Roaming Profiles Problem and slow shutdown

Discussion in 'ESET NOD32 Antivirus' started by Draz, Nov 29, 2007.

Thread Status:
Not open for further replies.
  1. Draz

    Draz Registered Member

    Joined:
    Nov 29, 2007
    Posts:
    5
    I'm using NOD32 v3.0.566 with Vista Ultimate 64bit version and of course the 64 bit version of Nod32.

    I'm getting and issues with my Roaming profile not updating. My server is Small Business Server 2003.

    If I have UAC enabled the profile updates but the client takes 20 mins to logoff. If I turn off UAC the client PC logs off immediately but the roaming profile never updates.

    If I disable the NOD32 services I have no issues with logoff or profiles at all no matter if UAC is on or off.

    I only updated to to version 3 last week. Can anyone offer any suggests / solutions or do I just go back to my older version?


    Draz
     
  2. EvilDave UK

    EvilDave UK Registered Member

    Joined:
    Dec 20, 2005
    Posts:
    275
    Location:
    United Kingdom
    Ha! And I thought my Roaming Profiles had corrupted.

    Same thing happening here, running SBS 2003 SP2, Vista Ultimate and EAV 3.0.566. Before EAV 3 came along, everything was fine.
     
  3. Draz

    Draz Registered Member

    Joined:
    Nov 29, 2007
    Posts:
    5
    No replies on this, other than someone with the same problem.

    So do I raise a customer support request on this or do any of the Nod32 developers actually read this forum?

    Draz
     
  4. robhardma

    robhardma Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    3
    Same problem here with XP SP2 clients and W2K3 servers. Sometimes it takes 20 mins to unload a five meg profile, even though UPHClean is running.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    We will try to replicate it and fix it if it's actually a bug.
     
  6. Stalks

    Stalks Registered Member

    Joined:
    Jan 13, 2008
    Posts:
    28
    Hi there,

    I have been racking my brain over this issue for the past couple of days. I have literally slept 3 hours in that time.

    Technical Overview:

    • nod32, 3.0.621.0
    • Signature, 2818 (20080123)

    • Windows Server 2003 Domain
    • 3x Vista Clients
      • Client1, Vista Business, Desktop
      • Client2, Vista Business, Desktop
      • Client3, Vista Ultimate, Laptop (ASUS X51RL, Core Duo 1.6, 1GB RAM, ATi X1100, 120GB HDD)

    I have roaming profiles for a couple of users, and laptops are in a security group which allows GPO's to enable Offline Files (its disabled for desktops), force slow-connection detection to >120ms, <1024Kbps, change shutdown buttons to Hibernate.

    Client2 and Client3 were installed at the same time with identical software. Basic OS install + drivers, image created, then software installed on each.

    • Office 2007
    • SecureCRT 5
    • FolderSizes 4
    • O&O Defrag 10
    • Foxit PDF Reader 2.2
    • 7-Zip 4.56.

    The laptop has the following extra software,
    • ASUS Wireless Console 2
    • ASUS Power 4 Gear eXtreme
    • Synaptics Pointing Device Driver

    The desktops do not suffer from this issue, but the laptop does. Basically, a logoff will take nearly 5 minutes. Even a freshly created profile for a new user will take over 3 mins to then log off. The profile folder created in the profile share on the server will only be 5mb.

    In troubleshooting, I have watched server activity during logoff and whilst constantly refreshing the "Open Files" section of Computer Management, I can see the laptop is slowly making its way through every file in the users profile.

    I have reinstalled 10+ times, both from the Microsoft disk, and from an image taken after drivers installed.

    Enabling verbose startup/shutdown/logoff/logon status messages via GPO shows the logoff stalling at "Please wait for the User Profile Service". The Event Viewer shows the "Winlogon" source complain about the extended logoff with, "The winlogon notification subscriber <Profiles> took 279 second(s) to handle the notification event (Logoff)".

    The Group Policy operational log is normally quite verbose but unfortunately logs nothing during those 5 minutes. I also created a custom event log view to include all logs, and during those 279 seconds, nothing is logged.

    It didn't occur to me that it would of been nod32 until just now, having run out of all other ideas. Opening the nod32 options window, and disabling nod32 allows for a clean logoff taking no longer than 5 seconds. Logging back in and enabling nod32 again, causes the logoff time to be ~5 mins once again.

    Uninstalling nod32 v3 and installing nod32 v2.7, results in a fully working logoff sequence.

    So for now, I will make do with the laptop using nod32 2.70.39

    Hope this post will be of help to someone.
     
  7. goran_larsson

    goran_larsson Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    51
    Location:
    Stockholm, Sweden
    Hi we have found the same problem with unloading roaming profiles even on the desktops who btw is the only ones having roaming profiles.

    We have a windows 2003 domain with basically only some 300 windows xp clients about 35 % are laptops the rest are desktops.

    it takes 5 to 20 minutes to log off saving a profile on a typically desktop.

    If I uninstall nod32 it takes 15 seconds to logoff/unload.

    All of the desktops are showing some mrxsmb warnings since nod32 3.0.533 is
    Event Type: Warning
    Event Source: MRxSmb
    Event Category: None
    Event ID: 3019
    Date: 2008-01-25
    Time: 21:05:19
    User: N/A
    Computer: 111
    Description:
    The redirector failed to determine the connection type.

    This being just a simple warning should not have any particular impact but it is coincidental that we experience this after installing nod32.

    we also have some of these errors on both desktops and laptops,
    Event Type: Error
    Event Source: EventLog
    Event Category: None
    Event ID: 6004
    Date: 2008-01-25
    Time: 21:04:33
    User: N/A
    Computer: 111
    Description:
    A driver packet received from the I/O subsystem was invalid. The data is the packet.

    This I consider a bit more to take into account, this message has never been show on any of our computers prior to installing nod32, If I follow the link it implies that there should be some kind of problem with the network driver however this is shown on many diffrent computers with many diffren manufacturers of NICs (broadcom/intel etc and I've upgraded all of them with no diffrent result) both desktops and laptops, it seems to increase with heavier network activities but has been know to appear on more or less idle computers.

    Other issue discovered not nessecerily due to nod32 but suspiciuos behavior, one of our branch offices had a windows 2003 domain controller x64, and a few days after installing nod32 3.0.621 it suddenly stopped sharing the netlogon completeley, after a few hours sweating and troubleshooting we uninstalled nod32 (no restart) and instantly the netlogon share was available again. Go figure..

    I've been taking this issue up with the local supplier but sofar eset have not given us or the reseller anything to go on, the reseller have given us an "optimized" settings file which I have applied to some of the desktops and laptops with little or no diffrence.

    Regards Göran
     
  8. Luke Tarver

    Luke Tarver Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    5
    Has there been any progress on this issue at all?

    I'm having the same problem with two Windows Vista Business machines logging off a SBS 2003 server. With EAV it now takes approx 20mins for the machines to log off. Prior to installing EAV it took less than 30 seconds.

    Cheers

    Luke
     
  9. robhardma

    robhardma Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    3
    I'd like to confirm that I also *still* have the same issue. We have one SBS 2003 root DC, and about 20 machine all running XP Pro SP2, all having the same problem as described above.

    I'm contemplating reverting back to 2.7...
     
  10. Luke Tarver

    Luke Tarver Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    5
    I'd say the logoff time is relative to the size of the profile. We've got two XP machines here on the same server and they log off almost instantly. Those machines have very small profiles - the Vista machines have several GB in each profile. It would seem that EAV is making the synch process at logoff incredibly slow. Perhaps it is causing all files to be re-copied to the server with every synch?
     
  11. Stalks

    Stalks Registered Member

    Joined:
    Jan 13, 2008
    Posts:
    28
    Our Vista and WinXP profiles have negligible differences in size. It doesn't matter if we log off with a 40mb profile or a 400mb profile.
     
