Symantec SEP 11.0 - Things to note

[Guest Mark Stoker]

We have just installed SEP 11 onto our Windows 2003 TS's -

 

We started getting issues with long LOGOFF times (up to 120 secs).

 

I started a up a support case with Symantec (which was solved within 1 day

!) - Basically it was the Network Threat Protection part of SEP that was

causing the problem - see the response below, hope this helps someone !

======================================

Most likely the problem exists with having NTP installed on the servers not

so much the clients so you shouldn't be required to remove that from the

clients. NTP is the one feature that if you install, typically on servers,

and do not FULLY configure it will cause connection problems as it is a full

fledged software firewall. By default it is going to block most incoming

connections and it appears that it may be filtering some of the RDP traffic

causing the delay that you're seeing. You could try leaving it in place and

turning on logging for all of the rules in the firewall policy to see if you

could find out exactly what is being blocked that is causing the delayed log

off. You would then go in and add a rule to allow that specific traffic.

Typically it's not advised to put NTP on your servers unless you know every

port that you need to have open for your specific environment and have set

the firewall policy up accordingly.

 

Removing NTP from the terminal server may cause it to not show the tray icon

for connected users which should help lower resource usage caused by SEP on a

terminal server. Since we just made a change though you'll want to make sure

that it's still installed and running of course and that's not the cause of

it not showing up.

=============================

[Guest Munindra Das [MSFT]]

Re: Symantec SEP 11.0 - Things to note

 

Thanks for passing on this information to the newsgroup!

 

This posting is provided "AS IS" with no warranties, and confers no rights.

 

"Mark Stoker" <MarkStoker@discussions.microsoft.com> wrote in message

news:DA7CA233-E6F1-4303-935B-42196C087841@microsoft.com...

> We have just installed SEP 11 onto our Windows 2003 TS's -

>

> We started getting issues with long LOGOFF times (up to 120 secs).

>

> I started a up a support case with Symantec (which was solved within 1 day

> !) - Basically it was the Network Threat Protection part of SEP that was

> causing the problem - see the response below, hope this helps someone !

> ======================================

> Most likely the problem exists with having NTP installed on the servers

> not

> so much the clients so you shouldn't be required to remove that from the

> clients. NTP is the one feature that if you install, typically on servers,

> and do not FULLY configure it will cause connection problems as it is a

> full

> fledged software firewall. By default it is going to block most incoming

> connections and it appears that it may be filtering some of the RDP

> traffic

> causing the delay that you're seeing. You could try leaving it in place

> and

> turning on logging for all of the rules in the firewall policy to see if

> you

> could find out exactly what is being blocked that is causing the delayed

> log

> off. You would then go in and add a rule to allow that specific traffic.

> Typically it's not advised to put NTP on your servers unless you know

> every

> port that you need to have open for your specific environment and have set

> the firewall policy up accordingly.

>

> Removing NTP from the terminal server may cause it to not show the tray

> icon

> for connected users which should help lower resource usage caused by SEP

> on a

> terminal server. Since we just made a change though you'll want to make

> sure

> that it's still installed and running of course and that's not the cause

> of

> it not showing up.

> =============================