Guest

Cisco Security Agent

Field Notice: FN - 62839 - Windows 2003 With SP2 - System Freezes With Blue Screen When Running CSA and Some Hardware


July 10, 2007

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

CSA - CSA 5.0.0.201 DESKTOP

CSA - CSA 5.0.0.201 MANAGER

Problem Description

Any machine running the Microsoft Network Chimney patch with supported hardware (confirmed issue with supported Broadcom NICs) may experience a system freeze with blue screen when running Cisco Security Agent (CSA) and Windows 2003 Service Pack 2.

Background

Interactions between Microsoft Windows 2003 Scalable Networking Pack (specifically the Microsoft TCP Chimney offload feature) hardware supporting the specific features of the Microsoft Scalable Networking Pack and the Cisco Security Agent will affect the server. The Windows 2003 Scalable Networking Pack information can be viewed via Microsoft Knowledge Base Article 912222. The Microsoft Windows 2003 Scalable Networking Pack is bundled with Microsoft Windows 2003 Service Pack 2.

CSA users running Windows 2003 SP1 who install the Microsoft Windows Server 2003 Scalable Networking Pack (SNP) or who update Windows 2003 SP1 to SP2, may experience a Blue Screen and system freeze.

Problem Symptoms

The affected server will exhibit the "blue screen" (BSOD) display, resulting in a system freeze.

Workaround/Solution

The workaround for this condition is to disable Microsoft TCP Chimney or upgrade to a fixed version of CSA as listed below.

To determine if the Microsoft TCP Chimney is enabled on your hardware, you can do one of the following tests:

  1. Check in the Windows registry at:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    If the key EnableTCPChimney is present and its value is 0x1, then the TCP Chimney is installed and enabled.

  2. Use the Netsh.exe tool provided by Microsoft as part of this new software release and examine the TCP Chimney settings.

Disabling the new Microsoft TCP Chimney will not cause any network failures and will not disable any Windows security features.

To disable the Microsoft TCP Chimney, do either of the following and then reboot Windows:

  1. To turn off TCP Chimney by using the Netsh.exe tool, follow these steps:

    1. Click Start, click Run, type cmd , and then click OK.

    2. At the command prompt, type: Netsh int ip set chimney DISABLED and press ENTER.

  2. Or, you can modify the following registry key in:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    Change the key EnableTCPChimney value to 0x0.

Recovery from Blue Screen:

Once the server sees this issue and displays the "blue screen", reboot the server and apply one of the workarounds shown above. CSA can then be upgraded to a fixed version in order to use the Microsoft TCP Chimney feature.

Solution:

CSA versions 5.0.0.216, 5.2.0.210 and 5.1.0.100 have the fix for this issue. This release may be obtained from the cisco.com Software Center at the Hotfixes for Cisco Security Agent Software Download (registered customers only) page.

There will be no software fix for the 4.0.x or 4.5.x code bases. The workaround for these is to disable TCP Chimney using the procedure described above.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsi47438 (registered customers only)

Machine BSOD with CSA and window 2003 sp 2

Revision History

Revision

Date

Comment

1.0

10-JUL-2007

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.