Highlighted

Server Goes Offline with Backup Exec 2010 R3

Hi,

 

I have Symantec backup exec 2010 R3 installed on Windows Server 2008 R2 (fully patched) running Exchange 2010. I also have one remote agent installed for backing up a remote fileserver.

About once a day since I installed backup exec, my server becomes completely unresponsive. Note that this is in the middle of the day and does not correlate with my backup window which is at night. I have checked the event logs and nothing special seems to be logged but I can tell you that firstly it seems that the network interface drops. I have managed to log into the server locally after one of these "crashes" and I couldnt run an ipconfig /all because it froze on the "Tunnel adapter Teredo Tunneling Pseudo-Interface" part. Shortly after, everything else started freezing, I couldnt run netstat, disable network cards or even open up services.msc. Even task manager didnt want to open. It took about 5 minutes form logging in for the server to become completely unresponsive.

ANY ideas at this stage would help since I am running without backups at the moment. Thanks.

6 Replies
Highlighted

Hi William,   IF this doesn't

Hi William,

 

IF this doesn't happen during your backup window, you caN rule out BE by disabling and stopping those servers. If it happens again, check the Event Viewer and see if anything is generated with errors originating from BE.

If not, then it is a Windows issue and you'd have to look at fixing the issue with Microsoft, probably along the lines of patching/repairing the OS.

 

Thanks!

Highlighted

Are you running SEP on either

Are you running SEP on either of your servers?  If so, are you just using the anti-virus component?  It is not recommended that you use the SEP firewall on servers.

Highlighted

Recommended Best Practice

I have to disagree--- there will be a perfromance hit, but I would view the use of firewall and IDS as crucial in today's threat landscape.  Here are a couple articles to help admins make their decision:

Best Practices for Installing Symantec Endpoint Protection (SEP) on Windows Servers
Article: TECH92440 | Created: 2009-01-18 | Updated: 2011-08-01 |
Article URL http://www.symantec.com/docs/TECH92440
 

Network backups run slower when Intrusion Prevention System is installed on the backup server.
Article: TECH162663 | Created: 2011-06-18 | Updated: 2011-08-16 |
Article URL http://www.symantec.com/docs/TECH162663

Security Response: Symantec Endpoint Protection – Best Practices
http://www.symantec.com/business/theme.jsp?themeid=stopping_malware&depthpath=0 
 

Specific exclusions can be created to help BE performance, but I definitely recommend using NTP and IDS.

Backup and Restore job rates are slow with Symantec Endpoint Protection (SEP) 12.1 (Amber)
Article: TECH168940   |  Created: 2011-09-06   |  Updated: 2011-09-08   | 
Article URL http://www.symantec.com/docs/TECH168940   

With thanks and best regards,

Mick

Highlighted

I was told by not one but

I was told by not one but many a SEP tech support engineer NOT to install anything other than the SEP anti-virus component on servers.  Maybe you should clarify this with them.  This is one of the first thing they check when I log a case with Symantec.

Highlighted

If you are not using IPV6

Just a thought as it sounds like  a IPV6 issue as it froze on the "Tunnel adapter Teredo Tunneling Pseudo-Interface " which is teh ipv4 to 6 interface (IIRC)

If you are not using IPV6 , turn it off on the remote server (in network connection properties)

and to really turn it off put the following 4 lines in a .reg file and run it on the remote server

 

Windows Registry Editor Version 5.00

REM Disable IPV6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters]
"DisabledComponents"=dword:ffffffff

 

remove the IPV6 DNS entries (assuming you have an AD integrated DNS)

Reboot server and retry

OF COURSE as we are messing with the network card, make sure you have out of band control of the server or someone on site to reverse the change.

 

Highlighted

Not in My Opinion

Thanks for the feedback, PKH!  I have discussed this matter with serior engineers and developers - there will be some performance hit from any security product, but in the latest versions of SEP this is quite small.  The increase in protection far outweighs the cost, in my opinion.  Trying to protect against some of the threats currently in circulation with AV alone is fighting with one arm tied behind your back.  IPS is crucial.  A little prevention is far, far better than trying to receover from a successful breach or infection.

The decision is ultimately up to the admin, but this is my opinion!  I will definitely continue to share it with as many Tech Support engineers as I can. &: ) 

Hope this helps!!