I am, it's a little less frequent but had a restart yesterday. Again it's only on the server with oplocks enabled.
Thanks Steve - are you running with Patch 3 for AV8.7i ?
Also is it a scan timeout that's causing the termination ? - if so is the object being scanned particularly large or does it seem to be some sort of arbitrary lock out ?
JIm
Yes, I'm running 8.7i with patch 3 with the 5400.1158 scan engine.
The crash is being caused by a scan timeout, tried extending the time and that just holds off the inevitable restart.
It can crash on small files and not the ones in it's own folder, it does just seem to be an arbitrary lock out where the file has been opened by the server but the antivirus then tries to scan it but neither wants to back down.
It's not files being opened by the client or even in folders accessible by them it can occur on any file. I've attached a couple of the event log entries below
A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 150000 ms to complete a request.
The process will be terminated. Thread id : 7376 (0x1cd0)
Thread address : 0x7C82860C
Thread message :
Build VSCORE.14.1.0.524 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\
by C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe
17018(15)(0)
17017(0)(1)
7007(0)(0)
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)
15002(0)(0)
A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 150000 ms to complete a request.
The process will be terminated. Thread id : 7764 (0x1e54)
Thread address : 0x7C82860C
Thread message :
Build VSCORE.14.1.0.524 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Current\VIRUSCAN8700
by C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
17018(31)(0)
17017(0)(1)
7007(0)(0)
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)
15002(0)(0)
A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 150000 ms to complete a request.
The process will be terminated. Thread id : 6996 (0x1b54)
Thread address : 0x7C82860C
Thread message :
Build VSCORE.14.1.0.524 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\wbem\Logs\wbemcore.log
by C:\WINDOWS\System32\svchost.exe
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)
15002(0)(0)
5000(0)(0)
A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 150000 ms to complete a request.
The process will be terminated. Thread id : 4900 (0x1324)
Thread address : 0x7C82860C
Thread message :
Build VSCORE.14.1.0.524 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\OnlineBackups\
by System:Remote
17018(0)(0)
17017(0)(1)
7007(0)(0)
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)
15002(0)(0)
A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 150000 ms to complete a request.
The process will be terminated. Thread id : 2196 (0x894)
Thread address : 0x7C82860C
Thread message :
Build VSCORE.14.1.0.524 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\virtual machines\wsusepo1
by C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
17018(16)(0)
17017(0)(1)
7007(0)(0)
5006(0)(0)
5004(0)(0)
5003(0)(0)
5002(0)(1)
15002(0)(0)
Thanks for the additional info. Steve - your findings pretty much mirror mine - though we haven't tried Patch 3 yet and excluding the reported file just seesm to allow it to fail on a different file the next time.....
I don't suppose you've tried the "opportunistic locking" "possible fix" ?
JIm
Well my other servers all have the oplocks turned off but this server is acting as the repository for the offline files for vista and windows 7 machines.
I re-enabled it on this server as turning off the oplocks prevented those machines from sync'ing.
Thanks Steve - so did you have this server running for a short period with oplocks disbaled and not see the problem or did any of your other servers have the problem and see it fixed by turning off the oplock ?
My servers that are being affected are hosting AV8.7i P2 for O/S AV and acting as the AV Enterprise Storage Scan servers for some NetApp hosted Filers so I'd think I could "get away" with turning off the Oplock feature if it would resolve the issue....
Jim
I use a file based CRM software on our corporate desktops that has to have oplocks turned off by default to prevent corruption, so whenever I install a server I turn off the oplocks.
I only re-enabled it on this server when we started getting desktops with Vista which wouldn't synchronize their offline files so I moved all their home drives to this server and turned them back on at which point the resets started. None of my other servers have the issue.
Cheers Steve - sounds like testing with oplocks off is next on my agenda.
Thanks for taking the time to respond - very much appreciated
Jim
SteveTroup wrote:
I use a file based CRM software on our corporate desktops that has to have oplocks turned off by default to prevent corruption, so whenever I install a server I turn off the oplocks.
I only re-enabled it on this server when we started getting desktops with Vista which wouldn't synchronize their offline files so I moved all their home drives to this server and turned them back on at which point the resets started. None of my other servers have the issue.
jmaxwell wrote:
Cheers Steve - sounds like testing with oplocks off is next on my agenda.
Thanks for taking the time to respond - very much appreciated
Jim
Steve and Jim,
I had an idea.
We seem to be at an enpass with OpLocks (off) and Offline Synchronization on Windows Vista/7 clients.
I researched a bit and came across two MS articles related to this problem.
It seems that with Windows Vista, Server 2008, Server 2008 r2, and 7, MS has enabled a new version of SMB v2 (SMB2). It is suppose to perform better, etc. However, MS took away some of the Opportunistic Locking controls present in the legacy SMB(1) protocol. (Notably, the ability to turn off OpLocks has been removed.) With SMB2 operating, OpLocks are in play. This is probably the cause of the Off-line file synchronization issue running on a server which has OpLocks Off.
According to this article: http://support.microsoft.com/kb/950836/EN-US talks about performance issues with the new SMB2 protocol built into Windows Vista, Server 2008, Server 2008 r2, and 7. The workaround is to Shut Off SMB2. All communications revert back to the legacy SMB(1) protocol.
What I propose here, is that you turn off SMB2 on the client and on the server shut off OpLocks like the other servers in this environment.
REGEDIT4
;; see http://support.microsoft.com/kb/950836/EN-US
;; Server Side controls (also set on Workstations) (Reboot needed to take effect.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"SMB2"=dword:00000000
;; "SMB2"=-
HI Ron - having reviewed the artivle you mention it does look to me as if you could be on to a valid workaround for the Vista/2008 Syny issue - not a problem in my environment but could beuseful for others.
Jim
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA