I am running an unmanaged SEP 11.0.503.333 client in Hyper-V on server 2008 r2.
When I install the unmanaged client, the server stops replying to echo requests.
Wireshark trace shows that the ICMP packets are being received.
This problem arrises if the SEP unmanaged client is installed.
Event Viewer shows the following:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 11/10/2010 3:31:42 PM
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: SERVERDNS1.test.domain
Description:
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 4
Application Name: System
Network Information:
Direction: Inbound
Source Address: 78.14.221.45
Source Port: 0
Destination Address: 78.14.221.44
Destination Port: 8
Protocol: 1
The odd part being that this message is that .44 is the local IP, and .45 is another server, but is being labled as 'inbound'. This even is only created when the other server (.45) tries to ping the server with the unmanaged SEP client (.44).
The problem goes away if the unmanaged client is uninstalled.