Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000036072 - Receive Segment Coalescing causes hangs with Windows Updates and ECAT agents in RSA NetWitness Endpoint

Document created by RSA Customer Support

on Mar 6, 2018•Last modified by RSA Customer Support

on Nov 4, 2019

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000036072
Applies To	RSA Product Set: NetWitness Endpoint RSA Product/Service Type: NetWitness Endpoint RSA Version/Condition: 4.3.0.4-4.3.0.5, 4.2.0.x, 4.4.0.0, 4.4.0.1 Platform: Windows Product Name: RSA-0015013 Product Description: ECAT Host Perp License (per host)
Issue	When IPv4 or more likely IPv6 interfaces in Windows operating systems have the flag set for RSC support which is considered an optional setting, the WFP driver hangs causing the service host to hang during a Windows Update, preventing the system from proceeding and mimicking a hung state on the server.
Cause	RSC is affected by a known Windows bug and happens when the base filtering engine interacts with svchost.exe which is expecting the WFP network driver to support RSC and enters a hung state waiting for the service to initialize.
Resolution	There are a few ways to resolve this issue: Disable RSC on all interfaces that have it enabled. Enable-NetAdapterRsc, Disable-NetAdapterRsc, Get-NetAdapterAdvancedProperty, and Set-NetAdapterAdvancedProperty can be used to check and remove the RSC flag from a network interface. Reboot the servers, since it only hangs following a Windows Update Disable the WFP driver Upgrade to the most recent version of the Endpoint Agent.

Attachments

Outcomes

0 Comments

Recommended Content