[OpenAFS] IMPORTANT: Microsoft SMB Redirector (mrxsmb.sys) and OpenAFS for Windows

Jeffrey Altman jaltman@secure-endpoints.com
Mon, 29 Jun 2009 21:40:24 -0400 

This e-mail is a follow-up to a previous e-mail describing a flaw in
Microsoft's SMB Redirector (mrxsmb.sys) that could have serious
implications for OpenAFS users.

  http://lists.openafs.org/pipermail/openafs-info/2009-April/031174.html

>From January to April of this year I have been working with Microsoft to
resolve a series of issues between Microsoft's SMB Redirector and
OpenAFS.  In the simplest of terms Windows has for many years had a race
condition in the mrxsmb.sys code which was fairly recently exposed.  The
race condition would lead to a deadlock whose symptoms could not be
distinguished from the OpenAFS Client Service failing to respond. 
Microsoft has now pushed out the fixes to all of their currently
supported platforms:

Windows XP (32-bit) SP2 and SP3
  http://support.microsoft.com/kb/971421

Windows 2003 (32-bit and 64-bit) and XP64  SP2
     http://support.microsoft.com/kb/969289

Windows Vista and 2008
    installed as part of SP2

In addition to fixing the race condition and the deadlock Microsoft also
addressed one of the biggest issues that OpenAFS has suffered from on
the Microsoft Windows desktop:

    The fixed client side timeout in the SMB redirector.

Up until these latest versions of the SMB redirector the client side
timeout has been stuck at 45 seconds.  If the SMB redirector sent a
request to the \\AFS SMB Server (the OpenAFS cache manager) and a
response was not received within 45 seconds, the SMB redirector would
assume the SMB server was broken, break the connection and send an error
to the caller.  It is not always possible to reply in 45 seconds.  As a
result, the end user experience has suffered.   As part of these latest
updated Microsoft added two new registry values to the SMB redirector:

    ExtendedSessionTimeout
    ServersWithExtendedSessionTimeout

The 1.5.60 (and later) versions of OpenAFS for Windows will
automatically create these values.   The extended session timeout is set
to 10 minutes and the name "AFS" is added to the server list.  With
these changes the OpenAFS for Windows client no longer has to worry
about the SMB redirector canceling requests that are still being
processed.  

If you are a user of OpenAFS for Windows or manage packages for your
users, please upgrade to 1.5.60 and either install the hot fix for XP
and 2003 or SP2 for Vista and 2008 depending on your operating system
platform. 

Thank you.

Jeffrey Altman