498 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment NOTE If you are using Windows NT, the preceding names will be called “values.” 9. Using regedit, search the entire Registry for the following text strings and delete any and all references to them: ■ VirusProtect6 ■ 86C46C6D5F9F3D11EBAE000ACC725290 10. Go to the following key, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Uninstall, and delete any entries that have the following values: ■ D6C64C68-F9F5-11D3-BEEA-00A0CC272509. 11. Move to locate the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Run. Once there, delete the vptray name (called “Value” in Windows NT). 12. Find and delete the following keys: ■ HKEY_LOCAL_MACHINE\Software\Symantec\Repair value ■ HKEY_LOCAL_MACHINE\Software\Symantec\SourceDir value ■ HKEY_LOCAL_MACHINE\Software\Symantec\TargetDir value ■ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\ CurrentVersion\Installer\UpgradeCodes\96C46C6D5F9F3D11EBA E000ACC725290 key 13. You can then close the Registry editor. 14. Restart your system. If the system is not bootable, use your backup copy of the Registry and your Windows repair disks (or ERD) to restore the original Registry. www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 498 Troubleshooting Your NAVCE 7.6 Environment • Chapter 11 499 Removing NAVCE from the Hard Drive If you wish, you can also remove the following folders if they are present: ■ [drive]\Program Files/NAV (or [drive]/Program Files/NAVNT, for NT systems) ■ [drive]\Program Files\Common Files\Symantec Shared\VirusDefs ■ [drive]:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5 ■ [drive]:\WINNT\Profiles\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5 ■ [drive]:\WINNT\Installer\{D6C64C68-F9F5-11D3-BEEA- 00A0CC272509} N OTE Make sure that no other applications use the virus definitions. Otherwise, you will have to restore this directory. Removing NAVCE from the Start Menu To remove NAVCE from your Start menu, take the following steps: 1. Right-click the Start button, then click the Open All Users option. 2. Double-click the Programs icon. 3. Once in the Programs window, find the folder for NAVCE, and then delete it. NOTE If you are using Windows NT/2000, you can also use the Windows Installer Cleanup utility, freely available from Microsoft (search for docu- ment number Q240116). For specific instructions on how to install and use the Windows Installer Cleanup utility, see the section entitled, “Uninstalling NAVCE from Windows 9x and Me Client Systems,” later in this chapter. www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 499 500 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment LiveUpdate Issues After installation, NAVCE 7.6 requires a server restart to make sure that LiveUpdate will work. In some cases, however, NAVCE 7.6 will fail to prompt users to restart the system. As a result, the Registry entries necessary to start the LiveUpdate engine are not run. Restart the system to make sure the new entries are read and enacted by the operating system. It is also possible that the person who installed NAVCE may have chosen not to restart the system. Nevertheless, restart the system first to see if a simple re- read of the Registry solves the problem. If LiveUpdate continues to experience problems, consider the following solutions: ■ Check for network problems (for example, DNS, firewall, DHCP issues). ■ Verify that the client is, in fact, configured to use LiveUpdate. ■ Conduct a manual LiveUpdate to see if the engine is working. Now, let’s take a look at some specific problems and solutions. Proxy Server Settings It is possible that a proxy server is blocking LiveUpdate sessions. Open NAVCE and check for proper firewall and/or proxy server settings. Required information can include: ■ Proxy server or firewall IP address and/or DNS name ■ Proxy server port ■ Authentication information (for example, a username) Invalid System Account It is also possible that NAVCE will not start because it is using an invalid system account. NAVCE will create its own system account, but it is not necessary to use this particular account. Although it is a bad idea to change this account arbi- trarily, if a problem occurs, you can always create a new account. If you create a new account, make sure it has administrative privileges for the system. Otherwise, NAVCE will not be able to use necessary resources, directories, and files. For example, if NAVCE does not have administrative privileges, it will not be able to allocate the proper ports for networking.To modify the account NAVCE uses, take the following steps: www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 500 Troubleshooting Your NAVCE 7.6 Environment • Chapter 11 501 1. Create an account with administrative privileges.You can do this using the Computer Management snap-in and adding a user. Make sure you supply a password and add the user to the Administrators group.You may want to write down the password, because you will have to enter it shortly when you choose a new account for the NAVCE service. 