Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 2358 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clustered Hyper-V live migration

msprague

Hi there,

Sophos Endpoint Security 10 does not seem to be playing well with Hyper-V Clustering.  Everything works fine on the primary server (the server with direct access to the cluster disks), but live migration to a secondary host does not work.  It appears that sophos is causing some sort of file access issue which is preventing the secondary host from mounting it's virtual hard drive from the shared cluster volume.

Live migration produces the following windows log event:

'SCVMM jojo' failed to start.

Live migration of '***' did not succeed. (Virtual machine ID ***)

'***' Microsoft Emulated IDE Controller (Instance ID ***): Failed to restore with Error 'A device attached to the system is not functioning.' (0x8007001F). (Virtual machine ID ***)

'***': Failed to open attachment 'C:\ClusterStorage\Volume1\***.vhd'. Error: 'A device attached to the system is not functioning.' (0x8007001F). (Virtual machine ID ***)

Both servers are running 2008 R2 Enterprise, and Endpoint Security 10.

I have followed Microsoft's AV recommendations for exclusions which are listed here: http://support.microsoft.com/kb/961804 (including adding the required SAVOnAccess registry keys).

Disabling every component (on access, behavior monitoring, etc) from within Endpoint Security does not seem to make any difference. 

If I stop the Sophos Anti-Virus service alltogether, everything works as it should.

Any help would be much appreciated.  Thanks!

:28709


This thread was automatically locked due to age.
Parents
  • 0

    Hi Msprague

    Are there any entries in the event view relating to this?

    Or anything logged in the Console for this machine (Maybe Device Control, Data Control, Application Control events)

    or anything in the SAV logs on the local machine?

    If you can give us a brief decription of the logs, we can then see which component and focus on the specific log file, but untill then , we will have to look around in the log files. 

    Perhaps stop the services, clear all the logs and alerts, start the service, do the live migration, after it fails grab the log files. 

    They will be cleaner and have the most relevant info. 

    Hope this helps for a starting point.

    :28781
Reply
  • 0

    Hi Msprague

    Are there any entries in the event view relating to this?

    Or anything logged in the Console for this machine (Maybe Device Control, Data Control, Application Control events)

    or anything in the SAV logs on the local machine?

    If you can give us a brief decription of the logs, we can then see which component and focus on the specific log file, but untill then , we will have to look around in the log files. 

    Perhaps stop the services, clear all the logs and alerts, start the service, do the live migration, after it fails grab the log files. 

    They will be cleaner and have the most relevant info. 

    Hope this helps for a starting point.

    :28781
Children
No Data