'Could not get Retention Category for a site' error, when attempting to discover an Enterprise Vault (EV) Site

Article:TECH203191  |  Created: 2013-02-25  |  Updated: 2013-02-27  |  Article URL http://www.symantec.com/docs/TECH203191
Article Type
Technical Solution



Issue



The Enterprise Vault server is contacted (1 site available), but the properties are not transferred (Could not get Retention Category). 

 


Error



<< JobStatus.log >>

ERROR root null - populateVaultInfo Could not get Retention Category for a site.

ERROR root null - Adapter Error: Adapter error code: -2147023174

 


Cause



Communications between servers is being monitored/blocked by (IPS) Intruder Protection Software (example: Juniper) or services are prevented from running Remote Procedure Calls on the EV servers, through Group Policies.

 


Solution



1. Disabe Windows Firewall on the Cearwell appliance

2. Remove Group Policies and IPS restrictions for port 135 on the EV servers.

Example of GPO restictions to examine:

Windows Firewall: Allow inbound remote administration exception Setting
Path: Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile

Explanation:
Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and
Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use
these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on
Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows
SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional
dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control
connections to SVCHOST.EXE and LSASS.EXE.

If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages
associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are
allowed.

If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, on Windows
XP Professional with at least SP2 and Windows Server 2003 with at least SP1, Windows Firewall prevents SVCHOST.EXE andLSASS.EXE
from receiving unsolicited incoming messages, and prevents hosted services from opening additional
dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the
"Windows Firewall: Allow file and printer sharing exception" policy setting.

------------------------------------


Windows Firewall: Define inbound port exceptionsSetting
Path: Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall/Domain Profile

Explanation:
Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Firewall uses two port
exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in
Control Panel.

If you enable this policy setting, you can view and change the inbound port exceptions list defined by Group Policy. To view
this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy
setting, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the
syntax format. To remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the
current definition from the list and add a new one with different parameters. To allow administrators to add ports to the
local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the "Windows
Firewall: Allow local port exceptions" policy setting.

If you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings
can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the
"Windows Firewall: Allow local port exceptions" policy setting.

If you do not configure this policy setting, Windows Firewall uses only the local port exceptions list that administrators
define by using the Windows Firewall component in Control Panel. Other policy settings can continue to open or block ports.

 




Article URL http://www.symantec.com/docs/TECH203191


Terms of use for this information are found in Legal Notices