FIXED: Cluster Shared Volumes (CSV) in redirected access mode after installing McAfee VSE 8.7 Patch 5 or 8.8 Patch 1
A fix for the above titled problem has been released. If you are running into this problem, please downlaod and install the following fix on all Clusters running McAfee and wanting the updates they provide.
2674551
Redirected mode is enabled unexpectedly in a Cluster Shared Volume when you are running a third-party application in a Windows Server 2008 R2-based cluster
https://support.microsoft.com/default.aspx?scid=kb;EN-US;2674551
===============
Below is the information from the original post:
There is an issue with Cluster Shared Volumes and McAfee VirusScan Enterprise that I wanted to pass along. When installing McAfee VSE 8.7 Patch 5 or 8.8 Patch 1, the CSV drives will go into redirected mode and will not go out of it.
The reason for this is that the McAfee filter driver (mfehidk.sys) is using decimal points in the altitude to help in identifying upgrade scenarios for their product. The Cluster CSV filter only accepts whole numbers and puts the drives in redirected access mode when it sees this decimal value.
When seeing this, if you run FLTMC from an administrative command prompt, you may see something similar too:
C:> fltmc
Filter Name Num Instances Altitude Frame
------------------------------------------------------
CSVFilter 2 404900 0
mfehidk 329998.99 <Legacy>
mfehidk 2 321300.00 0
If you were to generate a Cluster Log, you would see the below identifying that it cannot read the altitude value properly.
INFO [DCM] FsFilterCanUseDirectIO is called for \?Volume{188c44f1-9cd0-11df-926b-a4ca2baf36ff}
ERR mscs::FilterSnooper::CanUseDirectIO: BadFormat(5917)' because of 'non-digit found'
INFO [DCM] PostOnline. CanUseDirectIO for C2V1 => false
McAfee has released the following document giving a temporary workaround.
Cluster Shared Volumes (CSV) status becomes Online (Redirected access)
https://kc.mcafee.com/corporate/index?page=content&id=KB73596
Microsoft is aware of the problem and currently working on a fix. When this fix is available, this will be updated and a new KB Article will be created with the fix.
John Marlin
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support
Comments
- Anonymous
April 12, 2013
John, I am wondering if their is a hotfix for same as it relates to Server 2012 Cluster?The driver in question is from Shadowprotect -C:WindowsSystem32>fltmcFilter Name Num Instances Altitude Framestcvsm 429998.99 <Legacy>CsvNSFlt 1 404900 0CsvFlt 1 404800 0MpFilter 5 328000 0CCFFilter 1 261160 0ResumeKeyFilter 1 202000 0luafv 1 135000 0npsvctrig 1 46000 0 - Anonymous
April 17, 2014
こんにちは。Windows プラットフォーム サポートの加藤です。
最近いただくお問い合わせのひとつに、Windows Server 2008 R2 のクラスター環境に McAfee VSE 8 - Anonymous
July 07, 2015
wow, this was not fixed for 2012 ? - Anonymous
July 07, 2015
The comment has been removed - Anonymous
November 18, 2015
The comment has been removed