Windows OS crashes (BSOD) with a DPC_WATCHDOG_VIOLATION (133) Stop error message.
Windows Server 2012-based computer with SEP (Symantec Endpoint Protection) networking components installed.
DPC_WATCHDOG_VIOLATION (133) Stop error message
Probably caused by : SYMNETS.SYS
The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL
This can occur on extremely busy servers with many active network connections, and may simply be due to the limitations of a software-based firewall such as SEP and the connection-tracking component of SYMNETS.
In most cases, the solution is to use SEP without the related networking components:
In SEP 12.1.x, use strictly Virus/Spyware Protection only. Remove Advanced Download Protection, Outlook/Notes Scanner, and Proactive and Network Threat Protection.
In SEP 14.0 and newer, the connection-tracking component of SYMNETS has been decoupled from the rest of SEP, and the Firewall is the only component that needs to be removed to relieve these symptoms. Other components need not be removed (Intrusion Prevention, Proactive Threat Protection, Advanced Download Protection, and mail scanners may remain installed).
Note that the hotfix above will install on Server 2012 but not on 2012 R2 ("The update is not applicable to your computer"). But the net result of the hotfix is to add the following registry values, which can be done manually on 2012 R2:
The intent of these registry values is to increase the DPC Timeout that causes the crash message. With these values in place, reboot the affected machine. Crashes may no longer occur, but sluggish performance may be noted during periods of high network activity.
SYMNETS involvement can be confirmed if crashes / slow performance no longer occur after disabling that driver and rebooting.
Subscribing will provide email updates when this Article is updated. Login is required.