Network applications holding connections to network share

I need a solution

Running SEP 14.2.770.0000 on Windows 10 workstation. During software development programs are copied from local workstation  to network share. Application is executed from network share.  After program stops execution for about 5 min time frame new versions of the  application cannot be copied to the network share. Something has the files (exe’s and dll’s)  still locked up an in use.

Tried various exclusions. Tried Disabling SEP. Only un-installing the Endpoint Protection  fixes the problem. What is holding a lock on the program, it seems that it SEP 14.2 but even with the program disabled we still have issue. SEP is only loaded on workstation and not on network server. We did not have issue with version 14.0.3.



VNX2 : Permissions Issue – Users are granted access when they should not be after upgrading to VNX File OE [Dell EMC Correctable]

Article Number: 523215 Article Version: 9 Article Type: Break Fix

VNX2 Series,VNX5200,VNX5400,VNX5600,VNX5800,VNX8000

Users may be granted access to files/directories when should not have access after upgrading to VNX File OE code.

This issue only surfaced after upgrading to VNX File OE code.

Upgrade to VNX File OE code.

If your system has not been upgraded, VNX File OE VNX Block OE is the recommended upgrade version.

If your system has been upgraded, Dell EMC has released DART Hotfix to address this issue. Please contact Dell EMC Customer Support Center or your service representative for assistance and reference this article ID.

CIFS access with MIXED, SECURE and NATIVE access policy customer may encounter the following issue:

  • If there is a group ACE in the ACL which has the same GID as a user’s UID, the user is given access as per the ACE. The issue here is that the user is not a member of the group but still given access.
  • If there is a user ACE in the ACL which has the same UID as a group GID than every users who is a member of this primary group are given access.

For example if there is a UID 32768 for a SID S-1-xxx

Then there is also a GID 32768 and UID has exclusive ACE it grant permission for the GROUP instead .


VNX: Unable to unmount/delete filesystem or checkpoint errors: Device or resource busy/path is unavailable(frozen) or invalid[1]

Article Number: 480032 Article Version: 3 Article Type: Break Fix

VNX1 Series,VNX2 Series,Unisphere for VNX,VNX Operating Environment

Trying to unmount/delete file systems fscommon_03 and fscommon_05 and getting the error;

Delete file system fscommon_03. vdm01 : Device or resource busy.

A race condition caused by range locks held on a CIFS file even though the file was closed. This caused a variety of symptoms including: Failure to access the file from a CIFS client; An unmount of the File System hung; A freeze of the File System hung.

Review of the /nas/log/cmd_log.err file and server_log shows the following symptoms;

[nasadmin@CS0 ~]$ tail /nas/log/cmd_log.err

2016-03-23 15:20:40.228 vdm01:517:7580:E: server_umount vdm01 -perm fscommon_03: Device or resource busy

2016-03-23 15:21:09.155 vdm01:517:9117:E: server_umount vdm01 -perm fscommon_05: Device or resource busy

2016-03-23 15:47:32.895 vdm01:517:29927:E: server_umount vdm01 -perm fscommon_03: Device or resource busy

2016-03-23 15:48:05.181 vdm01:517:30473:E: server_umount vdm01 -perm fscommon_05: Device or resource busy

2016-03-24 10:16:10.064 vdm01:517:12748:E: server_umount vdm01 -perm fscommon_05: Device or resource busy

2016-03-24 10:17:20.837 vdm01:517:15520:E: server_umount vdm01 -perm fscommon_03: Device or resource busy

2016-03-24 10:25:41.265 vdm01:517:29433:E: server_umount vdm01 -perm fscommon_03: Device or resource busy

[nasadmin@CS0 ~]$ server_log server_2 |grep -i frozen |tail -10

2016-03-24 12:07:59: CFS: 6: /root_vdm_1/fscommon_03: path is unavailable(frozen) or invalid.

2016-03-24 12:07:59: CFS: 6: /root_vdm_1/fscommon_05: path is unavailable(frozen) or invalid.

2016-03-24 12:09:07: CFS: 6: /root_vdm_1/fscommon_03: path is unavailable(frozen) or invalid.

2016-03-24 12:09:07: CFS: 6: /root_vdm_1/fscommon_05: path is unavailable(frozen) or invalid.

2016-03-24 12:09:07: CFS: 6: /root_vdm_1/fscommon_03: path is unavailable(frozen) or invalid.

2016-03-24 12:09:07: CFS: 6: /root_vdm_1/fscommon_05: path is unavailable(frozen) or invalid.

2016-03-24 12:09:08: CFS: 6: /root_vdm_1/fscommon_03: path is unavailable(frozen) or invalid.

2016-03-24 12:09:08: CFS: 6: /root_vdm_1/fscommon_05: path is unavailable(frozen) or invalid.

2016-03-24 12:09:08: CFS: 6: /root_vdm_1/fscommon_03: path is unavailable(frozen) or invalid.

2016-03-24 12:09:08: CFS: 6: /root_vdm_1/fscommon_05: path is unavailable(frozen) or invalid.

Attempting to delete or unmount a file system or checkpoint


Failover or reboot the affected data mover where the file system or ckeckpoint is currently mounted. Once completed, the unmount/deletion of the file system or checkpoint can be completed without further issues.

Perm Fix:

VNX1 Series:, and higher code levels

VNX2 Series: and higher


VNX: CAVA error VC: 3: 32: Server ‘x.x.x.x’ returned error ‘FAIL’ when checking file

Article Number: 480920 Article Version: 2 Article Type: Break Fix

VNX Event Enabler,VNX1 Series,VNX2 Series,Celerra

While virus checking is running, in the logs an error indicating that the VC service has failed to check it:

2016-03-29 11:38:44: VC: 3: 32: Server ‘x.x.x.x’ returned error ‘FAIL’ when checking file ‘root_vdm_idmount_pathfilename.ext’

The ‘FAIL’ message occurs when a scan request is opened (the VC service on the data mover sends a request to the CAVA servers) and when the CAVA server tries to open it the file is not found. This means that the file was deleted before it could be scanned. There are some scenarios where this could happen:

  • One way this occurs is if the file was a cookie, temporary file, or lock file. Microsoft office, for example, creates temporary files that follow the format ~$<original_filename.xxxx>. These files normally disappear when the file is saved or closed, and if this happens quickly the file can disappear before it has a chance to be scanned, leading to the FAIL message in the data mover log. The filenames that are failing scans usually identify this as the source of the issue.
  • Another way this can occur is if the file has a special ‘disposition’ on it. In SMB and SMB2 the user can set a disposition ‘delete on close’ when opening a file. If the file that is referred for scanning is opened by another user with this disposition set, the file is deleted before it can be scanned, leading to the FAIL message in the data mover logs. This option can be seen in packet traces by looking at SMB ‘Create’ or ‘SetInfo’ calls, but will be set by the user doing the deleting, and probably not the CAVA servers. This can make things difficult because normal traffic must be monitored (not just the AV server) to determine who is setting the flag.

The best resolution is to stop what is deleting the file (the external users deleting the file). This may mean disabling the use of temp files in office, or storing other temp files or cookies to a local directory instead of a shared one. If this cannot be done, then alter viruschecker.conf to exclude these types of files from being checked by altering the ‘excl’ line to exclude ~$*.* (for office files), *.tmp or any other extension that may be causing these errors.


CIFSserver=<CIFS server on data mover>

addr=<configured CAVA servers>




additional resources: (Description of how Word creates temporary files) (SMB2_FILE_DISPOSITION_INFO addresses ‘delete on close’) feature


SEP reporting C:WindowsWinSxSamd64_microsoft-windows-lockapp.appxmainLockApp.exe as Trojan.Gen.NPE.2

I need a solution

Hi All,

Wondering who else is getting the following file being marked as Trojan.Gen.NPE.2?


This is only started today, and it’s being reported across our entire Windows 10 estate, I am wondering if it is a false positive?





DLP Network Discover scan common errors

I need a solution

Hi guys

Does anyone know if there is a list of common errors and reasons/resolutions, i’m trying to put together a simple guide for the first line support team and can only find/document issues as I come across them myself, not really ideal.

What I have so far are:

Access is denied – Permissions error, scan does not have the correct credentials to access the file, or additional access controls exist on the file, or AD access may have been interrupted, (try to manually access the files using the DLP scan user to see why the download failed) 

Failed to Read – failed to read errors are generally related to files being locked and not available to be copied/downloaded

Failed to Download – often related to permissions errors (try to manually access the files using the DLP scan user to see why the download failed) 

No such mount exists – this is related to file reader restarts, when the file reader does not unmount the drive fully during the restart and then the scan cannot mount the drive to continue scanning.  This is a bug I have seen in the forums.

Exception occurred during initialization. Ensure that Microsoft Outlook is configured properly (.pst files). – Outlook needs to be installed on the server doing the scan to be able to read .pst files

Anyone had any more?



Block Access To File For Computer NOT INSTALL SEP Client

I need a solution

Hi everyone,

I have computer A and file text.txt I Create a policy to allow view file text.txt but terminate process if user try to write to this file. I share the folder cntain this file. The computer work fine with all computer has SEP Client Install. But computer without SEP Client, they have full permission on this file. They can read, write, move, delete … How can i block all permission but read of file text.txt for those computer that don’t have SEP client install using SEP, not File permission of Windows ??




Hotfix XS71ECU1007 – For XenServer 7.1 Cumulative Update 1

Who Should Install This Hotfix?

This is a hotfix for customers running XenServer 7.1 Cumulative Update 1. All customers who are affected by the issue described in CTX230624: Citrix XenServer Security Update should install this hotfix.

This hotfix does not apply to XenServer 7.1. You must apply Cumulative Update 1 before you can apply this hotfix.

Note: XenServer 7.1 Cumulative Update 1 and its subsequent hotfixes are available only to customers with Customer Success Services.

Information About this Hotfix

Component Details
Prerequisite None
Post-update tasks Restart Host
Content live patchable* No
Baselines for Live Patch Not Applicable
Revision History Published on Dec 15, 2017
* Available to Enterprise Customers.

Issues Resolved In This Hotfix

This security hotfix addresses the vulnerability as described in the Security Bulletin above. In addition, it resolves the following issues:

  • Occasionally, when SMB servers do not accept echo requests while reconnecting the sessions, the ISO SRs using the CIFS protocol become unavailable and may be recovered only by unplugging the SR or rebooting the host.
  • Race condition during a VM operation can lead to incorrect locking and reference counting in the ipset subsystem in Control Domain (dom0) and may occasionally cause a host crash.
  • Due to a race condition in Control Domain (dom0) kernel, multipath failover on a storage repository (SR) can occasionally cause a host crash.
  • Incorrect locking in the Fibre Channel subsystem of control domain (dom0) can lead to a deadlock causing the storage to stop working.
  • Incorrect locking in the iSCSI subsystem of the Control Domain (dom0) can cause corruption of critical data structures and result in sporadic host crashes.

Installing the Hotfix

Customers should use either XenCenter or the XenServer Command Line Interface (CLI) to apply this hotfix. When the installation is complete, see the Post-update tasks in the table Information About this Hotfix for information about any post-update tasks you should perform for the update to take effect. As with any software update, back up your data before applying this update. Citrix recommends updating all hosts within a pool sequentially. Upgrading of hosts should be scheduled to minimize the amount of time the pool runs in a “mixed state” where some hosts are upgraded and some are not. Running a mixed pool of updated and non-updated hosts for general operation is not supported.

Note: The attachment to this article is a zip file. It contains the hotfix update package only. Click the following link to download the source code for any modified open source components XS71ECU1007-sources.iso. The source code is not necessary for hotfix installation: it is provided to fulfill licensing obligations.

Installing the Hotfix by using XenCenter

Choose an Installation Mechanism

There are three mechanisms to install a hotfix:

  1. Automated Updates
  2. Download update from Citrix
  3. Select update or Supplemental pack from disk

The Automated Updates feature is available for XenServer Enterprise Edition customers, or to those who have access to XenServer through their XenApp/XenDesktop entitlement. For information about installing a hotfix using the Automated Updates feature, see the section Applying Automated Updates in the XenServer 7.1 Installation Guide.

For information about installing a hotfix using the Download update from Citrix option, see the section Applying an Update to a Pool in the XenServer 7.1 Installation Guide.

The following section contains instructions on option (3) installing a hotfix that you have downloaded to disk:

  1. Download the hotfix to a known location on a computer that has XenCenter installed.
  2. Unzip the hotfix zip file and extract the .iso file
  3. In XenCenter, on the Tools menu, select Install Update. This displays the Install Update wizard.
  4. Read the information displayed on the Before You Start page and click Next to start the wizard.
  5. Click Browse to locate the iso file, select XS71ECU1007.iso and then click Open.
  6. Click Next.
  7. Select the pool or hosts you wish to apply the hotfix to, and then click Next.
  8. The Install Update wizard performs a number of update prechecks, including the space available on the hosts, to ensure that the pool is in a valid configuration state. The wizard also checks whether the hosts need to be rebooted after the update is applied and displays the result.
  9. Follow the on-screen recommendations to resolve any update prechecks that have failed. If you want XenCenter to automatically resolve all failed prechecks, click Resolve All. When the prechecks have been resolved, click Next.

  10. Choose the Update Mode. Review the information displayed on the screen and select an appropriate mode.
  11. Note: If you click Cancel at this stage, the Install Update wizard reverts the changes and removes the update file from the host.

  12. Click Install update to proceed with the installation. The Install Update wizard shows the progress of the update, displaying the major operations that XenCenter performs while updating each host in the pool.
  13. When the update is applied, click Finish to close the wizard.
  14. If you chose to carry out the post-update tasks, do so now.

Installing the Hotfix by using the xe Command Line Interface

  1. Download the hotfix file to a known location.
  2. Extract the .iso file from the zip.
  3. Upload the .iso file to the Pool Master by entering the following commands:

    (Where -s is the Pool Master’s IP address or DNS name.)

    xe -s <server> -u <username> -pw <password> update-upload file-name=<filename>XS71ECU1007.iso

    XenServer assigns the update file a UUID which this command prints. Note the UUID.


  4. Apply the update to all hosts in the pool, specifying the UUID of the update:

    xe update-pool-apply uuid=<UUID_of_file>

    Alternatively, if you need to update and restart hosts in a rolling manner, you can apply the update file to an individual host by running the following:

    xe update-apply host=<name_of_host> uuid=<UUID_of_file>

  5. Verify that the update was applied by using the update-list command.

    xe update-list -s <server> -u root -pw <password> name-label=XS71ECU1007

    If the update is successful, the hosts field contains the UUIDs of the hosts to which this patch was successfully applied. This should be a complete list of all hosts in the pool.

  6. If the hotfix is applied successfully, carry out any specified post-update task on each host, starting with the master.


Hotfix File

Component Details
Hotfix Filename XS71ECU1007.iso
Hotfix File sha256 40198ccec3a7aac08547cc0e407b18c5308931969222d8d3c5af1759373d3d8e
Hotfix Source Filename XS71ECU1007-sources.iso
Hotfix Source File sha256 291d78aa0099903144b78b744e841cb7de7cec8e69450f741f7e64e2b04a1cef
Hotfix Zip Filename
Hotfix Zip File sha256 217784e6e38f33fee03a33d23183ffc9e311638eb133d39230ec02ea7d8ff116
Size of the Zip file 20.5 MB

Files Updated


More Information

For more information see, XenServer 7.1 Virtual Machine User’s Guide.

If you experience any difficulties, contact Citrix Technical Support.