Endpoint Protection

 View Only

  • 1.  Datastore error in SEPM

    Posted Feb 27, 2012 11:02 AM

    Hi,

    I've installed SEP 12.1 RU1 since December, but since the last week i'm getting the following error in one of my SEPM:

    February 27, 2012 9:54:51 AM CST:  Datastore error  [Site: Primary]  [Server: MyServer]
     

    Looking in the scm-server-0.log file, I found the following message:

    2012-02-27 09:49:31.163 THREAD 40 SEVERE: Datastore error in: com.sygate.scm.server.task.AgentAVLogCollector
    java.lang.ArrayIndexOutOfBoundsException: 14
        at com.sygate.scm.server.logreader.av.ParseSecurityRecord.parseNativeLogRecord(ParseSecurityRecord.java:435)
        at com.sygate.scm.server.logreader.av.ParseSecurityRecord.parseSEPLogRecord(ParseSecurityRecord.java:262)
        at com.sygate.scm.server.logreader.av.LogHandler.parseSEPLog(LogHandler.java:173)
        at com.sygate.scm.server.logreader.av.LogHandler.process(LogHandler.java:109)
        at com.sygate.scm.server.task.AgentLogCollector.enumerateInbox(AgentLogCollector.java:255)
        at com.sygate.scm.server.task.AgentAVLogCollector.collectLogs(AgentAVLogCollector.java:33)
        at com.sygate.scm.server.task.AgentLogCollector.execute(AgentLogCollector.java:86)
        at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:22)
        at java.util.TimerThread.mainLoop(Timer.java:512)
        at java.util.TimerThread.run(Timer.java:462)
    com.sygate.scm.server.util.ServerException: Datastore error
        at com.sygate.scm.server.logreader.av.LogHandler.process(LogHandler.java:142)
        at com.sygate.scm.server.task.AgentLogCollector.enumerateInbox(AgentLogCollector.java:255)
        at com.sygate.scm.server.task.AgentAVLogCollector.collectLogs(AgentAVLogCollector.java:33)
        at com.sygate.scm.server.task.AgentLogCollector.execute(AgentLogCollector.java:86)
        at com.sygate.scm.server.task.MonitoredTimerTask.run(MonitoredTimerTask.java:22)
        at java.util.TimerThread.mainLoop(Timer.java:512)
        at java.util.TimerThread.run(Timer.java:462)

    Do you know what does it means and how can I fix it?

     

    Thans!



  • 2.  RE: Datastore error in SEPM

    Posted Feb 27, 2012 11:12 AM

    Have you tried running a repair??



  • 3.  RE: Datastore error in SEPM

    Posted Feb 27, 2012 11:34 AM

    No, not yet.

    I'm reading that this problem could be caused for a index that doesn't exist or an index that is too large, too small or negative.

    I'm not sure what value/index could be "bad"



  • 4.  RE: Datastore error in SEPM

    Broadcom Employee
    Posted Feb 27, 2012 12:44 PM

    Hi,

    Have you enabled database maintenance features ?

    Following features are recommended for Embedded database.

    1) Truncate transaction logs

    2) Rebuild indexes

    If you are using SQL database Symantec doesn't recommend to enable this features to avoid conflict with SQL backup and maintenance.



  • 5.  RE: Datastore error in SEPM

    Posted Feb 27, 2012 12:53 PM

    Try this:

     

     

    To reduce the size of the database transaction log file :

     

    1. Log in to the Symantec Endpoint Protection Manager.

    2. Click Admin and select Servers.

    3. Select the localhost under Servers.

    4. Under Tasks, Select Edit Database Properties.

    5. In the General tab under Database Maintenance Tasks.

    6. Select the checkboxes next to Truncate the database transaction logs and Rebuild Indexes.

    7. Click OK to apply the changes.

    It will make changes to the database on the mentioned time under "Scheduled task". To reflect the changes immediately click on Truncate Database Transaction Log Nowand Rebuild Indexes Now under Tasks.



  • 6.  RE: Datastore error in SEPM

    Posted Feb 27, 2012 01:38 PM

    Hi Chetan

    We are using MS SQL and the database maintenance tasks are note enabled.

    Thanks



  • 7.  RE: Datastore error in SEPM

    Posted Feb 27, 2012 03:20 PM

    Hi,

    I've truncated the transaction log and rebuilded the indexes as you suggested, but the error is still appearing.

    More ideas?

    Thanks



  • 8.  RE: Datastore error in SEPM

    Broadcom Employee
    Posted Feb 28, 2012 04:19 AM

    Hi,

    If you are using SQL database, you should repair your SQL database.

    If you are not aware of that you can consult with SQL admin.



