Jump to content
Welcome to our new Citrix community!
  • 1

Symantec Endpoint Help - OS Layer vs Platform/App Layer


David McCoy

Question

Hello, I'm attempting to get Symantec Endpoint Protection Client 14.0.1  installed as an App Layer (on Windows 10) and am running in to some difficulty... Hoping to get some insight..

 

If I install the SEP client in an App layer or a Platform layer, the Symantec services fail to start properly after the first reboot of the packaging vm. Before the reboot, the Symantec Client works properly as expected, but after the reboot services fail to start and I can't find any indication as to why.

 

If I install the client in a new version of my OS layer, it works properly as expected even after a reboot. Using a new version of my platform layer or a brand new platform layer w/ no other changes yields the same results as above.

 

What is different about a new/clean App Layer/Platform layer vs a new OS layer version that would prevent Symantec services from running properly? I have been fighting this problem for many days now and there are no helpful logs or events.. There is simply something different about the App layer from an OS layer the SEP client doesn't like but I can't figure it out.. 

 

Please help! Thanks!

Link to comment

19 answers to this question

Recommended Posts

  • 1

Ok great, it worked :)

 

Here are the registry keys:

    - HKLM\System\CurrentControlSet\Services\BHDrvx64\Start from 1 to 2
    - HKLM\System\CurrentControlSet\Services\ccSettings_{string of #'s}\Start from 1 to 2
    - HKLM\System\CurrentControlSet\Services\SymIRON\Start from 1 to 2
    - HKLM\System\CurrentControlSet\Services\SYMNETS\Start from 1 to 2

 

fyi, here is the correct list of Start options for registry services per https://technet.microsoft.com/en-us/library/cc959920.aspx

0 - Boot (loaded by kernel loader). Components of the driver stack for the boot (startup) volume must be loaded by the kernel loader.

1 - System (loaded by I/O subsystem). Specifies that the driver is loaded at kernel initialization.

2 - Automatic (loaded by Service Control Manager). Specifies that the service is loaded or started automatically.

3 - Manual. Specifies that the service does not start until the user starts it manually, such as by using Device Manager.

4 - Disabled. Specifies that the service should not be started.

The default values for the above Symantec services are all set to 1. Per the KB after you change them all to 2, you need to reboot and then change them back to 1. What it doesn't tell you is that after going back to 1, the services will fail to star again in your packaging VM. I was a bit concerned about this, but proceeded to finalize and deploy anyway, and sure enough the services all work fine in the deployed layer. Also, you'll need to disable Tamper Protection in Symantec to modify the registry keys.

 

Please consider updating your KB you referenced and also your Symantec section in the Anti Virus deployment guide (https://docs.citrix.com/en-us/citrix-app-layering/4/deploy-anti-virus-software.html)  with these useful and required steps to save headaches in the future!

 

Thank you!

  • Like 1
Link to comment
  • 0

The difference is that, in an OS layer, we don't run our filter drivers at all.  You're just editing the base disk itself.  In App and Platform layers, our filter is running and handling changes.

 

We don't really know what's going on, but when we've seen this before, we have (with Symantec's blessing) told people to set the service types from 0 (System) to 1 (Automatic), and it starts OK.  Unfortunately, we only have this documented for 12.1.6: https://support.citrix.com/article/CTX221738. So I don't know the equivalent service names for 14.0.

Link to comment
  • 0
1 hour ago, Gunther Anderson said:

The difference is that, in an OS layer, we don't run our filter drivers at all.  You're just editing the base disk itself.  In App and Platform layers, our filter is running and handling changes.

 

We don't really know what's going on, but when we've seen this before, we have (with Symantec's blessing) told people to set the service types from 0 (System) to 1 (Automatic), and it starts OK.  Unfortunately, we only have this documented for 12.1.6: https://support.citrix.com/article/CTX221738. So I don't know the equivalent service names for 14.0.

 

Thanks for the insight, unfortunately after Windows 8, MS removed the "Non Plug and Play Drivers" from device manager.. So we'll need to find an alternate way to change those settings.. https://docs.microsoft.com/en-us/windows-hardware/drivers/install/viewing-hidden-devices.

 

Note Starting with Windows 8 and Windows Server 2012, the Plug-and-Play Manager no longer creates device representations for non-PnP (legacy) devices. Thus there are no such devices to view in the Device Manager.

 

Any ideas? Thanks!

Link to comment
  • 0
On 11/5/2019 at 3:07 AM, Vannurswamy Kuruba1709160408 said:

Hi,

 

I have installed SEP 14.2 in app layer and after reboot, SEP is not working

So, After I have changed the registries to value 2 and reboot I'm able to see SEP. But after registry changes back to 1, I'm not able to shutdown for finalize. Again it is showing reboot pending.

