ICA Connection Stuck at “Connection in Progress” on StoreFront

When you capture a network trace while the endpoint is attempting to connect over the ICA session, you will notice a TCP-SYN retransmissions on 2598 for that server.

The VDA has two network cards: Legacy and Synthetic. The ICA file which the endpoint receives, is listing an IP Address of the Legacy Adapter (which is non-routable from external network). Hence the ICA connection fails.

We would ideally like to have an address in the ICA file which is reachable from the Internet and the Legacy network adapter is required to communicate with the PVS server initially, mostly in the same subnet. If over the legacy network adapter, we disable Gateway and attempt to connect again, this time ICA should come up with the synthetic adapter’s address.

As per the PVS design, PVS Legacy NIC should have a 169.x.x.x address post the bootup completion. PVS uses the Synthetic network adapter for the communication with the PVS server.


  • No Related Posts

SEP blocks NIC Teaming in Server 2019

I need a solution

Recently I installed a fresh copy of windows Server 2019 OS Build 17763.107 on my IBM System x3650M5 machine with 4 Broadcom NetXtreme Gigabit adapters. As soon as I created NIC teaming with LACP option (same on the switch side) and installed SEP version 14.2.3335.1000 for WIN64BIT i got disconnected after a restart. Further investigation showed that NIC cards individually looked fine, but the teamed NIC interface was crossed as if Network cable was unplugged.

I upgraded drivers from Lenovo, installed cumulative updates for windows, ran Symantec troubleshooter (which found zero problems related with NIC) but nothing seems to work.

Symantec support offered that some rule was blocking traffic. When we removed “block any any” traffic from firewall rules, Teamed NIC started up. Same happened when we just disabled firewall module. 

I had server 2012R2 installed prior to 2019 on this machine and it never had such problem. couple years ago I tried to upgrade it to 2016, but I encountered the same “Cable unplugged” problem with NIC teaming and didnt troubleshoot it too much, since it was only for evaluation purposes.

Any ideas? Maybe any of you encountered the same problem and more importantly: solved it without just uninstalling SEP for good? 😀




Dual NIC Support for Images Published to PVS

Create a new platform layer or platform layer revision. When the packaging machine comes up, configure the VM to have two network cards (PVS on Hyper-V requires a Legacy Network Adapter to PXE boot). If creating a new platform layer, install the PVS target software on the platform layer. If creating a platform layer revision, you don’t need to re-install PVS.

After installing PVS, and after all required reboots have been completed, open an administrative command prompt on the packaging machine. Run “ipconfig /all”. Match up the IP address of the streaming NIC (Legacy Network Adapter in Hyper-V) with correct adapter name (e.g. “Ethernet” or “Ethernet 2”).

Renew the DHCP lease on the streaming NIC (e.g. an adapter named “Ethernet 2”). Again in an administrative command prompt run ipconfig /release “Ethernet 2” followed by ipconfig /renew “Ethernet 2”. This forces the App Layering drivers to select this adapter as the “primary NIC”.

Run Shutdown for Finalize and finalize the layer as you normally would from the ELM UI.

Note: If you Shutdown for Finalize, but then need to turn the machine back on for any reason, you will need to re-run these renew/release commands. You will need to run these commands on every new version of the platform layer.


NIC teaming not working with sep 12.1.6

I need a solution


I try to install SEP 12.1.6 on our new Server (Windows Server 2016) , the server has 2 NICs configured as team (Mode LACP – dynamic – 2x 10G Broadcom Interfaces). 

As soon as I install sep the team is not reachable anymore, it seems like the IP configuration has been lost. 

I tried the following workaround from the KB Broadcom Teaming network adapter fails to acquire IP address after installing Symantec Endpoint Protection 12.1 but it does not fix my problem. When I uninstall the SEP package everything is working fine. 

Any ideas to fix the problem ? 




7021470: Configuring TCP/IP and LAN Adapter for an IBM System i

Verify That TCP/IP Configured Properly on the System i

TCP/IP is configured properly on the System i when TCP/IP is enabled and that you can ping the host. Verify your system as follows:


To ensure that TCP/IP is enabled, enter the following command at the i5/OS command line:

  • If NETSTAT reports that “TCP/IP is not started,” refer to the section below on Installing and Configuring TCP/IP on the System i.
  • If TCP/IP is configured, you may be prompted to verify the settings.


To check whether you can ping the System i, enter the PING command at the i5/OS command line. An example:


The above command would have the System i ping a system with an IP address of

Configuring TCP/IP on the System i

To install and configure TCP/IP on the System i, enter the following command at the i5/OS command line:


When you enter CFGTCP you will see up to twenty-two different configuration options. Verify and configure the required settings below.

  • TCP/IP Interfaces.

The TCP/IP Interface description is typically:

    • Line Description: ETHERNET
    • Line Type: ELAN
  • TCP/IP Routes.

Check the DFROUTE and MTU entries.

