We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


SAV System Console Corporate 10.0 can't communicate with server group after install of SMSME 5.0

Tom-J-Lael asked
Medium Priority
Last Modified: 2011-08-18
Hello everyone,

This is a weird one. I have a multiple server environment. All servers run some version of WIndows Server 2003, all with SP1.

SAV Corporate 10.0 is used throughout the network in a Client/Server form. The Parent Server for SAV is the Domain Controller. The SAV System Console on the domain controller was working fine and dandy until  immediately after  I installed SMSME 5.0 on a *completely* seperate server (the Exchange server obviously).

All SAV Clients throughout the network still point to the Domain Controller as the Parent Server. However, the client on the Domain Controller (a.k.a. the Parent Server for the SAV Corporate) doesn't show anything as the Parent Server.

everytime I clear the cache and run the discovery service, the discovery service finds the server and server group, but I still can't unlock the server group.

I found this article http://service1.symantec.com/support/ent-security.nsf/docid/2005051209365248?Open&src=tranus_ent_sl .

I found that the Symantec Anti-Virus service was mysteriously stopped.  So I started it. Still with no avail.

Then, I tried stopping the service again to continue with the KB article, and now that service will not stop. It's constantly in a "stopping" state.

Has anyone experience SMSME causing issues with SAV Corporate on a completely different server??

This network is a particular pain because it's a 24/7 operation. So restarting servers is a task.

Watch Question

thats a bummer your looking at a reboot of that server whether you like it or not there is not a way to get the service to start.  You should put your primary Antivirus server and System Center somewhere else but that doesnt fix the problem.  Clearing the cache isnt gonna help ya either.  I used to support this product and I saw this issue more than any other.  Unfortunately if deleting domain data doesnt work your prolly hosed...sorry.  Keep going through that document and let me know what happens.  BTW you did back up your pki folder when the install asked you to I hope.  If not your not gonna like yourself.

Also make sure all the intel services are started...intel alert handler, intel alert originator, intel PDS, intel file transfer also make sure the System Center Discover service is started oh and also the Defwatch service...sometimes restarting all of these.

Intel PDS
Intel File Transfer
Intel Alert Originator
Intel Alert Handler
Symantec AntiVirus
Symantec System Center Discovery Service

The only issue SMSMSE can have with SAV is if you failed to set exclusions correctly dont let SAV10 scan the exchange stuff or the SMSMSE stuff. Check the following KB

I hope this turns out for the better.

a couple more things I thought of...

You may need to set exclusions for SAV running on a DC see the following KB:


Secondly if you are trying to access the System Center through a terminal session that could be bad news.  This is the most common cause for most problems that an admin faces when trying to use SAV corporate edition.  You get big problems when trying to access the System console through a terminal session or anything using terminal services.  If you are doing this you could be compounding your problem.

Have a quick look at these KB's for some more info:





I'd love to set exclusions...but I can't open the console =) ! I'll get with the powers that be at this company and try to schedule some downtown...but they're weary of such things..they think they know everything...they don't understand fixing problems is a troubleshooting process...and not always cut and dry


Could I install teh SAV console on my local desktop and try to manage the server group from there?


Ok...some more issues.

I did not do the install of this product. So there are no backup .pki files.

They didn't register their product and I can't find their license, is there anyway to extract this? Incase I have to reinstall.
There is no Symantec License View because I believe this is a volume license.

I wasn't aware that I shouldn't use RDP to open the SAV Console. Infact, how is anyone expected to remotely manage a server?
Are we screwed?

Yes System center may be installed on any workstation in your environment.  Just make sure the SSC version you use matches the version of primary server.

Pki folder is located on the primary server in \\program files\symantec antivirus you should see the pki folder there might wanna burn that to a cd or sompthing.

Your correct you would not need to register or license this product if you do not see the License View because it is a volume license.

RDP to remotely manage...yeah I agree with you its total BS Symantec needs to pick up the pace this is an absolutely necessary feature that was not included but they give you a System Center that runs in an mmc snap in to lead you astray...there is a way but it involves a little GPO hack...It has to do with having session 0 and when you use RDP you never get session 0.  The only way to get session 0 is to be physically at the box.  The following documents will show you how to shadow session 0...before you do this please be aware that you are allowing complete (real admin) access to your server via an RDP connection.  This could be a security risk!  I just had to add this I'm sure you already know but just incase I wanna make sure you know the implications.  Okay I'm getting off my soap box now... you will find the MS KB's useful if you decide you wanna go this route



I nearly got canned for showing this to Symantec customers...I should get 10,000 points just for posting this hack...lol

best of luck Tom!


SymShady!! thanks for all of your help you should get a million points because I've learned even more about this product. Just as I was getting the feel for this product, the company I work for decides to start selling Trend C/S/M SMB 3.0. So go figure.

 The registry edit sugggested in the common KB article did the trick.

I knew about MSTSC /Console ..I've had to use it to get on servers where users refuse to log off properly, but I never knew using SSC over RDP was causing trouble.

Just a couple more questions,

We have different servers here, the SAV Server is the Domain Controller. Then, we have a SQL server and an Exchange server, I knew about creating exclusions for those but never thought about Domain Controllers. I'd like to verify I'm creating exclusions for these servers the correct way.

I created a group called "Exch" (which more or less looks like a folder) some time ago. Then added the Exchange server to that Group. Unchecked "Inherit Settings from Server Group" and created exclusions for Auto-Protect and Schedule scans. I have a screen shot example here. (I've done the same for the SQL Server)

http://www.tom-j-lael.com/savcenter2.JPG .

Is it normal that the Exchange Server also show up in the orginal server view?? like this screen shot here (DONALD is the Exchange Server)


and last but not least, since this is possibly a Volume License. How will I be able to tell when the license has expired since there is no License View in the SCC??

many many thanks!!
I apologize for the delay...

Thanks for the screen shots sometimes that makes it easier understand the big picture.  Yes you are doing your exclusions correctly.  Isolating your servers that require exclusions in groups is the best practice.  This keeps the settings from inadvertantly being overwritten. Also good that you unchecked "Inherit Settings from Server Group" remember that anytime you run a manual scan you will need to set these exclusions in the manual scan before you run it...just a reminder.  You will still see the servers listed under your primary still but you will notice that in the groups column the group the machine is in is listed.  They will show up in both places.  This is normal.

Open the local antivirus interface on any client or server and click help and about and you will see an expiration date.  If you do not see one then Liveupdate will run forever.  This is a pretty common licensing scheme with the corporate products...less hassle.  Corporate environments really don't want to deal with popups on all of there clients that say "license expired"  Anyway that should give you an answer as to when your license expires if it does at all.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.