Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Symantec Embedded database service WILL NOT start.

Created: 04 Jan 2008 • Updated: 21 May 2010 | 7 comments
First, I'd like to say that I work for an IT consulting firm that deals with numerous different and diverse client networks with differing hardware and software needs/configurations.
I am not one of those network/system admins that's worked the last little drop of juice out of my Dual Pentium Pro NT4 server for the last 8 years. We are not afraid of learning new stuff.
 
All Norton products aside, we have always conveyed our trust in Symantec Antivirus products(SAVCE, backup Exec, etc) to our clients and until SEP, that trust was well placed.
 
I have already dealt with
-Windows Servers stop accepting network connections with Symantec Endpoint Protection 11.0 installed
fixed with;
- A VPN issue post SEP install in which the VPN connection was allowed, authentication was passed and *ahem* authenticated on both sides but no VPN tunnel traffic was being allowed.
 
These issues have all been different servers, different networks, different clients. And have been able to correct most of the problems encountered thus far with SEP but one.
 
I am no newbie to sniffing through forums and tech boards but the issue I am now having I cannot figure out.
 
The particular server with the issue this time is
Server 2003 Standard SP2 32 bit
Dual Xeon 3.0 GHz's
4 GB RAM
RAID5
Running SEP , Backup Exec 11d (11.0 rev 6235)
also running Windows Server Update Services 3.0 on it's own website in IIS port 8530.
Aside from that, and being a DC running DNS, DHCP, WINS, File Sharing etc, it's been nothing but stable for the last year.
 
After the first attempted install of SEPM I was presented with the following issue;
-Symantec Endpoint Protection Manager displays an HTTP error in the Home, Monitors and Reports tabs-
fixed by finding this forum article;
 
afterwards I began the install of the client and was presented with a locked up server. Simple reboot, and all seemed well for two or three weeks.
 
Until this afternoon, for some reason at about 4:30 in the afternoon, all file shares and domain/group policy traffic ceased.
My client called me to inform me of this, I had her reboot the server, and everything seemed to come back up network-wise but the SEPM console fails to connect and the Symantec Embedded Database service will not start.
I have already Googled, Yahooed, Lived, browsed this forum, and found nothing that helps.
 
I get the
"The Java Virtual Machine has exited with a code of 1, the service is being stopped."
 
"The description for Event ID ( 1 ) in Source ( ASA 9.0 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ASANYs_sem5, Could not start server."
 
"The description for Event ID ( 1 ) in Source ( ASA 9.0 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ASANYs_sem5, Database cannot be started -- sem5.log is an invalid transaction log."
 
"The description for Event ID ( 1 ) in Source ( ASA 9.0 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ASANYs_sem5, Service not able to access Desktop."

in the application event log starting 4:37:46 PM

already read this post
also tried everything in that post.
 
dbsrv9.exe doesnt even start, isnt running as a process to even be listening on port 4005/4006 etc etc.
 
What I have found since is in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\err.log;
01/04 18:10:06. Database cannot be started -- sem5.log is an invalid transaction log
01/04 18:10:21. Database cannot be started -- sem5.log is an invalid transaction log
01/04 18:10:34. Database cannot be started -- sem5.log is an invalid transaction log
01/04 18:11:28. Database cannot be started -- sem5.log is an invalid transaction log
 
and a bunch of this in C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\out.log;
 