    • DFROUTE indicates the router IP address.
    • Set route’s MTU size to *IFC (recommended).
  • TCP/IP Attributes.

Enter the following command at the AS/400 system prompt:


The administrator must start the TCP/IP transport once configuration is complete.

Verify That the LAN Adapter is Installed and Functional

To check whether the LAN adapter is installed and functioning, follow these steps:

  1. Enter the following command at the i5/OS command line:
  1. Find Ethernet Port Tokenring Port in the listing. If there is no value for Ethernet Port or Tokenring Port, then i5/OS is not automatically reporting the existence of an Ethernet adapter. This indicates either a hardware failure or that no LAN adapter is installed on the system.
  2. You will need to know the value of the Resource Line Description entry. Note the Resource Line Description value: L_____. This typically corresponds to LAN adapter (Ethernet or Token-Ring) and is directly above the Port resource line.
  3. Select option 5 to display configuration descriptions.
  4. Enter 8 to work with Configuration Status.
  5. Verify that the status is Active.
  6. Option 1-Vary On may be entered for an inactive device.

Checking the LAN Interface (LINE) Configuration

The way you check a LAN interface configuration depends on whether you have an Ethernet or Token-Ring adapter. You will need to know the Resource Line Description value that you got in step three of the Verify the LAN Adapter is Installed and Functional section above. Steps are included in separate sections below.


If you have an Ethernet adapter follow these steps:

  1. Enter the following command at the i5/OS command line:

Press F4 any you will be prompted for configuration entries. Do not press Enter. In the Line Description field the recommended entry is ETHERNET.


XenServer Crashed with Error “PCI-DMA: Out of SW-IOMMU space for 9288 bytes at device 0000:03:00.0”

Known Issue: XS 6.5 has known issue with bnx2 drivers.



Networking • Jumbo frames cannot be enabled on QLogic 10 Gigabit Ethernet adapters (10GbE) as the QLogic driver uses contiguous network buffers. Contiguous network buffers cause fragmentation of dom0 memory and leads to memory allocation failures and performance issues in dom0.


Jumbo Frames was enabled for bnx2 driver 10G Qlogic , which is not supported.


Cannot configure NIC teaming (LACP mode) on server run SEP client 12.1.x

I need a solution


I have a windows server 2008 run BACS (Broadcom NIC driver). Before I install SEP Client 12.1.x, my computer worked normally with NIC teaming mode LACP ( 2 NIC card of server connect to 2 port of a Cisco Switch run LACP mode). But after installed the NIC teaming not work, show on Cisco switch the port is up but port protocol is down.  Does the SEP Client prevent LACP Protocol on NIC Teaming mode? Can you have any solution for my problem? thank you very much!



Re: Re: Isilon First packet isn’t SYN – Smartconnect issue?

Hi PJurisprudencia,

This is from the Best Practices Guide for Isilon External Network Connectivity regarding NIC affinity:


NIC affinity is a sysctl that can be configured in OneFS. The NIC affinity setting applies only when there are multiple NICs on the same node connected to the same subnet. The NIC affinity setting is enabled automatically when there are multiple NICs on the same subnet to enable response packets to go out using the same NIC that they arrived on, based on the source IP address of the response packet. The interface that is currently configured with that IP address is the interface that the packet will be sent on.

So if you are using LACP chances are that it doesn’t apply unless your management network is not a separate subnet or you have a third NIC (For example, if your node has two 1GB interfaces and four 10GB interfaces).


Event ID 9009 — TCP/IP Network Performance

Event ID 9009 — TCP/IP Network Performance

Updated: April 17, 2008

Applies To: Windows Server 2008

Network performance encompasses all aspects of data transfer performance, such as download and upload speeds, number of packets dropped versus packets delivered, and the round-trip time of connections.

These aspects of network performance might be affected by congestion in the network. In the case of wireless networks, signal attenuation, electromagnetic interference, and the mobility of the host also affect network performance.

Event Details

Product: Windows Operating System
ID: 9009
Source: tcpip
Version: 6.0
Message: %2 could not transfer a packet from the network adapter. The packet was dropped.

Reduce the load on the remote computer

If the packets are dropped because of network congestion and poor network performance, reduce the load on, or increase the capacity of, the computer.



To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To measure network performance, run Performance Monitor:

  1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. Click Continue when prompted by User Account Control, and then provide the administrator password, if requested.
  3. In the Performance Monitor console tree, click Reliability and Performance.
  4. Network, CPU, and memory utilization data are available in the details pane.

If you have recorded Performance Monitor counters in the past, compare the current load to your average loads over time. If you do not have any baseline readings from past performance monitoring, continue to monitor network, CPU, and memory utilization by looking for large fluctuations in performance that might indicate a heavy traffic load or an attack.

Related Management Information

TCP/IP Network Performance



A network adapter malfunction has occurred. The network control block (NCB) request was refused. The NCB is the data.