V.3 Enterprise on Server causing network problems

Discussion in 'ESET NOD32 Antivirus' started by arrowsmithmidwest, Aug 5, 2008.

Thread Status:
Not open for further replies.
  1. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    Symptoms:
    If we're lucky it causes the PC to stop responding for 5 minutes before closing the Office application. When possible a restart will then render the PC usable again. Otherwise it will lock up the PC and every other PC connected on the network including the server. Sometimes waiting for a long enough period they can be normally restarted, otherwise hard rebooted.

    If I try to access any shares from the server, it says No Entries listed. Sometimes this is restricted to just the PC the office document was opened on, sometimes it says this for every PC in network.

    Access documents always have a highest crash rate. If the office document is copied to the local PC, it will open fine.

    Server Services:
    DC
    Filesharing
    DNS
    DHCP
    Group Policy
    NOD32 Enterprise V3.0 server
    Print sharing


    Troubleshooting steps so far:- Swapped the switch out.
    - Examined event logs, any errors or warnings logged are only caused from after the crash, not before or the actual crash time.
    - Changing the speed of the network (1GBps network) from Autosense to 100MBps Full Duplex.
    - Bringing an outside notebook with a different copy of Office 2007 on it, still crashes.
    - Replaced any suspicious network cabling.
    - Replaced the NIC in the server with a 100mbps NIC.
    - Disabled I/O acceleration on NIC.
    - Disabled JUMBO frames on NIC.
    - Use the steps in KB927695 to disable Receive Side Scaling (RSS). Also have disabled something else mentioned in a similar article.
    - Also disabled DHCP mediasense in article KB239924.
    - Disabled all non-default GPO's.
    - Copied the shared data drives to a local PC, setup logon script to access the local PC, this has minimised the crashes, but I have been told it has still crashed once or twiceo_O
    - Uninstalled Office 2007 and installed Office 2003 on a machine, this also minimized crashes, but yet again it has crashed once or twice.
    - Examined data that is used/opened when the crashes occur, it can be any one document or a database of hundreds if not thousands. If this same data is taken to another similar network, the problem cannot be replicated.
    - Had other technicians examine the problem over a period of time in case I have missed something.
    - Unplug every PC/device on the network, plugged in my personal notebook again and re-test, problem still exists.
    - Performed further testing with opening documents on the PC mapped network drive instead of the server one. It also crashes when opening documents from a UNC path too, not just a mapped drive.
    - Disabled all NOD services and startup programs on the server, problem did NOT occur. Tested for 1 week OK in this state.
    - Reinstalled NOD on the server using freshly downloaded software. Tested it as still OK.

    However a week later it seems the problem is returning again.
    I have disabled all the services and startup items again on the server to leave for a few more days to just verify the problem does not occur whilst NOD is running on the server.

    Now that I have covered everything, does anyone have any suggestions or come across anything like this?

    Thanks
    Kris
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Kris,
    unfortunately you didn't mention what version of EAV you have installed on the server. If possible, please post the information here (Help -> About)
     
  3. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    Hi Marcos,

    Version 3.0.669.0
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Did you also try a test with the real-time protection disabled? The best would be if we could get a memory dump from the moment when the problem occurs, if you can afford creating it. You can either create a full memory dump per the instructions here or use Userdump.exe to create a dump from ekrn only (a full memory would be better in case the problem occurs outside of ekrn).
     
  5. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    I'll bring you a dump file as soon as possible. thanks.
     
  6. arrowsmithmidwest

    arrowsmithmidwest Registered Member

    Joined:
    May 12, 2004
    Posts:
    165
    Location:
    Midwest
    Just an update, everything has been working ok since posting on here, so i want to give it some more time testing to ensure it definately is NOD32 still causing the problems, if so i will grab the dump file and post it here.

    thanks
     
Thread Status:
Not open for further replies.