Friday 24 February 2012

Symantec EndPoint Protection CleanWipe Tool: Stuck at Gathering Required Information

We were working with a particularly problematic Symantec EndPoint Protection endpoint that always caused the user’s account to lock out when they came back into the office with their laptop.

The lockout would happen only after they had plugged into another network to gain access to the Internet. With the v11.x client we removed the Administrator Scan in the SEP Console on the management server and the problem went away.

But, once we replaced the backend and the client on this machine the lockout behaviour came back. Removing the Administrator Scan from the management console did not remove the lockout behaviour in this version as it had for v11.x.

So, we opened a case with Symantec and obtained a copy of the CleanWipe utility.

Once we ran the utility we said Yes to all of the options and then waited, and waited, and waited. The last warning indicated 30 minutes or more to run the registry clean-up be we were not getting anywhere after 2 hours.

image

In the end we needed to use Task Manager to kill ccSvcHst.exe process and then rename it in Windows Explorer as in the snip above. The CleanWipe process continued on from there by requesting a restart.

The whole process took 3 reboots to complete.

Once done we were able to install the SEP v12.x client.

Now, hopefully whatever was causing the lockout problem will be gone.

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

No comments: