cava service is intermittently going up and down

could this be a privilege issue but why would it stopped working when it was working before?

CAVA connects to your AD domain using a service account, usually something like "CAVA-USER" or some account you've configured.  Is the account set to prevent it's password from expiring?  Is the account currently locked?

Is this client defined as a CAVA server?  Can you provide the output of server_viruschk server_2 -audit?

hello Karl,

Thanks so much for helping. Here's the output you are requesting:

[nasadmin@emCONp51 ~]$ server_viruschk server_2 -audit
server_2 :
Total Requests: 110.
Requests in progress: 0.

NO ANSWER from the Virus Checker Servers: 0.
ERROR_SETUP: 0.
FAIL: 0.
TIMEOUT: 0.
min=2214 uS, max=79030 uS, average=6381 uS

0 files in the collector queue.
0 files processed by the AV threads.

Here's the other one because we have to similar issues:

[nasadmin@emCONp54 ~]$ server_viruschk server_2 -audit
server_2 :
Total Requests: 0.
Requests in progress: 0.

NO ANSWER from the Virus Checker Servers: 0.
ERROR_SETUP: 0.
FAIL: 0.
TIMEOUT: 0.

0 files in the collector queue.
0 files processed by the AV threads.

Is this client defined as a CAVA server - is that on the viruschecker.conf . There are only 2 entries that I know to check from this file:

CIFSserver=xxxxxxx

addr=yy.yy.yy

In the viruschecker.conf, "CIFSserver=" is the name of the server that hosts the viruschecking share on the NAS.  On my server, this is called "NS40-CAVA".

The "addr=" line lists the IP or IPs of the CAVA servers in your environment.  On my server, it looks like addr=10.10.220.1:10.10.220.2:10.10.286.9:10.10.286.10.

Let's have a look at your viruschecker.conf file from both Celerra.  Can you paste the config here?

its Online but it does not seem to be processing or getting requests:

[nasadmin@emCONp54 ~]$ server_viruschk server_2 -audit
server_2 :
Total Requests: 0.
Requests in progress: 0.

NO ANSWER from the Virus Checker Servers: 0.
ERROR_SETUP: 0.
FAIL: 0.
TIMEOUT: 0.

0 files in the collector queue.
0 files processed by the AV threads.

Okay - you're getting the error message:

: Client 172.28.41.29 (172.28.41.29) is not a VC/CEPP server

because the only server in your viruschecker.conf file is 172.28.52.43.  This other server with IP 172.28.41.29 is not a CAVA server, according to your file.  If this is a server configured to run CAVA, you will need to add it to the viruschecker.conf file and update the config. 

The EMC document "Using Celerra AntiVirus Agent" available on EMC Support has more details on configuring the file and uploading it to the datamovers.

ignore the 1st one...we have 2 cifs servers so I added the second cifs server on the config:

