Location Awareness and NSlookup fail on SEP client on NSX VDI
search cancel

Location Awareness and NSlookup fail on SEP client on NSX VDI


Article ID: 231546


Updated On:


Endpoint Protection


You are seeing that Symantec Endpoint Protection clients may not adhere to some locations based on NSlookups, Pings or Traceroutes on VDI clients based on NSX infrastructure.  You note the issue is intermittent and may cause load balance issues.


All Windows 10, server 2012, server 2016, server 2019 and server 2022.


The Vmware NSX driver may need an update.  Symantec has seen in the past excessive TCP DNS retries that lead to loss of connectivity when stack or driver injection occurs on a NSX hosted GUEST. Since both the NSX driver injects into the GUEST OS network stack and SEP injects for IPS and or Application Device control a conflict can arise.



The primary solution is to contact VMWARE to determine the proper upgrade version based on your NSX cluster revision.  Once updated in the observed support cases the excessive retries were no longer observed and DNS retries were limited to a non-race condition.