Endpoint Protection

Installed the SEP AV, AS and NTP, version 11.0.4014.26 to a Windows 2008 server 64bit standard edition.
Reboot server after install and can no longer login using my domain account or the domain administrator account.
Can still logon using local administrator account, but cannot access sysvol or netlogon shares on any of the domain controllers.
If I enter \\domain-controller in explorer window and hit enter, it prompts for user name and password.
I enter domain\myusername and password.  No go.
If I enter  \\memberserver in explorer window and hit enter, it prompts for user anme and password.
I enter domain\myusername and password and it works.  I can see the shared folders and printers on this member server
I can ping to and from this one server ok.
I cen even access shares on this server from my workstation.
I un-install SEP and can then logon to the domain normally from this server.
So it seems this one server cannot access our domain controllers.
I also installed the patch for disapearing access to network shares.
Changed the server IP and no go either.
Any suggestions appreciated.

Is this a dc?

Instead to install all features, just install only the Antivirus and Antispyware component and see if the issue persists.

Ok.  Built a package with AV and AS only.
Removed previous install and pushed this package to the server and it is accessing everything normally.
And no it is not a domain controller.
Any advice on troubleshooting why NTP would block access to domain controllers from this one server.
I have 15 other servers in the same group that are working normally, the only difference in this one is that it is the only 64bit.  All others are mix of win2k3 and wind2k8 32bit.
Thanks for the advice.

Hi gjohnson, in my case we dont use NTP on servers. But if you would like to enable it then fine. But we have to review the rules you activated on the NTP component.

The rules have not been changed from the default and that is what confuses me.
The same default rules are enabled on at least 15 other member servers and they all work fine.
Have I uncovered some bug in the 64bit NTP

It may be aproblem regarding your admin rights. Check whether you can logon after uninstalling SEP

Your problem sounds more like the computer account/password expiring on the domain. If you couldn't contact your domain controller, you shouldn't get prompted for credentials when trying to access the DC network shares. The fact that you're being prompted for credentials when trying to remotely access the local shares on the machine in question would also suggest this as well. Scour the logs on the machine and the DC's, and you'll probably see those errors.

I think this is a configucation issue you might want to check the settings while installing it and after before restarting the system, just an idea try installing one component at a time and see if that isolates your issue.

thanks,

Rainier

Hi, since you enabled NTP with default values. The best way I think is to enable log traffic from this server. I this we may get an error log, and further troubleshoot the issue.

Kindly check traffic on these ports/protocol

Service


Port/protocol

RPC endpoint mapper


135/tcp, 135/udp

Network basic input/output system (NetBIOS) name service


137/tcp, 137/udp

NetBIOS datagram service


138/udp

NetBIOS session service


139/tcp

RPC dynamic assignment


1024-65535/tcp

Server message block (SMB) over IP (Microsoft-DS)


445/tcp, 445/udp

Lightweight Directory Access Protocol (LDAP)


389/tcp

LDAP ping


389/udp

LDAP over SSL


636/tcp

Global catalog LDAP


3268/tcp

Global catalog LDAP over SSL


3269/tcp

Kerberos


88/tcp, 88/udp

Domain Name Service (DNS)


53/tcp1, 53/udp

Windows Internet Naming Service (WINS) resolution (if required)


1512/tcp, 1512/udp

WINS replication (if required)


42/tcp, 42/udp