z" />
<EventRecordID>5148</EventRecordID>
<Channel>Application</Channel>
<Computer>V-PDC1.ad.xxxxxxxxxxxx.com</Computer>
<Security />
</System>
<EventData>
<Data>Smc.exe</Data>
<Data>11.0.5002.301</Data>
<Data>4ab2df5e</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7600.16385</Data>
<Data>4a5be02b</Data>
<Data>c0000005</Data>
<Data>000000000005036a</Data>
<Data>180</Data>
<Data>01ca55d056e8a088</Data>
<Data>C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>5a604e79-c2d6-11de-bc13-00155d01fd00</Data>
</EventData>
</Event>