Вы находитесь на странице: 1из 7

Trouble Shooting Filter Manager Using FLTMC

Trouble Shooting Filter Mangaer Using FLTMC


By Roshan Kaniyath

Trouble Shooting Filter Manager Using FLTMC

This document in details discuss about the investigating issue with filter driver.
A file system filter driver intercepts requests targeted at a file system or another file system filter driver. By
intercepting the request before it reaches its intended target, the filter driver can extend or replace
functionality provided by the original target of the request. Examples of File Systems and File System
Filter Drivers include anti-virus filters, backup agents, and encryption products.
The Filter Manager Control (FltMC) Utility tracks minifilter attached to the hardware (hard disk) or the
other Storage Systems (Hard drive on the SAN).
The CA ARCserve RHA Engine uses a minifilter driver "XOMF" which is loaded on the Master when the
scenario starts, and unloaded when the scenario stops.
If you receive the "Unable the start file system monitoring error", this usually indicates either a problem
loading the filter driver (XOMF) or attaching the driver to the volume.
There are several ways to trouble shoot the filter driver problems.
To determine the root cause of this error, you can use the Microsoft Filter Manager utility (fltmc.exe).
The Filter Manager utility (fltmc.exe) is installed by default on Windows.
A minifilter controls what the drive sees, and also monitors the data and the block change on the hard
drives.

Below mentioned are the types of the filter that Microsoft Provides,
1) Activity Monitor
2) Undelete
3) Antivirus
4) Replication
5) Backup
6) Content Screener
7) Quota Manager
8) System Recovery
9) Cluster Files System
10) Hierarchical Storage Manager (HSM)
11) Compression
12) Encryption
13) Physical Quota manager
14) Open files
15) Security Enhancers
16) Copy Protection

Generally, we use this utility to see which minifilters are running on the system and for further trouble
shooting.
You can use the FltMC in several modes to load, unload attach detach and list filter, the following
session describe the modes that FltMC Support.

Trouble Shooting Filter Manager Using FLTMC

This command can be executed from the command prompt

FLTMC

FLTMC is command executed on the windows server gives the Information of the File system Driver's
listed to load on the Server.

Minifilter altitudes are allocated by Microsoft based on minifilter requirements and load order group

For information on File System Minifilter Load Order Groups and Altitude Ranges, Please refer
http://msdn.microsoft.com/en-us/library/windows/hardware/gg462963.aspx
FLTMC and Options
Load
Use this mode to load the filter driver. Loading the driver does not activate it. This mode uses the
following the Syntax:

FltMC load [Driver Name]

Trouble Shooting Filter Manager Using FLTMC

Unload
Use this mode to unload an inactive driver. This mode uses the following syntax

FltMC unload [Driver Name]

Unloading the driver when the application is in active state will result undesirable events. Please make
sure to stop the application and it services before the UNLOAD command is executed.

Instances
Use this mode to list the number of instances the driver is attached tor. These filters are loaded and have
at least one instance attached to a particular volume. A filter may have multiple instances.
The number of instances for specific driver can be seen by the FltMC command check the Num
Instances Colum in the above.

FltMC instances

Trouble Shooting Filter Manager Using FLTMC

Volumes
Use this mode to list the volumes that have filter instances attached. This mode uses the following Syntax

FltMC Volumes

Attach
Use this mode to attach a filter that you have loaded into the memory to a particular volume. You can
assign the instance (the attachment of a filter to volume) a specific name. In addition, you can also
specify an altitude when you obtain this information from the minifilter vendor. The altitude determines the
minifilter order in the minifilter attachment stack, which determines when the minifilter sees the data send
to the storage device. This mode used the following syntax

FltMC Attach [FilterName] [volumeName or the Drive letter]

Filter Name Specifies the name of the filter that has been loaded in to the Memory using the load Mode

FltMC Attach [filterName] [volumeName] [[-i InstancesName] [-a altitude]]

Volumes Name specifies the name of the Volumes such as \Device\harddiskvolume1 (the volume name
can be found by executing the command FltMC volumes) that will have the filter attached

Trouble Shooting Filter Manager Using FLTMC

-i instance Name Specifies the name of the instances. When the utility is successful in attaching the
minifilter to the volume, it displays the resulting instance name.
-a altitude Specifies the altitude of the minifilter when the compares to another minifilter in the stack.
Microsoft controls the altitude information and you will receive this information (when required) from the
minifilter vendor. Normally this information appears as part of the registry entries for the minifilter.

Detach
Use this mode to detach the minifilter form a storage device that you previously attached using the Attach
mode. This mode used the following syntax

FltMC detach [FilterName] [VolumesName] [instanceName]

The Following list described each of the command line argument.


FilterName: specifies the name of filter that has loaded into the memory using the Load Mode.
VolumeName: specifies the name of the volumes, such as \Device\harddiskvolume1 (the volume name
can be found by executing the command FltMC volumes), that will have the filter detached. Please refer
to the screen shot below

InstanceName: specifies the name of the instances to remove. If you dont supply an instance the utility
removes the default instance
For more information to check the driver loaded on the server and running from the msinfo32,
Start Run Msinfo32 expand the Software Environment System driver

Trouble Shooting Filter Manager Using FLTMC

For detail information and trouble shooting of the CA ARCserve RHA driver XOMF Please refer to the
Kb Article.
http://arcserve-knowledgebase.com/index.php?View=entry&EntryID=4619