[Today’s post comes to us courtesy of Robert Paige from the Windows Server Partner Ecosystem Team]
We wanted to resurface a continuing support issue with deployments that we first commented on back in December of 2009, and again in a March post on the Microsoft Enterprise Networking Team Blog. After a very encouraging decrease in support incidents traced to this issue, we’ve seen an upward trend again for the same issue – perhaps a reminder will reverse the trend!
If you are running certain older versions of Symantec Endpoint Protection or Symantec Antivirus, you can get the solution from Symantec. Symantec confirms that this is a known issue and there are updates to resolve the problem. For more information, please see the Symantec Knowledge Base article about this issue . For information about Symantec support for Endpoint Protection 11, visit the Symantec Support site. (http://www.symantec.com/business/support/index.jsp)
Please note: If you are unable to upgrade promptly or remove the software, Symantec urges you to contact their technical support to determine if there are any workarounds available to you.
While the error messages are not specific to this issue, and can often have other unrelated causes, versions of Symantec Endpoint Protection prior to version 11.0.4202 or Symantec Antivirus 10.2 on a Windows Server can cause these connectivity problems. The real frustration can be the difficulty in determining that the root cause may be due to these third-party products; the intermittent loss of productivity and reliability of client connections to the server often results in costly and time-consuming investigations. To make the matter even more frustrating, it does not happen immediately after installation of the security software, the interoperability issue can sometimes happen weeks after deployment.
- Symantec Endpoint Protection versions prior to 11.0.4202 (MR4-MP2). Older versions of Symantec Symantec Antivirus (prior to 10.2) can also cause this problem. The problem occurs when you have the Autoprotect feature enabled in the applications.
- The problem can affect 32-bit and 64-bit versions of Windows Server 2003, 2008, 2008 R2, including Windows Small Business Server 2003, Windows Small Business Server 2008, and Windows Essential Business Server 2008.
- The problem is intermittent, can affect client connectivity within hours to up to a week after installing the applications. Usually a server reboot will restore connectivity for a short period before the problem happens again. You generally are able to ping and RDP to the server when the issue occurs, but shares are inaccessible using either \IPADDRESS or \ServerNameShare operations.
- The problem results from a deadlock in SRTSP.SYS or SRTSP64.SYS in a push lock operation, which then causes blocked kernel mode server threads handling SMB negotiation requests. Network traces will show the server not responding to the SMB dialect packet.
Here are the most common symptoms you may experience that may help you diagnose this issue. Note that if you have this software installed, the easiest troubleshooting step to determine if this is the cause of connectivity issues is to simply remove the software and reboot the server.
- Error message: “The network path was not found” or “The specified network name is no longer available” when attempting to open shares, map a drive, run DCDIAG to the to the affected server, use netdom to reset secure channel
- Error message: “RPC Server is unavailable” when trying to connect via Active Directory Users and Computers
- Error message: “RPC Server is too busy to process the request” when attempting to join the Windows server domain
- Error message: “No network provider accepted the given network path” or “File or network path no longer exists” when copying a file over the network to affected servers
- Printing issues (cannot update printer IP address via DNS)
- AD replication failures
- Cluster service fails to start, or inability to access existing File Share resources even if they are online according to the Cluster Administrator snap-in
- Event log Event ID 4226 and or 2022 may occur frequently (up to every 20 to 30 seconds)
KB 961293 Unable to access Shares “The specified network name is no longer available” when Symantec Endpoint Protection prior to 11.0.4202 (MR4-MP2) or Symantec Antivirus 10.2 are installed on a Windows 2003, 2008 or 2008 R2 Server
KB 961654 A file sharing connection to a Windows Server 2008-based server drops unexpectedly if the server has Symantec Endpoint Protection prior to 11.0.4202 (MR4-MP2) or Symantec Antivirus 10.2 installed
KB 948732 Network shares become unresponsive after some time on a Windows Server 2003 or 2008 or 2008 R2-based-based computer running Symantec Endpoint Protection prior to 11.0.4202 (MR4-MP2) or Symantec Antivirus 10.2, and you receive an error message
All of the articles also refer to the Symantec Knowledge Base article about the issue, including information about how you can obtain the fix.