Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Discovery Accelerator cannot search within ZIP files. Evidence. Documentation.

Created: 08 Aug 2013 • Updated: 25 Sep 2013 | 17 comments
This issue has been solved. See solution.

Hello, team.

Is a fact, that Discovery Accelerator cannot search within ZIP files. I've made several test cases and haven't found items with content inside ZIP file.

In this case EV indexes only file name and extension in ZIP file.

Can you please provide me documentation, where I can find this is really impossible to find items within ZIP file, and this isn't my fault and system misconfiguration. I have to provide this evidence for my boss.

Thanks.

Operating Systems:

Comments 17 CommentsJump to latest comment

EV_Ajay's picture

Hi,

The DA only search data which is indexed and searchable by EV search.

You can refer following TecHNote:

Certain file type extensions with in a .zip file are not searchable.
http://www.symantec.com/docs/TECH178803

As per TechNote this issue is address in EV 10.0.1 & EV 9.0.4.

Could you let me know the EV Server Version & DA Server Version ?

Thanks,

Ajay

zubkoff.s's picture

You can refer following TecHNote:

Certain file type extensions with in a .zip file are not searchable.
http://www.symantec.com/docs/TECH178803

As per TechNote this issue is address in EV 10.0.1 & EV 9.0.4.

Could you let me know the EV Server Version & DA Server Version ?

Hm... I think there (accoridng to the link) should be the list of extensions... but I couldn't find any list there.

Did I understand something wrong?

My EV 9.02.1061  and DA v.9.0

EV_Ajay's picture

I made some research and found following info :

(Setup: text file zipped and word doc zipped)
-- Version 8, both the text and word doc are indexed and searchable. (Only version tested is 8.0.3)
-- Version 9, the text file fails conversion but the word doc succeeds
-- Version 10, the text file fails conversion but the word doc succeeds
 

Thanks,

Ajay

zubkoff.s's picture

Version 8, both the text and word doc are indexed and searchable. (Only version tested is 8.0.3)
-- Version 9, the text file fails conversion but the word doc succeeds
-- Version 10, the text file fails conversion but the word doc succeeds
 

And now my results:

setup: DOCX.zip (with docx file inside) and TXT.zip (with TXT inside).

1.    User1 sent to User 2 DOCX.zip file in attachment.

2.    User1 sent to User2 TXT.zip file in attachment.

User2 archived both messages with Outlook add-in. Opened the search.asp in web browser and made the search against words inside of docx and txt file (content). He found both messages.

Administrator opened DA and searched in Journal archive all messages which were been sent today: result - 2 emails. Perfect.

BUT:

Administrator in DA extended search and added Content: "some word from docx file". Result - 0 hit.

Administrator in DA extended search and added Content: "some word from txt file". Result - 0 hit.

Administrator launch search.asp. He found 2 messages based on date criteria (TODAY), and 0 messages based on word from content.

What happen?

EV_Ajay's picture

Hi,

Could you please let me know the answer of following questions :

1. EV Server Version with Service Pack :

2. DA Server Version with Service Pack :

3. EV Binaries installed on DA Server with Service Pack :

As per Compatibility Guide DA Version should be Greater or Equal to EV Server (Including Service Pack). Otherwise we will face issue at the time of DA search.

Refer :

Supported upgrade paths for Enterprise Vault (EV), Compliance Accelerator (CA), Discovery Accelerator (DA) and Discovery Collector (DC).
http://www.symantec.com/docs/TECH53174

Ponit 2 from above article :

2) Starting with CA and/or DA 8.0 SP3, the version of CA or DA must be greater than or equal to the installed version of EV. For example, if EV 8.0 SP4 is installed, CA and/or DA must also be at the 8.0 SP4 or greater release.
 
 

Thanks,

Ajay

zubkoff.s's picture

Hi.

Could you please let me know the answer of following questions :

1. EV Server Version with Service Pack :

2. DA Server Version with Service Pack :

3. EV Binaries installed on DA Server with Service Pack :

1. EV:

1.1. SnapIn: 9

1.2. Product version: 9.02

1.3. File version (EVService.exe): 9.0.2.1061

P.S.: As I understood from this link: http://www.symantec.com/business/support/index?page=content&id=TECH39258 I haven't SPs there.

2. DA:

2.1. SnapIn(in the head of DA console): 9.

2.2. File Version (AcceleratorClient.exe): 9.0.2.1022

3. How can I check this binaries file's version?

Could be this a problem (files versions)? Did I verify versions correct?

Thanks.

EV_Ajay's picture

EV Ver.JPGDA Ver.JPGHi,

You can find out the Version using the Registry :

For DA Server :

1. Log on to Discovery Accelerator Server.

2. Open "Run" Prompt and type "Regedit"

3. Check following path to understand version :

    If x64 bit OS :

HEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Discovery Accelerator\Install (DA Version)

HEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\Install (EV Version on DA Server)

Refer Screenshot.

For EV Server Version :

1. Log on to Enterprise Vault Server.

2. Open "Run" Prompt and type "Regedit"

3. Check following path to understand version :

    If x64 bit OS :

HEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\Install (EV Version)

Please let me know Versions.

Thanks,

Ajay

zubkoff.s's picture

Hi. Thanks for detail screenshots.

