次の方法で共有

Cluster Shared Volumes (CSV) in redirected access mode after installing McAfee VSE 8.7 Patch 5 or 8.8 Patch 1

  • [アーティクル]

There is an issue with Cluster Shared Volumes and McAfee VirusScan Enterprise that I wanted to pass along.  When installing McAfee VSE 8.7 Patch 5 or 8.8 Patch 1, the CSV drives will go into redirected mode and will not go out of it.

The reason for this is that the McAfee filter driver (mfehidk.sys) is using decimal points in the altitude to help in identifying upgrade scenarios for their product.  The Cluster CSV filter only accepts whole numbers and puts the drives in redirected access mode when it sees this decimal value.

When seeing this, if you run FLTMC from an administrative command prompt, you may see something similar too:

C:> fltmc

Filter Name Num Instances Altitude Frame
------------------------------------------------------
CSVFilter 2 404900 0
mfehidk 329998.99 <Legacy>
mfehidk 2 321300.00 0

If you were to generate a Cluster Log, you would see the below identifying that it cannot read the altitude value properly.

INFO [DCM] FsFilterCanUseDirectIO is called for \?Volume{188c44f1-9cd0-11df-926b-a4ca2baf36ff}
ERR mscs::FilterSnooper::CanUseDirectIO: BadFormat(5917)' because of 'non-digit found'
INFO [DCM] PostOnline. CanUseDirectIO for C2V1 => false

McAfee has released the following document giving a temporary workaround.

Cluster Shared Volumes (CSV) status becomes Online (Redirected access)
https://kc.mcafee.com/corporate/index?page=content&id=KB73596

Microsoft is aware of the problem and currently working on a fix.  When this fix is available, this will be updated and a new KB Article will be created with the fix.

John Marlin
Senior Support Escalation Engineer
Microsoft Enterprise Platforms Support

Comments

  • Anonymous
    January 01, 2003
    Hi,We are currently experiencing this exact problem, is there an update, or somewhere I should check back for where the update will appear when it is?Thank you. :)
  • Anonymous
    January 01, 2003
    @Thomas, @Mike,,
    This was fixed in 2012/2012R2 and does not have the problem with the decimal value. Move the CSV ownership to another node so you get an online process. Generate a cluster log (get-clusterlog -node nodename) and find at the bottom where it came online. During the online process, it will give you the driver it is having a problem with. There are some drivers that are simply incompatible with CSV and sounds like what your problem is.
  • Anonymous
    January 01, 2003
    Microsoft has released a fix for this now.2674551Redirected mode is enabled unexpectedly in a Cluster Shared Volume when you are running a third-party application in a Windows Server 2008 R2-based clustersupport.microsoft.com/default.aspx
  • Anonymous
    March 16, 2012
    John - faced the same problem. Has Microsoft came up with a fix or KB.
  • Anonymous
    April 19, 2013
    Is this also an issue on Windows Server 2012?
  • Anonymous
    March 04, 2015
    I am experiencing this same issue with Server 2012 and 2012R2. Is Microsoft planning on developing a KB for 2012/2012R2 as well or can we expect McAfee to fix this issue on their end with 8.8 patch 5?