Thanks Steve - are you running with Patch 3 for AV8.7i ?

Also is it a scan timeout that's causing the termination ? - if so is the object being scanned particularly large or does it seem to be some sort  of arbitrary lock out ?

JIm

Yes, I'm running 8.7i with patch 3 with the 5400.1158 scan engine.

The crash is being caused by a scan timeout, tried extending the time and that just holds off the inevitable restart.

It can crash on small files and not the ones in it's own folder, it does just seem to be an arbitrary lock out where the file has been opened by the server but the antivirus then tries to scan it but neither wants to back down.

It's not files being opened by the client or even in folders accessible by them it can occur on any file. I've attached a couple of the event log entries below

A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 150000 ms to complete a request.

The process will be terminated. Thread id : 7376 (0x1cd0)

Thread address : 0x7C82860C

Thread message :

Build VSCORE.14.1.0.524 / 5400.1158

Object being scanned = \Device\HarddiskVolume3\

by C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe

17018(15)(0)

17017(0)(1)

7007(0)(0)

5006(0)(0)

5004(0)(0)

5003(0)(0)

5002(0)(1)

15002(0)(0)

Thanks for the additional info. Steve - your findings pretty much mirror mine - though we haven't tried Patch 3 yet and excluding the reported file just seesm to allow it to fail on a different file the next time.....

I don't suppose you've tried the "opportunistic locking" "possible fix" ?

JIm

Well my other servers all have the oplocks turned off but this server is acting as the repository for the offline files for vista and windows 7 machines.

I re-enabled it on this server as turning off the oplocks prevented those machines from sync'ing.

Thanks Steve - so did you have this server running for a short period with oplocks disbaled and not see the problem or did any of your other servers have the problem and see it fixed by turning off the oplock ?

My servers that are being affected are hosting AV8.7i P2 for O/S AV and acting as the AV Enterprise Storage Scan servers for some NetApp hosted Filers so I'd think I could "get away" with turning off the Oplock feature if it would resolve the issue....

Jim

I use a file based CRM software on our corporate desktops that has to have oplocks turned off by default to prevent corruption, so whenever I install a server I turn off the oplocks.

I only re-enabled it on this server when we started getting desktops with Vista which wouldn't synchronize their offline files so I moved all their home drives to this server and turned them back on at which point the resets started. None of my other servers have the issue.

Cheers Steve - sounds like testing with oplocks off is next on my agenda.

Thanks for taking the time to respond - very much appreciated

Jim

HI Ron - having reviewed  the artivle you mention it does look to me as if you could be on to a valid workaround for the Vista/2008 Syny issue - not a problem in my environment but could beuseful for others.

Jim