Kaseya Community

AVG 8.5 locking up Windows 2003 Servers

  • Not sure if anyone else is experiencing this but I have had 4 clients in the last 48 hours have servers acting as domain controllers locking up on a consistent basis. After opening a ticket with Dell Gold Tech support and Microsoft we were able to determine based on a memory dump file that AVG appeared to be the culprit. Having uninstalled AVG on all 4 clients servers the lock up issues appear to be resolved.

    Client A - 5 servers (all W2K3 servers) locking up including DC, BCDC, and Exchange. Lots of DNS and AD errors. Had to rebuild DHCP scope. Servers were locking up at night and unresponsive. No BSOD, hard power down was only way to bring server back online. Lock ups have been gone for last 3 days since we uninstalled AVG on all servers (a total of a bout 5).

    Client B - Their NAS server which also runs DNS was randomly locking up at night and only way to get it back online was a hard reboot. No BSOD on this system either. Server has been fine since uninstalling AVG. No more random lock ups at night.

    Client C - W2K3 server acting as the domain controller, DNS and Exchange locking up. Requires hard reboot. Lots of AD and DNS errors on this server as well. Uninstalled AVG this morning. TBD if this fixes it.

    Client D - W2K3 server acting as the domain controller, DNS and Exchange locking up. This server also runs a SQL medical application but was not generating any errors for that particular software. Had client reboot the server last night and it was okay after reboot. This morning it was locked up again with lots of flaky issues with AD and DNS. Uninstalled AVG this morning. TBD if this fixes it.

    I have opened a ticket with Kaseya Support who then opened a ticket with AVG. Basically they want me to create a bunch of memory dump files and get clients servers to BSOD some more so they can fix their issue. Which I refuse to do and risk losing a paying client. See below:

    Date: 06:07:34 17-Jun-09
    Eric,
    here is he response from AVG. they request another dump and have some additional questions:

    Dear Sir/Madam,

    Thank you for your e-mail.

    We analyzed dump files you sent us, but unfortunately we did not find that the issue is caused by AVG.

    According to dump files, the issue is caused by following driver:
    kbdhid.sys

    However, to be sure that the issue is not caused by AVG, we would like to ask you to provide us with additional information:

    1) What does exactly happen, when you install AVG on server? Do you see BSOD (blue screen of death), or does the server freeze, etc.?

    2) Because dump files you provided us were not complete, please create new full memory dump as follows:
    Please right-click on the "My computer" icon (it is placed on your
    desktop) and choose the "Properties" option. Choose the "Advanced" tab and click on the "Settings" button in the "Startup and recovery" part.
    Please uncheck (tick-off) the "Automatically restart" option and change the value in "Write debugging information" to "Complete memory dump". Save these settings.
    It will deny automatic system reboot after the BSOD (blue screen of
    death) and creates a Complete memory dump file (%SystemRoot%\memory.dmp - %SystemRoot% is the Windows system directory).

    Please pack newly created dump files into archive and upload it to our FTP server, as described in the FAQ section of our website:
    http://www.avg.com/faq?num=1224

    Please inform us about the filename when uploaded.

    ***instead of uploading to the ftp site above, you might want to create another download location for
    ---------------------------------------------------------
    Author: ernie.dolan
    Date: 06:07:34 17-Jun-09
    the new files like you did with the previous ms dumps i.e.
    http://www.netsource-one.com/MEMORY061009.zip

    3) Please send us the system export from your computer using the following steps:

    - Click on the "Start" button.
    - Choose the "Run" option.
    - Please type the "msinfo32" (without quotes) command to the command line and confirm by clicking on the "OK" button (or press Enter).
    - After the tool is launched, please choose the "File" menu and the "Save..." option.
    - Choose a name and send us the file for analysis.

    *** send the above files to me at ernie.dolan@kaseya.com

    We will analyze these files and let you know the result as soon as possible.

    Thank you for your cooperation. It is appreciated.


    Legacy Forum Name: AVG 8.5 locking up Windows 2003 Servers,
    Legacy Posted By Username: eric_richards
  • Hi Eric,

    I had the same problem on one w2k3 server (SBS2003 r2). I've worked on this issue with k-support but after 2 weeks of inresponsive server the customer asked us to reinstall McAfee VSE8.7 + Groupshield. Removing KES directly solved the problem on this server.

