With Microsoft's recent announcement of "The End of XP " and the considerable push toward getting more customers using Windows Vista, we wanted to share with you a very simple workaround for addressing one of the minor annoyances with Windows Vista's iSCSI Initiator and F-Response.

If you have used Vista as the Initiator in an F-Response connection you  have no doubt received the following message when attempting to disconnect an F-Response iSCSI drive.

Now, the reason for this error message is quite simple, you most likely have an explorer window open, or a forensic tool holding a handle to the physical drive. However, under Vista, even if you try to close or stop all running programs this message will still be displayed.

Why?

Well after some investigation we've determined that it appears when a NTFS volume is "added" to the system, Vista immediately opens a handle and begins writing Transactional NTFS information to the drive (However, with F-Response no writes occur). Interestingly enough, this handle appears to be held by "System" making it all but impossible to close or free. 

But there is a workaround.

Vista allows you to set a command line option to disable the "automatic mounting" of attached drives. Now yes this does mean you will not be able to navigate through the F-Response drive using Windows Explorer, but it does mean that the when the drive is connected it will not be mounted, and Vista will not open a handle for Transactional NTFS.

The command line tool is "mountvol", the syntax you will want to use is "mountvol /N" which will disable the automatic mounting of new volumes. Keep in mind if you have previously "automounted" an F-Response volume, Vista will ignore the /N option and mount that volume automatically.

Just something to consider when workng with Windows Vista.

Warmest Regards,

M. Shannon

Founder, F-Response

June 20, 2008