Any suggestions please

 

 

After I install SEP 14.2 in an app layer and after a reboot, I am getting "Failed to Verify Signature" error when launching SEP.

Link to comment
  • 0
On 5/29/2020 at 10:32 AM, Karthik Raja Elangovan said:

Hi All, 

 

We have got a fix for this issue now, please let me know the case numbers that you have so that I can be of assistance. 

We should soon be able to push this fix to the upcoming App Layering versions. 

 

Regards,

Karthik Raja Elangovan

Lead Escalation Engineer (Citrix Technical Support)

 

Hello,

 

I'm also experiencing this issue, I don't have a case currently, but could you please provide me with the solution for this issue?

 

Br,

Michael Rosengren

Link to comment
  • 0

Dear Michael, 

 

Good day mate. 

This is still a private fix/batch which has not rolled into a GA. 

Hence it would be great if you could create a Service Request and mention on the description of the case to route it directly to me for this issue. 

We are looking at making it GA in the next release of App Layering and it will get into the golden image tool part of it. 

 

 

Regards,

Karthik 

Link to comment
  • 0
On 3/30/2018 at 2:42 PM, David McCoy said:

Ok great, it worked :)

 

Here are the registry keys:

    - HKLM\System\CurrentControlSet\Services\BHDrvx64\Start from 1 to 2
    - HKLM\System\CurrentControlSet\Services\ccSettings_{string of #'s}\Start from 1 to 2
    - HKLM\System\CurrentControlSet\Services\SymIRON\Start from 1 to 2
    - HKLM\System\CurrentControlSet\Services\SYMNETS\Start from 1 to 2

 

fyi, here is the correct list of Start options for registry services per https://technet.microsoft.com/en-us/library/cc959920.aspx


0 - Boot (loaded by kernel loader). Components of the driver stack for the boot (startup) volume must be loaded by the kernel loader.

1 - System (loaded by I/O subsystem). Specifies that the driver is loaded at kernel initialization.

2 - Automatic (loaded by Service Control Manager). Specifies that the service is loaded or started automatically.

3 - Manual. Specifies that the service does not start until the user starts it manually, such as by using Device Manager.

4 - Disabled. Specifies that the service should not be started.

The default values for the above Symantec services are all set to 1. Per the KB after you change them all to 2, you need to reboot and then change them back to 1. What it doesn't tell you is that after going back to 1, the services will fail to star again in your packaging VM. I was a bit concerned about this, but proceeded to finalize and deploy anyway, and sure enough the services all work fine in the deployed layer. Also, you'll need to disable Tamper Protection in Symantec to modify the registry keys.

 

Please consider updating your KB you referenced and also your Symantec section in the Anti Virus deployment guide (https://docs.citrix.com/en-us/citrix-app-layering/4/deploy-anti-virus-software.html)  with these useful and required steps to save headaches in the future!

 

Thank you!

 

The registry entries, noted above, do NOT need to be altered, when creating the app layer. This may have worked at one point, but may in fact be part of the reason for the installation failure(s)

 

In addition, a fix for CTX273416, has been created. The fix will be in our gold image tools, as part of our next release, 20.5(2005).  Please open a case should you need the fix, before our next release.

Link to comment
  • 0
On 6/5/2020 at 7:36 AM, Karthik Raja Elangovan said:

Got the case Michael. 

I will send a detailed e-mail shortly to you and henrik.lundh@cygate.se with the details. 

Thank you. 

I am having the exact same issue with SEP 14.3 on App Layering 2003.  I just opened case 79875350, if you could send me the private fix details I am ready to test immediately.

 

Thanks!

Darrin DiNapoli (ddinapoli@fnni.com)

Link to comment
  • 0
On 7/17/2020 at 1:11 PM, Darrin DiNapoli said:

I am having the exact same issue with SEP 14.3 on App Layering 2003.  I just opened case 79875350, if you could send me the private fix details I am ready to test immediately.

 

Thanks!

Darrin DiNapoli (ddinapoli@fnni.com)

 

All you should need to do is upgrade to our latest release, 20.5(2005), download the gold image tools, apply those in a version of your OS layer, create the layer, follow the steps in CTX273416, finalize, publish and test. See my comments, part of it posted below, in my post before yours.

"In addition, a fix for CTX273416, has been created. The fix will be in our gold image tools, as part of our next release, 20.5(2005).  Please open a case should you need the fix, before our next release."

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...