Problem with DFS shares.

Discussion in 'ESET NOD32 Antivirus' started by SupportDC, Oct 29, 2008.

Thread Status:
Not open for further replies.
  1. SupportDC

    SupportDC Registered Member

    Joined:
    Oct 29, 2008
    Posts:
    1
    After extensive testing I have identified a problem with DFS (Distributed File Share) and Nod32 in the following situation:

    Fileserver: Windows 2008 Server Standard edition
    File share: Domain based DFS-share (Windows 2000 mode)
    Domain AD version: Windows 2003 Native
    Client: Windows XP SP3 (all Windows updates) (No problem with Windows Vista)
    NOD: Nod32 3.0.672.0 (same result with 2.7 version)

    If you activate Offline files on the file share you get an unwanted behavior. When you are connected to the network and access the file share with explorer the computer reports that the server is offline. You can then connect to the fileshare again and synchronize (usually). Accessing the folder again makes it go offline everytime.

    I have indications that there are problems even without 'Offline Files' activated. When you attach a file from a DFS share to an email in Outlook it sometimes hangs or crashes.

    If you turn off real-time scanning on network shares in Nod32 there are no problems.

    Suggestions anyone?
     
  2. jarmal

    jarmal Registered Member

    Joined:
    Oct 29, 2008
    Posts:
    2
    I can confirm problems of Nod32 with DFS network shares in Active Directory environment.
    We don't use offline files but when client access DFS shares it generates a lot of "Unknown user name or bad password" audit warnings on domain controllers. Such account is locked out in few seconds.
    Disabling real time virus protection or accessing file servers directly (without DFS) solves problem.
     
  3. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Hi,

    I'd be interested to hear if the issue persists in your environment with with Real-time protection:Media to scan:Network Drives unchecked?
    Screenshot - 30_10_2008 , 12_43_46 AM.png

    Cheers :)
     
  4. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    We use DFS a lot here. Our Zenworks patches to 600 stations comes from a DFS share. We have DFS FRS shares replicated and hosting applications. What we do not use DFS for is users data (Excel, Word, et al.)

    99% of the clients are XP SP3 with Nod 3.0.672. The servers are a mix of 2000 and 2003 standard edition with the latest SP and hotfixes. The servers are a mix of Nod32 2.7.0.39 and 3.0.672.

    We have scan network folders on for every device.

    FWIW - We have not yet experience this problem.
     
  5. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Did you follow Microsoft's instructions for setting up scanning exceptions on servers running DFS shares/domain controllers?
     
  6. jarmal

    jarmal Registered Member

    Joined:
    Oct 29, 2008
    Posts:
    2
    Yes, when scanning of network drives is unchecked problem vanishes. You can also disable "scan on open" it also helps. It helps but it also make your antivirus protection worse.

    Problems start when user browse folders with Windows Explorer. When you enter folders with hundreds of files your account is locked out in second and domain controller says that user provided 50 times wrong password (maximum numer until account is locked out). Mind that explorer in such situations opens files and read icons or other file parameters.
    Except of this wrong password issue and accounts lockout everything else works fine. Access to files is not blocked and viruses are detected properly.

    edwin333 It's good to hear that DFS and NOD32 work for you together. It seems there is still hope that problem can be solved somehow. We don't use FSR yet so problem is not related to file replication.

    No I didn't. I've never heard of that. Can you be more specific? But problem is not related with scaning on servers but with scaning on client machines.
     
  7. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Check out this article: http://myitforum.com/cs2/blogs/scas...uld-be-considered-for-system-and-servers.aspx

    DFS and domain controllers are essentially running database services and if the server hosting the share is trying to scan a file while serving it while a client is also trying to access it and has network drive scanning enabled you could easily see a locking conflict that will cause access denied errors and other weird authentication issues. This is a pretty comprehensive guide to setting up exclusions for the major Microsoft services along with related KB articles: http://myitforum.com/cs2/blogs/scas...uld-be-considered-for-system-and-servers.aspx
     
  8. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Regarding Windows suggestion about not scanning DFS.

    Our DFS FRS was spread among Windows 2000 servers and Windows 2003 servers, running latest SP.

    We had the problem of high utilization and FRS never fully syncing. It only affected the 2000 servers. I really didn't want to disable AV on those so I moved the FRS to only be on 2003 servers. I don't have the issues on 2003.

    Server 2000, SP1 2 3 and 4 all have different versions of DFS FRS. It gets better each version.

    Server 2003 SP1, SP2 have even better versions. SP2 with all the post SP2 hotfixes (some apply to DFS/FRS) has been the best and solve many issues we have experienced. The only issue we currently have is that sometimes a PC in Miami will be directed to a server in California. We are a hub and spoke configuration so that is two hops and is very slow. The PC in Miami should be talking to the FRS server in Missouri, which is the central location.
     
  9. kanalQko

    kanalQko Eset Staff

    Joined:
    Jan 12, 2009
    Posts:
    4
    Have you tried to set exclusions?

    a.) %systemroot%\ntfrs folder (include all the sub-folders and files)
    b.) Files that have the .log and .dit extension

    if your issue persists contact me via prvt msg
     
  10. kanalQko

    kanalQko Eset Staff

    Joined:
    Jan 12, 2009
    Posts:
    4
    also include to exceptions Frs-Aging folder,
     
  11. MOgWai46

    MOgWai46 Registered Member

    Joined:
    Jun 18, 2009
    Posts:
    2
    I have the same problem in my network. I have two domain controller Windows 2003 Server R2 Sp2 and one machine Windows 2008 Server for the DFS. On these three server there aren't install Nod32.

    When i use explorer to browse DFS share by a Windows Xp Sp3 Client with Nod32 4.0.424, explorer.exe hangs. I tried to disable the Network scan on the client options but the problem still up again.

    Any Ideas?

    Best Regards

    PS: Sorry for my bad english :|
     
  12. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    I heard that at some future time a new updated version will be released that will address some of the specific technical issues behind the scenes with this.

    Although it is hardly a solution or workaround it would be interesting to hear the result of using this test for fault finding and reporting (for those who are in a position to do so):
    [post=1438990]here[/post] and then [post=1439453]here[/post]

    Cheers :)
     
  13. mkuntic

    mkuntic Registered Member

    Joined:
    Mar 6, 2008
    Posts:
    54
Thread Status:
Not open for further replies.