First thing I want to say, Symantec does not seem to truly understand this problem and at this point has no fix. Lizard King, came up with the below fix to get us up and running smoothly again.
Here is a status update on this issue and what we have done to mitigate it. Please understand that we are most likely running into this problem because of the way that we have configured our environment. Specifically:
· We utilize Roaming Profiles.
· We utilize Folder Redirection.
· We have deployed Terminal Servers (with multiple users on a single system).
· We delete cached copies of Roaming Profiles when users logout.
We began addressing this problem by first tackling the Symantec Endpoint Protection conflict with the User Profile Hive Cleanup service. We configured two Centralized Exceptions:
After making these changes, we no longer received the following Event Id 45 messages in the Event Log:
Target: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Event Info: Suspend Thread
Action Taken: Logged
Actor Process: C:\Program Files\UPHClean\uphclean.exe (PID 2336)
We still had problems with user's profiles periodically becoming corrupted and local profile copies not being deleted at logout. After doing some digging on the forums as well as conversing with Symantec support, we finally settled upon deploying the following registry entry to our systems:
We asked Symantec support what this registry entry does and received the reply, "This will disable the scheduled scan thread that checks for user scheduled scans. Any scheduled scan created by the administrator via SEPM will still run."
After deploying this registry entry, we no longer see the stuck user profiles or errors in the event log when users logout. If I had to guess, I would say that SEP was keeping the user's profile open just long enough for Windows to time out trying to re-sync the user's profile back to the server. Since Windows couldn't properly sync the local profile with the server copy, it didn't execute the deletion of the local profile copy as well.
Is there a complete "to do" list to correct this problem?
I finally uninstalled Endpoint and just installed SAV Corp. I would like to use Endpoint when the issue has been resolved. My users do not have any patience, they just want their remote session to work, now. This affected about 20 of 150 users, including the distict manager. They want me to explain why their profile isn't loading, in detail (even though they don't have any idea what I'm talking about). They call back throughout the day to let me know they cannot connect.
Two 2003 Enterprise servers running terminal services
Two 2003 servers (file servers)
One 2003 server running exchange
Clients are XP Pro or Windows CE using a remote desktop connection.
Errors 1010, 1030, 1058, 1096, 1219, 1500, 1509, 1511, 1505 and 1508
No errors after uninstalling SEP.