When installation of Assessment and Deployment Kit stalls
At a customer today I noticed something odd. On a brand new server the installation of Assessment and Deployment Kit took a bit too long to install. When I checked the installation I noticed that it was more or less stuck in the ‘Acquiring’ state which really means that it is downloading the files off Internet. Since I had done that already and copied the files to the server that step shouldn’t have more than a nano second or two so it really got me thinking. Could the files have become corrupt during the coping thru the RDP session? Better safe than sorry so I canceled the installation and copied the files again but this time using a smb share.
With the same result this time I really got interested to see what was happening on the server. The image above is about 30 minutes into the installation. I couldn’t really see that the server were doing anything, no disk queue, no CPU utilization or anything. Then I noticed it – the server were sending and receiving quite a bit of network traffic to another server in the customer environment. Since this was a brand new server it shouldn’t really interact with any other servers, well except the domain controller but not several hundred Mbit per second. I looked up the netstat table and found that the server I was on were talking to the other server so the traffic originated from my machine (random high local port and specific lowish port on the remote endpoint).
A quick question to the customer with the server name resulted in some clarification. That was the McAfee MOVE server. Apparently a more or less agent less antivirus software for virtual machines that ships all files subject for scan to a different machines that performs the actual scanning.
I really don’t like to have an antivirus software on my Configuration Manager servers but I do see the need for it (some times) but then there should be adequate exceptions. I had looked on the server, well the system tray, for AV software and hadn’t seen anything so I thought that the system was clean.
We then took a quick peek into the Application log that revealed the following errors
Solution? Well, they had to remove the MOVE Antivirus from the server and install a different antivirus solution.
Hope this helps!