cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 4

System Lockup after Restart

We're having an issue on some of our servers which are running SQL and have HIPS (Version 8 Patch 11) installed. Sometimes after the system performs an overnight reboot, the system will get locked up 20-40 minutes after booting into Windows. By locked up, I mean that we are unable to access it remotely, and after pressing CAD on the console, it only shows a blank screen (login box never comes up).

From what we can see in logs, HIPS starts normally and begins logging (we aren't doing any active blocking via policies). At a certain point, SQL stops responding and the HipShield log shows the warning: "0x4, #### User mode returns error code 0xc000013f for sid lookup". We see this error pretty continuously until someone arrives on-site and is able to perform a hard reset. Sometimes the server will come back up and behave normally on that next reboot, other times it may take up to 6 reboot cycles.

That is also leading to more of our frustration in that this problem is not occurring on every system configured in this manner (maybe ~20%). This issue is happening on both Server 2008 R2\SQL 2008 R2 and Server 2012 R2\SQL 2014 SP2. If we disable HIPS, the problem goes away. If we set the HIPS services to Automatic (Delayed), the problem goes away (at least on the 2012 R2 systems) but these aren't solutions we can stick with.

Has anyone else run across a similar issue or have any insight?

3 Replies

Re: System Lockup after Restart

@Former Member 

I would recommend to raise a ticket with McAfee for investigation. As it definitely require logs for analysis, so in order to resolve this at a faster pace, please talk to McAfee.

Venu
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: System Lockup after Restart

Hi vnaidu,

We've engaged McAfee on this issue in the past, but that's been less than fruitful  (in that McAfee is telling us that our version of SQL isn't supported).  Really we're in a bit of a catch-22 in that we have to keep SQL up-to-date, but McAfee doesn't officially support the CU's.  We can't afford to keep our SQL server installs unpatched for 2-3 years.  We've been trying to do our own work to pin down the cause, and the sid lookup error seems like it could be at the heart of it, but we haven't had any luck.

Re: System Lockup after Restart

@Former Member Then you may replace your current AV and HIPS with ENS. ENS provides you with the same benifits as HIPS and AV does and in fact, it is more secured than your current configuration. Apparently you can resolve your current issue and also move to the latest ENS. This is just my opinion.

Venu
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community