Machines booting from Citrix Provisioned virtual hard disk (VHD, vDisk) stop responding when Symantec Endpoint Protection is installed, particularly when Network Threat Protection is installed.

Symptoms
Machines booting from provisioned virtual hard disk stop responding to keyboard and mouse input; machines stop responding at logon screen or shortly after reaching desktop.

Machines booting to such a configuration are performing a network boot, using PXE to access the virtual hard disk that is streamed by the Citrix Provisioning Server. The SEP NTP installation and initial configuration (during reboot) on a virtual disk temporarily disables the network connection to that same disk; the SEP NTP installation can't finish, the machine stops responding, and the problem repeats itself on reboot.

Install SEP and NTP using a representational base machine whose hardware settings match those of the machines with which you want to share a virtual disk. Install onto a physical drive or a virtual machine that uses a "conventional" virtual drive (one that is not accessed using a network boot). Make sure the initial reboot and configuration are complete, then use XenConvert to convert the drive to a virtual disk. Machines booting to that virtual disk should then behave normally.


References

When using a provisioned virtual hard disk, Citrix does not recommend installing or upgrading ANY software that binds to the network adapter. See link below.

"How to Install Windows Updates on a Virtual Disk"
http://support.citrix.com/article/CTX115312

Excerpts (emphasis added):
"Note: In Private Image mode, HARDWARE, OPTIONAL should NOT be performed when it lists a new network adapter driver, as Windows may hang at the meter upon reboot or blue screen."

"...many other applications bind to the network adapter; thus, they should also be considered when performing Windows updates in Private Image mode. Some of these other applications include:
• Personal firewall
• Ethereal (WinPCAP)
• SenForce port blocker
• VPNs"