Scanner disconnects from Filer when using SMB2 with SAV for NAS 5.2 and NetApp Filer
|Article:TECH156942|||||Created: 2011-03-30|||||Updated: 2013-06-20|||||Article URL http://www.symantec.com/docs/TECH156942|
The NetApp Filer syslog periodically reports that Symantec AntiVirus for Network Attached Storage 5.2 has disconnected from the Filer. If the scanner is under load, this will typically be accompanied with Generic 6 errors in the Scan Engine log files.
Wed Feb 9 23:05:23 EST [xxxxx: vscan.server.connecting.disconnect:info]: CIFS: Vscan server \\XXXXXXXX deregistered and will be removed from the list of available vscan servers.
Wed Feb 9 23:05:23 EST [xxxxx: cifs.server.infoMsg:info]: CIFS: Warning for server \\XXXXXXXXX: Connection terminated.
Wed Feb 9 23:05:23 EST [xxxxx: vscan.dropped.connection:warning]: CIFS: Virus scan server \\XXXXXXXX (10.10.10.10) has disconnected from the filer.
Wed Feb 9 23:05:34 EST [xxxxx: vscan.virus.created:ALERT]: CIFS: Possible Virus Detected - File ONTAP_ADMIN$\<file-path> may be infected. The filer received status message Internal server error and error code [0x5] from vscan (anti-virus) server 10.1.150.11.
Wed Feb 9 23:05:40 EST [xxxxx: vscan.server.connecting.successful:info]: CIFS: Vscan server \\XXXXXXXX registered with the filer successfully.
Wed Feb 9 23:05:59 EST [xxxxx: vscan.server.connecting.disconnect:info]: CIFS: Vscan
It is likely that this will be accompanied with Generic 6 Errors reported by Symantec AntiVirus for Network Attached Storage 5.2. Check the Scan Engine log files to confirm.
Symantec AntiVirus for Network Attached Storage 5.2.x, NetApp Filer, SMB 2.0 enabled on the Scan Engine server and Filer.
There is more than one known cause of this issue.
1/The issue is caused by a feature in SMB2. Microsoft introduced an Authentication Expiration period in SMB2. If scan requests occur after this ticket has expired, but before the scanner and Filer reconnect the request will fail. The NetApp AV connector has not accounted for this Authentication Expiration period in SMB2 yet.
2/This issue has also been known to occur when the Windows firewall is not correctly configured to allow RPC communications from the Scan engine to the Netapp filer.
1/The workaround is to disable SMB2. Currently NetApp is working on a fix for their AV connector so that it does not run into this SMB2 Authentication Expiration timer.
Please also see TECH143591, http://www.symantec.com/docs/TECH143591 as this is closely related and could be more helpful.
Additionally, if disabling SMB2 is not an option, we would suggest contacting NetApp for updates regarding support for SMB2 and their AV connector (Bug ID 470972), http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=470972.
2/Please refer to TECH146058 for information on how to configure RPC with the Windows firewall.
Article URL http://www.symantec.com/docs/TECH156942