SAV System Console Corporate 10.0 can't communicate with server group after install of SMSME 5.0

Posted on 2006-03-29
Last Modified: 2011-08-18
Hello everyone,

This is a weird one. I have a multiple server environment. All servers run some version of WIndows Server 2003, all with SP1.

SAV Corporate 10.0 is used throughout the network in a Client/Server form. The Parent Server for SAV is the Domain Controller. The SAV System Console on the domain controller was working fine and dandy until  immediately after  I installed SMSME 5.0 on a *completely* seperate server (the Exchange server obviously).

All SAV Clients throughout the network still point to the Domain Controller as the Parent Server. However, the client on the Domain Controller (a.k.a. the Parent Server for the SAV Corporate) doesn't show anything as the Parent Server.

everytime I clear the cache and run the discovery service, the discovery service finds the server and server group, but I still can't unlock the server group.

I found this article .

I found that the Symantec Anti-Virus service was mysteriously stopped.  So I started it. Still with no avail.

Then, I tried stopping the service again to continue with the KB article, and now that service will not stop. It's constantly in a "stopping" state.

Has anyone experience SMSME causing issues with SAV Corporate on a completely different server??

This network is a particular pain because it's a 24/7 operation. So restarting servers is a task.

Question by:Tom-J-Lael
    LVL 4

    Expert Comment

    thats a bummer your looking at a reboot of that server whether you like it or not there is not a way to get the service to start.  You should put your primary Antivirus server and System Center somewhere else but that doesnt fix the problem.  Clearing the cache isnt gonna help ya either.  I used to support this product and I saw this issue more than any other.  Unfortunately if deleting domain data doesnt work your prolly hosed...sorry.  Keep going through that document and let me know what happens.  BTW you did back up your pki folder when the install asked you to I hope.  If not your not gonna like yourself.

    Also make sure all the intel services are alert handler, intel alert originator, intel PDS, intel file transfer also make sure the System Center Discover service is started oh and also the Defwatch service...sometimes restarting all of these.

    Intel PDS
    Intel File Transfer
    Intel Alert Originator
    Intel Alert Handler
    Symantec AntiVirus
    Symantec System Center Discovery Service

    The only issue SMSMSE can have with SAV is if you failed to set exclusions correctly dont let SAV10 scan the exchange stuff or the SMSMSE stuff. Check the following KB

    I hope this turns out for the better.
    LVL 4

    Expert Comment

    a couple more things I thought of...

    You may need to set exclusions for SAV running on a DC see the following KB:

    Secondly if you are trying to access the System Center through a terminal session that could be bad news.  This is the most common cause for most problems that an admin faces when trying to use SAV corporate edition.  You get big problems when trying to access the System console through a terminal session or anything using terminal services.  If you are doing this you could be compounding your problem.

    Have a quick look at these KB's for some more info:
    LVL 3

    Author Comment


    I'd love to set exclusions...but I can't open the console =) ! I'll get with the powers that be at this company and try to schedule some downtown...but they're weary of such things..they think they know everything...they don't understand fixing problems is a troubleshooting process...and not always cut and dry
    LVL 3

    Author Comment

    Could I install teh SAV console on my local desktop and try to manage the server group from there?
    LVL 3

    Author Comment

    Ok...some more issues.

    I did not do the install of this product. So there are no backup .pki files.

    They didn't register their product and I can't find their license, is there anyway to extract this? Incase I have to reinstall.
    There is no Symantec License View because I believe this is a volume license.

    I wasn't aware that I shouldn't use RDP to open the SAV Console. Infact, how is anyone expected to remotely manage a server?
    Are we screwed?
    LVL 4

    Expert Comment

    Yes System center may be installed on any workstation in your environment.  Just make sure the SSC version you use matches the version of primary server.

    Pki folder is located on the primary server in \\program files\symantec antivirus you should see the pki folder there might wanna burn that to a cd or sompthing.

    Your correct you would not need to register or license this product if you do not see the License View because it is a volume license.

    RDP to remotely manage...yeah I agree with you its total BS Symantec needs to pick up the pace this is an absolutely necessary feature that was not included but they give you a System Center that runs in an mmc snap in to lead you astray...there is a way but it involves a little GPO hack...It has to do with having session 0 and when you use RDP you never get session 0.  The only way to get session 0 is to be physically at the box.  The following documents will show you how to shadow session 0...before you do this please be aware that you are allowing complete (real admin) access to your server via an RDP connection.  This could be a security risk!  I just had to add this I'm sure you already know but just incase I wanna make sure you know the implications.  Okay I'm getting off my soap box now... you will find the MS KB's useful if you decide you wanna go this route;en-us;278845;en-us;292190

    I nearly got canned for showing this to Symantec customers...I should get 10,000 points just for posting this

    best of luck Tom!
    LVL 3

    Author Comment

    SymShady!! thanks for all of your help you should get a million points because I've learned even more about this product. Just as I was getting the feel for this product, the company I work for decides to start selling Trend C/S/M SMB 3.0. So go figure.

     The registry edit sugggested in the common KB article did the trick.

    I knew about MSTSC /Console ..I've had to use it to get on servers where users refuse to log off properly, but I never knew using SSC over RDP was causing trouble.

    Just a couple more questions,

    We have different servers here, the SAV Server is the Domain Controller. Then, we have a SQL server and an Exchange server, I knew about creating exclusions for those but never thought about Domain Controllers. I'd like to verify I'm creating exclusions for these servers the correct way.

    I created a group called "Exch" (which more or less looks like a folder) some time ago. Then added the Exchange server to that Group. Unchecked "Inherit Settings from Server Group" and created exclusions for Auto-Protect and Schedule scans. I have a screen shot example here. (I've done the same for the SQL Server) .

    Is it normal that the Exchange Server also show up in the orginal server view?? like this screen shot here (DONALD is the Exchange Server)

    and last but not least, since this is possibly a Volume License. How will I be able to tell when the license has expired since there is no License View in the SCC??

    many many thanks!!
    LVL 4

    Accepted Solution

    I apologize for the delay...

    Thanks for the screen shots sometimes that makes it easier understand the big picture.  Yes you are doing your exclusions correctly.  Isolating your servers that require exclusions in groups is the best practice.  This keeps the settings from inadvertantly being overwritten. Also good that you unchecked "Inherit Settings from Server Group" remember that anytime you run a manual scan you will need to set these exclusions in the manual scan before you run it...just a reminder.  You will still see the servers listed under your primary still but you will notice that in the groups column the group the machine is in is listed.  They will show up in both places.  This is normal.

    Open the local antivirus interface on any client or server and click help and about and you will see an expiration date.  If you do not see one then Liveupdate will run forever.  This is a pretty common licensing scheme with the corporate products...less hassle.  Corporate environments really don't want to deal with popups on all of there clients that say "license expired"  Anyway that should give you an answer as to when your license expires if it does at all.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    where to download ransomware samples 1 1,322
    How does ESET Anti-Virus rate? 5 80
    dma locker 3 query 7 61
    Videos Blocked on 7 44
    Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
    I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now