Monday, April 23, 2018

Windows 2012 VM lost network connectivity due to Symantec endpoint protection


Problem description
Windows 20012 VM lost network connectivity.


Troubleshooting
while investigating the issue at first and found we could not configure the gateway to VM NIC. Then, we use the cmdlets (set devmgr_show_nonpresent_devices=1) to check see if there is any ghosted on the NIC, but do not found then.

Then, we use cmdlets “netsh int show int” check the status of the interface and found our network adapter could not be initialed properly. And, we found we installed Symantec on the problematic VM. Then, after researching, we found there is a know issue on Symantec. More specific, the Symantec Endpoint Protection adds a filter on NDIS miniport and the filter prevents the NDIS driver from running properly after rebooting. 

Finally, we change the key FilterRunType from from 1 to 2 to fix the issue.

Solution/Work around
To work around the issue disable the driver using the following registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{72891E7B-0A3D-4541-BDCB-3DA62E25B6A8}\Ndi

Change the value from of FilterRunType from 1 to 2 and reboot.