3 Replies Latest reply on Apr 19, 2009 9:19 PM by Dvanmeter

    Safe 513 corruption

      We have been rolling out safeboot 513 to a large number of systems and have been coming across a fair amount of systems having corruption issues. The issues are when syncing a datastore cannot be read message. You can fix by doing an emergency boot one time. This is happening on frshly encrypted systems as well as new built machines with fresh encryption installed. its about 10 percent of new machines and machines brought back after a week or so. Anyone else getting this alot, according to Mcafee tech support this is rare.

      We have now been seeing several machines that fail to encrypt. After installing the fileset and rebooting a memory cannot be read error is generated, and the Safeboot Client Manager service crashed. all brand new machines with fresh installs
        • 1. RE: Safe 513 corruption
          Ok, we figured out the issue for the most part. To many connections. Not because to the amount of PC's but I believe perhaps scanning of the Safeboot ports caused their to be too many connections on the server (Max of 200 by default) and PC's were standing in line qued up for connections. The results caused Laptop corruption errors when syncing (corruption in datastore), Safeboot service on laptops to fail to start with memory read errors, machines dissappearing in the console (fixed by running group scan).

          Once the safeboot service was restarted, all of the following problems disappeared. I made some mods to the server end to not que laptops up in line when a maximum of 200 connections occurred but to just state that the server was busy. I also turned on indexing in safeboot. Between these mods and not scanning 5555 port on the server we have seen no issues since.
          • 2. RE: Safe 513 corruption
            Hi Dvanmeter,

            I believe we're starting to exhibit some corruption issues you describe. Could elaborate on the mods you did?

            • 3. RE: Safe 513 corruption
              Look in the Management guide for indexing on the server. I don't know the exact stuff, but there is a section for increase performance on the server with large number of clients. We did not have near the number it suggested but we turned it on anyways. Also we excluded port 5556 from our vulnerability scanner for the server. I think it might have been causing many open connections on the port and may have been triggering the problem.