Disabling NetBIOS on Symantec Scan Engine when connected to Netapp Filer
search cancel

Disabling NetBIOS on Symantec Scan Engine when connected to Netapp Filer

book

Article ID: 152477

calendar_today

Updated On:

Products

Scan Engine AntiVirus for Caching Protection Engine for NAS

Issue/Introduction

You wish to know if it is possible to disable NetBIOS on Symantec Scan/Protection Engine when providing virus scanning services to Netapp Filer.

Resolution

You can disable NetBIOS on Symantec Scan/Protection Engine and force scan requests from Netapp Filer to be sent directly to TCP port 445 (CIFS/SMB) on Windows 2000 or above. However there are caveats associated with such a change - please read on for further details.

Communication between Netapp Filer and Symantec Scan/Protection Engine for virus scanning by default on Netapp occurs via NetBIOS. Hence supported Symantec Scan Engine Microsoft Windows platforms listen for CIFS communication over NetBIOS on TCP port 139. If you disable NetBIOS on a Microsoft Windows network interface, Netapp will attempt to connect to TCP port 139 on Symantec Scan Engine for scan requests.

The error messages below are extracted from the Netapp console which show NetApp attempting to communicate to Symantec Scan/Protection Engine over NetBIOS:

    Sat May 22 17:10:13 EST [nbt.nbss.socketError:error]: NBT: Cannot connect to server 10.224.2.44 over NBSS socket for port 139. Error 0x3d: Connection refused.
    Sat May 22 17:10:13 EST [cifs.server.infoMsg:info]: CIFS: Warning for server \\NETAPPSSE: Could not make TCP connection.
    Sat May 22 17:10:13 EST [vscan.server.connectError:error]: CIFS: An attempt to connect to vscan server \\NETAPPSSE failed [0xc000005e].
    Sat May 22 17:10:13 EST [vscan.dropped.connection:warning]: CIFS: Virus scan server \\NETAPPSSE (10.224.2.44) has disconnected from the filer.


You can configure Netapp Filer to disable CIFS over NetBIOS, however there are caveats:

  1. Must be a Microsoft Windows 2000 or above homogeneous environment. This shouldn't be a problem with Symantec Scan/Protection Engine on supported platforms when providing virus scanning services for Netapp.
  2. Once you disable NetBIOS over TCP, clients no longer receive Data ONTAP notification messages, such as shutdown messages and vscan warnings.


Note: Please contact Netapp Technical Support to discuss potential side effects of disabling CIFS over NetBIOS within your Netapp Filer storage environment.

Once you disable NetBIOS over TCP on Netapp Filer, virus scan requests will be directed to port 445 on Symantec Scan/Protection Engine.


Powered by Wolken Software