Compliance Accelerator Department Tagging is not being applied to certain Monitored Employees that are members of Employee Groups.
|Article:TECH159406|||||Created: 2011-05-04|||||Updated: 2012-10-24|||||Article URL http://www.symantec.com/docs/TECH159406|
|NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.|
A Compliance Accelerator (CA) Monitored Employee in an Employee Group that is monitored by at least 1 CA Department has 0 emails in review and in no reports, while other members of the Employee Group are being monitored.
Under certain conditions, an Enterprise Vault (EV) Compliance Accelerator (CA) Monitored Employee that is a member of a CA Employee Group is not being tagged with the proper department tagging. These conditions include, but may not be limited to:
- The Monitored Employee's Active Directory account has been deleted and recreated with at least 1 SMTP address matching the original AD account's SMTP address(es) and is a member of an Active Directory Group that is synchronized to a CA Employee Group.
- The Monitored Employee has an Active Directory account that is a member of an Active Directory Group that is synchronized to a CA Employee Group that has a manually created Monitored Employee entry without an AD account but has at least 1 SMTP address that matches an SMTP address of the AD account.
Multiple Monitored Employee entries with the same SMTP address causes the Journal Connector to not be able to distinguish the Department under which the account should be tagged. This is regardless of one Monitored Employee entry being Active and another being Inactive. The duplicate SMTP address is not able to be parsed into the appropriate Department.
The workaround is to modify all of the SMTP addresses of the previous or invalid instances of the Monitored Employees using the following steps:
I. Identify all duplicate SMTP addresses.
1. Log onto the SQL Server hosting the CA Customer database using an account with at least permission to read the database contents, such as the Vault Service Account (VSA).
2. Launch SQL Server Management Studio.
3. Open a New Query window focused on the CA Customer. The focus of the Query window can be set by running the following SQL statement in the Query window, replacing 'EVBACACustomerDB' with the name of the CA Customer database:
4. Determine the scope of the work needed by running the following SQL query in the Query window:
5. Obtain a listing of all duplicate SMTP addresses and their associated Monitored Employees by running the following SQL query in the Query window:
6. Review the output of the above query to note al of the Display names with the duplicate SMTP addresses, saving the output to a file and print the file contents as needed.
7. Close the SQL Query window, close SQL Server Management Studio, and log off of the SQL Server as appropriate when the work there is completed.
II. Make the invalid instances of the Monitored Employees' SMTP addresses unique:
1. Open the CA Client with an account that has permissions to modify Monitored Employees (such as the Vault Service Account).
2. Click on the Employees tab.
3. Click on the first instance of the Monitored Employee that has no Active Directory account.
4. Click on the first e-mail address in the Email addresses: field.
5. Add to the beginning or end of the address some characters to make the SMTP address unique, such as 'xxx', 'xxx_', 'x1_', etc.
For example, presume Monitored Employee 1, Monitored Employee 2 and Monitored Employee 3 are different instances of an employee, user1, and all have the SMTP address of 'firstname.lastname@example.org'. Monitored Employee 1 has been deactivated and replaced with Monitored Employee 2, then Monitored Employee 2 was deactivated and replaced with Monitored Employee 3. In this example, Monitored Employee 1 would need to have the SMTP address modified to something unique, such as 'email@example.com', and Monitored Employee 2 would need to have the SMTP address modified to something unique, such as 'x2_user1.evtest.local'.
6. Repeat Step 6 for each address in the field.
7. Click the Save button to save the changes.
8. Click on the next instance of the Monitored Employee that has no Active Directory account.
9. Repeat Steps 4 through 7.
10. If additional instances exist for the Monitored Employee where there is no associated Active Directory account, repeat Steps 4 through 7 for each instance.
11. Ensure only the instance of the Monitored Employee with an associated Active Directory account exists with the SMTP addresses that matched the other instances. Only one instance should exist with the SMTP addresses when complete.
Note that this issue has been found to occur with only 2 instances of Monitored Employee entries for the same person and different persons where at least one instance has an associated Active Directory account, but both instances have the same SMTP addresses.
A hotfix for Compliance Accelerator 9.0 SP4 has been released to address this issue. Refer to TECH198830 in the Related Articles section below for this hotfix.
Note that this hotfix addresses the issue of deactivated Monitored Employees with at least one SMTP address that matches that of any active Monitored Employees only. If multiple active Monitored Employees have the same SMTP address, all but one of the multiple Monitored Employees will have to go through the Workaround steps above. Only one active Monitored Employee can be associated with an SMTP address for Department tagging to work properly.
Monitored Employees created through at least 3 instances of Active Directory accounts with the same, multiple SMTP addresses are not tagged by CA Department tagging.
Article URL http://www.symantec.com/docs/TECH159406