Turns out the machine was corrupt somehow.
In troubleshooting the issue I got pointed to this MS Article - http://support.microsoft.com/kb/961804 and I have it on good authority that there have been 10 calls to MS about this ( I wonder how many calls were never made?)
Anyway, I'm updating my AV Exclusion list. This mostly applies to Server 2003, but I will update it on Server 2008 shortly.
Hope it helps someone.
Files to Exclude from AV scans
Need to add pagefile.sys and spool folder
Exclusions:
Exchange related:
C:\Program Files\Exchsrvr\Mdbdata (This is likely to move - check first!)
C:\Program Files\Exchsrvr\Mtadata
C:\Program Files\Exchsrvr\server_name.log (servername changes...)
C:\Program Files\Exchsrvr\Mailroot
C:\Program Files\Exchsrvr\Mdbdata
C:\Program Files\Exchsrvr\srsdata
C:\Program Files\Exchsrvr\Conndata
C:\Program Files\Exchsrvr\Exchweb
C:\Program Files\Exchsrvr\schema
C:\Program Files\Exchsrvr\res
C:\inetpub\mailroot
C:\windows\system32\inetsrv\metabase.bin
McAfee:
C:\Program Files\Network Associates\McAfee PortalShield\ (and all subdirectories)
C:\Program Files\Network Associates\Common Framework\
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework
IIS related:
C:\WINDOWS\system32\inetsrv
C:\WINDOWS\IIS Temporary Compressed Files
Domain Controller related:
Active Directory database files = C:\WINDOWS\NTDS
SYSVOL C:\WINDOWS\SYSVOL
NTFRS Database Files = C:\WINDOWS\ntfrs
Windows SharePoint Services:
C:\Program Files\SharePoint Portal Server\ (and all subdirectories)
C:\Program Files\Common Files\Microsoft Shared\Web StorageSystem\
C:\windows\temp\Frontpagetempdir
Additional Exclusions:
Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata
SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
DHCP Database Store = C:\WINDOWS\system32\dhcp
WINS Database Store = C:\WINDOWS\system32\wins
GroupShield:
C:\Program Files\Network Associates\McAfee GroupShield\bin\productlog.bin
C:\Program Files\Network Associates\McAfee GroupShield\bin\detecteditems.bin
C:\Program Files\Network Associates\McAfee GroupShield\bin\detecteditems.bin.qtn
GFI:
C:\Program Files\GFI\MailEssentials
C:\Program Files\Common files\GFI
C:\Inetpub\mailroot
If GFI MailEssentials is installed on the same machine as Exchange server, virus scanning software and backup software should be disabled from scanning C:\Program Files\Exchsrvr\Mailroot instead of C:\Inetpub\mailroot.
Workstation Exclusions:
C:\WINDOWS\SoftwareDistribution\DataStore
C:\Program Files\Network Associates\Common Framework\
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework
- Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
- Custom virtual machine configuration directories
- Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
- Custom virtual hard disk drive directories
- Snapshot directories
- Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
- Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)
- Additionally, when you use Live Migration together with Cluster Shared Volumes on Windows Server 2008 R2, exclude the CSV path "C:\Clusterstorage" and all its subdirectories.
Notes
If virtual machines are missing from the Hyper-V Management console, you must configure the antivirus exclusions, and then restart the Hyper-V Virtual Machine Management service.
If you receive error code 0x800704C8, it is likely that the virtual machine configuration file was corrupted. In this case, and if restarting the Hyper-V Virtual Machine Management service does not resolve the issue, the virtual machine has to be re-created or restored from a backup.
