Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

eengine is not present or hidden

Created: 05 Nov 2013 • Updated: 17 Nov 2013 | 13 comments
This issue has been solved. See solution.

I received this message on one of the 2000+ servers that I remote into.

"VSS Snapshot warning. File c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys is not present on the snapshot."

Now normally, I get around this by just creating a "dummy" eectrl64.sys in the eengine folder and the error goes away.

However this time I can't find the folder eengine however when I try and create the folder eengine - it refuses , saying "The action can't be completed because the folder or a file in it is open in another program"

First time that I have come across this problem.

Any suggestions?
 

Operating Systems:

Comments 13 CommentsJump to latest comment

DaranDazza's picture

Just to explain 2000+ refers to the number of servers not the operating system - OS is Windows 2008

pkh's picture

Have you tried rebooting the server?

DaranDazza's picture

That is my next move - I have scheduled a restart tonight.  I can't do it as yet (through the day) being an active DC.

I'll post my results tomorrow.

kidtrebor's picture

I'm having the same trouble; cannot manually create the "EENGINE" folder as it seems to be protected by SEP.

Can anyone confirm if a simple restart fixes the original problem?  It's very irritating to see these exceptions all the time in Backup Exec (even more so since the cause is another Symantec product...) and I'm not in the practise of ignoring warnings so need a solution.

Some of my other servers have this folder and the above-named file intact; tried to simply copy but it wasn't allowed either.

Is there any known reason why the file/folder would be "missing" in the first place? As far as I understand the problem there is some registry key pointing to the file; it means SEP (after upgrade?) deleted the files itself but didn't clean up the registry entries? Tut tut.

Vishal Shinde's picture

Hello,

I think it may be advisable to identify the process, which hold the handle and has locked the folder.

So in that case, I would suggest downloading process explorer from the following location:

http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

Run the process explorer exe and reproduce the issue of creating the folder at the same location.

Then search by the folder name in the generated log, to identify the process locking it.

It may be most likely that, actual folder is deleted however still has its ref. in the registry.

More Information about the file:

 It a driver installed by Symantec endpoint protection, or Symantec Anti-virus software.

Cause of this file missing:

Probably a corruption in the installation of SEP or Anti-virus software may have caused it.

Probable resolution:

  1. Reboot the server.
  2. Identify the process locking it, and close the handle using Dependency walker.
  3. Uninstall/ reinstall SEP, Symantec antivirus, this will fix the issue once and for all.

Regards,

S

Vishal Shinde

Sr.Learning Consultant

Symantec Education Services

VJware's picture

Open regedit on the problematic server & browse to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeCtrl or the equivalent path on a x64 machine.

On the right-side, check the value of the ImagePath key & see if its appropriate or not.

kidtrebor's picture

Hi VJ,

I checked and the key is certainly there, pointing to the file which doesn't exist. Would deleting it solve the problem?

VJware's picture

Deleting it should not be a problem. Stop the SEP service and backup the registry and delete just the value from the ImagePath key. Reboot the machine and observe the next backup.

kidtrebor's picture

Can you stop SEP?  I thought it treats that as tampering and automatically enables itself again?

Vishal Shinde's picture

This issue is caused due to corrupt installation or abrupt file deletion.

I would advise refraining from following actions:

  1. Creating a dummy file name, as it will cause issues while restoration of the system state, especially during the DR.
  2. Deleting the registries, referencing the system drivers.

Rather I will suggest repairing the SEP or uninstalling /reinstalling it.

Regards,

S

Vishal Shinde

Sr.Learning Consultant

Symantec Education Services

DaranDazza's picture

In my case the option of uninstalling SEP is not an option as we are split into different departmental groups and SEP is under the control of Security who will not allow SEP to be uninstalled nor repaired as their investigation has revealed no errors for SEP.

I will investigate in seeing if the registry entry can be deleted.

DaranDazza's picture

Problem was solved when SEP updated and I rebooted the server.

Not sure if an update of SEP solved it or whether the reboot fixed the problem.

I actually believe the reboot was responsible.

SOLUTION
kidtrebor's picture

Hi,

Just wanted to add my own 2 pence here; restarted one server and the missing file appeared of its own accord.

I'm no expert but perhaps the file was supposed to be created at upgrade time (we did some months ago) but since the folder was being protected it was unable to do so until restart?  In which case the registry pointer indicating the file should be correct.

Hopefully this would help anyone else facing similar problems.