2. Open the Services snap-in (for example, by going to Start | Programs | Administrative Tools | Services in Windows 2000, or Start | Control Panel | Administrative Tools | Services in Windows XP). 3. When the Services snap-in appears, find the service for NAVCE, right- click it and select Properties. 4. Once in the Properties dialog box for the NAVCE service, find the account NAVCE uses. In both Windows 2000 and XP, you would click the Log On tab for the NAVCE service and then select the This account radio button.You can add the account name and password information here. 5. Stop and restart the NAVCE service. When it restarts, it will be using the account you created. UNC Share Issues Many systems administrators prefer to have LiveUpdate obtain shares from an SMB-based share on a Windows server. However, it is possible that some systems may not have rights to attach to this share. In such cases, LiveUpdate will fail. Several options are available in this situation: ■ Change the account the NAVCE service uses. Make sure that this account has enough permissions on the network to access the share. ■ Configure the LiveUpdate share to allow null sessions (for example, ses- sions that allow any user to connect). ■ Change the permissions on the LiveUpdate share to allow connections from all servers that use LiveUpdate. www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 501 502 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment DUAL NIC Systems Dual NIC systems are useful in various situations, including: ■ When you need a relatively inexpensive proxy server or firewall solu- tion. ■ When you need two NICs to help distribute connections entering the system. In dual NIC systems, NAVCE 7.6 should bind according to the NIC’s pri- ority. NAVCE will then work with the IP address bound to the highest priority NIC. However, in cases where the binding priority becomes confused, take the following steps: 1. Access the properties for the local area connection. In Windows 9x/NT/2000, simply right-click the Network Neighborhood icon. 2. Take the necessary steps to access the Advanced Settings dialog box. In Windows 2000, for example, look for the Advanced selection in the top menu bar. Choose Advanced | Advanced Settings, as shown in Figure 11.14. 3. Make sure you are in the Adapters and Bindings tab (the default).This tab shows all NICs bound to the system, in order of priority. Figure 11.15 shows how to change the priority of a standard Ethernet NIC over a wireless NIC.The standard Ethernet NIC is the one that, in this case, should receive priority, because you wish the Symantec AV service to bind to it. www.syngress.com Figure 11.14 Configuring Adapter Priority in Windows 2000 245_Symantec_11.qxd 5/8/03 4:33 PM Page 502 Troubleshooting Your NAVCE 7.6 Environment • Chapter 11 503 4. Click OK to return to the Network and Dial-up Connections window. You have now manually set your binding priority to accommodate NAVCE 7.6. In Windows XP, you would follow similar steps: 1. Access the properties for the local area connection. In Windows XP, one way to get there is through Control Panel | Network and Internet Connections | Network Connections, then right-click the Local Area Connection icon. If you have configured your system to use Windows 9x/NT/2000-style icons such as Network Neighborhood, simply right-click it to bring up the Network Connections window, and then right-click the Local Area Connection dialog box. 2. Once you have accessed the Local Area Connection dialog box, click the Advanced menu option in the menu bar at the top, as shown in Figure 11.16. www.syngress.com Figure 11.15 Changing Adapter Priority in Windows 2000 Figure 11.16 Accessing the Advanced Settings Dialog Box in Windows XP 245_Symantec_11.qxd 5/8/03 4:33 PM Page 503 504 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment 3. Once you have clicked the Advanced menu option, select the Advanced Settings option.You will then see the Advanced Settings window, where you can configure the priority of the various NICs you have.All you need to do is highlight the NIC that has NAVCE 7.6 con- figured on it and then give it priority. You now know how to set priority on both Windows 2000 and XP systems. Additional Fixes The following is a list of fixes you can try in case standard solutions do not work. ■ Desktop firewalls You may have desktop firewall installed on your server (for example, a product such as ZoneAlarm or Norton Personal Firewall). If at all possible, disable these applications.They are really not designed to protect servers in the first place, and they might be blocking NAVCE traffic. Nevertheless, if you must have a desktop firewall installed on a server, configure it so it does not block NAVCE traffic. Also, the Internet Connection Firewall feature in Windows XP may be causing a problem in regards to client and server communication. ■ NetBIOS over TCP/IP Many times, security administrators will dis- able NetBIOS over TCP/IP in order to cut down on scanning attacks, as well as security issues that occasionally crop up with Windows systems. Open the Advanced TCP/IP Properties dialog box and click the WINS tab. Make sure the Enable NetBIOS over TCP/IP option is selected. ■ The SMB Signing bug and Windows XP If you are using Windows XP systems that use SMB signing and have Service Pack 1 installed, it is possible that users might experience long delays when transferring files, or even when opening common Microsoft Office files. NAVCE on the client is often blamed, but in many cases the actual problem has to do with something called the SMB Signing bug. SMB signing is a feature in Windows XP where SMB packets are digitally signed to provide more security as files are transferred.The bug can be resolved by reading the instructions given in Microsoft’s Knowledge Base article 810907, available at www.microsoft.com. www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 504 Troubleshooting Your NAVCE 7.6 Environment • Chapter 11 505 Novell NetWare Servers When working with NetWare servers, common problems include: ■ Failed installation ■ Initiating debugging procedures ■ Protocol incompatibility ■ Scanning problems The following sections include discussions of each. Installation Issues When installing on Novell systems, you need the following information: ■ A username with proper permissions for installation and configuration. ■ A password for the username. ■ A container name.This container will hold login scripts that you can use to install the NAVCE client to remote systems. If you specify an incorrect container name, you will have to reinstall NAVCE again on the Novell server. If you mistakenly specify an incorrect container name, simply complete the installation, then issue the following command: Load sys:\nav\vpstart.nlm /remove Now, reinstall NAVCE using the proper container name. False CPU Utilization Readings When installation starts, NetWare may misreport CPU utilization settings when you install NAVCE using the standard vpstart/install command. Although NetWare may report this reading, it is not correct.To test this, load any other NLM.You will find that NetWare will report a more accurate CPU utilization level. Failure to Find a NetWare Server If, during installation, the installation application fails to find a particular NetWare server, consider the following options: www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 505 506 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment ■ Make sure the Novell client software on the system is properly installed. If the NetWare redirector fails, you will not be able to see any Novell servers. Verify that the NetWare redirector is working properly, then pro- ceed with the installation. ■ Verify that the NAVCE server is recognized by the NDS tree. Make sure the server has logged on. Debugging NAVCE in NetWare Many times, it is necessary to invoke debugging in your NetWare NAVCE implementation so that you gather detailed information about what is going on. To enable debugging from the system console, take the following steps: 1. Log on as supervisor, or as a user with equivalent administrative permis- sions. 2. Make sure NAVCE has been unloaded from the NetWare server’s memory.You do this by typing Alt+F10. 3. Enter the following command in the console to begin debug mode: load vpstart /debug 4. Two things will result from this command: ■ NAVCE will start again. ■ A screen will appear called “RTVSCAN - Debug.”This screen will show you all the information concerning NAVCE. 5. When finished, press Alt+F10 to unload NAVCE again. NOTE If you want to save all of the output to a text file, issue the following command: load vpstart /debug=L You will receive the same information as opening a debug screen in the console. However, saving the information to a text file may help you read through the output more carefully. www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 506 Troubleshooting Your NAVCE 7.6 Environment • Chapter 11 507 You may not want to use the NetWare console, however.To enable debug- ging through the NAVCE NetWare interface, take the following steps: 1. Open the NAVCE interface. 2. Press the F6 key.You will be asked for a password. If you are logging on for the first time, the default password is “symantec”, in all lower case. You will then be shown a disclaimer message. Press any key to dismiss it. 3. Click the option for the Debug Menu and press Enter. 4. You will be provided with a debug menu. From this menu, click the Toggle Debug option, then press Enter.You are now in debugging mode. Look for the phrase “Debug: ON” in the Current Configuration window to verify you are in debugging mode. 5. You are not yet in verbose mode, however, which provides much more detailed information about NAVCE.To enter verbose mode, click the Toggle Verbose option, then press the Enter key.As with standard debug mode, you can verify that verbose mode is on by viewing the Current Configuration window and looking for the words “Verbose: ON.” 6. To stop debugging mode, click the Toggle Debug option, then press Enter. Debugging will stop.You can repeat this step for verbose mode, as well. 7. To exit the Debug menu, press the Esc key. 8. To exit the Administrator menu, press the Esc key again. NOTE Once in NAVCE, to write the debug output to a file, look for the Toggle Logging option, highlight it and then press Enter. You will see that the Current Configuration panel shows that logging has been enabled. The log file will be stored in the SYS:NAV/vpdebug.log file You can view log files using any text editor, and toggle logging off just like you did with debug and verbose mode. www.syngress.com 245_Symantec_11.qxd 5/8/03 4:33 PM Page 507 [...]... Users\Application Data \Symantec\ and delete the Norton AntiVirus Corporate Edition folder If NAVCE is the only Symantec application on your system, you can delete the entire Symantec directory 3 In Windows NT, Go to [drive]:\WINNT\Profiles\All Users\Application Data\ and delete the Norton AntiVirus Corporate Edition folder If NAVCE is the only Symantec application on your system, you can delete the entire Symantec. .. Files \Symantec folder I The [drive]\Program Files\Nav folder I The [drive]\WINNT\Installer folder I The [drive]\Documents and Settings\All Users\Application Data \Symantec I The [drive]\Documents and Settings\All Users\Application Data \Symantec\ Norton AntiVirus Corporate Edition\ 7.5 All users must have read-only permissions for the preceding folders www.syngress.com 519 245 _Symantec_ 11.qxd 520 5 /8/ 03... The Windows Installer Clean Up Utility Main Window 4 Find the entry for Norton Antivirus Corporate Edition and highlight it 5 Click the Remove button Close the Windows Installer Clean Up utility You are now ready to reinstall NAVCE onto your Windows 9x system www.syngress.com 527 245 _Symantec_ 11.qxd 5 28 5 /8/ 03 4:33 PM Page 5 28 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment Troubleshooting Roaming... [drive]:\Program Files\Common Files \Symantec Shared folder and delete it Removing NAVCE from the Start Menu To remove NAVCE from the start menu, right-click the Start menu and click Open, then double-click the Programs icon.You will see various icons Find the Norton AntiVirus Corporate Edition folder and then delete it www.syngress.com 525 245 _Symantec_ 11.qxd 526 5 /8/ 03 4:33 PM Page 526 Chapter 11 •... handle references to an FQDN As a result, the following message may appear: www.syngress.com 245 _Symantec_ 11.qxd 5 /8/ 03 4:33 PM Page 529 Troubleshooting Your NAVCE 7.6 Environment • Chapter 11 Error: “FAILED time 0 server level 1 delay ms result ffffffff ” appears with Norton AntiVirus Corporate Edition roaming client To solve this problem, simply use the NAVCE parent server’s host name... Files \Symantec\ Shared\VirusDefs\usage.dat file Find a value surrounded in brackets ([ ]), and make sure it has the same value as LastDefs= 3 Restart NAVCE 4 Run LiveUpdate www.syngress.com 517 245 _Symantec_ 11.qxd 5 18 5 /8/ 03 4:33 PM Page 5 18 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment Obtaining and Installing Old Definition Files If the preceding solution does not work, obtain old definition files.To do so,...245 _Symantec_ 11.qxd 5 08 5 /8/ 03 4:33 PM Page 5 08 Chapter 11 • Troubleshooting Your NAVCE 7.6 Environment NetWare Servers and Windows NT/2000 Networks that still use IPX/SPX only are increasingly rare, but in such cases, you may... {BD12EB47-DBDF-11D3-BEEA-00A0CC272509} 8 You can then delete all references from the Start menu as discussed in the earlier section entitled “Uninstalling NAVCE from Windows NT/2000/XP Client Systems.” Removing NAVCE from the Start Menu To remove all folders on the hard drive of a Windows 9x/Me system, go to the Program Files folder and delete the Norton AntiVirus and Symantec sub-folders If NAVCE is the only Symantec product... dialog box, shown in Figure 11. 18 Figure 11. 18 Changing Default Installation Permissions in DCOM Windows XP In Windows XP, take the following steps: 1 Open a command prompt, type dcomcnfg and press Enter 2 The Component Services window will appear, as shown in Figure 11.19 Figure 11.19 The Windows XP Component Services Window www.syngress.com 521 245 _Symantec_ 11.qxd 522 5 /8/ 03 4:33 PM Page 522 Chapter... entry that reads Norton AntiVirus Server, delete it, too 7 Verify that no other Symantec products are installed If no others are installed, you can also delete the SymEvent entry 8 Once you have deleted the preceding entries where necessary, go to the following subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\EventLog\Application At this subkey, delete the Norton AntiVirus entry 9 Go to . Files Symantec SharedVirusDefs ■ [drive]:Documents and SettingsAll UsersApplication Data Symantec Norton AntiVirus Corporate Edition 7.5 ■ [drive]:WINNTProfilesAll UsersApplication Data Symantec Norton. Edition 7.5 ■ [drive]:WINNTProfilesAll UsersApplication Data Symantec Norton AntiVirus Corporate Edition 7.5 ■ [drive]:WINNTInstaller{D6C64C 68- F9F5-11D3-BEEA- 00A0CC272509} N OTE Make sure that no other. following keys: ■ HKEY_LOCAL_MACHINESoftware Symantec Repair value ■ HKEY_LOCAL_MACHINESoftware Symantec SourceDir value ■ HKEY_LOCAL_MACHINESoftware Symantec TargetDir value ■ HKEY_LOCAL_MACHINESoftwareMicrosoftWindows CurrentVersionInstallerUpgradeCodes96C46C6D5F9F3D11EBA E000ACC725290