  • 9.  RE: Datastore error in SEPM

    Posted Feb 28, 2012 07:11 AM

    Truncation of SQL logs would also help.



  • 10.  RE: Datastore error in SEPM

    Posted Feb 28, 2012 11:40 AM

    I've done all the steps you suggested, but nothing works

    Looking in AgentLogCollector-0.log log file, I found the following (in bold):

    2012-02-28 10:30:22.036 THREAD 27 FINE: ------------ Thread started --------------
    2012-02-28 10:30:22.036 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:22.036 THREAD 27 FINE: Database major version: 10
    2012-02-28 10:30:22.052 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:22.052 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:22.052 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:22.052 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:22.052 THREAD 27 FINE: Database major version: 10
    2012-02-28 10:30:22.052 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/client
    2012-02-28 10:30:22.818 THREAD 27 FINE: AgentLogCollector--enumerateInbox: loaded files count:1
    2012-02-28 10:30:22.818 THREAD 27 WARNING: Start sort files: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client
    2012-02-28 10:30:22.818 THREAD 27 WARNING: End sort files
    2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:22.849 THREAD 27 FINE: Database major version: 10
    2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:22.849 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:22.849 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:22.849 THREAD 27 FINE: Batch mode is on backup.
    2012-02-28 10:30:22.849 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:22.849 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:22.880 THREAD 27 FINE: logTableName: SERVER_CLIENT_LOG_1 fileName:C3E7A39A0A02012F01636703EC76663B.tmp.dat
    2012-02-28 10:30:22.880 THREAD 27 FINE: Database major version: 10
    2012-02-28 10:30:23.146 THREAD 27 FINE: File (roll up): D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client\C3E7A39A0A02012F01636703EC76663B.tmp.dat 24.54 KB/s
    2012-02-28 10:30:23.161 THREAD 27 WARNING: Done processing inbox: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client 23.47 KB/s
    2012-02-28 10:30:23.177 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/system
    2012-02-28 10:30:23.443 THREAD 27 FINE: AgentLogCollector--enumerateInbox: loaded files count:1
    2012-02-28 10:30:23.443 THREAD 27 WARNING: Start sort files: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\system
    2012-02-28 10:30:23.443 THREAD 27 WARNING: End sort files
    2012-02-28 10:30:23.458 THREAD 27 FINE: Borrow connection from pool.
    2012-02-28 10:30:23.458 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:23.474 THREAD 27 FINE: logTableName: AGENT_SYSTEM_LOG_2 fileName:BB6A57FF0A02012F01636703D529F606.tmp.dat
    2012-02-28 10:30:23.833 THREAD 27 FINE: SQLException:  BCP data error:
    Starting copy...
    SQLState = 22001, NativeError = 0
    Error = [Microsoft][SQL Native Client]String data, right truncation
    SQLState = 22001, NativeError = 0
    Error = [Microsoft][SQL Native Client]String data, right truncation

    5 rows copied.
    Network packet size (bytes): 4096
    Clock Time (ms.) Total     : 93     Average : (53.76 rows per sec.)
     Using batch handler
    2012-02-28 10:30:23.833 THREAD 27 FINE: Batch size: 100
    2012-02-28 10:30:23.833 THREAD 27 FINE: Value 379D47ED-94B9-44B0-822E-122B9CBE7BBF truncated to fit 32
    2012-02-28 10:30:23.833 THREAD 27 FINE: Value 57968EE8-79BB-4DC4-A162-843808882490 truncated to fit 32
    2012-02-28 10:30:23.833 THREAD 27 FINE: Batch update record count: 7
    2012-02-28 10:30:23.849 THREAD 27 FINE: File (roll up): D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\system\BB6A57FF0A02012F01636703D529F606.tmp.dat 8.4 KB/s
    2012-02-28 10:30:23.865 THREAD 27 WARNING: Done processing inbox: D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\system 8.08 KB/s
    2012-02-28 10:30:23.880 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/packets
    2012-02-28 10:30:23.880 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/log/behavior
    2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/client
    2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/system
    2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/traffic
    2012-02-28 10:30:24.005 THREAD 27 FINE: Searching... D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data/inbox/enflog/enforcer
    2012-02-28 10:30:24.005 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:24.005 THREAD 27 FINE: Return connection to pool.
    2012-02-28 10:30:24.005 THREAD 27 FINE: ------------ Thread stopped --------------

    I'm not sure if the problem (Datastore error ) is caused for this.. or how can i fix it.



  • 11.  RE: Datastore error in SEPM

    Posted Mar 02, 2012 02:10 PM

    I found that in the path D:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\tex\AVMan exists a lot of .ERR files.

    I've opened some of them with notepad, but the information is not clear for me.

    Any idea what this files mean?