    We've done multiple installation's with/without email scanner and other options. Unfortunately nothing worked.

    We have KES running on several other w2k3 and w2k8 servers without any problem.

    Hope you figure it out before you get in trouble with the client !! goodluck !!

    Best regards,
    Hans

    Legacy Forum Name: KES,
    Legacy Posted By Username: Hans den Boer
  • This doesn't help either of you, but I will mention that we just went through a nightmare scenerio with a client and the Symantec Endpoint Protection software (SEP) v11 software on an SBS2008 server for a client. It kept locking up their server every afternoon. Aftering trying 5 or 6 other things, we uninstalled SEP. The problem immediately went away and the server was fine for 6 weeks. We re-installed SEP, and the problem returned the very next day.

    We have SEP on about 150 servers and about 1800 desktops/laptops. About 10 of those servers running SBS2008 - all DELL PowerEdge 2900 servers, all the same SEP software, Backup Exec software, APC software, etc. All installed and configured the same way, per our company checklists.

    We could not figure out what was causing the problem, what was different in this case. We have since uninstalled SEP and installed AVG/KES. That server has been running fine for a week now.

    So, it seems that all antivirus software programs can sometimes cause unexplained issues, when it works fine elsewhere.

    One thing is for sure, each of them is a nightmare to work on when it happens.

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf
  • We have also been dealing with a similar issue on a few servers. One is straight 2003 and the other ones are SBS 2003. Our lockups mainly occurred during high load times such as during backups. Removing AVG or disabling Resident Shield also stopped the lockups completely. One of my techs has had a ticket open with Kaseya for at least a couple months on this issue now, and the last time I checked we hadn't made any progress with them and AVG. So unfortunately I don't have much to contribute except to let you know you aren't the only one seeing this issue.

    Legacy Forum Name: KES,
    Legacy Posted By Username: kcears
  • yikes!

    On the server issues, please log a ticket and direct it to me or Andrew.Ellis so we can get it resolved ASAP.

    jeff.keyes@kaseya.com

    Legacy Forum Name: KES,
    Legacy Posted By Username: Jeff.Keyes
  • Probably a bit late for this, I imagine you've figured this out already but maybe it will help someone. We inheritted a new client (Server 2008, similar hardware/software) because they were having the exact same issues. Updating to SEP, MR4 MP2 (11.0.4202.75) seems to have fixed the issue for them.

    lwolf
    This doesn't help either of you, but I will mention that we just went through a nightmare scenerio with a client and the Symantec Endpoint Protection software (SEP) v11 software on an SBS2008 server for a client. It kept locking up their server every afternoon. Aftering trying 5 or 6 other things, we uninstalled SEP. The problem immediately went away and the server was fine for 6 weeks. We re-installed SEP, and the problem returned the very next day.

    We have SEP on about 150 servers and about 1800 desktops/laptops. About 10 of those servers running SBS2008 - all DELL PowerEdge 2900 servers, all the same SEP software, Backup Exec software, APC software, etc. All installed and configured the same way, per our company checklists.

    We could not figure out what was causing the problem, what was different in this case. We have since uninstalled SEP and installed AVG/KES. That server has been running fine for a week now.

    So, it seems that all antivirus software programs can sometimes cause unexplained issues, when it works fine elsewhere.

    One thing is for sure, each of them is a nightmare to work on when it happens.

    Lloyd


    Legacy Forum Name: KES,
    Legacy Posted By Username: WingSwept Support
  • WingSwept Support
    Updating to SEP, MR4 MP2 (11.0.4202.75) seems to have fixed the issue for them.


    Thanks for sharing.

    We were running SEP 11, MR4 - no MP applied. Symantec Support did tell us that problem has been fixed in MP2, but we also found text in the release notes for the base MR4, as well as MP1 for MR4 that said the problem was fixed then too. So we did not trust them that it was fixed with MP2. .

    We took the opportunity to switch to KES, and have not had any problems since then. Yeah !!

    Lloyd

    Legacy Forum Name: KES,
    Legacy Posted By Username: lwolf
  • I have always had rough experiences with non-management AV software on a Server. There are other ways to minimize your surface area, but it has to be layered. Then you gain response and less complexity.

    Legacy Forum Name: KES,
    Legacy Posted By Username: MerlinConsulting