Intermittent file sharing connectivity from various clients to a Windows Server 2008 server

Intermittent file sharing connectivity from various clients to a Windows Server 2008 server

  • Comments 22
  • Likes


In recent weeks we have seen a number of cases with intermittent file sharing connectivity to Windows Server 2008 servers. I wanted to get this information out so that people who may be experiencing the issue won't have to spend a lot of time tracking down the problem.

The issue generally manifests in one of two ways:

  • After a period of time Windows XP and Windows Server 2003 clients can connect to file shares on a Windows Server 2008 server but Windows Vista clients time-out.
  • After a period of time Windows Vista clients can connect to file shares on a Windows Server 2008 server but Windows XP and Windows Server 2003 clients time-out.

Network traces look similar in both cases. After the TCP 3-way handshake the client sends an SMB Negotiate Dialect but the server doesn't respond.

Eventually the TCP session times out and is reset as seen in this example:



Two things are currently known to address the issue:

  • Upgrading the NIC drivers is known to help but not completely resolve the issue.
  • In the cases we have seen so far, uninstalling anti-virus software has resolved the issue.

Most of these cases involved older anti-virus software versions but we have also seen the issue with current versions that are supported on Windows Server 2008.

While there is not currently a complete resolution, I hope providing this information will help some people identify this issue quickly so they can resolve it and minimize the disruption to their environment.

- David Pracht

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Ask the Directory Services Team : Five Common Causes of “Waiting for the DFS Replication service to retrieve

  • We experienced this issue with two Windows Server 2008 Standard 64-bit servers with Symantec Antivirus Client 10.2.  The servers are domain controllers.  

    We had over 600 users who could not logon.  We recieved RPC errors and errors processing group policy as well as no domain could be located errors.

    We also received the following errors on the servers in the Windows System event logs:

    Event ID 4226 Source tcpip: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts

    Event ID 2022 Source srv: The server was unable to find a free connection <number> times in the last <number> seconds.

    The event ID 2022 errors we received when the problem occurred and there were multiples of these which occurred every 20 to 30 seconds.

    The problem could temporarily be worked aorund by reboots, but eventually returned.

    We uninstalled Symantec AV and have not had the issue since.

    Can anyone provide more details as to how the antivirus causes this problem?

  • Thank You for your comment.

    Our debug of the issue showed that the thread is waiting on SRTSP.sys.

    I have not verified this but Symantec Endpoint Protection 11 (MR3) is supposed to resolve the issue.

  • Well it's January 2009, and Symantec's latest version of their anti-virus program is still causing this exact problem for me on Windows Server 2008 x64.  I strongly recommend admins not install this sofware on Windows Server 2008 x64.

  • We have been having trouble with our new W2K8 64bit server since december, and it looks like symantec antiviris has been causing theese problem. First we had symantec 10.2 installed and got the problem, symantec support told us to install latest patches which we did but still got the same problem.

    Then we was adviced to upgrade to syamtec endpoint protection 11 with MR3. We did this but still got the problem.

    We have now switched antivirus and used symantec wiping tool to completly uninstall their components and are hoping that our fileserver will be stable now.

    The problem we have is that the shares become completly unresponsive after random amount of time and the only solution is rebooting file-server. When we have the problem and try to do a "net view \\server-ip" it just responds with "error 64" after a couple of mins. This is from Win2K server's and XP client's. There is a KB-article with similar problem on MS site, however W2K8 is not listed as affected operating system there but we have it on W2K8.

  • We had this happen today. XP clients were unable to connect the Win2008 share and ultimatley locked up waiting on the time-out. We re-booted the server to re-gain access.

    We have SAM

    I opened a ticket with MS and was told to go to version 11 or to fix the problem. Auto-protect and SmartScan were the issues....

    We plan to upgrade tonite.

  • This is amazing...after upgrading to SAV 11.0 MR4 this past Sunday.....Server issue popped up again last night....sending a trace to MS and will contact SAV again today.....

  • We are also have this problem on Server 2008 64-bit and we are already using SAM 11.0.3001.2224

    Just waiting to see if any later patches else we will have to uninstall

  • You must install the MR4 Version this only works with Windows 2008

  • So what about Windows XP running on a laptop? I am getting Event ID 4226 intermittently and have to reboot my lpatop to access the internet. Any ideas what I can do to correct this problem?


  • We have this issue on a 2008 Server Core Domain Controller running SAV After seeing the suggestion of smartscan being the issue I turned off the smartscan and it has been running good for over 15 days now. Use to fail anywhere from 1 hour to 6 days. Will post again if it stops. But looks good by just unchecking smartscan.

  • Hello. I have been experiencing the same issue since December 08. I too uninstalled the syamantec client and installed the new 10 mr2 client, as MS recommended. However, problem continued. All my users would lose their home drive's 1-5 days after a reboot of the 2008 Ent 64-bit Failover Cluster. As luck would have it I stumbled upon a patch (kb955733) that MS did not even know of. It fixed the issue. However, curiously, the patch is NOT included in the rollup for SP2. I am nervous. I was afforded the chance to rebuild the cluster on new servers/san. I did. It worked, no patch. I ran for two weeks. I migrated the users. BAM. Same problem.

    So...I just unchecked this "smartscan" also. If it does not work I will install my patch, but I don't want to. I shouldn't have to backrev (see kb955733) to get symantec to work on my cluster!!!


  • So what about Windows XP running on a Desktoptop? I am getting Event ID 4226 intermittently and have to reboot my DSL to access the internet. Or wait for 5-10 minutes. Any ideas what I can do to correct this problem? Can't play in any game server due to this reason. I got this error every 25-45 mins,


  • Hello.  We have two HP DL380G5 servers and one is experiencing the issue and one is not.  SEP 11.0.4014 MR4 is installed on both.  The server that this issue is occurring on was a fresh install of 2K8 x64 Enterprise.  The other server was upgraded from 2k3 x64 Enterprise to 2K8 x64 Enterprise.  I am curious to know if others are doing a fresh install or upgrade.

  • your solution for 64 bits it's here, the same solution exist for 32 bits.

    I have the same pb on the 32bits platform windows server 2008.

    good luck