I. 01/04 15:58:39. Starting checkpoint of "sem5" (sem5.db) at Fri Jan 04 2008 15:58
I. 01/04 15:58:39. Finished checkpoint of "sem5" (sem5.db) at Fri Jan 04 2008 15:58
I. 01/04 16:36:40. Adaptive Server Anywhere Network Server Version 9.0.2.3347
I. 01/04 16:36:40.
I. 01/04 16:36:40. Copyright © 1989-2004 Sybase, Inc.
I. 01/04 16:36:40. Portions Copyright © 2002-2004, iAnywhere Solutions, Inc.
I. 01/04 16:36:40. All rights reserved. All unpublished rights reserved.
I. 01/04 16:36:40. 
I. 01/04 16:36:40. This software contains confidential and trade secret information of
I. 01/04 16:36:40. iAnywhere Solutions, Inc.
I. 01/04 16:36:40. Use, duplication or disclosure of the software and documentation
I. 01/04 16:36:40. by the U.S. Government is subject to restrictions set forth in a license
I. 01/04 16:36:40. agreement between the Government and iAnywhere Solutions, Inc. or
I. 01/04 16:36:40. other written agreement specifying the Government's rights to use the
I. 01/04 16:36:40. software and any applicable FAR provisions, for example, FAR 52.227-19.
I. 01/04 16:36:40. 
I. 01/04 16:36:40. iAnywhere Solutions, Inc., One Sybase Drive, Dublin, CA 94568, USA
I. 01/04 16:36:40.
I. 01/04 16:36:40. 4 logical processor(s) on 1 physical processor(s) detected.
I. 01/04 16:36:40. Per-processor licensing model. The server is limited to use 16 processor(s).
I. 01/04 16:36:40. This server is licensed to:
I. 01/04 16:36:40.     Symantec
I. 01/04 16:36:40.     Symantec
I. 01/04 16:36:40. Running on Windows 2003 Build 3790 Service Pack 2
I. 01/04 16:36:40. 65536K of memory used for caching
I. 01/04 16:36:40. Minimum cache size: 65536K, maximum cache size: 65536K
I. 01/04 16:36:40. Using a maximum page size of 8192 bytes
I. 01/04 16:36:40. Starting database "sem5" (C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.db) at Fri Jan 04 2008 16:36
I. 01/04 16:36:40. Database recovery in progress
I. 01/04 16:36:40.     Last checkpoint at Fri Jan 04 2008 16:17
I. 01/04 16:36:40.     Checkpoint log...
I. 01/04 16:36:40. Performance warning: Database file "C:\Program Files\Symantec\Symantec Endpoint Protection Manager\db\sem5.db" consists of 57 disk fragments
I. 01/04 16:36:40.     Transaction log: sem5.log...
E. 01/04 16:36:41. Error: Database cannot be started -- sem5.log is an invalid transaction log
I. 01/04 16:36:41. Error: Database cannot be started -- sem5.log is an invalid transaction log
I. 01/04 16:36:41.
E. 01/04 16:36:41. Database cannot be started -- sem5.log is an invalid transaction log
I. 01/04 16:36:41. Database server stopped at Fri Jan 04 2008 16:36
I. 01/04 16:47:24. Adaptive Server Anywhere Network Server Version 9.0.2.3347
I. 01/04 16:47:24.
 
Oh yeah, I also reran the Management Server Configuration Wizard and can't get past the database server configuration portion, because it aint running.
 
So obviously, I know my main issue seems to be that the Adaptive Server Anywhere/Symantec Embedded Database cannot start due a possibly corrupt db, this is the only service that will not start, all others start and restart fine, just cant log into SEPM console because of bad/not running db.
 
 
Question is, am I on the right track? ...and how do I fix it?
 
I appreciate all help in this matter.
Colossus610
 



Message Edited by Colossus610 on 01-04-2008 09:18 PM

Message Edited by Colossus610 on 01-04-2008 09:21 PM

Message Edited by Colossus610 on 01-04-2008 09:23 PM

Message Edited by Colossus610 on 01-04-2008 09:28 PM

Comments 7 CommentsJump to latest comment

SKlassen's picture
I'm reading that log entry the same way you do as being corrupt.  If it were me, what I would do is to uninstall SEPM completely, then reinstall from scratch.  Make certain that you download and use the newer 11.0.1000.1375 MR1 media and not the original RTM media to avoid many of the problems you experienced in the past.  Now hopefully, you are prepared for this, having documented all the appropriate info as per Appendix C:  Disaster Recovery in the Install Guide.  You will also need a db backup made using the Symantec Backup/Restore Utility.
 
If you don't have this stuff, then you'll have to reconfigure all of your settings in SEPM from scratch.  I had to go through this process a few weeks ago and it wasn't too bad. 
 
The thing that worried me the most, was if I had to reinstall on all of the client systems and thankfully the answer is you don't.  Following the instructions in the manual, that bit where you have to change the DomainID didn't work for me, as it wouldn't give me the option to do so.  I figured out a workaround that was fairly quick to get my clients "talking" to the new SEPM install.  You'll be using a program in the \tools\nosupport directory of the SEP media called sylinkdrop.  This tool works well, but has the limitation that you can't specify the sylink.xml file as a UNC path.  Here's how I worked around this limitation and got this done quickly:
 
1)  Take the Sylink.xml and SylinkDrop.exe files and put them into a share that all of your systems have applicable access to.
 
2)  I wrote a quick VBScript to copy the Sylink.xml file to c:\, then ran the script on all client systems using PSExec.  This could also be done by batch file or probably by running the Copy command directly from PSExec.
 
