Under rare circumstances Enterprise Vault processes terminate unexpectedly due to a code level stack error

Article:TECH192064  |  Created: 2012-06-29  |  Updated: 2012-07-06  |  Article URL http://www.symantec.com/docs/TECH192064
Article Type
Technical Solution


Issue



Symantec has identified a code level stack corruption that under rare circumstances will cause Enterprise Vault services/processes to randomly terminate unexpectedly. This problem may affect any Enterprise Vault process of the version mentioned in the ‘What is Affected’ section of this article. This issue does not affect Compliance Accelerator or Discovery Accelerator. If you have already installed the original 9.0.4 versions of Compliance Accelerator or Discovery Accelerator, there is no need to update them.


Cause



Symantec identified potential problems within the Enterprise Vault codebase concerning the use of obsolete Microsoft ATL3 string conversion macros within tight loops. In rare circumstances these cause stack overflow and process crashes.


What is Affected

The following server version of Symantec Enterprise Vault is affected:
 

  • Enterprise Vault for Microsoft Exchange 9.0.4, Build 1095
  • Enterprise Vault for File System Archiving 9.0.4, Build 1095 
  • Enterprise Vault for Lotus Domino 9.0.4, Build 1095 
  • Enterprise Vault for Microsoft SharePoint 9.0.4, Build 1095 
  • Enterprise Vault for SMTP 9.0.4, Build 1095 


How to Determine if Affected


1. Confirm Enterprise Vault is running the affected version 9.0.4.1095

Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.
 
Enterprise Vault Servers
a. To locate the version information from the registry, navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\Install\Version on server

If running a 64bit OS:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\Install\Version on the server

b. The value should be 9.0.4.1095
 

2. Event Viewer may show the Enterprise Vault processes terminated unexpectedly when running affected version 9.0.4.1095.  An Event ID 6654 may be generated in the Windows Event log: 

Event ID 6654
Description:
<Process Name> Process (1)  -  Restarting failed process
PID: <number will vary>
Exit Code: <number will vary>
The process has failed abnormally and will be restarted automatically

 


Solution



Note: All users running the affected version should install 9.0.4 R1 to ensure the issue described in this article will not occur.

1. Download the 9.0.4 R1 release from FileConnect. (For additional information on FileConnect refer to TECH54592.)

a. The filename is Symantec_Enterprise_Vault_9_0_4_R1_Win_Multilingual.zip the ISO file within the zip is Symantec_Enterprise_Vault_9_0_4_R1_Win_Multilingual.iso
 
Note: The 9.0.4 R1 build can be installed over the existing 9.0.4.1095 installation.
 
2. Confirm 9.0.4 R1 is installed
 
a. To locate the version information from the registry, navigate to
 
HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\Install\Version on server
 
If running a 64bit OS:
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\Install\Version on the server
 
b. The value should be 9.0.4.1097


Subscribe to this TechNote:
Subscribe to this article by clicking on the Subscribe via email link on this page to receive notification when this article is updated. 

Software Alerts:
If this TechNote was not received from the Symantec Email Notification Service as a Software Alert, please subscribe via email and/or RSS.  For more information refer to article HOWTO31128 for additional information.


Symantec Strongly Recommends the Following Best Practices:

1. Always perform a FULL backup prior to and after any changes to your environment.
2. Always make sure that the environment is running the latest version and patch level.
3. Subscribe to technical articles for updates.
 

 




Article URL http://www.symantec.com/docs/TECH192064


Terms of use for this information are found in Legal Notices