Solved

2008r2 file server stops accepting connections

Posted on 2014-09-15
18
598 Views
Last Modified: 2014-11-01
Hi Guys

I need some assistance with a 2008r2 file server that becomes inaccessible periodically throughout the day.
some background on the issue...........

I have a standalone 2008r2 file server. server seems to run fine for a period of time and then suddenly stops accepting connections. this occurs randomly throughout the day. the only way to fix the problem is to restart the server.

one of the things I've noticed is that shares are inaccessible over the network but if I open the share from the server itself via the same UNC path, it works.

DNS checks out fine, network connectivity is fine, error logs do not give any info on the problem.
when checking sessions on the server, I noticed during one outage yesterday that the server had 1024 open files when it stopped working. the specificity of that number led me to believe that it was a limit of some sort, which led me to this article (http://support.microsoft.com/kb/324446/en-us)
the registry entries in the article were applied, issue still persists.
when checking the open file count during todays outage, it was sitting at 479 open files so I'm not sure about the limit being the cause.
Server patch level is up to date as of 3 weeks ago, this also includes all hotfixes from article (http://support.microsoft.com/kb/2473205/en-us) which is specific to file servers.
Server is running symantec antivirus (v12.1.1). I plan on stopping AV on the server for a while to test if this is the cause.

Any assistance with this issue will be greatly appreciated.

Regards
Brad
0
Comment
Question by:ablsysadmin
  • 14
  • 2
  • 2
18 Comments
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
ID: 40324821
Hi,

Is there any backup running at the time of issue?  if so, try to change the backup schedule and see it makes any difference. Yes, Antivirus (especially SEP) cause this type of issues.  

Also, try disabling SMB2 on the server

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
Add a new REG_DWORD key with the name of Smb2.
Value name     Smb2
Value type     REG_DWORD
0 =     disabled
1 =     enabled
Set the value to 0 to disable SMB2, or set it to 1 to re-enable SMB2.
0
 

Author Comment

by:ablsysadmin
ID: 40324849
Hi Raj

thanks for getting back to me.
there are no backups running at the time of the outages.

if I disable SMB2, will the server default to SMB1 ? and if so, what happens to the active SMB2 sessions ?
0
 

Author Comment

by:ablsysadmin
ID: 40324851
0
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
ID: 40324876
Hi,

As a backwards compatibility, yes, its revert to SMB1. You can have a look at this article and  get a fully understanding about SMB http://www.petri.com/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

Hope this helps
0
 

Author Comment

by:ablsysadmin
ID: 40324887
Thanks for the article, explains it nicely.
I'm waiting for the server to crash again before I make any more changes (murphy's law, its gonna run fine now)
0
 
LVL 87

Expert Comment

by:rindi
ID: 40324999
It could also be caused by licensing issues. Maybe you have exceeded the CALS by the number you you own when it happens.
0
 

Author Comment

by:ablsysadmin
ID: 40325078
server just crashed. I upgraded my symantec to version 12.1.3 as per recommendation from the vendor, will wait and see if there is any improvement.

this licensing issue you mention, how do I check if its a licensing issue ? I'm not aware of any licensing for a file server.
0
 
LVL 87

Expert Comment

by:rindi
ID: 40325206
You need CALs for the users connecting to a server. As far as I know the 2008 r2 server standard comes with 5 such CALs. If more users try connecting they won't be able to. If you need more CALs you have to buys those.

The licensing overview from the link below should give you some idea. CALs are explained on page 18:

http://www.microsoft.com/en-us/download/details.aspx?id=18795
0
 

Author Comment

by:ablsysadmin
ID: 40325312
i am running Microsoft network monitor 3.4. I will send the log asap. The server died now again
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:ablsysadmin
ID: 40325386
ok, no luck. server is dead. had to reset.
0
 

Author Comment

by:ablsysadmin
ID: 40327435
ok, here we go. the network capture
File-server-network-capture.xlsx
0
 

Author Comment

by:ablsysadmin
ID: 40327436
please review and advise asap
0
 

Author Comment

by:ablsysadmin
ID: 40327789
just an update, so far the below has been implemented

1. configured tcp stack settings as per below

        Receive-Side Scaling State          : disabled
        Chimney Offload State               : disabled
        NetDMA State                               : enabled
        Direct Cache Acess (DCA)            : disabled
        Receive Window Auto-Tuning Level    : normal
        Add-On Congestion Control Provider  : ctcp
        ECN Capability                              : disabled
        RFC 1323 Timestamps                 : disabled
2. applied hotfixes/patches/regEntries from the below articles
        http://support.microsoft.com/kb/2582112/en-us
        http://support.microsoft.com/kb/324446/en-us
        http://support.microsoft.com/kb/2473205/en-us
3. disabled SMB2 as per http://support.microsoft.com/kb/2696547/en-gb
        this caused more problems. lots of clients could no longer connect. reg entries were removed again.
4. call has been logged with microsoft (they say symantec should be disabled)
5. call logged with symantec (waiting for callback) due to the below article
         http://www.symantec.com/connect/forums/network-shares-stop-responding-randomly-windows-server-2008-r2
6. network monitor trace run leading up to the time of an outage, nothing in    the logs that indicate where the problem is.
7. symantec AV was upgraded from v12.1.1 to v12.1.3.

Issue still persists.
0
 

Author Comment

by:ablsysadmin
ID: 40329990
latest update, symantec has been has been disabled.
will now wait and see if it resolves the issue
0
 

Author Comment

by:ablsysadmin
ID: 40332012
latest update,

After Symantec was disabled, the server did not fail from yesterday morning until now (about 19 hours running time)
Due to the risk of not having AV on the server being so high, I’ve now uninstalled v12.1.3 and installed v11.0.6.
Will monitor throughout the day.
0
 

Author Comment

by:ablsysadmin
ID: 40343731
Update........

v11.0.6 ran successfully for about 4 days without incident.
symantec came back stating that 12.1.5 was just released and it should resolve the problem.
upgrade to v12.1.5 was done but the issue reappeared after 1 day.
I have now downgraded symantec back to v 11.0.6.

awaiting further feedback from symantec.
0
 

Accepted Solution

by:
ablsysadmin earned 0 total points
ID: 40407816
Latest update .......

server is still running symantec v11.0.6 without issue for the last 1 month.
The call logged with symantec as been closed as they could not replicate the issue in their labs and I could not allow them to test on my prod server so the issue remains unresolved.
downgrading to v11 is the accepted solution for me. I will attempt an upgrade once symantec releases a new version.
0
 

Author Closing Comment

by:ablsysadmin
ID: 40416970
the provided solution worked for me
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now