We had huge issues with Citrix servers recently. The problem was related to users being unable to run Shared desktop from Citrix servers. We have noticed that many of our Windows Server 2008 R2 machines stuck at the post login process.
The login process stopped at “Applying computer Settings” or “Applying Group Policy settings” or you might even get a blank screen by pressing CTRL+ALT+DELETE.
Upon restart of those servers, the same thing happened. We were unable to log on to the server.
In our case, the problem lied in the new Symantec AV definitions that were preventing the login process for Windows Server / Citrix machines.
To be able to solve this issue and restore the server to fully functional state here’s what you should do:
Boot into the Safe Mode
Open Windows Explorer and navigate to:
C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\SDSDefs
Delete the contents of the SDSDefs folder
A problematic update has the following folder name:
20170802.008
Reboot your machine. Your server should be able to log in now. Before booting the server make sure that you have turned off Symantec AV server to prevent this update until the fixed update.
If this won’t help you can also uninstall Symantec AV from the safe mode, but it will require registry change in order to enable MSI server in the safe mode.
Once in Safe Mode, type the following command in Command Prompt:
REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer” /VE /T REG_SZ /F /D “Service”
After that type:
net start msiserver
This will start the Windows Installer Service and you will be able to uninstall the Symantec Antivirus in the Safe Mode.
Hope this helps.