Symantec launched my blogging career by being so idiosyncratic, so I should not be surprised with this one.
Last month we installed SBS 2003 and setup a DHCP scope. So far so good. We installed Symantec Backup Exec, Endpoint Protection, and the usual suspects. In the middle of our conversion, we had issues with DHCP not working. Having done a slew of SBS migrations, I was stumped. In the end to save time, I chalked it up to an anomaly and assigned static IPs to the six clients. Well the exact same issue repeated itself last week at another SBS migration. My partner in crime, Matt Sims, figured it out.
It turns out that SEP (Symantec Endpoint Protection) is to blame. For those of you who don’t know, SEP installs AV, network protection, and application protection in one “neat” little package. Why a Windows Server should have a firewall is a beyond me, but reasonable people may differ. The default firewall policy in SEP blocks DHCP. (I would love to meet the geniuses that hatched this idea.) Right now I have only found official Symantec documentation that notes this is SBS only. Keep in mind that SBS is like Windows Server for Dummies.
Their fix is to modify the firewall policy to allow for DHCP. We disabled the firewall on both server and client sides, because we saw no need for them. The choice is yours.
