Video Screencast Help

Datastore error in SEPM

Created: 27 Feb 2012 | 10 comments
iug's picture

Hi,

I've installed SEP 12.1 RU1 since December, but since the last week i'm getting the following error in one of my SEPM:

February 27, 2012 9:54:51 AM CST:  Datastore error  [Site: Primary]  [Server: MyServer]
 

Looking in the scm-server-0.log file, I found the following message:

2012-02-27 09:49:31.163 THREAD 40 SEVERE: Datastore error in: com.sygate.scm.server.task.AgentAVLogCollector
java.lang.ArrayIndexOutOfBoundsException: 14
    at com.sygate.scm.server.logreader.av.ParseSecurityRecord.parseNativeLogRecord(ParseSecurityRecord.java:435)
    at com.sygate.scm.server.logreader.av.ParseSecurityRecord.parseSEPLogRecord(ParseSecurityRecord.java:262)
    at com.sygate.scm.server.logreader.av.LogHandler.parseSEPLog(LogHandler.java:173)
    at com.sygate.scm.server.logreader.av.LogHandler.process(LogHandler.java:109)
    at com.sygate.scm.server.task.AgentLogCollector.enumerateInbox(AgentLogCollector.java:255)
    at com.sygate.scm.server.task.AgentAVLogCollector.collectLogs(AgentAVLogCollector.java:33)
    at com.sygate.scm.server.task.AgentLogCollector.execute(AgentLogCollector.java:86)
    at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:22)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)
com.sygate.scm.server.util.ServerException: Datastore error
    at com.sygate.scm.server.logreader.av.LogHandler.process(LogHandler.java:142)
    at com.sygate.scm.server.task.AgentLogCollector.enumerateInbox(AgentLogCollector.java:255)
    at com.sygate.scm.server.task.AgentAVLogCollector.collectLogs(AgentAVLogCollector.java:33)
    at com.sygate.scm.server.task.AgentLogCollector.execute(AgentLogCollector.java:86)
    at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:22)
    at java.util.TimerThread.mainLoop(Timer.java:512)
    at java.util.TimerThread.run(Timer.java:462)

Do you know what does it means and how can I fix it?

 

Thans!

Comments 10 CommentsJump to latest comment

Simpson Homer's picture

Have you tried running a repair??

iug's picture

No, not yet.

I'm reading that this problem could be caused for a index that doesn't exist or an index that is too large, too small or negative.

I'm not sure what value/index could be "bad"

Chetan Savade's picture

Hi,

Have you enabled database maintenance features ?

Following features are recommended for Embedded database.

1) Truncate transaction logs

2) Rebuild indexes

If you are using SQL database Symantec doesn't recommend to enable this features to avoid conflict with SQL backup and maintenance.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

iug's picture

Hi Chetan

We are using MS SQL and the database maintenance tasks are note enabled.

Thanks

Simpson Homer's picture

Try this:

 

 

To reduce the size of the database transaction log file :

 

1. Log in to the Symantec Endpoint Protection Manager.

2. Click Admin and select Servers.

3. Select the localhost under Servers.

4. Under Tasks, Select Edit Database Properties.

5. In the General tab under Database Maintenance Tasks.

6. Select the checkboxes next to Truncate the database transaction logs and Rebuild Indexes.

7. Click OK to apply the changes.

It will make changes to the database on the mentioned time under "Scheduled task". To reflect the changes immediately click on Truncate Database Transaction Log Nowand Rebuild Indexes Now under Tasks.

iug's picture

Hi,

I've truncated the transaction log and rebuilded the indexes as you suggested, but the error is still appearing.

More ideas?

Thanks

Chetan Savade's picture

Hi,

If you are using SQL database, you should repair your SQL database.

If you are not aware of that you can consult with SQL admin.

Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Simpson Homer's picture

Truncation of SQL logs would also help.

iug's picture

I've done all the steps you suggested, but nothing works

Looking in AgentLogCollector-0.log log file, I found the following (in bold):

2012-02-28 10:30:22.036 THREAD 27 FINE: ------------ Thread started --------------
2012-02-28 10:30:22.036 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:22.036 THREAD 27 FINE: Database major version: 10
2012-02-28 10:30:22.052 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:22.052 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:22.052 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:22.052 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:22.052 THREAD 27 FINE: Database major version: 10
2012-02-28 10:30:22.052 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/client
2012-02-28 10:30:22.818 THREAD 27 FINE: AgentLogCollector--enumerateInbox: loaded files count:1
2012-02-28 10:30:22.818 THREAD 27 WARNING: Start sort files: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client
2012-02-28 10:30:22.818 THREAD 27 WARNING: End sort files
2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:22.849 THREAD 27 FINE: Database major version: 10
2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:22.849 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:22.849 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:22.849 THREAD 27 FINE: Batch mode is on backup.
2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:22.849 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:22.880 THREAD 27 FINE: logTableName: SERVER_CLIENT_LOG_1 fileName:C3E7A39A0A02012F01636703EC76663B.tmp.dat
2012-02-28 10:30:22.880 THREAD 27 FINE: Database major version: 10
2012-02-28 10:30:23.146 THREAD 27 FINE: File (roll up): D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client\C3E7A39A0A02012F01636703EC76663B.tmp.dat 24.54 KB/s
2012-02-28 10:30:23.161 THREAD 27 WARNING: Done processing inbox: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client 23.47 KB/s
2012-02-28 10:30:23.177 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/system
2012-02-28 10:30:23.443 THREAD 27 FINE: AgentLogCollector--enumerateInbox: loaded files count:1
2012-02-28 10:30:23.443 THREAD 27 WARNING: Start sort files: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\system
2012-02-28 10:30:23.443 THREAD 27 WARNING: End sort files
2012-02-28 10:30:23.458 THREAD 27 FINE: Borrow connection from pool.
2012-02-28 10:30:23.458 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:23.474 THREAD 27 FINE: logTableName: AGENT_SYSTEM_LOG_2 fileName:BB6A57FF0A02012F01636703D529F606.tmp.dat
2012-02-28 10:30:23.833 THREAD 27 FINE: SQLException:  BCP data error:
Starting copy...
SQLState = 22001, NativeError = 0
Error = [Microsoft][SQL Native Client]String data, right truncation
SQLState = 22001, NativeError = 0
Error = [Microsoft][SQL Native Client]String data, right truncation

5 rows copied.
Network packet size (bytes): 4096
Clock Time (ms.) Total     : 93     Average : (53.76 rows per sec.)
 Using batch handler
2012-02-28 10:30:23.833 THREAD 27 FINE: Batch size: 100
2012-02-28 10:30:23.833 THREAD 27 FINE: Value 379D47ED-94B9-44B0-822E-122B9CBE7BBF truncated to fit 32
2012-02-28 10:30:23.833 THREAD 27 FINE: Value 57968EE8-79BB-4DC4-A162-843808882490 truncated to fit 32

2012-02-28 10:30:23.833 THREAD 27 FINE: Batch update record count: 7
2012-02-28 10:30:23.849 THREAD 27 FINE: File (roll up): D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\system\BB6A57FF0A02012F01636703D529F606.tmp.dat 8.4 KB/s
2012-02-28 10:30:23.865 THREAD 27 WARNING: Done processing inbox: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\system 8.08 KB/s
2012-02-28 10:30:23.880 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/packets
2012-02-28 10:30:23.880 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/behavior
2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/client
2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/system
2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/traffic
2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/enforcer
2012-02-28 10:30:24.005 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:24.005 THREAD 27 FINE: Return connection to pool.
2012-02-28 10:30:24.005 THREAD 27 FINE: ------------ Thread stopped --------------

I'm not sure if the problem (Datastore error ) is caused for this.. or how can i fix it.

iug's picture

I found that in the path D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\AVMan exists a lot of .ERR files.

I've opened some of them with notepad, but the information is not clear for me.

Any idea what this files mean?

AttachmentSize
89AB2D480A02012F0064AF0F9743F8C0.tmp_.dat_.err_.TXT 93.15 KB
D363CE5F0A02012F006076F4818120CE.tmp_.dat_.err_.TXT 183.82 KB