Endpoint Protection

 View Only

  • 1.  Upgraded to SEP v11, Now Microsoft Cluster failure. Help?

    Posted May 16, 2011 12:57 PM

     Just upgraded from Symantec Antivirus v10 to Symantec Endpoint Protection v11.0.6100.645 (on the first node in a four-node Microsoft cluster).

    Also installed Microsoft security updates on that node (first of four updates in planned maintenance sequence). This is an active/active/active/active 4-node file and print Windows Server 2003 R2 Enterprise Edition (32bit) Microsoft Cluster. Now have had at least one cluster service failure. Trying to determine if the Symantec or Microsoft updates and failure are related.

    Here is a list of Microsoft patches applied: KB2481109 KB2485663 KB2508429 KB2506212 KB2506223 KB2511455 KB2503658 KB2507618 KB2510531 KB2412687 KB2509553 KB2508272 KB2497640 KB2492386 KB2524375.

    After normal restarts and normal cluster service startup, I moved a workload from one of the other nodes. Four days later the cluster service failed and caused workload to failover to one of the other other nodes:

    Event Type: Error
    Event Source: ClusNet
    Event Category: None
    Event ID: 1118
    Date:  5/14/2011
    Time:  4:04:22 AM
    User:  N/A
    Computer: FPNODE01C
    Description:
    Cluster service was terminated as requested by Node 2.

    Event Type: Warning
    Event Source: Ftdisk
    Event Category: Disk
    Event ID: 57
    Date:  5/14/2011
    Time:  4:04:23 AM
    User:  N/A
    Computer: FPNODE01C
    Description:
    The system failed to flush data to the transaction log. Corruption may occur.

    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7031
    Date:  5/14/2011
    Time:  4:04:23 AM
    User:  N/A
    Computer: FPNODE01C
    Description:
    The Cluster Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Is anyone else having trouble with these new Ms patches or Symantec SEP v11?

    I know, I changed 2 variables, so now not sure which (if either) are source of problem. D'oh! :)  Any help appreciated anyway. Please pardon my cross-posting on Microsoft Cluster support forums. Thank you.



  • 2.  RE: Upgraded to SEP v11, Now Microsoft Cluster failure. Help?

    Posted May 16, 2011 01:21 PM

    Check this KB -

    Installing a Symantec Endpoint Protection client to a cluster server

    http://bit.ly/kAv0O5

     

    Moving this thread to the Endpoint Protection forum.



  • 3.  RE: Upgraded to SEP v11, Now Microsoft Cluster failure. Help?

    Posted May 16, 2011 04:13 PM

    Thanks for the reminder, the KB for SEP on a cluster was something I had reviewed during planning for the upgrade. (The short version: SEP on a cluster node is supported.)

    My install followed the recommendations.



  • 4.  RE: Upgraded to SEP v11, Now Microsoft Cluster failure. Help?

    Posted May 16, 2011 04:30 PM

    I would suggest you to disable SEP and first determine whether the failure is caused by SEP or Patches.



  • 5.  RE: Upgraded to SEP v11, Now Microsoft Cluster failure. Help?

    Posted May 16, 2011 04:41 PM

    First Check the NIC, before doing anything else.
    I was working on an issue yestarday, where after instaling the Security ptaches the Cluster broke,
    later we found outthat the issue was with HP NIC

    Try to Upgrade the NIC derivers and see if that helps.



  • 6.  RE: Upgraded to SEP v11, Now Microsoft Cluster failure. Help?
    Best Answer

    Posted May 31, 2011 10:00 AM

    It seems our cluster had another failover, but on an unrelated (not patched, not upgraded AV) node. Then waited 2 weeks to see if there was going to be any fallout. Looks like prior and most recent failovers were due to unknown external problem (SAN?) and not related to Microsoft patches or upgrade of the antivirus product.

    Patched a 2nd node and upgraded antivirus. Now 2 of 4 nodes patched/upgraded. No new symptoms.