Video Screencast Help

Enterprise Vault 8 SQL DB

Created: 10 Sep 2012 • Updated: 12 Oct 2012 | 4 comments
This issue has been solved. See solution.

Hello there,

 

Can someone help me with the documentation about SQL databases, diagram and info about each table for enterprise Vault 8? It would be great to have such info... Because currently I'm struggling to find such…

And is information about Archived emails stored here?

 Thanks.

Comments 4 CommentsJump to latest comment

JesusWept3's picture

The Vault Store databases just hold identifiable information such as date sent/received, archived date, compressed size, original size, who the item belongs to, in what folder, and pointers to where the actual email is stored on disk..... no information such as what the name of attachments, subjects, who it was sent from/to etc is stored in the database... thats all held in the physical DVS files and the indexed metadata.

As far as i'm aware there are no diagrams or schemas available to the public and is dev only.

You can find some decent queries out there to get you started on how parts of the database fits together on these forums, even just by searching my name

For instance
https://www-secure.symantec.com/connect/forums/ev-sql-query-list-all-maiboxes-mailboxes-and-out-ev-archives-mailbox-display-name-exchange-se

https://www-secure.symantec.com/connect/forums/help-sql-query-0

https://www-secure.symantec.com/connect/forums/sql-query-search-expired-savesets#comment-3502521

https://www-secure.symantec.com/connect/forums/sql-query-find-archived-messages-archive-item-size-specified-period-0#comment-7468261

R Vdg's picture

Thanks JesusWept3 ! Great

 

But one question in this case, According to your information it is not possible to track emails, if user tels he lost emails from archive and claims he hasn't deleted those?

 

I would like to get some evidences in this scenario or solutions how to check that...

Thanks a lot.

ZeRoC00L's picture

This will be possible when you enable auditing in EV.

Audit events recorded:
 

  • The time an event occurred.
  • The account that initiated the event.
  • The archive in which an item was archived.
  • The category of the event, such as "View", "Archive", or "Delete".

 

http://www.symantec.com/business/support/index?page=content&id=TECH49054

If this response answers your concern, please mark it as a "solution"

JesusWept3's picture

So typically the way i handle items that have disappeared and the user swears they havent deleted them

1. See if the user can remember anything about the email, subjects, from, to, sent received dates etc
2. See if it can be found through search.asp at all
3. Go to the properties of the users archive, and go to deleted items, see if there are any deleted items listed
4. From the advanced tab of the users archive, copy the archiveID
5. search the IIS logs for the users archiveID with a command like

find "<archiveID>" > search.txt

6. through the IIS logs, look for anything that references deleteo2k.asp as this would have been called if a delete was made from search.asp, searcho2k.asp and archiveexplorerui.asp ,,,, a delete from Outlook itself would be under clientAction.asp but you wont be able to tell what action it performed was (its used for delete, retrieve, archive etc)

 

Also you could look at JournalDelete table, as it may show items that have been deleted in the past month, but are now none recoverable (i.e. they've been expired from the dumpster)

Typically in my experience either the end user deleted it and just didn't know what they were doing, or they deleted the shortcut from something like \inbox\subfolder1\ but the item really exists in \inbox\subfolder2

One case i worked with ages ago, was using Moved Items, so it updated the shortcuts...and then Exchange Mailbox Manager was moving old items to a \Mailbox Cleanup folder,so it moved the shortcut, it updated in Archive Explorer etc and then after a few more days, EMM deleted the shortcut. So the user couldn't find the shortcut, and couldn't find the item in its original location etc

But auditing is also a safe way to go but it does have a performance impact and can grow extremely large depending on what you're auditing and how many users are active etc

SOLUTION