Link to home
Start Free TrialLog in
Avatar of AMP_Engineering
AMP_Engineering

asked on

Remote Administration Spontaneously Stopped Working after Symantec Endpoint Protection Installation

I have a new SBS 2003 R2 installation on which I recently installed Symantec Endpoint Protection V11 (my understanding is that this has replaced SAV Enterprise Edition).  After installing the client on the server, my client computers were unable to authenticate on the domain or access any of the server's shares (shared folders and printers).  When I disabled "Network Threat Protection" in the SEP client console, all users were able to log on and use the network resources as normal.  All of this configuration was done while logged into the server through remote administration (what I wrongly refer to as Terminal Services) using mstsc.exe.

About 4 days after installing SEP, I suddenly lost the ability to connect to the server through mstsc and have not been able to figure out why.  

I am thinking that this is related to the SEP installation, but I can't figure out why I would lose remote administration capability when I made no changes to any of the server's settings, SEP or otherwise.

The only time I have had a monitor, keyboard, and mouse hooked up to this server was during the initial configuration and now since my remote administration connectivity is no longer working.

If I can't solve this problem soon I guess I will uninstall SEP (much pain!) and see if that solves it.

Any ideas?
Avatar of NOSIT
NOSIT

Ensure its not blocking port 3389.
you will need to get a keyboard video mouse onto the server. Check that there arnt allready two old sessions running (As SBS will only allow 2 rdp connections)

you could first try mstsc /console which should take over the console session.

That said i would can Symantec regardless, it is shocking. my prefernce is McAfee although i note many good Experts are sp-lit between McAfee and Trend, and i have seen some movement towards AVG Enterprise.
If you dont logg off the two old sessions you can still reconnect to them, unless they were disconected under different usernames, and that would throw an error advising you of the problem.

I agree symantec is shocking, I use trend on all of my clients servers, have used AVG and wasnt a fan, yet to try McAfee.
Avatar of AMP_Engineering

ASKER

There are no existing sessions running on the server, that was one of my first thoughts so I had checked it out right away.

As for verifying that port 3389 isn't being blocked, I tested it out using the following command from a client machine:

c:\telnet serverIP 3389

It attempted to connect but was obviously unable to as there is no telnet server running on this port... I seem to remember that if a port is blocked and you try telneting to it, that the telnet command will just sit there trying to connect.

Is there a better way for me to make sure that this port isn't being blocked?
oh, I also can't start a remote session on the server from the server... this isn't something that I had ever tried until now, so I'm not sure if it is possible even when everything is working properly.
http://www.radmin.com/products/utilities/portscanner.php

Use the port scanner in the link above to test that port from inside the network. Just put the server IP in, unlick the scan range button and click scan, it will bring up a list of open ports.
I am having similar problems.. Symantec adivse that you only install the Antivirus and Antispyware components on a server.
Let us know if that helps you out
OK, I completely uninstalled SEP and the SEP management console from the server, using the How To on Symantec's site, so there is no trace of Symantec on the server now and I still cannot connect to the server remotely using remote desktop connection.

This is really strange.  I would really like to avoid rebuilding this server.
first. make sure that their are no firwalls active on the server. even if they are not then activate and deactivate.

then download "look at lan" see http://www.lookatlan.com/ and run it from a client and look at the server to see what ports are open. ensure that port 3389 is open.
Turns out that my default connection was somehow deleted (not by me!) out of the Terminal Services Configuration console.  After I created a new connection, everything worked fine.  Has anyone ever heard of a connection disappearing like that?

So now I will reinstall SEP and see what happens.
ASKER CERTIFIED SOLUTION
Avatar of Computer101
Computer101
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial