Re: Symantec Antivirus and virtual machines on 3.5...

RUG201110141 · ‎02-19-2008

Is anybody experiencing issues with virtual machines running Symantec Antivirus 10.1.5000. I recently upgraded my ESX servers to 3.5 and now I have some virtual machines having significant issues. I've upgraded the vmware tools on the virtual machines. Prior to the upgrade the machine ran smoothly. CPU and memory usage was normal. After the upgrade of the ESX server the virtual machine began to run out of CPU resources. You'd look in Task Manager and processes would be spiking randomly, especially Symantec Antivirus related processes (doscan and rtvscan) These processes weren't an issue prior to the upgrade of the ESX server. When I stop the Symantec services the machines starts responding more normally, but not pre upgrade performance. I know when you are doing a scan of the machine doscan and rtvscan can spike, but the issue is not a scan running, espcially with the rtvscan process. Could there be a problem with the kernel filter driver of symantec and vmware?

Volkov27 · ‎02-20-2008

Hi Russ, is your host a dell?

DaveD · ‎02-22-2008

I would try uninstalling the AV agent and reinstalling it to see if there was something the VMware tools affected in the previous load. Just a thought. 3.5 installs the Update agent in addition to the VMtools agent. That might be something to checkas well.

RUG201110141 · ‎02-27-2008

I've uninstalled / reinstalled Symantec on several of the machines. For some it's helped and for others it hasn't. It's a very odd issue and I've only experienced the problem on about 4 out of 200 machines. Very odd problem because it arose right after upgrading the ESX servers.

Schorschi · ‎02-29-2008

VMware and Symantec are having some major issues with recent virus definition updates, specifically defs released on 2/20. We had approximately 25% of our entire Windows VMs BSOD over the course of a few days. We still do not have the true cause of the issue figured out, but VMware and Symantec have been working 7x24 chasing this one. Symantec give us a new 2/28 def release that avoids the BSOD scenario, but it is not a fix, just a work around to buy them time to figure this out.

doubleH · ‎03-03-2008

what version of SAV are you running?

If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points

RUG201110141 · ‎03-03-2008

10.1.5000

jhp7395 · ‎03-05-2008

I seem to be having the exact same problem. When I upgraded to ESX 3.5, the VM's that were running SAV 10.1.5000 had major performance problems, with the spikes in CPU as you described. This also occurred on VM's with SAV 10.0.0.359. One of my VM's was running fine, and I VMotion'd it to another server, and when it resumed, this problem occurred. I'm not sure it is limited to Symantec Antivirus though. I am running ESRI ArcIMS and after upgrading to ESX 3.5, those processes are going haywire too -- spiking at 100% CPU.

Nicodemus · ‎03-05-2008

Any word from VMware or Symantec on this.. I too am suffering these CPU spikes after 3.5 upgrade...?

- Nicodemus

RUG201110141 · ‎03-06-2008

That is the exact issue. I haven't opened a case with VMware yet, but I think I will tomorrow now that I see a few people are experiencing the same issue. Your point about seeing the CPU go crazy after a vmotion is 100% accurate also. I've had this happen several times now on machines that had no issues prior to the 3.5 upgrade. I'll keep you posted.

azn2kew · ‎03-07-2008

jhp7395,

Did you mentioned you're virtualizing your ArcIMS, how is it running via ESX? We're planning to P2V or virtualize it next couple weeks, nice to know your personal feedback on performance and tweaks! Thanks.

"The Power of Knowledge"

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA

jhp7395 · ‎03-07-2008

Aside from this recent problem, it is working well. I created a template and deploy ArcIMS servers as necessary. All you need to do after creating a VM from the template is to run the post installation.

Please note that I entered a support request ( SR# 1105660681 ). For anyone else who will submit their own SR, please share your findings here. I will certainly do the same.

RUG201110141 · ‎03-10-2008

I think that the following thread has the answer I'm looking for - http://communities.vmware.com/thread/122229?tstart=0&start=0. I applied the fix to the vpxd.cfg and restarted the VirtualCenter service and the problem went away immediately on the vitual machine having the issue. Additionally, I opened a case with VMware support and they confirmed that there is an issue with DRS and vmotion and that the fix in the above thread is a valid fix for the problem. It will be included in update 1 of VirtualCenter 2.5.

dingusmcgee · ‎07-06-2009

Use client installation source files from your Symantec AntiVirus(TM) Corporate Edition CD1 run "Rollout\AVServer\CLIENTS\WIN32\Symantec AntiVirus.msi" on the guest machine.

All

Symantec Antivirus and virtual machines on 3.5 host