For DA Server :

HEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Discovery Accelerator\Install (DA Version)

HEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\Install (EV Version on DA Server)

DA Verison: 9.0.2.1022

EV Version on DA Server (=Full Version): 9.0.2.1061

P.S.: I couldn't find the second registry entry (EV Version on DA Server) on the second DA server's. "Install" key is absent. But I made a test cases on first DA server, where this entry is present.

For EV Server Version

HEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\Install (EV Version)

EV Version: 9.0.2.1061

EV_Ajay's picture

Hi,

How many DA Servers present in your environment ?

Thanks,

Ajay

EV_Ajay's picture

Hi,

Both DA Server should have same version and also should have installed EV binaries Version : EV 9 SP2

9.0.2.1061.

Following Path Should present on both DA Server :

HEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\Install

If it not present on 1 DA Server please follow following steps on that DA Server :

Steps to carry on Discovery Accelerator Server :

  1. Stop the “Enterprise Vault Discovery Accelerator” Service on Discovery Accelerator Server.
  2. Then Disable the “Enterprise Vault Discovery Accelerator” Service Startup Type.
  3. Reboot the Discovery Accelerator Server.
  4. Then install the correct EV binaries (9.0.2) on Discovery Accelerator Server but Don't Configure EV / Run Configuration Wizard otherwise it will create another EV server in Environment.

Thanks,

Ajay

zubkoff.s's picture

Hello.

I think we misunderstood each other last time, because I installed absolutely new infrastructure at my home lab, and there is also not possible to find items against content in ZIP.

May I explain my test case, and you will try to re-produced it in your environments. If after this test case you tell "it works", I will close this thread.

1. Create *.docx file with one unique word: "unique_283_qwerty"

2. Put this file in ZIP with native Windows zip solution: File1.zip

3. Create *.txt file with one unique word : "asdf_496_BB"

4. Put this file in ZIP with native Windows zip solution: File2.zip.

5. Send mail with attachment File1.zip to recipient.

6. Send mail with attachment File2.zip to recipient.

7. Be sure that these messages are located in journal mailbox.

8. Be sure that your journal mailbox is empty.

9. Launch DA\create case\create search. Target - Vault Store which contain only journal archive.

9.1. Content: unique_283_qwerty

9.2. Do you receive some results?

9.3. Content: asdf_496_BB

9.4. Do you receive some results?

Thanks.

Kenneth Adams's picture

Greetings, zubkoff.s;

First, I have to ask if you are enclosing unique_283_qwerty and asdf_496_BB in double quotes (not smart quotes that you get from MS Word but normal straigh quotes)?  If not, you won't get the results you want anyway as EV indexing takes characters like the underscores and considers them to be punctuation which is not indexed.  Without the double quotes, your search criteria would be something like "unique OR 283 OR qwerty" and "asdf OR 496 OR BB".

Also, is your indexing level on the archive being searched set to high?  If not, you won't get phrase searching either.  By default, journal archives are supposed to be set to the high indexing level, but some customers have been known to change the indexing level to low to save on index location disk space usage.

According to the information above that you provided to Ajay, you're running EV 9.0 SP2.  Have you applied the hotfix for the EVConverterSandbox utility that may correct this issue for you? If not, please review and download the hotfix in TECH182074, "Hotfix for Symanted Enterprise Vault (EV) 9.0.2 - Converter Updates.", available at http://www.symantec.com/docs/TECH182074.  I recommend putting this into your lab and testing first.  If it resolved the issue in your lab, install it in your production environment after obtaining the appropriate Change Management approvals.  Note that this hotfix will not be retro-active to items already archived.  It will only work with new items unless you recall and re-archive to a new archive the existing items.

Ken Adams

Backline Support for CA, DA, ACE, UCE, PSTD, ARMS, EVDC
US Support Region

zubkoff.s's picture

Dear Keneth Adams.

1. Probably it wasn't good idea to use this unique words. But you may use more simple words, for example example123, without any special characters, underscores and quotes. But your information will be very helpful for me in a future.

2. Sure, I've checked this configuration several times: index level on all journal archives set as Full.

3. This update looks good, but now I am not sure that it will help me, because in my home lab I have EV 10, which has to include all latest updates for EV9. But I am going to install this update in test environment at work.

Anyway, you haven't doubts that this functionality really works. It is probably misconfiguration in my environment.

Did you try to re-produce my cases with more simple unique words?

Thanks.

Kenneth Adams's picture

Unfortunately, I've not had time to reproduce the issue myself.  I'll work on the repro using your steps as soon as I can make the time, then report back with my results.  My testing will be in EV and DA 10.0 SP4.

Ken Adams

Backline Support for CA, DA, ACE, UCE, PSTD, ARMS, EVDC
US Support Region

EV_Ajay's picture

Hi,

Do you have any updates on this thread? Do you need more assistance regarding this topic?

If not then please mark the post that best solves your problem as the answer to this thread.

Thanks,

Ajay

zubkoff.s's picture

Production team has confirmed the same system behavior in production environment: they didn't find the messages in DA, based on some words in ZIP files. 

So, my test infrastructure, home lab and production environment have absolutely different configuration settings, version, hot fixes, patches, BUT have the same result with searches in ZIP files. 

It doesn't look like coincidence. At least I haven't got clear opposite evidence from community.  

Thanks for comment. 

SOLUTION