Scanner disconnects from Filer when using SMB2 with SAV for NAS 5.2 and NetApp Filer
|Article:TECH156942|||||Created: 2011-03-30|||||Updated: 2012-03-09|||||Article URL http://www.symantec.com/docs/TECH156942|
The NetApp Filer syslog periodically reports that Symantec AntiVirus for Network Attached Storage 5.2 has disconnected from the Filer. If the scanner is under load, this will typically be accompanied with Generic 6 errors in the Scan Engine log files.
Wed Feb 9 23:05:23 EST [xxxxx: vscan.server.connecting.disconnect:info]: CIFS: Vscan server \\XXXXXXXX deregistered and will be removed from the list of available vscan servers.
Wed Feb 9 23:05:23 EST [xxxxx: cifs.server.infoMsg:info]: CIFS: Warning for server \\XXXXXXXXX: Connection terminated.
Wed Feb 9 23:05:23 EST [xxxxx: vscan.dropped.connection:warning]: CIFS: Virus scan server \\XXXXXXXX (10.10.10.10) has disconnected from the filer.
Wed Feb 9 23:05:34 EST [xxxxx: vscan.virus.created:ALERT]: CIFS: Possible Virus Detected - File ONTAP_ADMIN$\<file-path> may be infected. The filer received status message Internal server error and error code [0x5] from vscan (anti-virus) server 10.1.150.11.
Wed Feb 9 23:05:40 EST [xxxxx: vscan.server.connecting.successful:info]: CIFS: Vscan server \\XXXXXXXX registered with the filer successfully.
Wed Feb 9 23:05:59 EST [xxxxx: vscan.server.connecting.disconnect:info]: CIFS: Vscan
It is likely that this will be accompanied with Generic 6 Errors reported by Symantec AntiVirus for Network Attached Storage 5.2. Check the Scan Engine log files to confirm.
Symantec AntiVirus for Network Attached Storage 5.2.x, NetApp Filer, SMB 2.0 enabled on the Scan Engine server and Filer.
The issue is caused by a feature in SMB2. Microsoft introduced an Authentication Expiration period in SMB2. If scan requests occur after this ticket has expired, but before the scanner and Filer reconnect the request will fail. The NetApp AV connector has not accounted for this Authentication Expiration period in SMB2 yet.
The workaround is to disable SMB2. Currently NetApp is working on a fix for their AV connector so that it does not run into this SMB2 Authentication Expiration timer.
Please also see TECH143591, http://www.symantec.com/docs/TECH143591 as this is closely related and could be more helpful.
Additionally, if disabling SMB2 is not an option, we would suggest contacting NetApp for updates regarding support for SMB2 and their AV connector (Bug ID 470972), http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=470972.
Article URL http://www.symantec.com/docs/TECH156942