Cannot turn off Redirected Access mode for CSV of Hyper-V after installing McAfee anti-virus

Microsoft’s native filesystem NTFS does not allow access from multiple nodes to the same volume. This is however required for Hyper-V to deliver high availability options and the ability to live migrate a single VM to another node while the VHD remains on the same NTFS volume.

Microsoft did not want to develop a new filesystem as all the tools for NTFS would need to be re-developed. Instead a filter driver called Cluster Shared Volume was invented. This is a kind of orchestrator making sure only one Hyper-V node can do certain actions on a file. This node is called the coordinator mode.

In certain conditions like backup only the coordinator mode is able to write to the CSV volume. All other  nodes will have to sent data over the LAN to the coordinator mode. This situation is called redirected access mode. Redirected mode is much slower than direct mode and should be this avoided.

An issue exists when using McAfee on Windows Server 2008 R2 (SP1) system and Hyper-V CSV.

After you install McAfee VirusScan Enterprise (VSE) 8.7i Patch 5 Repost or VSE 8.8 Patch 1, HyperV servers on Windows 2008 R2 show Cluster Shared Volumes as:    Online (Redirected access)

If you try to bring the shared volume online, you see the following error:   The Action ‘Turn off redirected access for this Cluster Shared Volume’ did not complete.

This issue is explained in this article on the McAfee site.
Microsoft has a hotfix available which solves this issue. The hotfix is described in Article ID: 2674551  titled

Redirected mode is enabled unexpectedly in a Cluster Shared Volume when you are running a third-party application in a Windows Server 2008 R2-based cluster

CSV is a technology in Microsoft Failover Clusters that allows all nodes of a cluster to access the same disk at the same time. CSV is implemented as a filter driver. Each filter driver has an altitude value that determines its position in the stack. Lower values are loaded later in the stack. CSV operates in two modes, direct mode and redirected mode. In direct mode, CSV uses NTFS pinning to allow a node to perform I/O directly to a file. In redirected mode, all I/O is sent through Server Message Block (SMB) to the owning node. Redirected mode is much slower than direct mode.

Add a Comment

Your email address will not be published. Required fields are marked *

Current ye@r *