Freigeben über


FIXED: Cluster Shared Volumes (CSV) in redirected access mode after installing McAfee VSE 8.7 Patch 5 or 8.8 Patch 1

A fix for the above titled problem has been released.  If you are running into this problem, please downlaod and install the following fix on all Clusters running McAfee and wanting the updates they provide.

2674551
Redirected mode is enabled unexpectedly in a Cluster Shared Volume when you are running a third-party application in a Windows Server 2008 R2-based cluster
https://support.microsoft.com/default.aspx?scid=kb;EN-US;2674551

===============

Below is the information from the original post:

There is an issue with Cluster Shared Volumes and McAfee VirusScan Enterprise that I wanted to pass along. When installing McAfee VSE 8.7 Patch 5 or 8.8 Patch 1, the CSV drives will go into redirected mode and will not go out of it.

The reason for this is that the McAfee filter driver (mfehidk.sys) is using decimal points in the altitude to help in identifying upgrade scenarios for their product. The Cluster CSV filter only accepts whole numbers and puts the drives in redirected access mode when it sees this decimal value.

When seeing this, if you run FLTMC from an administrative command prompt, you may see something similar too:

C:> fltmc

Filter Name Num Instances Altitude Frame
------------------------------------------------------
CSVFilter 2 404900 0
mfehidk 329998.99 <Legacy>
mfehidk 2 321300.00 0

If you were to generate a Cluster Log, you would see the below identifying that it cannot read the altitude value properly.

INFO [DCM] FsFilterCanUseDirectIO is called for \?Volume{188c44f1-9cd0-11df-926b-a4ca2baf36ff}
ERR mscs::FilterSnooper::CanUseDirectIO: BadFormat(5917)' because of 'non-digit found'
INFO [DCM] PostOnline. CanUseDirectIO for C2V1 => false

McAfee has released the following document giving a temporary workaround.

Cluster Shared Volumes (CSV) status becomes Online (Redirected access)
https://kc.mcafee.com/corporate/index?page=content&id=KB73596

Microsoft is aware of the problem and currently working on a fix. When this fix is available, this will be updated and a new KB Article will be created with the fix.

John Marlin
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support

Comments

  • Anonymous
    April 12, 2013
    John, I am wondering if their is a hotfix for same as it relates to Server 2012 Cluster?The driver in question is from Shadowprotect -C:WindowsSystem32>fltmcFilter Name Num Instances Altitude Framestcvsm 429998.99 <Legacy>CsvNSFlt 1 404900 0CsvFlt 1 404800 0MpFilter 5 328000 0CCFFilter 1 261160 0ResumeKeyFilter 1 202000 0luafv 1 135000 0npsvctrig 1 46000 0
  • Anonymous
    April 17, 2014
    こんにちは。Windows プラットフォーム サポートの加藤です。
    最近いただくお問い合わせのひとつに、Windows Server 2008 R2 のクラスター環境に McAfee VSE 8
  • Anonymous
    July 07, 2015
    wow, this was not fixed for 2012 ?
  • Anonymous
    July 07, 2015
    The comment has been removed
  • Anonymous
    November 18, 2015
    The comment has been removed