Compliance Accelerator Department Tagging is not being applied to certain Monitored Employees that are members of Employee Groups.

Article:TECH159406  |  Created: 2011-05-04  |  Updated: 2014-06-12  |  Article URL http://www.symantec.com/docs/TECH159406
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution

Product(s)

Environment

Issue



A Compliance Accelerator (CA) Monitored Employee in an Employee Group that is monitored by at least 1 CA Department has 0 emails in review and in no reports, while other members of the Employee Group are being monitored.

 


Cause



Under certain conditions, an Enterprise Vault (EV) Compliance Accelerator (CA) Monitored Employee that is a member of a CA Employee Group is not being tagged with the proper department tagging.  These conditions include, but may not be limited to:

  1. The Monitored Employee's Active Directory account has been deleted and recreated with at least 1 SMTP address matching the original AD account's SMTP address(es) and is a member of an Active Directory Group that is synchronized to a CA Employee Group.
  2. The Monitored Employee has an Active Directory account that is a member of an Active Directory Group that is synchronized to a CA Employee Group that has a manually created Monitored Employee entry without an AD account but has at least 1 SMTP address that matches an SMTP address of the AD account.

Multiple Monitored Employee entries with the same SMTP address causes the Journal Connector to not be able to distinguish the Department under which the account should be tagged.  This is regardless of one Monitored Employee entry being Active and another being Inactive.  The duplicate SMTP address is not able to be parsed into the appropriate Department.

 


Solution



Workaround:

The workaround is to modify all of the SMTP addresses of the previous or invalid instances of the Monitored Employees using the following steps:

I. Identify all duplicate SMTP addresses.

1. Log onto the SQL Server hosting the CA Customer database using an account with at least permission to read the database contents, such as the Vault Service Account (VSA).

2. Launch SQL Server Management Studio.

3. Open a New Query window focused on the CA Customer.  The focus of the Query window can be set by running the following SQL statement in the Query window, replacing 'EVBACACustomerDB' with the name of the CA Customer database:

USE EVBACACustomerDB
GO

4. Determine the scope of the work needed by running the following SQL query in the Query window:

SELECT Address
     , AddressID
     , AddressOwnerID
FROM tblAddress
WHERE Address IN (
                  SELECT Address
                  FROM tblAddress
                  GROUP BY Address
                  HAVING COUNT(Address) > 1
                  )

5. Obtain a listing of all duplicate SMTP addresses and their associated Monitored Employees by running the following SQL query in the Query window:

SELECT titttg.TargetGroupID
     , ttg.Name AS 'Target Group Name'
     , ttg.Description AS 'Target Group Description'
     , tau.DisplayName
     , ta.AddressID
     , ta.Address
     , ta.AddressOwnerID
     , tau.FirstName
     , tau.Surname
     , tp.PrincipalName
     , tp.PrincipalLogin
FROM tblAddress AS ta
JOIN tblAddressUser tau
 ON ta.AddressOwnerID = tau.AddressOwnerID
LEFT JOIN tblIntTargetToTargetGroup AS titttg
 ON ta.AddressOwnerID = titttg.AddressOwnerID
LEFT JOIN tblTargetGroup AS ttg
 ON titttg.TargetGroupID = ttg.TargetGroupID
LEFT JOIN tblPrincipal AS tp
 ON ta.AddressOwnerID = tp.AddressOwnerID
WHERE ta.Address IN (
                     SELECT Address FROM tblAddress
                     GROUP BY Address
                     HAVING COUNT(Address) > 1
                                                     )
ORDER BY ta.Address
       , ttg.Name
       , ta.AddressID
       , ta.AddressOwnerID

6. Review the output of the above query to note al of the Display names with the duplicate SMTP addresses, saving the output to a file and print the file contents as needed.

7. Close the SQL Query window, close SQL Server Management Studio, and log off of the SQL Server as appropriate when the work there is completed.

II. Make the invalid instances of the Monitored Employees' SMTP addresses unique:

1. Open the CA  Client with an account that has permissions to modify Monitored Employees (such as the Vault Service Account).

2. Click on the Employees tab.

3. Click on the first instance of the Monitored Employee that has no Active Directory account.

4. Click on the first e-mail address in the Email addresses: field.

5. Add  to the beginning or end of the address some characters to make the SMTP address unique, such as 'xxx', 'xxx_', 'x1_', etc.

For example, presume Monitored Employee 1, Monitored Employee 2 and Monitored Employee 3 are different instances of an employee, user1, and all have the SMTP address of 'user1@evtest.local'.  Monitored Employee 1 has been deactivated and replaced with Monitored Employee 2, then Monitored Employee 2 was deactivated and replaced with Monitored Employee 3.  In this example, Monitored Employee 1 would need to have the SMTP address modified to something unique, such as 'x1_user1@evtest.local', and Monitored Employee 2 would need to have the SMTP address modified to something unique, such as 'x2_user1.evtest.local'.

6. Repeat Step 6 for each address in the field.

7. Click the Save button to save the changes.

8. Click on the next instance of the Monitored Employee that has no Active Directory account.

9. Repeat Steps 4 through 7.

10. If additional instances exist for the Monitored Employee where there is no associated Active Directory account, repeat Steps 4 through 7 for each instance.

11. Ensure only the instance of the Monitored Employee with an associated Active Directory account exists with the SMTP addresses that matched the other instances.  Only one instance should exist with the SMTP addresses when complete.

12. Restart all Journal Tasks that are associated with the Journal Connector in order to force a resynchronization of the Monitored Employee information with the Journal Connector.  This will allow the changed to become effective immediately upon completion of the above steps and allow proper tagging of the Monitored Employee's e-mail messages.

Note that this issue has been found to occur with only 2 instances of Monitored Employee entries for the same person and different persons where at least one instance has an associated Active Directory account, but both instances have the same SMTP  addresses.


This issue has been addressed as part of the following release:


Hotfix for Symantec Enterprise Vault (EV) Compliance Accelerator (CA) 9.0 SP, Build 9.0.4.1039
http://www.symantec.com/docs/TECH198830

Enterprise Vault 10.0.3 - Release Details
http://www.symantec.com/docs/TECH193300

Enterprise Vault 9.0.5 - Release Details
http://www.symantec.com/docs/TECH204715
 


Note that this hotfix addresses the issue of deactivated Monitored Employees with at least one SMTP address that matches that of any active Monitored Employees only.  If multiple active Monitored Employees have the same SMTP address, all but one of the multiple Monitored Employees will have to go through the Workaround steps above.  Only one active Monitored Employee can be associated with an SMTP address for Department tagging to work properly. 

 


Supplemental Materials

SourceETrack
Value2371278
Description

Monitored Employees created through at least 3 instances of Active Directory accounts with the same, multiple SMTP addresses are not tagged by CA Department tagging.


SourceETrack
Value2917068
Description

Monitored Employees created through at least 3 instances of Active Directory accounts with the same, multiple SMTP addresses are not tagged by CA Department tagging.


SourceETrack
Value2917071
Description

Monitored Employees created through at least 3 instances of Active Directory accounts with the same, multiple SMTP addresses are not tagged by CA Department tagging.




Article URL http://www.symantec.com/docs/TECH159406


Terms of use for this information are found in Legal Notices