We have an unmanaged client installation of Symantec Endpoint Protection (12.1) on a server running Windows Server 2012 R2 Essentials as the operating system. Per Microsoft, the server OS is configured to function as the DNS server for the small domain network involved. We are having problems with the workstations seeing/finding the server. This can be seen in everything from the initial Essentials "Connector" software (which is what is used to add a workstation to the Essentials domain) to later workstation boot-up where mapped server drives aren't found and the Internet connection is shown as a workgroup network, rather than the domain network that is actually there.
The only way I can consistently make the workstation start up and operate properly on this small domain network is to disable the SEP firewall on the server. When I do that, the workstation/server connection works every time. With the SEP firewall enabled, it almost always fails (and a workgroup network setting is shown, with no sign of the server being recognized).
For security purposes, I would rather not permanently disable the SEP firewall on the server. However, I have to have the workstations start up properly and find the server/network. As a less extreme way of handling what seems to be a DNS problem, could I create a new firewall rule that opens Port 53 on the server (the DNS port)? The SEP help screen mentions doing this for UDP but should I also create a rule for TCP? For this to work, do I also have to disable the Smart DNS function in the SEP firewall settings?
Thanks for any advice or suggestions you can offer.