We have just suffered a 2 day outage which appears to have been caused by the Endpoint EPSec thinagent.

Trend DS and Endpoint have been rolled out and applied to our desktops without issue for the last 2 weeks.However it was rolled to our servers this week.

Everything appeared fine until we had a number of users access the file server. Connecitons start OK but after a period of 15-45 minutes (since appears tobe number of connections not time) the file server effectively stopped sharing.No XP machines could browse. Windows 7 and other 2008 servers however could browse and connect to the shares. The biggest problem was that this file server was the location for all folder redirection. So no XP user could login and when they did they couldn't access their home directories.

Logins were taking anywhere up to 1.5 hours due to the way XP handles timeouts differently to Windows 7.

We had multiple calls with Microsoft - all the whilse thinking something had gone wrong with the server itself or DFS. We saw a huge amount of close_wait times on the fileserver which appears to have been what brought it "down". Changing the TCP timeouts helped a little but it still eventually failed.

All the while Windows 7 users could connect OK. In addition XP users once they logged in were able to browse shares on other 2008 servers (that had endpoint thinagent installed) without issue.

Rebooting the fileserver also cured these issues but only for so long. We tried removing the thinagent but this failed both on the original fileserver and 2nd one with no reason other than it hung for over an hour.

Eventually we created another 2008 fileserver without endpoint thin agent and moved the data drive across and recreated all the shares. SO far everyone XP and Windows 7 have been perfectly fine. Once the data drive had been removed we were also then able to remove thinagent from the original fileserver without issue!

So this leads us to the Endpoint thinagent. The Trend DSM and DVSA's were all turned off during this time yet the problem persisted. We knew the endpoint install on the hosts were OK as they had been installed weeks back without issue and Endpoint thinagent was installed on desktops without issue also.

We had a support call with Trend wh informed us they had another customer with similar problem and that was referred to VMware but no response or update from the customer or VMware. We now have a support call with VMware and see where it takes us but this looks like a major issue!

ANyone else had this problem or anything like it?