After a reasonably painless recent rollout of SEP v11 to our fleet, we’ve come across some issues running it on a Windows 2003 Active-Passive Exchange 2003 cluster. Symptoms: nodes unresponsive, sometimes together, sometimes minutes after the other one – not even blue screened but completely unresponsive, nothing on the console.
Anyway the short of it was that we managed to get a memory dump and learned that system32\drivers\wpsdrvnt.sys had been causing the issues. Doesn’t ring a bell? Well it’s the Sygate Personal Firewall which has now been rolled into Symantec Endpoint Protection, the network threat protection component.
We obviously didn’t want to completely remove AV from our email system if possible, so we modified the installation to only contain the core files plus AV protection (see below)
2 weeks running like this and the problem has not reoccurred.
