Video Screencast Help

Directory Services running but Cannot access VAC

Created: 26 Feb 2014 | 10 comments
Rdosramos's picture

Hi Guys,

 

I am having the strangest issue with EV 10 at the moment. I upgraded the system from EV 10 to 10.0.4. Upgrade went through fine, all databases upgraded without any issues. But when I try and access the VAC it states that it cannot connect to the directory please check that the SQL server is avalible (It is) and that the service is running (which it is).

 

If i look into the events I get a information stating that I must check the events on the SQL server to see if there are any erors:

Cannot connect to the Enterprise Vault Directory service.

Check the Enterprise Vault event log on ZATERSQL01 to find the cause of the problem.

For more information, see Help and Support Center at http://entced.symantec.com/entt?product=ev&language=english&version=10.0.4.0&build=10.0.4.1189&error=V-437-8623

 

On the SQL server I have a 17806 error which relates to a SSPI handshake failed error code: 0x8009030c state 14. I have attached a screenshot. EV has sysadmin rights on SQL and DBower on the databases. 

 

sql.png

 

Any ideas?

 

Rob

 

Operating Systems:

Comments 10 CommentsJump to latest comment

GertjanA's picture

Hi Rob,

I have seen this before, but not sure on how I fixed it. Some research shows some causes. Your best bet is to check the SQL Server Security Event Log for errors related to the VSA/your account. Also check this article:

http://databaseandstorage.blogspot.nl/2013/03/error-17806-severity-20-state-14.html

In addition to this, I believe you also need to check if the security log is not full. If it is, then make sure oldest events are overwritten (or enlarge log)

regards,

 

 

Thank you, Gertjan, MCSE, MCITP,MCTS, SCS, STS
Company: www.t2.nl

www.quadrotech-it.com

www.symantec.com/vision

Rdosramos's picture

Hi Gertjan

Thanks for the advise: Foudn the following

 

An account was logged off.
 
Subject:
Security ID: *\evadminaccount
Account Name: evadminaccount
Account Domain: *
Logon ID: 0x4d59f6f
 
Logon Type: 3
 
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Rdosramos's picture

Special privileges assigned to new logon.

Subject:
Security ID: *\evadminaccount
Account Name: EVAdminaccount
Account Domain: *
Logon ID: 0x4d7159e

Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege

EdLacey's picture

May be worth running Deployment Scanner again to check permissions

Rdosramos's picture

Only warning I get with regards to SQL is,

 

ZATERSQL01\EVAULT: NamedPipes (NO), TCP/IP (YES)

EdLacey's picture

The NamedPipes can be ignored as long as TCP/IP is OK. I concur with Gertjan that you need to explore any possible SQL issues

Rdosramos's picture

True but my only problem is why did I not have the issues with EV 10, but when upgrade to EV 10.0.4 I have this issue.

Does anyone know if there are security changes made to the databases during the upgrade?

Oh I almost forgot I did install the EV 10.0.4 CF2 as well. If I did not install it the directory service would not start.

Rdosramos's picture

Going to try and recreate the ODBC connection for the directory service. Not sure if that will make a difference but its worth a try. 

Rdosramos's picture

OK well there are no ODBC connections registered. added them in but it did not make a difference.

GertjanA's picture

Hello again.

This may be a longshot, but can you check this article?

http://www.symantec.com/docs/HOWTO57522

 

Thank you, Gertjan, MCSE, MCITP,MCTS, SCS, STS
Company: www.t2.nl

www.quadrotech-it.com

www.symantec.com/vision