Jump to content
Welcome to our new Citrix community!
  • 0

Symantec Endpoint Protection v14.2.5323.2000 Layering Problem


Maithil Patel

Question

We are on XenDesktop 7.15LTSR CU4 and App Layering v20.3.0.12. The OS Layer is using Server 2016.  I'm trying to layer a new version of SEP and running into two issues that I can't find a solution for.   Our old app layer of SEP v14.0.3752.1000 works without any issues. 

 

Issue 1: After installing the new version (v14.2.5...) in a brand new app layer we continually get the message "a reboot is pending to update drivers on the boot disk - please check and reboot the Packaging Machine" when trying to finalize the layer.  This is after literally rebooting the packaging machine 10 times.  I eventually got around this issue by restarting the uniservice Service.

 

Issue 2: After publishing the new SEP layer as part of a PVS image i notice that the CurrentVersion folder under "C:\ProgramData\Symantec\Symantec Endpoint Protection" is missing the NTFS junction point to the v14.2.5323.2000.105.  The junction point is NOT missing when I first install the new version of SEP on the new layer.  The junction point only goes missing when the layer is made part of an image template and the image is published.  The old app layer with v14.0.3752.1000 does NOT having this problem.

 

I have followed the same steps I followed when layering the old version of SEP, using the specific Antivirus/SEP instructions provided by Citrix and other sources.  Has anyone else run into these issues?

JunctionPoint_AppLayer.JPG

MissingJunction_PublishedImage.jpg

Link to comment

5 answers to this question

Recommended Posts

  • 0

Hi Rob,

 

What I have tried is adding a version to the new SEP app layer.  In the new version the NTFS junction is still present leading me to believe that the junction is only lost when compositing a new image.  I'll create a new ticket with support.

 

Do you suspect there is a bug in the compositing engine?  Or do you think it has something to do with the new version of SEP?

Link to comment
  • 0

For the first issue of having to reboot this is because Symantec has changed their behavior.  They now will update the file SymELAM.sys on every single boot of the machine.  This driver is registered in the services with a start value of 0, which means that it will start at boot time.  The code that is blocking the shutdown for finalize will check for changes to files that have a start value of 0 and ask for a reboot out of an abundance of caution.  It must ensure that if that file got updated, then we must make sure that the machine will boot correctly before you try to deploy the layer.  Thus the reason it is asking for the reboot.  Now if Symantec updates the file on every single boot, the code has no clue that it is not supposed to ask for a reboot.

So in this case, you the person doing the install, will have to determine that you have completed the install of Symantec, since the software can't detect it.  Typically the install of Symantec requires two reboots before it is done doing all of the configuration that it wants to do.  So what I recommend is that you do is follow the instructions in Symantec section for anti-virus support (https://docs.citrix.com/en-us/citrix-app-layering/4/layer/layer-antivirus-apps.html#symantec-endpoint-protection).  Do the two reboots after you finish those steps, and then tell the service that you want to bypass the layer check.  This is done by a regedit, and navigating to the HKLM\System\CurrentControlSet\Service\Uniservice and adding a DWORD value called BypassLayerCheck and set it to 1.   This is documented here: https://support.citrix.com/article/CTX222099 in the final section of the file where it talks about getting the reboot requests.  In this case you can do the override because you as the human know that Symantec keeps updating the same file and that the machine is booting correctly with this updated file and thus you can allow the shutdown.

 

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...