Discussions specific to the Microsoft Hyper-V hypervisor
Post Reply
krakhger
Service Provider
Posts: 3
Liked: never
Joined: Dec 16, 2016 6:03 pm
Contact:

Replication failed, unstable connection

Post by krakhger » Jun 11, 2018 9:25 am

Dear all,
I ran into an issuse reagarding replication this Weekend, maybe it is of some interest to anybody.
I have 2 Hyper-V 2012R2 Servers on two different Locations. Want to move (replicate) one VM from Site A to Site B. The sites are connected via VPN, on both sides are Sonicwall TZ appliances.
The replication starts, and after about 36min of runtime it Fails with "unstable Connection error". The VPN was up for years and nobody reported any issue ever. Also each side A + B does cloud backup without any issue for years.
When I look in the Firewall logs, I saw a lot of Sonicwall GAV Messages, so the sonicwall Gateway AV destroyed the replication traffic. I disabled the 2 signatures "Gateway Anti-Virus Alert: Suspicious#polycrypt.11 (Worm)" and "Gateway Anti-Virus Alert: KillAV.NLK (Trojan)" and the replication Job finished without any further issue.

I also did a Virus scan in the machine I replicated, nothing found, I also reenabled the signatures in the GAV, tried to replicate 2 other machines, no alerts anymore. Also a next incremental replication Job of the affected machine with all signatures on shows no issue anymore.

Are there any know issues with Sonicwall GAV and replication traffic? I am not sure if my VM is infected or it is a false positive.
If somebody runs into a similiar issue, maybe it's worth to check the Firewall logs?

Dima P.
Product Manager
Posts: 10537
Liked: 858 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Replication failed, unstable connection

Post by Dima P. » Jun 11, 2018 4:39 pm

Hello krakhger.

Yes, it looks like proactive scan has ruined the replication traffic. I’d disable the replication, scan the source host (sometimes it’s good to use two completely different AV scanners, some vendors offer a manually controlled free scanners like Dr Web – CureIt). Once you confirm that source machine is not infected you can safely proceed and enable replication back.

Post Reply

Who is online

Users browsing this forum: Schnuecker and 16 guests