o Connect to PC and check if you can observe anything unusual and fix.
You may be able to identify and fix issue remotely.
o Analyze client event logs to find clue on why SAV got disabled.
Check the client logs. You may understand that SAV is able to get/download the latest definitions. Couldn’t find any other relevant errors.
o Check in SSC, if you can completely/partially able to manage the client.
You may be able to partially manage the client (like was able to push the defs to client, run the scan) but couldn’t get the logs.
o Verify all SAV client services are running.
In this case, it reported that C$ is inaccessible.
C:>check-sav-services.bat -m TESTPC1-D -S
DEBUG: Getting the site specific parent servers list.
DEBUG: SAVMGR1 is the local site primary parent server.
DEBUG: SAVUSA1 is the local site primary parent server.
DEBUG: TESTPC1: Querying the services status
DEBUG: TESTPC1: "DefWatch" is running
DEBUG: TESTPC1: "SPBBCSvc" is running
DEBUG: TESTPC1: "SavRoam" is running
DEBUG: TESTPC1: "Symantec AntiVirus" is running
DEBUG: TESTPC1: "ccEvtMgr" is running
DEBUG: TESTPC1: "ccSetMgr" is running
DEBUG: TESTPC1: Checking Symantec installation dir
DEBUG: TESTPC1: Symantec installation dir exists
DEBUG: Reading the GRCUPDATE Time from the server files
DEBUG: Getting the trusted root certificates list from server.
WARN: Failed to open root certificates folder \TESTPC1c$Program FilesSymantec AntiViruspkiroots: Invalid argument
INFO: TESTPC1: is a managed client of SAVMGR1 server.
C:>
o Based on the information from above steps and observations, try to correlate the issue to a possible cause and work on fix.
o Check if C$ is accessible in any other ways. Checking accessing from Explorer, I encountered below error which says about a possible cause.
—————————
Windows Explorer
—————————
\TESTPC1c$ is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. Not enough server storage is available to process this command.
—————————
OK
—————————
o Then remotely connect to compmgmt.msc and found that I was unable to connect to "Logical Disk Manager" and encountered below error which suggested to reboot the workstation.
—————————
Logical Disk Manager
—————————
An unexpected error has occurred. Check the System Event Log for more information on the error. Close the Disk Management console, then restart Disk Management or restart the computer.
—————————
OK
—————————
o Then again checked the eventvwr and found below error event repeatedly logged
Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2020
Date: 6/23/2008
Time: 8:47:26 AM
User: N/A
Computer: TESTPC1
Description:
The server was unable to allocate from the system paged pool because the pool was empty.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 04 00 01 00 54 00 ……T.
0008: 00 00 00 00 e4 07 00 c0 ….ä..À
0010: 00 00 00 00 9a 00 00 c0 ….š..À
0018: 00 00 00 00 00 00 00 00 ……..
0020: 00 00 00 00 00 00 00 00 ……..
0028: 02 00 00 00 ….
o Google for error "The server was unable to allocate from the system paged pool because the pool was empty." and found below relevant M$ articles explaining the issue-cause and fix though they are applicable only for servers.
Server is unable to allocate memory from the system paged pool
The server was unable to allocate from the system paged pool because the pool was empty.
<
p>o Felt that issue is relevant to some memory allocation on the PC. Ran tasklist to see which process consuming more memory, etc,. Tried restarting "computer browser" and "server" services but in vain. Then reboot the PC which may fix the issue.