  12. Luke Tarver

    Luke Tarver Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    5
    If there is no official word on a resolution, I may be forced to downgrade also. I'm a new ESET user - does anyone know if my 3.0 licenses will work with 2.7?

    Cheers

    Luke
     
  13. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
    Hello,

    we replicated this problem. Our developers are fixing it these days.

    @Luke Tarver: your EAV 3.0 license should work with 2.7.
     
  14. Luke Tarver

    Luke Tarver Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    5
    Thanks Mayth, that's great to know (on both counts).
     
  15. EricTheViking

    EricTheViking Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    1
    I have a similar issue with remote users and terminal services - using Nod32 V3 Business Edition AV.

    When a new user logs off for the first time, the logoff hangs and then fails.

    If I go to Nod32 setup -> Advanced Settings and disable Scan on -> File creation under Real-time file system protection settings it all works fine.

    Have raised a support request with Eset :)
     
  16. robhardma

    robhardma Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    3
    I can confirm I still have the issue with 3.0.642 but I can also verify that the workaround quoted by EricTheViking works like a charm! Hopefully the bug will be resolved so that we can re-tick scan on file creation.
     
  17. mkuntic

    mkuntic Registered Member

    Joined:
    Mar 6, 2008
    Posts:
    54
    Issue confirmed, workaround confirmed for Roaming Profiles problem. However, workaround doesn't fix random network disconnects (accompanied by the mrxsmb notification in the Windows event log) and kicking Offline Files-enabled computers into Offline mode.

    Fix this ASAP. NOD32 v3 is unusable in an "offline-enabled" Windows environment.
     
  18. IvG

    IvG Registered Member

    Joined:
    Mar 18, 2008
    Posts:
    2
    Hi, I have the same problem!! (version 3.x)

    When a user with roaming profile logs out it take about 10 min. to logout.
    With my admin account (no roaming profile) the logout is within a few sec. complete.

    With 2.7 is works fine no waiting time when you logout.

    grtz,

    IvG
     
  19. IvG

    IvG Registered Member

    Joined:
    Mar 18, 2008
    Posts:
    2
    I have tried "Nod32 setup -> Advanced Settings and disable Scan on -> File creation under Real-time file system protection "

    And this works fine!! :thumb:

    For the Dutch: F5 (geavanceerde instellingen) - Real-timebeveiliging van bestandssysteem.
    Zet het vinkje uit bij Aanmaak bestand (scannen op).

    greetz,

    IvG
    The Netherlands
     
  20. Stalks

    Stalks Registered Member

    Joined:
    Jan 13, 2008
    Posts:
    28
    4 months later and this issue is still unresolved?

    Does disabling scan on "File creation under Real-time file system protection" open the computer to any security risks?
     
  21. davidqua

    davidqua Registered Member

    Joined:
    Mar 25, 2008
    Posts:
    4
    We had good result changing the configuration:
    Scan Network disk = no
     
  22. P_R

    P_R Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    1
    I can also confirm that shutting of "Networks drive" OR "File creation" solves the problem. That is under version 3.0.642BE.

    Neither of the solutions seems to be optimal securitywise :oops:
     
  23. goran_larsson

    goran_larsson Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    51
    Location:
    Stockholm, Sweden
    So you could then uninstall nod32 since you obviously have less protection.

    /Göran
     
  24. Luke Tarver

    Luke Tarver Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    5
    Any formal resolution of this issue yet? I'm hoping to reinstall on a couple of PCs once this has been solved.

    Thanks

    L
     
  25. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    Your Slow Logging off can be corrected...using a microsoft utility called as
    "User Profile Hive Cheanup" Utility... its basically for Windows Xp but
    microsoft has also verified it for vista.. but it has to run in compatibility mode in vista. as windows xp sp2....... it will solve u;r slow log off issue. in vista x64

    one more thing i observed it in my system....are u using any mobile pc suites. with windows vista x64....... just try this once by uninstalling all pc-suites, and give it a restart.
    its just an arrow in the darkness....and i think it will work,....coz it did to me..
    thanzkz
    keep scrapping
     
Thread Status:
Not open for further replies.