Endpoint Protection

 View Only
  • 1.  Event id 333

    Broadcom Employee
    Posted Mar 02, 2010 01:47 AM
    After installing SEP 11.0.5002.333 on Windows 2008 R2  32 bit , the application logs is getting filled with event id 333 every 30 seconds.If SEP is uninstalled , it works fine. But i don't  want the server unprotected.
    Only AV and AVS is installed.
    I would a prefer to hear from Symantec first , then would think of contacting MS.


  • 2.  RE: Event id 333

    Broadcom Employee
    Posted Mar 02, 2010 02:10 AM
    What re the roles of this server? How is the performance of this server? What is the H/W configuration? What are the other s/w loaded in this server?


  • 3.  RE: Event id 333

    Broadcom Employee
    Posted Mar 02, 2010 08:40 AM

    Can you let us know the exact error message associated with is event id. Do you see event is 26 as well?.  You can also paste a screenshot , and we would be able to guide you further.


  • 4.  RE: Event id 333

    Broadcom Employee
    Posted Mar 03, 2010 04:37 AM

    Please find the answers inline -

    What re the roles of this server? File server
    How is the performance of this server? Performance is fine. Sometimes the machine becomes sluggish. Otherwise its fine.
    What is the H/W configuration?  this is a Dell Poweredge 380G5
    What are the other s/w loaded in this server? Nothing specific. Only Netbackup and antivirus

    Exact event ID -

    Event:  333
    Source:  Application Popup
    Category: None
    Event Msg: An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system's image of the Registry.

    No event id 26.


  • 5.  RE: Event id 333

    Broadcom Employee
    Posted Mar 03, 2010 06:53 AM
    Do you tried by reinstalling?
    Once install SEP as unmanaged and see any difference is present... 


  • 6.  RE: Event id 333

    Posted Mar 03, 2010 04:04 PM
    Restart the system. You may have to use the Emergency Repair Disk to restore the system configuration information.

    http://msdn.microsoft.com/en-us/library/ms838132.aspx


  • 7.  RE: Event id 333
    Best Answer

    Broadcom Employee
    Posted Mar 06, 2010 06:47 AM
    Event id 333 is generally caused because of one of the following reasons -
    •                     There is memory pressure either Physical (Physical ram, virtual memory, Working Set trimming, pagefile, and etc) or Kernel   (low paged/nonpaged pool/system Page Table Entries). 
    •                     The disk hosting on the system partition is not keeping up with the load (high disk queue lengths). 
    •                     A filter driver is keeping the registry from being flushed.
    •                     A User account granted the “Lock system pages in memory” user right.

    Please check for any other event ids on the server like 2019,2020,2012,2021,2022 in the system event logs.
    They might not be  viible since the events are already being flooded.

    Please tweak the paged pool memory by making the following registry changes -  Microsoft KB312362 http://support.microsoft.com/default.aspx?scid=kb;EN-US;312362

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management
                    PoolUsageMaximum = 40
                    PagedPoolSize = FFFFFFFF

    Also disable the TCP Chimney Feature by  the following command --  Netsh int ip set chimney DISABLED
                    Made sure we have the  following registry keys created -
                    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
                    "EnableTCPA"=dword:00000000 
                    "EnableRSS"=dword:00000000
                    "DisableTaskOffload"=dword:00000001 



    Reboot the server after making these changes and then test. You may want to clear the eventlogs.