Hello, I am Robert Paige from the Windows Server Partner Ecosystem Team. In December, I posted an article on the Windows Server Division WebLog about networking issues that can result from running versions of Symantec Endpoint Protection prior to version 11.0.4202 or Symantec Antivirus 10.2 on a Windows Server. The solution to the problem has been available from Symantec for quite some time, but we saw a steadily rising incident rate to Microsoft support for the issue – the main reason for this is that the symptoms simply do not give users any indication that their antivirus solution on the server is the culprit. For a complete list of some of the most common symptoms, please see the original post. We’ve also updated the 4 KB articles on our Microsoft Support Site since then to provide further information:
KB 961293 Unable to access Shares "The specified network name is no longer available" when Symantec Endpoint Protection prior to 11.0.4202 (MR4-MP2) or Symantec Antivirus 10.2 are installed on a Windows 2003, 2008 or 2008 R2 Server
KB 961654 A file sharing connection to a Windows Server 2008-based server drops unexpectedly if the server has Symantec Endpoint Protection prior to 11.0.4202 (MR4-MP2) or Symantec Antivirus 10.2 installed
KB 948732 Network shares become unresponsive after some time on a Windows Server 2003 or 2008 or 2008 R2-based-based computer running Symantec Endpoint Protection prior to 11.0.4202 (MR4-MP2) or Symantec Antivirus 10.2, and you receive an error message
KB 923360 You may experience various problems when you work with files over the network on a Windows Server 2003-based or Windows 2000 Server-based computer
All of the articles essentially lead to the Symantec Knowledge Base article about the issue, including information about how you can obtain the fix. It is important to note that the error messages and symptoms in these articles can also happen for a variety of reasons, and do not necessarily imply that the only reason you may be experiencing the problems only because of Symantec product involvement.
It has been very encouraging to see the impact the community has had after posting the information in the original blog. We’ve finally started seeing a very measurable decrease in the incoming support incidents resulting from this issue – I want to personally thank all of you for helping to spread the information about this issue across the enterprise and support community; let’s see if we can continue moving the needle over the coming months!
Robert Paige – Senior Program Manager
Windows Server Partner Ecosystem Team
There's another big gotcha. Symantec Endpoint Protection MR4 MP2, the recommended fix for this problem, was superseded by RU5 months ago. (Yes, they are no longer "Maintenance Releases" and "Maintenance Patches" but "Release Updates". Sheesh.)
RU5 does not play nicely with the .Net Framework if you have enabled Symantec's Application and Device Control feature, like we did. This feature lets us control USB usage as well as what applications a user can or cannot run. The symptoms are:
1. iisreg.exe will fail to run unless you uninstall Symantec.
2. The .Net Optimization service will fail to run after a patch to the .Net Framework is installed. That hangs the patch install process. Again, you need to uninstall Symantec.
In both cases you can reinstall Symantec Endpoint Protection RU5 when you're done and all will be well until the next time. There is no patch yet. We rolled all of our servers back to MR4 MP2 because of this. Fortunately we had not rolled it out to any desktops yet.
Here's a link to where we found out about this bug: