Symantec Endpoint Protection creating Multiple instances on Citrix and Terminal Servers

Welcome Back!!!
We had issue where on Citrix Servers for every user when he opens a Application a instance of Symantec would open eating up lot of Memory on the background, something like this below

Colleague of mine had similar issue and they worked with vendor Symantec Endpoint and they suggested a registry key settings to fix the issue.

Prevent the process from starting by changing the registry value:

1. Click Start, Run and type “regedit” then click OK
2. Browse to the SMC key. In version of SEP older than 12.1 RU5, this is the same
location on 32- or 64-bit systems:
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

In SEP 12.1.5 (12.1 RU5) and newer on 64-bit systems, LaunchSmcGui and most
other SMC keys and values have moved to Wow6432Node:
HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC

3. Find the entry LaunchSmcGui and change it from DWORD 1 to DWORD 0 (add it if it
is not already present)

If you are unable to modify the listed registry keys, you can temporarily disable Tamper
Protection.

More info check this vendor website link

Hope this helps someone!!!

FAN making loud noise on DL 380p G8

Good day All,

Welcome back!!! We have a HP server in remote location which started to make loud noise..even though the Server was stable.

We opened a case with Vendor following troubleshooting steps was done

1. Asked us to update the Firmware drivers and we used June HP SPP
2. Still the same issue, so replace System Board same issue still no luck,
3.Suggested to upgrade to Oct HP SPP still same issue
4. We decided to come with 2 plans , replace again System Board,Fan if still issue then start pulling out the PCI cards each one at a time and test the Fan.

Well guess what after replacing the System Board the issue got fixed, now the big question is we did the same in Step 2 why it didn't fix the issue that time..
Vendor didn't have any answers but our thoughts is that usually System Board sit in warehouse for quite sometime and when then come they come with no update Firmware or drivers or it was not been tested before..

Hope this helps someone!!!!

Robocopy to copy 20 TB of data from NETAPP to Windows 2012R2 File Server cluster

Good day All,

Welcome back!!! one of my friend called me up the other day and he was saying that he needed help on Robocopy and guidance to move 30 TB of data from NETAPP to EMC Storgae,

Well i thought why are not do a blog on my experience and probably it will be helpful for someone.
Even though i was moving the data from NetApp to Windows 2012R2 File Server cluster the process should be the same.
Before i proceed the usually Cut over process and steps, lets dig little bit on what all attributes i used in order to achieve this.. this is my Robocopy.bat file.


ROBOCOPY /e /xj /ZB /r:2 /w:5 /LOG+:"C:\robo\Log.txt" /it /purge /copyall "\\Source IP\Source_Share" "\\Destiantion Server IP\destination_share"

@Echo Copying Complete
Pause


/E :: copy subdirectories, including Empty ones
/XJ :: eXclude Junction points. (normally included by default)
/ZB :: use restartable mode; if access denied use Backup mode
/R:n :: number of Retries on failed copies
/W:n :: Wait time between retries
/LOG+:file :: output status to LOG file
/IT :: Include Tweaked files
/PURGE :: delete dest files/dirs that no longer exist in source

/COPYALL :: COPY ALL file info

Important ones to look at the attribute and you should be aware
1. /ZB  is very important if source files\folders you don't have permission .. basically we telling that if no pemission too just treat as Backup mode and copy over to the destination location
2./PURGE : this one confuses lot of people , remember to make sure destination folders are empty.. if you have data it will be gone.So what this basically doing is replicating Source and Destination folders and anything not in Source will be removed .
3. /COPYALL : i will copy all the files and folders will the permissions in tact.

so this is how we did

1. Requested permission as Administrators on the Netapp filler
2.Work with business to identify how much of data we will move on weekly basis because this is huge data we looking and there is no way you can do 1 time cut-over
So we identified the root share folders and started setting up Robocopy.bat files with above line marked in yellow on the destination folder or any intermediate servers.
3. Now how do we move datacopy, if you have a dedicated link its better to use it.
4. Usually our change weekends starts on Saturday so we set up initial Sync to run over weekend ends before business starts on the Monday.
5. During the week we will do one or more sync so that during the final cut over we will have less data to cut over and less time.We will rename the log file so that it creates a new log file and not append the existing log file that way we don't have check though big log text file for skipped or errors
6. Finally on the day of cut over we  request all the users not to access the shares,do the final sync and do some testing to make sure all permission and everything are intact.

It took about 3-4 weeks to get through all the 20 TB data successfully with Zero loss of data.

Note: Windows 2012R2 File share cluster creation there are lot of articles on the internet if anyone is looking.

Hope this helps someone!!!

WINDBG saved my day one more time!!!!

Good day All,

Sorry its been a very busy couple of Months so started to get sometime so will catch up on couple of topics..

Last couple of days my laptop was acting up and when ever i tried to reboot the Laptop it will through a blue dump.. i thought it was one of thing and when retired again then same error so decided to fix it.

As Laptop was set to configure only Minidump i said to myself lets see if i can find anything in Mini dump if not then will set it for Kernal or Full dump.

Note; if any one wants to know what is difference in Mini,kernal and Full dump kindly google around there are tons of article about it.

So just loaded the windbg and loaded the Mini dump and ran the usual !analyze- v command.

As it couldn't load the Symbol to Module it showing the Module name as ntkrnlmp. If you see the Faulting Module it showing a driver called jpnrna6.

So either you click on that Faulting Module or type lmvm jpnrna6, it will show you more details on the driver.As this is third party driver there was no symbol associated to it was not loading the symbols and correct faulting drivers was not listing in the above !analyze command.

Now that we know the drivers location path, i checked the properties and found that its related to Juniper VPN client.
Searched on the vendor website found a updated drivers, uninstalled the existing VPN client and re-installed it and vola !!! issue got fixed.

So one more reason why little knowledge on windbg will help us do the initial troubleshooting.

Hope this helps someone!!!!