EV 11.0.1 - DCOM errors since May2020 security patches
Hi All,
I've got an issue since this weekend when our 16x EV 11.0.1 servers were patched with the May 2020 security patches then rebooted. Now every server is now complaining with Event ID: 29014 issues in the Eventlogs and our users now cannot access their archives via the ArchiveExplorer (website). We migrated our mail to O365 so archive explorer is now our users only method to access their legacy archives.
Log Name: Symantec Enterprise Vault
Source: Enterprise Vault
Date: 26/05/2020 08:40:45
Event ID: 29014
Task Category: Web Application (WP)
Level: Error
Keywords: Classic
User: N/A
Computer: SERVERNAME.CHANGEDTXT.COM
Description:
Storage DCOM error.
Reason: Access is denied. (0x80070005)
Reference: Get storage object: Computer name [SERVERNAME.CHANGEDTXT.COM ]
For more information, see Help and Support Center at http://entced.symantec.com/entt?product=ev&language=english&version=11.0.1.0&build=11.0.1.3706&error=V-437-29014
On one server I uninstalled KB4556852 & KB4558640 rebooted in the hope that it would resolve it but no joy.
I've run a DTRACE (attached) and here is an excerpt of that...
29 13:38:53.549 [6804] (w3wp) <7608> EV-L {ListArchives.Page_Load} ListArchives.Page_Load
30 13:38:53.550 [6804] (w3wp) <7608> EV:L {CAutoJournalAccessor::GetSyncSlot} (Entry)
31 13:38:53.553 [6804] (w3wp) <7608> EV:H {CAutoJournalAccessor::GetSyncSlot:#56} _com_error exception: [Access is denied. (0x80070005)]
32 13:38:53.554 [6804] (w3wp) <7608> EV:H {CAutoJournalAccessor::GetSyncSlot} (Exit) Status: [Access is denied. (0x80070005)]
33 13:38:53.560 [6804] (w3wp) <7608> EV-H {ListArchives.Page_Load} Exception: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) Info: Diag: Type:System.UnauthorizedAccessException ST: at KVS.EnterpriseVault.Interop.AutoJournalAccessorClass.GetSyncSlot(String auth, String archiveID, UInt32& timeOut)| at DesktopClientCacheWeb.ListArchives.GetSyncSlot(IAutoJournalAccessor ja)| at DesktopClientCacheWeb.ListArchives.List()| at DesktopClientCacheWeb.ListArchives.Page_Load(Object sender, EventArgs args) Inner:None
34 13:38:53.611 [6804] (w3wp) <7120> EV-L {ClientDiagnostics.Page_Load} ClientDiagnostics called
35 13:38:53.611 [6804] (w3wp) <7120> EV-H {ClientDiagnostics.Page_Load} AUTH_USER string: .
36 13:38:53.612 [6804] (w3wp) <7120> EV:L {CClientAuthenticate::GenAuthString:#361} Generating auth string...
39 13:38:53.621 [6804] (w3wp) <7120> EV:M ClientAuthHelperImpl::GenAuthString Authentication Type: Currently impersonated user Client:(null) ==> AuthToken:SERVERNAME.CHANGEDTXT.COM 3Q1K*****
40 13:38:53.627 [6804] (w3wp) <7120> EV-L {ClientDiagnostics.PostDiagnosticValues} Exception: Failed to connect to an IPC Port: The system cannot find the file specified.| Info:ClientDiagnostics PostDiagnosticValues failed Diag: Type:System.Runtime.Remoting.RemotingException ST:|Server stack trace: | at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)| at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)| at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)| at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)|Exception rethrown at [0]: | at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)| at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)| at KVS.EnterpriseVault.ClientDiagnosticsHandler.ClientDiagnosticsHandler.PostClientDiagnosticValues(NameValueCollection diagnosticValues, String authStr)| at DesktopWeb.ClientDiagnostics.PostDiagnosticValues(NameValueCollection queryStringParams) Inner:None
45 13:39:08.270 [6804] (w3wp) <7608> EV-L {Slot.Page_Load} Slot.Page_Load
46 13:39:08.270 [6804] (w3wp) <7608> EV-L {Slot.GetSyncSlot} Slot.GetSyncSlot - VEID:1D67ECF7CDE3DD3418AF7F977957226191110000evault2, TimeOut:0
47 13:39:08.271 [6804] (w3wp) <7608> EV:L {CAutoJournalAccessor::GetSyncSlot} (Entry)
49 13:39:08.272 [6804] (w3wp) <7608> EV:L CBaseDirectoryServiceWrapper::CreateDirectoryService() - Entry [m_nNumTries = 40]
50 13:39:08.274 [6804] (w3wp) <7608> EV:L CBaseDirectoryServiceWrapper::CreateDirectoryService() - Successfully communicated with an EV Directory Service on the local machine
51 13:39:08.322 [6804] (w3wp) <7608> EV:L {VaultCoCreateInstanceEx} CLSID [{4EC6FF76-C97A-11D1-90E0-0000F879BE6A}] Server Name [(null)] Used Server Name [(null)] Num of attempts [1] Total elapsed [0.000s] Result [Success (0)]
52 13:39:08.323 [6804] (w3wp) <7608> EV:L {GetStorageObject:#46} Calling VaultCoCreateInstanceEx
53 13:39:08.323 [6804] (w3wp) <7608> EV:L {CStorageOnlineOpnsInstanceHelper::GetLoadBalancedStorageOnlineOpnsCLSID:#61} Non-StorageOnlineOpns CLSID. Returning Input.
54 13:39:08.332 [6804] (w3wp) <7608> EV:L {VaultCoCreateInstanceEx} Attempt [1] to create COM object failed. CLSID [{957FF4B4-162B-4708-843A-0134868699B4}] Server Name [EXC7.CHANGEDTXT.COM] Elapsed [0.009s] Result [Access is denied. (0x80070005)]
I'm at a loss where to go now.
Any help would be appreciated please as I've been trying to keep these servers going whilst waiting for a project to migrate our Databases over to a SQL Server 2012 (or higher) so I can get our environment upgraded to V12.
Thanks,
Andy
Morning All,
I thought I'd update this post and close it off.
So the issue lasted an entire week until the scheduled reboots for the EV servers early yesterday morning. The DCOM errors stopped immediately once the servers came up. I hadn't made any changes other changes as per listed above.
The only thing I can think of is that the SQL Server farm we utilise for EV performed its monthly reboot on Sunday and after the EV servers reconnected post reboot, it seems everything is working again.
Due to the DCOM issues, I think they sent me on a wild goose chase looking at IIS and EV.. not the SQL Servers.
I'll have to see what I can find out with the SQL servers (as they're looked after by a different team).
At least its fully operational again now.
Thanks,
Andy