Absent Member.
Absent Member.
4000 views

ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

We've been experiencing ABENDs on 2 nodes of a 3-node NW6.5sp8 cluster since loading Kaspersky AV (we switched from McAfee since they no longer support NW). The servers in this cluster would suffer from occasional ABENDs previously but are now restarting every 3-4 days. After looking at the previous ABEND logs I've done the following in an attempt to fix this:
1) changed set parms: NCP --> level 2 oplocks=off, & client file caching=off
2) Replaced NWFTPd.nlm with patched version released 3-26-2010 to ver. 5.10.01, since all nodes in this file services cluster support FTP file xfer.
3) Excluded files and directories from being scanned by Kaspersky - ADMIN_FSx: volume, ~*.* & *.TMP temp files, & log files.

Anybody have any similar issues or know what may be going on here?

Here's a snippet of the last ABEND log: (full log & config.txt) attached:
*********************************************************
Novell Open Enterprise Server, NetWare 6.5
PVER: 6.50.08

Server OFPNWFS1 halted Tuesday, June 8, 2010 8:28:02.047 am
Abend 1 on P00: Server-5.70.08: Page Fault Processor Exception (Error code 00000000)

Registers:
CS = 0008 DS = 0023 ES = 0023 FS = 0023 GS = 0023 SS = 0010
EAX = 00000000 EBX = 00000000 ECX = 00000EC0 EDX = 00000400
ESI = 00000000 EDI = 40CF81C0 EBP = A6405D18 ESP = A6405CC4
EIP = 8AC532AB FLAGS = 00010206
8AC532AB 8B580C MOV EBX, [EAX+0C]=?
EIP in COMN.NSS at code start +0003C2ABh
Access Location: 0x0000000C

The violation occurred while processing the following instruction:
8AC532AB 8B580C MOV EBX, [EAX+0C]
8AC532AE 8B7010 MOV ESI, [EAX+10]
8AC532B1 31C9 XOR ECX, ECX
8AC532B3 01D3 ADD EBX, EDX
8AC532B5 11CE ADC ESI, ECX
8AC532B7 89580C MOV [EAX+0C], EBX
8AC532BA 57 PUSH EDI
8AC532BB 897010 MOV [EAX+10], ESI
8AC532BE E88D18FEFF CALL COMN.NSS|COMN_ReleaseInternal
8AC532C3 E9E9FBFFFF JMP 8AC52EB1



Running process: KAV Engine 1 Process
Thread Owned by NLM: KLABSCAN.NLM
Stack pointer: A6405CAC
OS Stack limit: A6306140
Scheduling priority: 67371008
Wait state: 3030070 Yielded CPU
Stack: --00000000 (LOADER.NLM|KernelAddressSpace+0)
Labels (1)
0 Likes
8 Replies
Highlighted
Absent Member.
Absent Member.

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

08.06.2010 19:56, rbaugher пишет:
>
> We've been experiencing ABENDs on 2 nodes of a 3-node NW6.5sp8 cluster
> since loading Kaspersky AV (we switched from McAfee since they no longer
> support NW).


Could you try to post also on Kaspersky Lab Forum?
http://forum.kaspersky.com/index.php?showforum=5

May be they help you.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

Make sure you have the latest nss.nlm loaded. (n65nss8b.zip)

jgray
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

I did post to Kaspersky forum the same day I post here. So far the silence is deafening...
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

Yes, the NSS post SP8 NSS-B update was applied shortly after SP8 was applied. The product db shows "NSS-3.27.02-NetWare 6.5 post-SP8 NSS 8B" installed on both problematic cluster nodes.
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

I sounds like you are doing the right thing then by getting ahold of Kaspersky.

jgray
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

So the official reply from Kaspersky support is in. Unfortunately this information is not present in the sales literature.

"We do not support clustering in NetWare. This is probably the reason for your ABENDS.
Regards,
Brandon Ganem | Corporate support | Kaspersky Lab | E-mail"
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

On Mon, 14 Jun 2010 20:06:03 +0000, rbaugher wrote:

> So the official reply from Kaspersky support is in. Unfortunately this
> information is not present in the sales literature.
>
> "We do not support clustering in NetWare. This is probably the reason
> for your ABENDS.
> Regards,
> Brandon Ganem | Corporate support | Kaspersky Lab | E-mail"


Hm. Thanks. I think we were looking at Kaspersky here.



--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: ABENDs on NW6.5 sp8 cluster w/ Kaspersky AV

Kaspersky should support this as describe steps for cluster installation, anyway did you update the latest kaspersky version v 5.70.04. belos are the instruction to install in cluster


Installing application on cluster
volume
If the Snapin for Novell ConsoleOne and/or the Web management module
are already installed on a computer (server or workstation), then Kaspersky Anti -
virus can be installed on cluster volume without using the distribution package.
To install Kaspersky Anti-Virus on cluster volume:
1. Run the Web management module or Snapin for Novell ConsoleOne.
2. Select a node in the console tree that contains the required cluster
volume, open the shortcut menu, and select the Install Kaspersky
Anti-Virus option.
3. During installation the program will ask you to specify the directory
in which to install the server-side application (SYS/KLAB by default )
and the path to the license key file. You can install the license key
via ConsoleOne after the application is installed.
After installing the application on cluster volume you are not
recommended to modify AUTOEXEC.NCF. This can lead to
application failure!
Click Install button to install the application.
The install process will start, it is similar to one described in 3.1.1 on
page. 16
To enable automatic load of server scripts, add the following lines to the
beginning of startup scripts:
SEARCH ADD SYS:/KLAB
LOAD KLABAV.NLM
KAVSCH5.NCF
To enable automatic shut down of server scripts on system shut down,
add the following lines to the ending of shutdown scripts:
UNLOAD KLABAV.NLM
UKAVSCH5.NCF
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.