Solved

2008r2 file server stops accepting connections

Posted on 2014-09-15
18
809 Views
Last Modified: 2014-11-01
Hi Guys

I need some assistance with a 2008r2 file server that becomes inaccessible periodically throughout the day.
some background on the issue...........

I have a standalone 2008r2 file server. server seems to run fine for a period of time and then suddenly stops accepting connections. this occurs randomly throughout the day. the only way to fix the problem is to restart the server.

one of the things I've noticed is that shares are inaccessible over the network but if I open the share from the server itself via the same UNC path, it works.

DNS checks out fine, network connectivity is fine, error logs do not give any info on the problem.
when checking sessions on the server, I noticed during one outage yesterday that the server had 1024 open files when it stopped working. the specificity of that number led me to believe that it was a limit of some sort, which led me to this article (http://support.microsoft.com/kb/324446/en-us)
the registry entries in the article were applied, issue still persists.
when checking the open file count during todays outage, it was sitting at 479 open files so I'm not sure about the limit being the cause.
Server patch level is up to date as of 3 weeks ago, this also includes all hotfixes from article (http://support.microsoft.com/kb/2473205/en-us) which is specific to file servers.
Server is running symantec antivirus (v12.1.1). I plan on stopping AV on the server for a while to test if this is the cause.

Any assistance with this issue will be greatly appreciated.

Regards
Brad
0
Comment
Question by:ablsysadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 2
  • 2
18 Comments
 
LVL 21

Expert Comment

by:Radhakrishnan R
ID: 40324821
Hi,

Is there any backup running at the time of issue?  if so, try to change the backup schedule and see it makes any difference. Yes, Antivirus (especially SEP) cause this type of issues.  

Also, try disabling SMB2 on the server

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
Add a new REG_DWORD key with the name of Smb2.
Value name     Smb2
Value type     REG_DWORD
0 =     disabled
1 =     enabled
Set the value to 0 to disable SMB2, or set it to 1 to re-enable SMB2.
0
 

Author Comment

by:ablsysadmin
ID: 40324849
Hi Raj

thanks for getting back to me.
there are no backups running at the time of the outages.

if I disable SMB2, will the server default to SMB1 ? and if so, what happens to the active SMB2 sessions ?
0
 

Author Comment

by:ablsysadmin
ID: 40324851
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 21

Expert Comment

by:Radhakrishnan R
ID: 40324876
Hi,

As a backwards compatibility, yes, its revert to SMB1. You can have a look at this article and  get a fully understanding about SMB http://www.petri.com/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

Hope this helps
0
 

Author Comment

by:ablsysadmin
ID: 40324887
Thanks for the article, explains it nicely.
I'm waiting for the server to crash again before I make any more changes (murphy's law, its gonna run fine now)
0
 
LVL 88

Expert Comment

by:rindi
ID: 40324999
It could also be caused by licensing issues. Maybe you have exceeded the CALS by the number you you own when it happens.
0
 

Author Comment

by:ablsysadmin
ID: 40325078
server just crashed. I upgraded my symantec to version 12.1.3 as per recommendation from the vendor, will wait and see if there is any improvement.

this licensing issue you mention, how do I check if its a licensing issue ? I'm not aware of any licensing for a file server.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40325206
You need CALs for the users connecting to a server. As far as I know the 2008 r2 server standard comes with 5 such CALs. If more users try connecting they won't be able to. If you need more CALs you have to buys those.

The licensing overview from the link below should give you some idea. CALs are explained on page 18:

http://www.microsoft.com/en-us/download/details.aspx?id=18795
0
 

Author Comment

by:ablsysadmin
ID: 40325312
i am running Microsoft network monitor 3.4. I will send the log asap. The server died now again
0
 

Author Comment

by:ablsysadmin
ID: 40325386
ok, no luck. server is dead. had to reset.
0
 

Author Comment

by:ablsysadmin
ID: 40327435
ok, here we go. the network capture
File-server-network-capture.xlsx
0
 

Author Comment

by:ablsysadmin
ID: 40327436
please review and advise asap
0
 

Author Comment

by:ablsysadmin
ID: 40327789
just an update, so far the below has been implemented

1. configured tcp stack settings as per below

        Receive-Side Scaling State          : disabled
        Chimney Offload State               : disabled
        NetDMA State                               : enabled
        Direct Cache Acess (DCA)            : disabled
        Receive Window Auto-Tuning Level    : normal
        Add-On Congestion Control Provider  : ctcp
        ECN Capability                              : disabled
        RFC 1323 Timestamps                 : disabled
2. applied hotfixes/patches/regEntries from the below articles
        http://support.microsoft.com/kb/2582112/en-us
        http://support.microsoft.com/kb/324446/en-us
        http://support.microsoft.com/kb/2473205/en-us
3. disabled SMB2 as per http://support.microsoft.com/kb/2696547/en-gb
        this caused more problems. lots of clients could no longer connect. reg entries were removed again.
4. call has been logged with microsoft (they say symantec should be disabled)
5. call logged with symantec (waiting for callback) due to the below article
         http://www.symantec.com/connect/forums/network-shares-stop-responding-randomly-windows-server-2008-r2
6. network monitor trace run leading up to the time of an outage, nothing in    the logs that indicate where the problem is.
7. symantec AV was upgraded from v12.1.1 to v12.1.3.

Issue still persists.
0
 

Author Comment

by:ablsysadmin
ID: 40329990
latest update, symantec has been has been disabled.
will now wait and see if it resolves the issue
0
 

Author Comment

by:ablsysadmin
ID: 40332012
latest update,

After Symantec was disabled, the server did not fail from yesterday morning until now (about 19 hours running time)
Due to the risk of not having AV on the server being so high, I’ve now uninstalled v12.1.3 and installed v11.0.6.
Will monitor throughout the day.
0
 

Author Comment

by:ablsysadmin
ID: 40343731
Update........

v11.0.6 ran successfully for about 4 days without incident.
symantec came back stating that 12.1.5 was just released and it should resolve the problem.
upgrade to v12.1.5 was done but the issue reappeared after 1 day.
I have now downgraded symantec back to v 11.0.6.

awaiting further feedback from symantec.
0
 

Accepted Solution

by:
ablsysadmin earned 0 total points
ID: 40407816
Latest update .......

server is still running symantec v11.0.6 without issue for the last 1 month.
The call logged with symantec as been closed as they could not replicate the issue in their labs and I could not allow them to test on my prod server so the issue remains unresolved.
downgrading to v11 is the accepted solution for me. I will attempt an upgrade once symantec releases a new version.
0
 

Author Closing Comment

by:ablsysadmin
ID: 40416970
the provided solution worked for me
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question