Hi. We have a strange situation. For first, configuration:
HP Proliant DL 360 G5
Windows Server 2008 SP2
VSE870P1 Engine 5301
All working good and any problem we have not.
Then we deside update McAfee software to Patch2 and problems is begin.
Windows 2008 SP2 servers start to Unexpected not responding.
System Log is clear, Application Log is clear but server not responding by IP and we nothing can do until hard reset system using HP ILO.
I think, that reason (may be) in Patch 2 with Engine 5301. May be we need update a engine to version 5400 to. Plaese, tell something about this problems? Someone have some problems like we are?
P.S. After a successful reboot the server the problem could be repeated two days later on the third.Message was edited by: rbvadim on 11/16/09 1:43 AM
Please can you disable the McAfee TDI Driver and confirm if the issue re-appears.
To disable the McAfee TDI Driver, please do the following:
Does the issue still re-appear after 2-3 days?
Please let me know.
Ok. I`ll try, Thanks.
I understand it correctly, we are talking about KB50477: https://kc.mcafee.com/corporate/index?page=content&id=KB50477Message was edited by: rbvadim on 11/16/09 4:09 AM
FYI, with VSE 8.7i if you want to test disabling of the McAfee TDI filter driver, you must rename the file \system32\drivers\mfetdik.sys and reboot.
The article referred to is for VSE 8.0i, a much older product and very different driver architecture.
If disabling the mfetdik.sys driver has prevented the unresponsive symptom from occurring, it is recommended to ensure you have the latest drivers available for Windows 2008.
There are a number of updates to the TDX.sys driver (which is what the mfetdik.sys driver interacts with).
Once updated, you should enable the mfetdik.sys driver again and confirm if the issue is resolved.
If it occurs again, obtain a kernel or complete crash dump (not a mini dump) for investigation with McAfee Support.
By having the mfetidk.sys driver disabled you lose Port Blocking protection, a feature of Access Protection, and you lose the ability to identify the source IP address of a remote system that is trying to infect you.