Houston Security User Group

Has anyone had issues with Windows Servers 2008 R2 in a VM setting.

We have a number of DC's. that after a reboot, you cannot communicate nor RDP into the Servers. They have to be rebooted.

Also have a few SQL Servers on the Same OS with the same type of issue. On the SQL Servers, MS said that it was SEP 11 causing the issue.

We have either AV only or AV and NTP on our Servers?

Any suggestions would be appreciated before I take this to Symantec Support.

Only Correlation is Windows 2008 R2

Thanks,

Make sure to only use the AV component to start. It's possible the firewall is blocking communication. I've seen this before.

Also, the latest version of 11.x is RU7 MP3. You're two versions behind.

Check this best practice guide:

http://www.symantec.com/business/support/index?page=content&id=TECH92440

Problem is that ALL our Domain Controllers are ONLY using AV and it is causing this issue. If it was just AV & NTP. I might understand, especially if the FW Policy had not been withdrawn, but NO Firewall, Only IPS is the problem. The document while helpful not sure that this is my issue.

Anyone else got an idea?

Thanks Brian81, I appreciate your assistance and input.

As a test, disable autoprotect, let's see if this helps and we can at least narrow it down.

Ensure the necessary exlusions are set per this KB article:

http://www.symantec.com/business/support/index?page=content&id=TECH131089

Verify the exclusions are in place:

http://www.symantec.com/business/support/index?page=content&id=TECH96048