Unsolved
This post is more than 5 years old
31 Posts
0
7813
mount request from x.x.x.x for /nfs_store failed with error: STATUS_ACCESS_DENIED
I have an NFS store on our Isilon that is used for templates and iso's in VMware. ESXi servers are the only hosts that can access the nfs store as I have the nfs share restricted to just those ESXi servers as clients. I keep on getting notifications from Isilon that windows machines are trying to mount the nfs share. The exact message (minus IP and name of share) is Resolved: Mount request from x.x.x.x for /nfs_store failed with error: STATUS_ACCESS_DENIED.
I've been getting this message from the Isilon for random windows machines that should not in any way be attempting to mount the nfs store. I've gotten them from a domain controller, a veam machine, a cisco acs machine. Does anybody have any knowledge in regard to this particular event?
kipcranford
125 Posts
0
August 1st, 2016 14:00
Hi rgcda,
What OneFS release are you seeing this on?
Also, just checking for completeness: you're sure that the Windows clients referenced in those log messages don't have NFS clients installed? In other words, is it *impossible* for these clients to be making NFS requests?
rgcda
31 Posts
0
August 1st, 2016 15:00
We are on 8.0.0.0 and soon to be 8.0.0.1 in a few more days.
None of these windows machines have the nfs client installed so they cannot connect to an nfs export.
Thank you for your reply and assistance.
rgcda
31 Posts
0
August 2nd, 2016 10:00
I do have an SR open. Initially they indicated that this is a Windows issue with no supporting evidence or even looking at the case and indicated I could filter the notification if I wanted. I've been holding off on filtering the notification out for now and have sent them an isi_gather_info for review.
kipcranford
125 Posts
0
August 2nd, 2016 10:00
Thanks rgcda.
Well, after going through all my logs, I haven't seen the same thing in my lab, but that's not really proof of anything. Code inspection seems to indicate that this isn't something as simple as a misleading error message either.
Do you have Support case open on this? If not, then please open one.
rgcda
31 Posts
0
August 2nd, 2016 16:00
There has been a nessus scan running in our environment, but not from the IP addresses indicated in the notifications we've received.
Raj_la
115 Posts
0
August 2nd, 2016 16:00
Any QUALYS or any scans is running/configured on your cluster ? we usually getting the same message during qualys machine scan window.
kipcranford
125 Posts
0
August 3rd, 2016 07:00
> I do have an SR open. Initially they indicated that this is a Windows issue with no supporting evidence or even looking at the case
Hmm, ok, I'll see if I can dig into the SR to see what the "Windows issue" is. If I find anything I'll post back here.
ryan_meyers
17 Posts
0
October 19th, 2016 06:00
Did you ever find out what is causing this? Since upgrading to 8.0.x we get similar messages every night regarding a particular machine trying to access data that we have no idea why it would be accessing.
rgcda
31 Posts
0
December 2nd, 2016 14:00
It was the nessus scanner.
praveendth
1 Message
0
March 1st, 2017 10:00
Hi rgcda,
Any action was taken from Isilon or from nessus scanner.
Could you explain me briefly what has been done.
Thanks,
Praveen
UtkArya
2 Posts
0
April 29th, 2019 10:00
So your issue has been fixed? Can you let me know what was the reason and if you took any action related to those IP's?