since the default is for FW to be off, I'll assume you've played around with HIPs policies in ePO
disable the FW or whatever you do to get the windows 2000 to be accessible.
set HIPs\General\Client UI troubleshooting tab policy for the test system to enable DEBUG logging for firewall.
do agent wakup to enforce(make sure local system's HIPs console is closed)
now turn the FW back on and reboot and try to login. When it gets hung, note the time. See if you can map to the test system from another system
go to C:\Documents and Settings\All Users\Application Data\McAfee\Host Intrusion Prevention
or you might need to boot to safemode and get the log.
attach here the firesvc.log, let me know the time it hung, and we can try to figure it out together.
also try setting the FW Options to 'learn mode' and see if there is a block prompt telling you what it is.
also attach an exported copy of your FW rules( if you want to). and i can try to reproduce it.
Message was edited by: dvo on 12/1/09 9:05 AM
I can't post the firesvc log up ... mcafee gold support recommended that i do what you stated. I have uploaded the logs in that ticket as they are confidential...so if you could look at that ticket number and get the logs...
Message was edited by: sphorton on 12/1/09 9:37 AM
Not a known issue that I know of...
However, I would have tried a couple things:
1) allow the option for unsupported protocols in the Firewall policy. (KB53191 in McAfee Knowledge Base) I haven't worked a W2K case in a while but the OS could have some funky non-IP traffic that the HIP fw is dropping in the bit bucket because we don;t recognize it. This is most likely the case.
2) run the firewall in adaptive mode to see if any new rules needed to be created.