3)  Now that I had C:\Sylink.xml on all of my systems, I again used PSExec to run \\server\share\SylinkDrop.exe -silent C:\SyLink.xml.  Within 5 minutes, all of the clients had checked in with the new SEPM install and gotten the appropriate polices.
 
4)  Just to be tidy, I ran a vbscript through PSExec to delete the c:\sylink.xml on all of the machines.
 
When I had to do this, Symantec support didn't have anything to fix a corrupted DB, but that may have changed.  You may want to consider opening up a support case.
 
As a last note, if you do have to do a complete SEPM reinstall, I have a couple of suggestions.  Gather the info for disaster recovery and immediately make a DB backup as soon as your finished doing the configuration and policy setting then place these in a safe place.  Don't use the Symantec built-in DB, there's is no control over it's behavior or usage at all and I found it to be a bit flakey.  Get SQL 2005 Express (the free one) and use it instead.  With SQL you can configure it to limit menory usage, do backups from SQL, and if your a good DBA you can write scripts to clean out junk and re-index once in awhile to keep it from getting bloated. 



Message Edited by Scott Klassen on 01-05-2008 11:32 PM

Message Edited by Scott Klassen on 01-05-2008 11:33 PM

Colossus610's picture
 
I appreciate the input, I was hoping to not have to reinstall all of that (again) but .....
either way, I have remotely started the new version download on their server and will do the reinstall.
 
You know, I get a lot of crap from my co-workers about my passion for using vbscripts to automate a lot of the mundane and repetitive work I have to do.(Defragging, Deleting temp/IE cache files, backing up and clearing event logs, installing IP printers, etc) 
Most of the guys I work with still love batch files and doing things the old, hard way, but if I can get a lot of stuff done thru logon/logoff scripts, why not?
Nice to know someone else out there appreciates a good vbscript.
 
SKlassen's picture
I use VBS for the same reasons.  I'm the only admin at a mid-sized company, so if I don't have time to do something, it doesn't get done.  The automation afforded by VBS can sometimes be the only way I can keep my head above water.
 
That being said, I do believe in using the right tool for the right job.  I generally use vbs for system administrative tasks, but if I'm doing some web development, I'm more likely to use javascript since it's a bit easier in most cases for that task and it's easier to find javascript examples on the web for this.  Different tools can also sometimes be combined.  A good example is that once I had a chore where I had to change an attribute on a specific file on multiple systems.  After a bit of research, I found that doing so through vbscript using the file.attributes property was an incredibly painful and difficult exercise.  What I wound up doing in the end was using a vbscript to call objshell.run to kickoff the "DOS" Attrib.exe commandline tool. 
 
I wish that I was better at VBS than I actually am.  I've several complex VBS projects languishing, due to lack of skill, that I'm slowly working on over time. 
Colossus610's picture
Well, I appreciate the input/help.
I had downloaded the newer version SEP install and reinstalled the SEPM/database and performed the recovery/import of the old domainid and key and such and all of the old install clients popped right into the new SEPM config.
Considering this post/issue "Case Closed"
I thank you for your time.
 
...and out of curiosity, what kind of VBS projects you got "languishing"(nice word btw, most people wouldn't know that word exists)
IT_Man's picture

Hi  Colossus610

I am glad that you've got your problem solved.
I have a similar problem and I have tried the steps you both did but I couldn't solve the problem.
Each and everytime I restart the client it goes back to the offline setting any other suggestion?
Thanks,

SKlassen's picture
I'm assuming that you had an install of SEPM, then had to junk it and start over fresh.  If this is the case, then there's a good chance that clients have old SEPM server information that will need to be updated for them to communicate.
 
Some people have had luck doing a modified version of my instructions above adding a step before and after running SylinkDrop to replace the Sylink.xml file.  First, you'll want to stop SEP on the machine by running smc -stop, then after replacing the Sylink file, running smc -start.  It's possible that the replacement isn't being allowed because the file is loaded and in use.
chillware's picture

I finally solved my similar issue:

 

looked in out.log and found this error:

Cannot access file 'Fatal error: Could not open/read file: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\data\inbox\log\client\a7ef8cd9-6d36-4c81-bf47-2e1a9b79fc97.dat

 

For whatever reason, the file had got renamed to a7ef8cd9-6d36-4c81-bf47-2e1a9b79fc97.dat.err so i took off the .err, and was able to restart the service.. all is good now :)

 

Good luck!