spacer
Support - Platinum Support
tab end BCS Web Site divider MySupport divider Log Out navbar end
navbar end home symantec alerting service security center knowledge base navbar end
spacer
BCS Knowledge Base

spacer
spacer

Rate This Document
1x3 spacer
1x1 spacer

print this documentDocument ID:2005050916281848
Last Modified:01/18/2007

Symantec AntiVirus server shows "Disabled" in Symantec System Center after migration

Situation:You migrate a Symantec AntiVirus server from a previous version to Symantec AntiVirus 10.x. After restarting the computer, you open Symantec System Center and unlock the server group. You may see the blue primary server symbol for several seconds, but then the icon changes to a Down icon (a red circle with an arrow pointing down).

Solution:There are several conditions that may cause this problem. To fix the problem, try each of the following procedures:
  • Check for Event ID 1000 in the Windows Event Viewer - Application Log
  • Make sure that migration tasks were performed in the correct order
  • Make sure that system times are synchronized
  • Make sure that you are not installing through a Terminal session
  • Make sure that Symantec processes are running
  • Fix problems with Symantec System Center information
  • Lock and unlock the server group
  • Rebuild the PKI information



Note: If you did not restart the server after installing or migrating to Symantec AntiVirus 10.x, be sure to do so before continuing troubleshooting. This problem can be caused by failing to restart after installation.



Check for Event ID 1000 in the Windows Event Viewer - Application Log
In the Application Log, look for an Event ID 1000 entry with the description "Faulting application Rtvscan.exe, version 10.0.0.359, faulting module ScsComms.dll." If the entry appears, follow the directions in the following document:
Message: "Event ID 1000: Faulting application Rtvscan.exe...faulting module ScsComms.dll..." appears in the Windows Event Viewer.


Make sure that migration tasks were performed in the correct order
Because of the new security structure of Symantec AntiVirus 10.x, it is very important to follow the implementation guide to perform a successful migration. If you are unsure if the implementation guide was followed, read the following document to find migration instructions:
Installation and configuration documents for Symantec Client Security 3.0 and Symantec AntiVirus 10.0.


Make sure that system times are synchronized
If the Symantec System Center and Symantec AntiVirus server are on different computers, the two system clocks must be set fewer than 24 hours apart. Check the time on your Symantec System Center and Symantec AntiVirus server computers to confirm that this is the case. If the times are not within 24 hours of each other, you will need to adjust the time setting in Windows appropriately.


Make sure that you are not installing through a Terminal session
Be sure you are not installing the Symantec software through a Terminal session. Installing through a Terminal session can cause issues with the creation of the PKI security structure.


Make sure that Symantec processes are running
In some cases, certain Symantec processes may not be running. If they are not running, there is a problem with the installation.

To confirm that Symantec processes are running
  1. Press Ctr+Alt+Delete, and click Task Manager.
  2. On the Processes tab, confirm that Rtvscan.exe and Pds.exe appear in the Image Name column.
  3. Close Task Manager.

If the processes do not appear, uninstall and reinstall Symantec AntiVirus.


Fix problems with Symantec System Center information
Symantec System Center may have incorrect information about the server. Moving the server to a new server group or clearing the address cache can fix this type of problem.

To move the server to a new server group
  1. Start the Symantec System Center.
  2. Right-click System Hierarchy, and then click New Server Group.
  3. Enter the information that is requested, and then click OK.
  4. Drag the server to the new server group.
  5. Right-click the server, and then click Make Server a Primary Server.

To clear the address cache
  1. Start the Symantec System Center.
  2. On the Tools menu, click Discovery Service.
  3. Click the Clear Cache Now.
  4. Unlock the server group.


Lock and unlock your server group
If you have selected the options to "Remember this user name and password for me" and "Automatically unlock this Server Group when I start the Symantec System Center," clearing the Symantec System Center cache may not be sufficient. If this is the case try locking and then unlocking the problem server group.


Force the re-creation of the PKI information
If the problem persists, delete the DomainData registry key on the primary server and then restart the primary server. If the problem is not fixed, you may need to remove Symantec AntiVirus and certain components. This removal forces the PKI information to be re-created in the registry


WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry keys that are specified.
For instructions, see How to back up the Windows registry.


To delete the DomainData registry key on the primary server
  1. In the Registry Editor, delete the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\DomainData

  2. Restart the Symantec AntiVirus service on the primary server.
  3. After the Symantec AntiVirus service starts, start Symantec System Center.
  4. Right-click the primary server and then click Make Server a Primary Server.
  5. In Symantec System Center, click Tools > Discovery Service.
  6. On the General tab, click Clear Cache Now, and then click Close.
  7. Check again to see whether the PKI structure is correct.

To force the PKI information to be re-created
  1. Uninstall Symantec AntiVirus.
  2. Uninstall the Symantec System Center.
  3. Delete the Pki folder.
  4. In the Windows Registry Editor, delete the following key:

    HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\DomainData

  5. Install Symantec AntiVirus again
  6. Restart the computer.
  7. Install Symantec System Center again.
  8. Restart the computer.
  9. Check again to see whether the PKI structure is correct.

To restore managed client communication
  1. On the managed client, stop the Symantec AntiVirus service.
  2. Delete all certificates in the pki\roots folder in the client's Symantec AntiVirus program folder.
    The following is the default path into the Symantec AntiVirus program folder:

    <OS Drive>\Program Files\Symantec Client Security\Symantec AntiVirus

  3. On the Windows taskbar, click Start > Run.
  4. In the Open box, type the following text, where <server name> is the name of the Symantec AntiVirus server:

    \\<server name>\vphome

  5. Click OK.
  6. Copy the Grc.dat file from the vphome folder into the following folder:

    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\

  7. Copy the xxx.x.servergroupca.cer file from the vphome\pki\roots folder to the \pki\roots folder on the client.
    The following is the default location of the \pki\roots folder on the client:

    \Program Files\Symantec Client Security\Symantec AntiVirus\pki\roots\

  8. Start the Symantec AntiVirus service on the client.

If these steps do not resolve the problem, uninstall the Symantec AntiVirus server as well as the Symantec System Center and install them again.

print this documentDocument ID:2005050916281848
Last Modified:01/18/2007


rate this document
Does this document answer your question?
Yes
No
Maybe, need to test
None of the above
Is this document well written and easy to use?
Submit specific suggestions to improve the quality of this document.


Product(s): Symantec AntiVirus Corporate Edition 10.0, Symantec Client Security 3.0, Symantec AntiVirus 10.1, Symantec Client Security 3.1
Operating Systems(s): Windows 2000, Windows XP Professional Edition, Windows Server 2003 32-bit Edition
Date Created: 05/09/2005

  © 1995-2014 Symantec Corporation. All rights reserved. feedback | legal notices | privacy policy