Endpoint10 hangs windows 2000

Hello Ranjith ,

I'm not aware of a general issue. Windows 2000 is not the latest and greatest and I suspect you won't get many answers here. I suggest you give Support a call. Do you have any logs from before the hang, errors or warnings in the Event Logs?

Christian

Ranjith,

Same problems here. Have send in SDU files but I received an answer that nothing can be found.

On your experience I uninstalled SOPHOS and hope this will solve our problems on W2000.

HI,

Are you able to disable some of the sub-components of SAV to narrow it down?  For example:

Turn off on-access

turn off on-write  (this was a new default for SAV 10 for fresh installs)

        turn off on-rename   (this was a new default for SAV 10 for fresh installs)

turn off on-write

Ensure scan all files is not on

Ensure scan inside archive files is not enabled

Turn off behaviour monitoring

Turn off malicious behaviour

Turn off Web Protection

Turn off web scanning

Stoppping the service: "Sophos Web Intelligence Service "?

Does just stopping the SAVService help?  If it does this would suggest it's not a driver filtering problem.  Anything you can do to restore previous behaviour is good information and will help narrow it down.

Regards,

Jak

We faced a similar issue with a legacy server, which will be replaced.  Most of our Windows 2000 servers are running as virtual machines on Windows 2008 R2 SP1 servers, under Hyper-V.  About 2 months ago, mid May, we began having network issues with a single Windows 2000 server not responding to network requests and receiving NetLogon errors.  The only resolution was to force the VM off and start the VM back up, ie, a hard reboot.  When compared to the other Windows 2000 server still running, the only difference was the backup agent and Sophos ver 10 (the other were running 9.5 or 9.7).  I removed the backup agent, and the issue still remained.  Since this isn't a critical server, we simply did a hard reboot when it was required.

At the end of June, we updated all of our Windows 2000 server to Sophos v10.0.5, as we received a notificatoni that all 9.5 and 9.7 versions would be updated the 2nd week of July.  We had two additional Windows 2000 server that exhibited the exact same behavior.  After a hard restart, so far, the issue hasn't reoccurred.  We have 2 additional Windows 2000 servers that have not exhibited the issue, and the only difference was that they have NetBIOS enabled and pointing as a legacy WINS server.  I changed the networking so they all match, ie NetBIOS enabled and WINS enabled.  So far, no further lockups for almost a week.  

In regards to the above post, here are our current settings on the Windows 2000 servers:

on-access - Enabled, with exclusions

on-write  = off

on-rename = off

scan inside archive files is not enabled

behaviour monitoring = off

Web Protection = Off

Live Protection = Off

Chris

Just to give an update from our Windows 2000 servers.

We had a physical Windows 2000 server (our last remaining one) lockup last night.  Same error as our virtual machines, where the event log states it can not connect to any of the DCs and doesn't allow any Domain logins.  If you try to shut down, it will hang and you have to hard reboot the server.  

The error received was:

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5783
Date: 7/12/2012
Time: 10:03:18 PM
User: N/A
Computer: <Server>
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\<DC> for the domain <Domain> is not responsive. The current RPC call from Netlogon on \\<Server> to \\<DC> has been cancelled.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Based on this thread, we have reverted back to Sophos 9.7.7.  I have on my schedule now to update the OS to Windows 2003, as we haven't had this issue occur with any Windows 2003 servers at this time.  

We were running Sophos 10.0.6 on the 4 servers running Windows 2000.  1 server has been upgraded to Windows 2003 R2, so we'll see if the issue reoccurs with this server.

Chris

Hi all,

We've got exactly the same problem in our business environment.

Currently we're managing about 10 small domains, each consisting of six Windows 2000 servers and one 2003 server.

Since we've updated the Sophos engine to version 10, we've encountered server hangings on a regular basis on the Windows 2000 servers.

The domain controllers seem to encounter this problem more so than the regular member servers.

We've tried disabling the "on-access scanning" and also disabled the "scheduled scans", thusfar without a positive result.

Sadly we haven't found a possible solution for this...

If anyone knows a possible solution, please let me know!

Regards,

BM

Same problem here.

We still have 2 Windows 2000 fileservers on remote offices. They have been unresponsive most of the time since the update to version 10. Only way to fix it temporarily is hard rebooting the server. (RDP/VNC etc. wont connect anymore)

All,

For version 10 Sophos introduced a new way of implementing part of their product.   They have added hooks into the top of the  windows socket and this causes problems in windows 2000 servers and workstations

For this fix you need sporder.exe and the dll which goes with it, you can get it from the MS SDK pack.

Download the sdk pack on to a workstation  (the link is for 2003 but the tool will work on 2000)

http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=6510

You just need two files from the sdk pack so just install MS windows core SDK

Go to the installation directory and search for sporder

copy the two files to you home drive

         sporder.exe

         sporder.dll

run sporder.exe while logged into the w2k server and move the two sophos entries from the top to the bottom

If the server is healthy you don't even need to reboot the server (although a reboot is always recommended)

Sophos confirmed it makes no difference to their product

Works on windows 2000 workstation

Sporder does not install any files

I have not seen any downside to performing these actions

You should be then set for another 10 years of use out of this product !!!

O and as always test it in a non production environment first

Thank you big time for this. After several days of testing, we haven't noticed any server freezing up again.

Kudo's for Carados!

is it possible to attach the 2 needed files for windows 2000?

thanks in advance!