| Symantec System Center |
|
Error: Can't communicate with the Server Group. Verify network connectivity,
and that machines are operating within the Group! If problem persists, try clearing the Server Group cache and re-discovering all Server Groups.
|
I clicked on Tools and selected Discovery Service. I then clicked on Clear Cache Now. I then clicked on the Close button. But the same problem occurred when I again tried to reopen the server group.
I then clicked on Tools and selected Discovery Service I then selected "Intense Discovery" and "NT Servers" and then clicked on Run Discovery Now. That didn't help either.
I checked the status of the Symantec AntiVirus services by clicking on
Start, selecting Run, and typing services.msc
and hitting Enter. I saw that the Symantec AntiVirus Server
service, which had a startup type of "Automatic" was not started.
I double-clicked on it to open its properties window, then clicked on the Start button to start it, but it wouldn't start.
| Services |
| Could not start the Symantec AntiVirus Server
service on Local Computer. Error 10: The environment is incorrect.
|
I've used the LiveUpdate function after opening Symantec AntiVirus on the server. It downloads the latest updates and appears to be installing them, but the virus definitions date never changes. It always stays at "Version: 4/26/2006 rev. 19".
Searching online I found others reporting a problem with version 8 of the Symantec AntiVirus Corporate Edition software when a virus definitions file is corrupted. Others also reported receiving the "Could not start the Symantec AntiVirus Server service on Local Computer" message. At How to manually repair or backdate virus definitions for Symantec AntiVirus Corporate Edition 8.x and 9.x, I found a process for dealing with the problem.
The instructions stated "Do not run the *x86.exe Intelligent Updater on an AntiVirus server that manages clients. Use the .xdb file instead." Since the problem was on the antivirus server that manages the other antivirus clients at the location, I needed to follow the xdb method for resolving the problem.
I've copied the portion of Symantec's instructions that applied to the case of the problem occurring on the antivirus server itself, shoud the URL become invalid. Those instructions can be viewed at How to manually repair or backdate virus definitions for Symantec AntiVirus Corporate Edition 8.x and 9.x.
To stop the Symantec services that use the virus definitions, I clicked on
Run and typed services.msc and hit Enter.
I double-clicked on Defwatch, which was running and clicked on
Stop. The Symantec Antivirus Server service was not running,
so I didn't have to stop it.
In C:\Program Files\Common Files\Symantec Shared\VirusDefs, I
saw the following:
Directory of C:\Program Files\Common Files\Symantec Shared\VirusDefs
05/04/2006 02:50 AM <DIR> .
05/04/2006 02:50 AM <DIR> ..
05/04/2006 02:07 AM <DIR> 20060426.019
05/04/2006 02:47 AM <DIR> 20060503.018
06/27/2004 08:13 PM <DIR> BinHub
05/04/2006 02:50 AM 57 definfo.dat
06/27/2004 08:13 PM <DIR> incoming
06/27/2004 08:13 PM <DIR> TextHub
05/04/2006 02:50 AM 45 usage.dat
2 File(s) 102 bytes
7 Dir(s) 27,698,786,304 bytes freeWhen I opened usage.dat in that directory, I saw the
following:
[20060426.019]
DEFWATCH_10=1
NAVCORP_70=1Since I didn't see Qsadmin, I didn't worry about stopping
the Symantec Central Quarantine, Symantec Quarantine Agent, and Symantec
Quarantine Scanner services.
I deleted the folder 20060503.018, which was the most
recent virus definitions folder. The previous one, 20060426.019,
matched the one that the antivirus software showed for the vius definitions
version.
I opened definfo.dat in Notepad. I saw the following:
[DefDates]
CurDefs=20060503.018
LastDefs=20060426.019I changed the value for the CurDefs line to match the one
for LastDefs, so I now had the following:
[DefDates]
CurDefs=20060426.019
LastDefs=20060426.019I then saved and closed the Definfo.dat file. I then
opened Usage.dat in Notepad and confirmed that the virus
definitions version number between the square brackets in the first line
of that file, which was [20060426.019] in this case, matched
the folder referenced for CurDefs in the Definfo.dat
file and that there was only a single square bracket around the heading. I
then closed that file.
I then went to the directory where Symantec AntiVirus was installed and looked
for any .xdb files with a date that was later than the one listed in
Definifo.dat, i.e. any after April 26, 2006. There were
quite a few.