[nasadmin@emCONp54 ~]$ cat viruschecker.conf

CIFSserver=emcifp54

CIFSserver=phejp

addr=172.28.52.43

masks=*.ACE:*.ACM:*.ADE:*.ADP:*.ADT:*.AP?:*.ARC:*.ARJ:*.ASA:*.ASD:*.ASP:*.AX?:*.BA?:*.BIN:*.BMP:*.BO?:*.BZ?:*.CAB:*.CC?:*.CDR:*.CDX:*.CEO:*.CGI:*.CHM:*.CLA:*.CMD:*.CNV:*.CO?:*.COM:*.CPL:*.CPT:*.CPY:*.CRT:*.CSC:*.CSS:*.CSV:*.D?B:*.DAT:*.DEV:*.DIF:*.DL?:*.DO?:*.DQY:*.DRV:*.EE?:*.EFV:*.EML:*.EX?:*.EXE:*.FDF:*.FE?:*.FO?:*.FPH:*.FPW:*.GF?:*.GIM:*.GIX:*.GMS:*.GNA:*.GW?:*.GWI:*.GZ?:*.HLP:*.HT?:*.ICS:*.IM?:*.ION:*.IQY:*.ISP:*.ITS:*.JAR:*.JP?:*.JS?:*.LGP:*.LIB:*.LNK:*.LSP:*.LUA:*.LWP:*.LZH:*.M3U:*.MBR:*.MHT:*.MOD:*.MPD:*.MPP:*.MPT:*.MRC:*.MS?:*.MSG:*.MSO:*.NAP:*.NEW:*.NWS:*.OB?:*.OC?:*.OD?:*.OL?:*.OLE:*.OTM:*.OUT:*.OV?:*.PCD:*.PCI:*.PD?:*.PDF:*.PF?:*.PHP:*.PI?:*.PL?:*.PNG:*.POT:*.PP?:*.PPZ:*.PRC:*.PWZ:*.QLB:*.QPW:*.QQY:*.QTC:*.RAR:*.REG:*.RMF:*.RTF:*.SCR:*.SCT:*.SH?:*.SIS:*.SKV:*.SLK:*.SPL:*.SRF:*.SWF:*.SX?:*.SYS:*.TAR:*.TAZ:*.TBZ:*.TD0:*.TFT:*.TGZ:*.TLB:*.TSP:*.UNP:*.URL:*.UUU:*.VB?:*.VBS:*.VS?:*.VWP:*.VXD:*.WBK:*.WIZ:*.WMF:*.WMP:*.WMV:*.WP?:*.WRI:*.WRL:*.WRZ:*.WS?:*.XL?:*.XML:*.XRF:*.XSL:*.XTP:*.XX?:*.Z??:*.ZI?

shutdown=viruschecking

surveyTime=10

cat viruschecker.conf

CIFSserver=emcifp54

addr=172.28.52.43

masks=*.ACE:*.ACM:*.ADE:*.ADP:*.ADT:*.AP?:*.ARC:*.ARJ:*.ASA:*.ASD:*.ASP:*.AX?:*.               BA?:*.BIN:*.BMP:*.BO?:*.BZ?:*.CAB:*.CC?:*.CDR:*.CDX:*.CEO:*.CGI:*.CHM:*.CLA:*.CM               D:*.CNV:*.CO?:*.COM:*.CPL:*.CPT:*.CPY:*.CRT:*.CSC:*.CSS:*.CSV:*.D?B:*.DAT:*.DEV:               *.DIF:*.DL?:*.DO?:*.DQY:*.DRV:*.EE?:*.EFV:*.EML:*.EX?:*.EXE:*.FDF:*.FE?:*.FO?:*.               FPH:*.FPW:*.GF?:*.GIM:*.GIX:*.GMS:*.GNA:*.GW?:*.GWI:*.GZ?:*.HLP:*.HT?:*.ICS:*.IM               ?:*.ION:*.IQY:*.ISP:*.ITS:*.JAR:*.JP?:*.JS?:*.LGP:*.LIB:*.LNK:*.LSP:*.LUA:*.LWP:               *.LZH:*.M3U:*.MBR:*.MHT:*.MOD:*.MPD:*.MPP:*.MPT:*.MRC:*.MS?:*.MSG:*.MSO:*.NAP:*.               NEW:*.NWS:*.OB?:*.OC?:*.OD?:*.OL?:*.OLE:*.OTM:*.OUT:*.OV?:*.PCD:*.PCI:*.PD?:*.PD               F:*.PF?:*.PHP:*.PI?:*.PL?:*.PNG:*.POT:*.PP?:*.PPZ:*.PRC:*.PWZ:*.QLB:*.QPW:*.QQY:               *.QTC:*.RAR:*.REG:*.RMF:*.RTF:*.SCR:*.SCT:*.SH?:*.SIS:*.SKV:*.SLK:*.SPL:*.SRF:*.               SWF:*.SX?:*.SYS:*.TAR:*.TAZ:*.TBZ:*.TD0:*.TFT:*.TGZ:*.TLB:*.TSP:*.UNP:*.URL:*.UU               U:*.VB?:*.VBS:*.VS?:*.VWP:*.VXD:*.WBK:*.WIZ:*.WMF:*.WMP:*.WMV:*.WP?:*.WRI:*.WRL:               *.WRZ:*.WS?:*.XL?:*.XML:*.XRF:*.XSL:*.XTP:*.XX?:*.Z??:*.ZI?

shutdown=viruschecking

surveyTime=10

sorry for the confusion. I sent you 2 files yesterday.  so that other issue has been resolved.

for this other cava issue I have where I have 2 CIFS servers, the viruschecker is online but it does not seem processing request as show on the -audit. do you know where else I can check to make sure it is receiving requests and processing?

Thanks so much for your help.

somebody suggested that I do this but I don't know how, do you know how to:

1. Manually test the scan on the FS

2. check this file '/.etc/viruschecker.audit'  ? I don't know the location of the viruscheck. audit file

the issue right now is it is not getting request but it's online.

Any help is appreciated

thanks

i guess the CAVA services on the celerra if the format to add another CIFSserver entry on the viruschecker.conf is not correct. We have 2 CIFS servers so I don't know the format to add another CIFS server on that config file

it says file does not exists:

[nasadmin@emCONp54 .etc]$ cat viruschecker.audit

cat: viruschecker.audit: No such file or directory

[nasadmin@emCONp54 .etc]$ ls

backupSnapDB          iscsi_lunmask.conf           secmap.migration

dp                    iscsi_pgroups.conf           secnfs.conf

emcsecaudit.dll       iscsi_portals.conf           shares

ftpd                  iscsi_targets.conf           state.dat

gid_map               krb5.account                 svtl

gpo.cache             krb5.conf                    usrmapper

gsscred.conf          krb5.conf.old                viruschecker.conf

http                  krb5.conf.upd                viruschecker.conf.bkp

http_access.conf      ldap.conf.idmu_template_v1   viruschecker.date

indications           ldap.conf.sfu35_template_v1  viruschecker.dir

iscsi.conf            nbsdb                        viruschecker.enabled

iscsi_initiator.conf  passwd

iscsi_lun.conf        PIPE

[nasadmin@emCONp54 .etc]$ pwd

/nas/quota/slot_2/.etc

First, you only need to specify one server in the CIFSSever field.  This is the CIFS server that contacts AD to pass the VC credentials for virus scanning.  Additional servers listed will not be parsed.  Basically, once you enable CAVA on the NAS, all CIFS servers on all datamovers and VDMs are will be scanned, unless their filesystems have viruschecking disabled.

You can check the /.etc/viruschecker.audit file, but be very careful - you're accessing some of the running files on the datamover.  Start by sending the command "cd /nas/quota/slot_2/.etc".  This will put in the .etc directory of the datamover.  If you type "ls", you'll see the viruschecker.audit file.  Type "cat viruschecker.audit" and send the output to me:

[nasadmin@narwahl home]$ pwd

/home/nasadmin

[nasadmin@narwahl ~]$ cd /nas/quota/slot_2/.etc

[nasadmin@narwahl .etc]$ cat viruschecker.audit

Thanks!

here's what the server log excerpts:

2014-08-25 23:53:34: VC: 5: 16: The virus checker is stopped.

2014-08-25 23:53:34: VC: 3: Invalid access from client 172.28.52.43 to CHECK$

2014-08-25 23:53:34: VC: 3: Client 172.28.52.43 (172.28.52.43) is not a VC/CEPP server

2014-08-25 23:56:10: VC: 5: 17: The virus checker is started.

2014-08-25 23:56:10: VC: 5: 29: Server 172.28.52.43 is online.

2014-08-26 00:07:55: VC: 3: 6: No virus checker server is available. Virus checking is stopped.

2014-08-26 00:07:55: VC: 5: 16: The virus checker is stopped.

2014-08-26 00:11:08: VC: 5: 17: The virus checker is started.

2014-08-26 00:11:08: VC: 5: 29: Server 172.28.52.43 is online.

2014-08-26 00:34:33: VC: 3: 6: No virus checker server is available. Virus checking is stopped.

2014-08-26 00:34:33: VC: 5: 16: The virus checker is stopped.

2014-08-26 00:34:33: VC: 3: Invalid access from client 172.28.52.43 to CHECK$

2014-08-26 00:34:33: VC: 3: Client 172.28.52.43 (172.28.52.43) is not a VC/CEPP server

i tested the cava user we set up on the windows cava server and it works fine and the services are running.

what else should I be chasing? thanks for your willingness to help. This cava saga is never ending