Hi There,
Massive shot in the dark here but I am struggling with a pretty major issue atm. We have a production file server that is hosted on the following:
Dell MD 3220i -> iSCSI -> Server 2008 R2 Hyper-v Cluster -> Passthrough Disk -> Server 2012 R2 File Server VM
Essentially 3 times now, roughly a month or so apart. The file server stops accepting connections. During this time, the server is perfectly accessible through rdp or with a simple ping. I can browse the files on the server directly but no-one appears to be able to access the shares over SMB. A reboot of the server fixes the issue.
As per a KB article I removed nod antivirus from the server to rule out a conflicting filter mode driver after the second fault. Sadly yesterday it happened again.
The only relevant errors in the servers log files are:
SMB Server Event ID 551
SMB Session Authentication Failure Client Name: \\192.168.105.79 Client Address: 192.168.105.79:50774 User Name: HHS\H6-08$ Session ID: 0xFFFFFFFFFFFFFFFF Status: Insufficient server resources exist to complete the request. (0xC0000205) Guidance: You should expect this error when attempting to connect to shares using incorrect credentials. This error does not always indicate a problem with authorization, but mainly authentication. It is more common with non-Windows clients. This error can occur when using incorrect usernames and passwords with NTLM, mismatched LmCompatibility settings between client and server, duplicate Kerberos service principal names, incorrect Kerberos ticket-granting service tickets, or Guest accounts without Guest access enabled
and
SMB Server event ID 1020 File system operation has taken longer than expected. Client Name: \\192.168.105.97 Client Address: 192.168.105.97:49571 User Name: HHS\12J.Champion Session ID: 0x2C07B40004A5 Share Name: \\*\Subjects File Name: Command: 5 Duration (in milliseconds): 176784 Warning Threshold (in milliseconds): 120000 Guidance: The underlying file system has taken too long to respond to an operation. This typically indicates a problem with the storage and not SMB.
I have checked the underlying disk/iscsi/network hyper-v cluster for any other errors or issues, but as far as I can tell everything is fine.
Is it possible that something else is left over from the NOD antivirus installation?
Looking for suggestions on how to troubleshoot this further.
Thanks