Cluster Shared Volume (CSV) has redirected access

Troubleshooting Cluster Shared Volumes

Problem

You have CSVs in a cluster, that have redirected access stated behind the Online-Status. In parallel you will have a warning event in the Windows System Eventlog with the IP 5125, Source FailoverClustering and Category Cluster Shared Volume.

The Eventlog states, that a Clustervolume of the devicestack has an active filter driver, that may have negative impact to CSV transactions. Because of this, the access is redirected via another cluster node. This may impact the performance. It also possibly states one or more filter drivers, that may have something to do with it or, like in my case, just some random Chinese-looking characters. This event is shown every 3 minutes for each affected volume.

Commands

Get Cluster Shared Volumes and see the state as well the reason for the state:

Get-ClusterSharedVolumeState

Output is for example:

BlockRedirectedIOReason      : NotBlockRedirected
FileSystemRedirectedIOReason : IncompatibleFileSystemFilter
Name                         : SSD1
Node                         : SERVER1
StateInfo                    : FileSystemRedirected
VolumeFriendlyName           : DATASTORE1
VolumeName                   : \\?\Volume{27c9a590-5435-4e5b-b172-bcba55405aba}\

In the line starting with FileSystemRedirectedIOReason you see why it is redirected.

UserRequest

the redirect was manually set by someone. You can disable it by selecting the volume in the Failovercluster-Manager. At the lower part of the window, right click on the graphical version of the volume and select Turn Off Redirected Access.

IncompatibleFileSystemFilter

This is a tricky one as it is related to a driver. This can by any kind of driver, that interopts with the disks. To figure out which one it might be, run the command fltmc instances. It will show you all drivers. Check if you have drivers of a backup software or anti-virus program. It’s hard to identify them, as you only have the name in the first column to do so. You can also run the command Get-ClusterLog | fl to get more Details. It will return a file that is located at \\localhost\admin$\Cluster\Reports\Cluster.log by default and may be very large. Try to use Notepad++ or Wordpad to open the file. Scroll to the end. You will see additional log messages, that my help you. My problem was, that the filter, that the eventlog and the log message are related to, are shown as 攀尀䠀愀爀搀搀椀猀欀嘀漀氀甀洀攀㄀㔀䤀䘀吀猀猀䘀氀爀猀欀. To get some sense out of it, I converted the string to hex code and put converted it back to ASCII after. I used this page to convert the nonsense-Chinese to hex: ASCII to Hex | Text to Hex Code Converter (rapidtables.com) and after that another page on that site to convert it to text: Hex to ASCII Text String Converter (rapidtables.com) The result was something useful: e\HarddiskVolume15IFTssFlrsk The first part is the disk volume, that is affected. But after this (here after the 15), the filter is mentioned. It is IFTssFlrsk. It is a Generic File System Filter Driver regarding the iftssflr.sys at C:\Windows\system32\drivers. When checking the filter instances with fltmc instances, you see that this filter called IFTssFlr. That has, compared to the other filters, some strange parameters:

  • It has a floating number as weight
  • It has no Instance name
  • It has a Prerelease text as a Frame stated After some research on the internet, I figured out, that his is a filter driver of our SAN vendor Infortrend. So basically it is a faulty driver/filter of the vendor or a misconfiguration by you. In my case we used the drivers SANWatch 3.0 v136. An update to SANWatch 3.0 v140 was available. After the update nothing changed.

A workround is to disable the filter using the following command: fltmc unload IFTssFlr if you want to enable it later, you can do so by running fltmc load IFTssFlr. With fltmc filters you can list all installed filter drivers.

What also works if the commands above are not working is running the following in Powershell to uninstall the driver from the system:

# Get the driver
Get-CimInstance Win32_SystemDriver -Filter "name='IFTssFlr'"

# If the above returned a driver, run this to remove it
Get-CimInstance Win32_SystemDriver -Filter "name='IFTssFlr'" | Invoke-CimMethod -MethodName Delete

# Reboot the system
Restart-Computer

References

Understanding the state of your Cluster Shared Volumes - Microsoft Community Hub Resolving Cluster Shared Volume “Redirected Access Mode” Error. | Chinny Chukwudozie, Cloud Solutions. Troubleshooting ‘Redirected Access’ on a Cluster Shared Volume (CSV) – Kurumsal Mimari Blog (wordpress.com) Fltmc CMD: Windows System and Utilities Command Line Prompt (winservicehub.com)

Neuste Blogposts

Graylog Setup

This article describes how to setup Graylog on a small system for LAB usage. It does not fulfils the requirements for a productive usage.

Read more

Veröffentlicht: Aug 12, 2024

Install Mattermost behind OPNsense Reverse Proxy

This article is about installing mattermost behind a OPNsense reverse proxy using Ubuntu and the official Omnibus deployment method of Mattermost.

Read more

Veröffentlicht: Mar 28, 2024

Mattermost hinter einem OPNsense Reverse Proxy installieren

Dieser Artikel beschreibt die Installation von Mattermost hinter einem OPNsense Reverse Proxy mit Ubuntu und der offiziellen Omnibus Deployment Methode von Mattermost.

Read more