C:\Program Files\Security\SAV>dir /od *.xdb
Volume in drive C has no label.
Volume Serial Number is A0BF-4A1A
Directory of C:\Program Files\Security\SAV
04/26/2006 12:00 AM 12,660,324 VD213413.XDB
05/03/2006 12:00 AM 13,897,644 VD214612.XDB
05/10/2006 12:00 AM 13,562,588 VD215413.XDB
05/17/2006 12:00 AM 14,453,877 VD216214.XDB
05/20/2006 12:00 AM 14,180,924 VD216805.XDB
05/24/2006 12:00 AM 13,770,093 VD217021.XDB
05/31/2006 12:00 AM 13,689,546 VD217E13.XDB
06/01/2006 12:00 AM 13,817,548 VD218213.XDB
06/07/2006 12:00 AM 14,035,310 VD218E12.XDB
06/14/2006 12:00 AM 14,010,645 VD219C23.XDB
06/21/2006 12:00 AM 15,117,130 VD21AA18.XDB
06/28/2006 12:00 AM 14,827,009 VD21B814.XDB
11/15/2006 01:00 AM 16,725,897 VD22DE12.XDB
01/03/2007 01:00 AM 15,675,903 VD244642.XDB
03/10/2007 12:00 AM 18,160,659 VD24D409.XDB
09/23/2007 12:00 AM 23,258,437 VD266E08.XDB
02/08/2008 01:00 AM 32,443,671 VD289003.XDB
17 File(s) 274,287,205 bytes
0 Dir(s) 27,698,774,016 bytes freeI deleted all of the later ones, leaving only the April 26, 2006 version.
I then checked the .vdb files and saw the following:
C:\Program Files\Security\SAV>dir /od *.vdb
Volume in drive C has no label.
Volume Serial Number is A0BF-4A1A
Directory of C:\Program Files\Security\SAV
04/05/2006 11:06 PM 12,233,273 VD210C06.vdb
04/11/2006 11:05 PM 12,090,427 VD211805.vdb
04/18/2006 11:20 PM 12,093,348 VD212614.vdb
04/23/2006 11:18 PM 12,140,032 VD213012.vdb
04/25/2006 11:19 PM 12,162,872 VD213413.vdb
05/02/2006 11:18 PM 12,281,011 VD214612.vdb
05/09/2006 11:19 PM 12,344,102 VD215413.vdb
05/16/2006 11:20 PM 12,359,466 VD216214.vdb
05/19/2006 11:05 PM 12,379,978 VD216805.vdb
05/23/2006 11:07 PM 12,401,856 VD217021.vdb
05/30/2006 11:19 PM 12,478,933 VD217E13.vdb
05/31/2006 11:19 PM 12,529,471 VD218213.vdb
06/06/2006 11:18 PM 12,565,750 VD218E12.vdb
06/13/2006 11:09 PM 12,638,305 VD219C23.vdb
06/20/2006 11:24 PM 12,651,761 VD21AA18.vdb
06/27/2006 11:20 PM 12,686,922 VD21B814.vdb
11/15/2006 12:18 AM 13,634,640 VD22DE12.vdb
01/03/2007 12:14 AM 14,306,593 VD244642.vdb
03/09/2007 11:09 PM 15,806,627 VD24D409.vdb
09/22/2007 11:08 PM 19,881,246 VD266E08.vdb
02/08/2008 12:03 AM 26,869,016 VD289003.vdb
02/08/2008 09:00 PM <DIR> I2_LDVP.VDB
21 File(s) 288,535,629 bytes
1 Dir(s) 27,698,745,344 bytes freeThere was no file dated April 26, 2006, but there was one
dated April 25, 2006. Its name matched the .xdb filename,
VD213413.xdb, except for the .vdb at the end.
I left that one and deleted all of the others. I then deleted
all of the subfolders beneath the I2_LDVP.VDB
directory, but left that directory itself.
After that, I started the Defwatch service again
by double-clicking on it and choosing Start. I then did
the same thing for the Symantec AntiVirus Server
service, which I had not been able to start previously. It started
without any errors this time.
I then opened the Symantec AntiVirus Coporate Edition program and clicked on the LiveUpdate button. I was informed that LiveUpdate was already running. I waited a few minutes and checked again. This time the definitions version was listed as "2/17/2008 rev. 3". I was also able to go to the Symantec System Center and unlock the server group.
References: