Had great fun on a bad day with a HyperV Guest BES Server that had an on screen error in HyperV Manager that the BIOS did not load. Couldn't manage the server, reset it, power it off or even remote to it on the management console or RDP.
Turns out the machine was corrupt somehow.
In troubleshooting the issue I got pointed to this MS Article - http://support.microsoft.com/kb/961804 and I have it on good authority that there have been 10 calls to MS about this ( I wonder how many calls were never made?)
Anyway, I'm updating my AV Exclusion list. This mostly applies to Server 2003, but I will update it on Server 2008 shortly.
Hope it helps someone.
Files to Exclude from AV scans
Need to add pagefile.sys and spool folder
Exclusions:
Exchange related:
C:\Program Files\Exchsrvr\Mdbdata (This is likely to move - check first!)
C:\Program Files\Exchsrvr\Mtadata
C:\Program Files\Exchsrvr\server_name.log (servername changes...)
C:\Program Files\Exchsrvr\Mailroot
C:\Program Files\Exchsrvr\Mdbdata
C:\Program Files\Exchsrvr\srsdata
C:\Program Files\Exchsrvr\Conndata
C:\Program Files\Exchsrvr\Exchweb
C:\Program Files\Exchsrvr\schema
C:\Program Files\Exchsrvr\res
C:\inetpub\mailroot
C:\windows\system32\inetsrv\metabase.bin
McAfee:
C:\Program Files\Network Associates\McAfee PortalShield\ (and all subdirectories)
C:\Program Files\Network Associates\Common Framework\
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework
IIS related:
C:\WINDOWS\system32\inetsrv
C:\WINDOWS\IIS Temporary Compressed Files
Domain Controller related:
Active Directory database files = C:\WINDOWS\NTDS
SYSVOL C:\WINDOWS\SYSVOL
NTFRS Database Files = C:\WINDOWS\ntfrs
Windows SharePoint Services:
C:\Program Files\SharePoint Portal Server\ (and all subdirectories)
C:\Program Files\Common Files\Microsoft Shared\Web StorageSystem\
C:\windows\temp\Frontpagetempdir
Additional Exclusions:
Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata
SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
DHCP Database Store = C:\WINDOWS\system32\dhcp
WINS Database Store = C:\WINDOWS\system32\wins
GroupShield:
C:\Program Files\Network Associates\McAfee GroupShield\bin\productlog.bin
C:\Program Files\Network Associates\McAfee GroupShield\bin\detecteditems.bin
C:\Program Files\Network Associates\McAfee GroupShield\bin\detecteditems.bin.qtn
GFI:
C:\Program Files\GFI\MailEssentials
C:\Program Files\Common files\GFI
C:\Inetpub\mailroot
If GFI MailEssentials is installed on the same machine as Exchange server, virus scanning software and backup software should be disabled from scanning C:\Program Files\Exchsrvr\Mailroot instead of C:\Inetpub\mailroot.
Workstation Exclusions:
C:\WINDOWS\SoftwareDistribution\DataStore
C:\Program Files\Network Associates\Common Framework\
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework
- Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
- Custom virtual machine configuration directories
- Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
- Custom virtual hard disk drive directories
- Snapshot directories
- Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
- Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)
- Additionally, when you use Live Migration together with Cluster Shared Volumes on Windows Server 2008 R2, exclude the CSV path "C:\Clusterstorage" and all its subdirectories.
Notes
If virtual machines are missing from the Hyper-V Management console, you must configure the antivirus exclusions, and then restart the Hyper-V Virtual Machine Management service.
If you receive error code 0x800704C8, it is likely that the virtual machine configuration file was corrupted. In this case, and if restarting the Hyper-V Virtual Machine Management service does not resolve the issue, the virtual machine has to be re-created or restored from a backup.
