Synchronization error appears in the General tab of Symantec Enterprise Vault (EV) Compliance Accelerator (CA) Employee Groups.

Article:TECH184166  |  Created: 2012-03-19  |  Updated: 2013-08-29  |  Article URL http://www.symantec.com/docs/TECH184166
Article Type
Technical Solution

Product(s)

Environment

Issue



Compliance Accelerator Monitored Employee Groups' synchronization may not be attempted after a failure occurs until the error is cleared from the SyncError field of the tblTargetGroup table.


Error



- EV Event Log

Type: Error
 
Event: 34
 
Source: Accelerator AD Synchronizer
 
Category: None
 
Description:
 
APP AT - Customer ID: 3 - An error occured in ProfileSynchroniser::SynchroniseEmployeeProfile while retrieving properties.
 
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.
 

- tblTargetGroup table SyncError field entry and Employee Group properties error:

The server is not operational

 


Environment



- Symantec Compliance Accelerator with

--- Enterprise Vault 9.0 SP2 binaries

--- Compliance Accelerator 9.0 SP2

--- Microsoft Windows Server 2003 SP2, any supported edition

--- Lotus Notes 7.0.3 + required special fix Client

- Lotus Domino 8.5.1 FP5 Directory Server

- Microsoft SQL Server 2005 SP4

--- Microsoft Windows Server 2003 SP2, any edition

 


Cause



Compliance Accelerator (CA) Monitored Employee Group can be configured to synchronize against Lotus Domino Directory servers using LDAP commands. If the LDAP Service is stopped on the Domino Directory server while a synchronization attempt is made, the synchronization will fail.  The synchronization failure will

  1. throw the above Event ID 34 error into the Symantec Enterprise Vault Event Log on the CA server
  2. throw the error "The server is not operational" into
    1. the CA Customer database's tblTargetGroup table SyncError field for each group that fails to synchronize
    2. the General tab of the CA Monitored Group properties for each group that fails the synchronization attempt.

When the LDAP Service is running again, subsequent synchronizations do not clear the error from the General tab or the database table.

 


Solution



There are currently 3 possible workarounds for this issue.

  1. Modify the synchronization interval to 12 hours and start the Enterprise Vault Accelerator Manager Service (EVAMS) such that the LDAP service will be running at the end of the 12 hour cycle.
  2. Stop the Enterprise Vault Accelerator Manager Service (EVAMS) while the LDAP service is stopped.
  3. Create a Stored Procedure to clear the SyncError field of the tblTargetGroup table , then configure and activate a SQL Job to run the Stored Procedure after the LDAP service has been started.

Workaround 1 - Modify the synchronization interval:

By default, the ADSynchronization process that synchronizes Monitored Employees and Monitored Employee Groups with Active Directory or Lotus Domino Directory runs when the Enterprise Vault Accelerator Manager Service (EVAMS) starts, then every 8 hours thereafter.  Change the synchronization interval to 12 hours and ensure EVAMS is started such that the LDAP service will be running every 12 hours thereafter.

  1. Determine the time frame when the LDAP Service on the Domino Directory Server is stopped.
  2. Change the Compliance Accelerator (CA) synchronization interval to 12 hours as follows :
    1. Launch the Compliance Accelerator Client using an account with sufficient Application level permissions to change configuration settings, such as the Vault Service Account (VSA)
    2. Click on the Configuration tab.
    3. Click on the Settings sub-tab.
    4. Expand the Profile Synchronization group.
    5. Locate and click on the Synchronization interval (hours) option.  Note: Do not change the Active Directory synchronization interval (hours) option.
    6. Click on the number in the Value column (default is 8).
    7. Change the value to 12, then click on any other line.
    8. Click the Save button in the lower right corner of the page.
    9. Click the OK button to acknowledge the requirement to restart the Customer Background Task.
    10. Close the CA Client.
  3. Log onto the CA server as the Vault Service Account (VSA) at a time that will allow the synchronizations to occur at least 1 hour before or after the time frame determined in Step 1.
  4. Launch the Services Microsoft Management Console (mmc) snap-in.
  5. Restart the Enterprise Vault Accelerator Manager Service (EVAMS).

 Workaround 2 - Stop the Enterprise Vault Accelerator Manager Service (EVAMS) while the LDAP service is stopped:

  1. Review the Lotus Domino Server Event Logs to determine the time frame in which the LDAP service is stopped (i.e., stop and start times) 
  2. Configure a batch job on the Compliance Accelerator (CA) server to stop EVAMS.
    1. Create a folder on the Accelerator Server to contain the batch files (i.e., C:\BatchFiles)
    2. Create a batch file to stop EVAMS (i.e., StopEVAMS.bat)
    3. Edit the batch file to contain the following text as a minimum (additional text can be added if needed)
      1. net stop "Enterprise Vault Accelerator Manager Service"
    4. Save and close the file.
    5. Launch the Microsoft Windows scheduler application
      1. Click Start > All Programs > Accessories > System Tools > Scheduled Tasks (for Windows Server 2003)
      2. Click Start > All Programs > Accessories > System Tools > Task Scheduler  (for Windows Server 2008)
    6. Create a new task
      1. For Windows Server 2003, double click on the Add Scheduled Task option and follow the wizard to create the task to use the stop batch file.
      2. For Windows Server 2008, click the Create Task option and fill in the appropriate information in each tab to create the task to use the stop batch file.
        1. As part of the task creation, schedule the batch job to run just before the LDAP service is stopped.
  3. Configure another batch job on the CA server to start EVAMS.
    1. In the same folder that contains the stop batch file, create another batch file to start EVAMS (i.e., StartEVAMS.bat)
    2. Edit the batch file to contain the following text as a minimum
      1. net start "Enterprise Vault Accelerator Manager Service"
    3. Save and close the file.
    4. In the Microsoft Windows scheduler application, create a new task configured to run the start batch file a few minutes after the LDAP service has been started.
  4. Close the Windows scheduler application when both batch files are configured in tasks that are set to run at the appropriate times.

Workaround 3 - Create a Stored Procedure to clear the SyncError field of the tblTargetGroup table , then configure and activate a SQL Job to run the Stored Procedure after the LDAP service has been started:

  1. Review the Lotus Domino Server Event Logs to determine the time frame in which the LDAP service is stopped (i.e., stop and start times).
  2. Log onto the SQL Server with an account that has sufficient permissions to modify the CA Customer database contents, such as the Vault Service Account (VSA).
  3. Launch SQL Server Management Studio.
  4. Expand the Databases folder.
  5. Expand and select the Compliance Accelerator (CA) customer database.
  6. Click on the New Query button near the upper left corner of the SQL Server Management Studio.  This will open a query window focused on the CA Customer database. 
  7. Copy and paste the SQL statements below, without the line numbers, into the query window, noting the 2 single quotes at the end (not 1 double quote) of the UPDATE and WHERE statements.  These statements, when executed, will create a new Stored Procedure named 'usp_CleartblTargetGroupSyncError'.
        1. CREATE PROCEDURE [dbo].[usp_CleartblTargetGroupSyncError]
        2. AS
        3.      IF exists(SELECT 1 FROM tblTargetGroup WHERE SyncError <> '')
        4.      BEGIN
        5.           UPDATE tblTargetGroup SET SyncError ''
        6.      END
        7. GO  
  8. Execute the SQL statements by clicking the 'Execute' button in the toolbar. 
  9. If the statements execute correctly, a message pane will appear in the bottom of the query window with a notification of the successful completion.  If an error message appears in this Message pane, review the SQL statements to ensure all were copied and pasted correctly, correcting any errors found and executing the statements again.  Upon the successful completion of the stored procedure creation, move to Step 10. 
  10. Expand the SQL Server Agent folder.
  11. Expand the Jobs folder.
  12. Right click on the Jobs folder.
  13. Select the New Job... option.
  14. Go through the different pages to configure a daily job to run after the LDAP service has been started, with the job set to run the stored procedure created in Step 10.
  15. Close SQL Server Management Studio when finished.

 Note: delete the 'usp_CleartblTargetGroupSyncError' stored procedure prior to upgrading the customer database as its presence may cause the upgrade to fail.  Once the upgrade is complete, recreate the stored procedure using the same steps as above if the upgraded version still has the error.

Symantec Corporation has acknowledged that the above-mentioned issue is present in the current version(s) of the product(s) mentioned at the end of this article. Symantec Corporation is committed to product quality and satisfied customers.

This issue is currently under investigation by Symantec Corporation. Pending the outcome of the investigation, this issue may be resolved by way of a patch or hotfix in current or future revisions of the software. However, this particular issue is not currently scheduled for any release.  If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Symantec Sales representative or the Symantec Sales group to discuss these concerns.  For information on how to contact Symantec Sales, please see http://www.symantec.com .

Please be sure to refer back to this document periodically as any changes to the status of the issue will be reflected here.


Supplemental Materials

SourceEvent ID
Value34
Description

APP AT - Customer ID: 3 - An error occured in
ProfileSynchroniser::SynchroniseEmployeeProfile while retrieving properties.
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
at System.DirectoryServices.DirectorySearcher.FindAll()
at KVS.Accelerator.ActiveDirectory.LotusProfileSynchroniser.Search(String root, String query)
at KVS.Accelerator.ActiveDirectory.LotusProfileSynchroniser.GetUserPropertiesFromLotusUserIDOrCertificate(String ldapServer, String lotusUserID, String dominoCertificate, Boolean& maybeDeleted)
at KVS.Accelerator.ActiveDirectory.LotusProfileSynchroniser.SynchroniseLotusEmployeeProfile(ProfileRow profileRow, StringCollection& emailAddresses, StringCollection& allDisplayNameAddresses, ResultPropertyCollection& propCol, String& Domino_SyncError)

 


SourceETrack
Value2723535
Description

Synchronization error appears in the General tab of Symantec Enterprise Vault (EV) Compliance Accelerator (CA) Employee Groups.



Article URL http://www.symantec.com/docs/TECH184166


Terms of use for this information are found in Legal Notices