Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

NetApp Filer frequently disconnects from the ServerProtect for NetApp Scan Server

    • Updated:
    • 13 Apr 2016
    • Product/Version:
    • ServerProtect for Network Appliance Filer 5.8
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Standard
Summary

When using ServerProtect for Network Appliance, the registration of the filer is through the management console. However, errors similar to the following occur:

  • The registration appears to be successful on the management console. However, when invoking the "vscan" command on the NetApp Filer command line, the ServerProtect for NetApp Scan Server name appears and disappears after some time. Dropping the EICAR test file on the filer does not result to any detection on the part of the scan server.
    Mon Oct 17 13:59:15 CDT [filer-name: vscan.server.connecting.successful:info]: CIFS: Vscan server \\SCANSERVER-NAME registered with the filer successfully.
    Mon Oct 17 13:59:20 CDT [filer-name: vscan.dropped.connection:warning]: CIFS: Virus scan server \\SCANSERVER-NAME (ip.address.of.scan-server) has disconnected from the filer.
    Mon Oct 17 13:59:45 CDT [filer-name: vscan.server.connecting.successful:info]: CIFS: Vscan server \\SCANSERVER-NAME registered with the filer successfully.
    Mon Oct 17 13:59:47 CDT [filer-name: vscan.dropped.connection:warning]: CIFS: Virus scan server \\SCANSERVER-NAME (ip.address.of.scan-server) has disconnected from the filer.
  • Running the "vscan" command indicates the ServerProtect for NetApp Scan Server name, but all of the scans indicate failure. Dropping the EICAR test file on the filer also does not result to any detection on the part of the scan server.
    Mon Oct 17 10:15:20 CDT [filer-name: nbt.nbss.socketError:error]: NBT: Cannot connect to server ip.address.of.scan-server over NBSS socket for port 139. Error 0x23: Resource temporarily unavailable.
    Mon Oct 17 10:15:20 CDT [filer-name: cifs.server.infoMsg:info]: CIFS: Warning for server \\SCANSERVER-NAME: Could not make TCP connection.
    Mon Oct 17 10:15:44 CDT [filer-name: vscan.server.connecting.successful:info]: CIFS: Vscan server \\SCANSERVER-NAME registered with the filer successfully.
    Mon Oct 17 10:15:51 CDT [filer-name: cifs.server.infoMsg:info]: CIFS: Warning for server \\SCANSERVER-NAME: Could not make TCP connection.
    Mon Oct 17 10:15:51 CDT [filer-name: vscan.server.connectError:error]: CIFS: An attempt to connect to vscan server \\SCANSERVER-NAME failed [0xc000005e].
    Mon Oct 17 10:15:51 CDT [filer-name: vscan.dropped.connection:warning]: CIFS: Virus scan server \\SCANSERVER-NAME (ip.address.of.scan-server) has disconnected from the filer.
    Mon Oct 17 10:16:14 CDT [filer-name: vscan.server.connecting.successful:info]: CIFS: Vscan server \\SCANSERVER-NAME registered with the filer successfully.
    Mon Oct 17 10:16:25 CDT [filer-name: cifs.server.infoMsg:info]: CIFS: Warning for server \\SCANSERVER-NAME: Could not make TCP connection.
    Mon Oct 17 10:16:25 CDT [filer-name: vscan.server.connectError:error]: CIFS: An attempt to connect to vscan server \\SCANSERVER-NAME failed [0xc000005e].
    Mon Oct 17 10:16:25 CDT [filer-name: vscan.dropped.connection:warning]: CIFS: Virus scan server \\SCANSERVER-NAME (ip.address.of.scan-server) has disconnected from the filer.
    Mon Oct 17 10:16:44 CDT [filer-name: vscan.server.connecting.successful:info]: CIFS: Vscan server \\SCANSERVER-NAME registered with the filer successfully.
Details
Public

There are several factors and approaches to this issue. Below are the options to ensure the connectivity of the NetApp Filer to the scan server.

  1. On the Scan Server, make sure that the NetApp filer's name/FQDN can be resolved. This would rely on the input parameters done on the ServerProtect for NetApp management console. If you put in the name/FQDN, make sure that these can be resolved. You can use either "ping" or "nslookup" to test this out.

    If you used the IP address of the NetApp filer instead, then you may choose to ignore this test. Make sure that the name resolution servers in your environment (DNS/WINS) are properly configured via the TCP/IP configuration of your Windows Operating System.

  2. On the NetApp Filer, make sure that the Scan Server name/FQDN can be resolved. This can be done through the NetApp console via "ping". Make sure that the name resolution servers in your environment (DNS/WINS) are properly configured via the NetApp Filer. Consult the necessary documentation for specific steps on how to do this.

    On all instances, you can override the name resolution problems by editing the HOSTS file of both the Scan Server and the NetApp Filer. This would ensure name resolution at all times. The entry could consist of both the name and FQDN of the servers.

    For example:
    10.20.1.30 my-scan-server.mydomain.net my-scan-server
    10.20.1.40 my-filer.mydomain.net my-filer

    Many of the connectivity issues are usually resolved by ensuring name resolution.

The NetApp Antivirus Solution uses an authenticated CIFS connection and RPCs to communicate with the Scan Server.
The following pointers can be checked to ensure that there are no authentication issues between the NetApp Filer and the Scan Server:

  • The NetApp Filer and the Scan Server is joined in the same domain.
  • Ensure that the user name/password combination that is being configured in the ServerProtect for NetApp management console can successfully connect to the NetApp Filer.

Under normal situations, this step is automatically done during your scan server installation. However, it would be worthwhile to check. The named pipe NTAPVSRQ should be under the list of allowed NullSessionPipes.

  1. On the Scan Server, click Start > Administrative Tools > Local Security Policy.
  2. Expand Local Policies, click Security Options, and then scroll down.
  3. Open Network access: Named Pipes that can be accessed anonymously and check if NTAPVSRQ exists. Otherwise, add it.
  4. After adding the entry, restart the computer.

If your Scan Server is a Windows 2008 R2 host, there have been changes in Windows R2 that may cause connectivity issue and may require you to change certain settings under Local Security Policy > Security Options:

  • Network access: Do not allow anonymous enumeration of SAM accounts - change it to Disabled
  • Network access: Let Everyone permissions apply to Anonymous users - change it to Enabled
  • Network access: Restrict anonymous access to Named Pipes and Shares - change it to Disabled

Always ensure that a reboot is done if there are any changes in the Security Options.

The first two sections can generally solve most of the connectivity issues regarding the NetApp Filer and the Scan Server. This section is solely for the error "NBT: Cannot connect to server ip.address.of.scan-server over NBSS socket for port 139. Error 0x23: Resource temporarily unavailable."

There is an option in the NetApp Filer (cifs.netbios_over_tcp) that enables or disables the use of NetBIOS over TCP (port 139), which is the standard protocol used for CIFS prior to Windows 2000. This particular option corresponds to the "Enable NetBIOS over TCP" setting in the TCP/IP settings tab of the Windows host.

By default, it is enabled to ensure that earlier operating systems can connect to the NetApp Filer. Disabling this parameter enables direct-hosted SMB traffic, which uses port 445 (TCP/UDP) on the NetApp Filer to directly communicate with the Scan Server without requiring NetBIOS over TCP (NBT) protocol to work on a TCP/IP transport.

Also, this parameter change requires that you have a pure Microsoft Windows 2000 (or above) network. If you are not sure about this configuration, then make sure to consult the necessary documentation about how to enable/disable this feature and the effects on your environment.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1059754
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.