Followup - we've figured out that the problem arises if you _uncheck_ the 
"Browse Files and Printers on the network" box in the Symantec menu:

    Network Threat Protection Settings: Microsoft Windows Networking

The other checkbox, "Share my files and printers..." should be left 
unchecked unless you really want to do that.

For a more secure system, we can create a targeted rule allowing just the 
OpenAFS services, but it is cumbersome to describe.  Send mail to Research 
Computing if you want to do this.

On Thu, 17 Mar 2011, Richard Brittain wrote:

> It has come to our notice that a fresh install of Symantec Endpoint 
> Protection, following all the configuration steps suggested in
> <http://www.dartmouth.edu/comp/soft-comp/software/downloads/windows/sav.html>, 
> can result in a system blocking the traffic used for authentication.  It can 
> be fixed by creating a new rule explicitly allowing UDP traffic from the 
> applications "afscreds.exe" and "klog.exe".  Other OpenAFS utilities and the 
> core client functionality don't seem to need any special configuration.
>
> If you use OpenAFS on Windows and have Symantec Endpoint Protection 
> installed, please let us know if you have encountered problems.  It will be 
> very obvious -- the authentication tools will complain that they cannot reach 
> any authentication servers.
>
> This situation seems to have arisen some time in the last few months.
>
> Richard

-- 
Richard Brittain,  Research Computing Group,
                    Computing Services, 37 Dewey Field Road, HB6219
                    Dartmouth College, Hanover NH 03755
[log in to unmask] 6-2085