SAV System Console Corporate 10.0 can't communicate with server group after install of SMSME 5.0

Hello everyone,

This is a weird one. I have a multiple server environment. All servers run some version of WIndows Server 2003, all with SP1.

SAV Corporate 10.0 is used throughout the network in a Client/Server form. The Parent Server for SAV is the Domain Controller. The SAV System Console on the domain controller was working fine and dandy until  immediately after  I installed SMSME 5.0 on a *completely* seperate server (the Exchange server obviously).

All SAV Clients throughout the network still point to the Domain Controller as the Parent Server. However, the client on the Domain Controller (a.k.a. the Parent Server for the SAV Corporate) doesn't show anything as the Parent Server.

everytime I clear the cache and run the discovery service, the discovery service finds the server and server group, but I still can't unlock the server group.

I found this article .

I found that the Symantec Anti-Virus service was mysteriously stopped.  So I started it. Still with no avail.

Then, I tried stopping the service again to continue with the KB article, and now that service will not stop. It's constantly in a "stopping" state.

Has anyone experience SMSME causing issues with SAV Corporate on a completely different server??

This network is a particular pain because it's a 24/7 operation. So restarting servers is a task.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thats a bummer your looking at a reboot of that server whether you like it or not there is not a way to get the service to start.  You should put your primary Antivirus server and System Center somewhere else but that doesnt fix the problem.  Clearing the cache isnt gonna help ya either.  I used to support this product and I saw this issue more than any other.  Unfortunately if deleting domain data doesnt work your prolly hosed...sorry.  Keep going through that document and let me know what happens.  BTW you did back up your pki folder when the install asked you to I hope.  If not your not gonna like yourself.

Also make sure all the intel services are alert handler, intel alert originator, intel PDS, intel file transfer also make sure the System Center Discover service is started oh and also the Defwatch service...sometimes restarting all of these.

Intel PDS
Intel File Transfer
Intel Alert Originator
Intel Alert Handler
Symantec AntiVirus
Symantec System Center Discovery Service

The only issue SMSMSE can have with SAV is if you failed to set exclusions correctly dont let SAV10 scan the exchange stuff or the SMSMSE stuff. Check the following KB

I hope this turns out for the better.
a couple more things I thought of...

You may need to set exclusions for SAV running on a DC see the following KB:

Secondly if you are trying to access the System Center through a terminal session that could be bad news.  This is the most common cause for most problems that an admin faces when trying to use SAV corporate edition.  You get big problems when trying to access the System console through a terminal session or anything using terminal services.  If you are doing this you could be compounding your problem.

Have a quick look at these KB's for some more info:
Tom-J-LaelAuthor Commented:

I'd love to set exclusions...but I can't open the console =) ! I'll get with the powers that be at this company and try to schedule some downtown...but they're weary of such things..they think they know everything...they don't understand fixing problems is a troubleshooting process...and not always cut and dry
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tom-J-LaelAuthor Commented:
Could I install teh SAV console on my local desktop and try to manage the server group from there?
Tom-J-LaelAuthor Commented:
Ok...some more issues.

I did not do the install of this product. So there are no backup .pki files.

They didn't register their product and I can't find their license, is there anyway to extract this? Incase I have to reinstall.
There is no Symantec License View because I believe this is a volume license.

I wasn't aware that I shouldn't use RDP to open the SAV Console. Infact, how is anyone expected to remotely manage a server?
Are we screwed?
Yes System center may be installed on any workstation in your environment.  Just make sure the SSC version you use matches the version of primary server.

Pki folder is located on the primary server in \\program files\symantec antivirus you should see the pki folder there might wanna burn that to a cd or sompthing.

Your correct you would not need to register or license this product if you do not see the License View because it is a volume license.

RDP to remotely manage...yeah I agree with you its total BS Symantec needs to pick up the pace this is an absolutely necessary feature that was not included but they give you a System Center that runs in an mmc snap in to lead you astray...there is a way but it involves a little GPO hack...It has to do with having session 0 and when you use RDP you never get session 0.  The only way to get session 0 is to be physically at the box.  The following documents will show you how to shadow session 0...before you do this please be aware that you are allowing complete (real admin) access to your server via an RDP connection.  This could be a security risk!  I just had to add this I'm sure you already know but just incase I wanna make sure you know the implications.  Okay I'm getting off my soap box now... you will find the MS KB's useful if you decide you wanna go this route;en-us;278845;en-us;292190

I nearly got canned for showing this to Symantec customers...I should get 10,000 points just for posting this

best of luck Tom!
Tom-J-LaelAuthor Commented:
SymShady!! thanks for all of your help you should get a million points because I've learned even more about this product. Just as I was getting the feel for this product, the company I work for decides to start selling Trend C/S/M SMB 3.0. So go figure.

 The registry edit sugggested in the common KB article did the trick.

I knew about MSTSC /Console ..I've had to use it to get on servers where users refuse to log off properly, but I never knew using SSC over RDP was causing trouble.

Just a couple more questions,

We have different servers here, the SAV Server is the Domain Controller. Then, we have a SQL server and an Exchange server, I knew about creating exclusions for those but never thought about Domain Controllers. I'd like to verify I'm creating exclusions for these servers the correct way.

I created a group called "Exch" (which more or less looks like a folder) some time ago. Then added the Exchange server to that Group. Unchecked "Inherit Settings from Server Group" and created exclusions for Auto-Protect and Schedule scans. I have a screen shot example here. (I've done the same for the SQL Server) .

Is it normal that the Exchange Server also show up in the orginal server view?? like this screen shot here (DONALD is the Exchange Server)

and last but not least, since this is possibly a Volume License. How will I be able to tell when the license has expired since there is no License View in the SCC??

many many thanks!!
I apologize for the delay...

Thanks for the screen shots sometimes that makes it easier understand the big picture.  Yes you are doing your exclusions correctly.  Isolating your servers that require exclusions in groups is the best practice.  This keeps the settings from inadvertantly being overwritten. Also good that you unchecked "Inherit Settings from Server Group" remember that anytime you run a manual scan you will need to set these exclusions in the manual scan before you run it...just a reminder.  You will still see the servers listed under your primary still but you will notice that in the groups column the group the machine is in is listed.  They will show up in both places.  This is normal.

Open the local antivirus interface on any client or server and click help and about and you will see an expiration date.  If you do not see one then Liveupdate will run forever.  This is a pretty common licensing scheme with the corporate products...less hassle.  Corporate environments really don't want to deal with popups on all of there clients that say "license expired"  Anyway that should give you an answer as to when your license expires if it does at all.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.