VOX

Ev_Ajay,

Yes, the journaling connector is installed on the Enterprise Vault server.  It's the same version (10.0.3) as the EV product and EV-CA.

If I put a checkmark in the box for the department, <All Employees> appears like you said.

Hi Ken,

Very informational and helpfule explanation.

Thanks for the valuable explanation.

@Kenneth Adams

Thank you for the helpful information.  I remember that sort of thing happening in the past (many years ago) - where the journal connector was updated or reinstalled and was assigned an ID that was not the last in the list of filters.  Since it's not something I've had to check in so long, I didn't think of it.

I need to wait until later today to verify (I made the change yesterday morning but our backup guys have had the primary Vault Store group in backup mode for the last 24 hours, and now that I've cleared it we need to wait until EV can process all the itesm sitting in the journal mailbox).

I'll follow up and give credit after verification.  Thanks Kenneth!

Greetings, BigAnvil;

Heres is a trick you can use to confirm the department tagging is working without having to wait until the Random Sampling processing completes tomorrow.

1) Launch an advanced browser search (http://EVServer/EnterpriseVault/search.asp?advanced=3) and select the journal archive (depending on the account you use for this, you may have to grant Read access to the archive through the Vault Admin Console).

2) In the 'Other Result Attributes' line, enter the following as I have it typed: KVSCA.Deptartment KVSCA.DeptRecips KVSCA.DeptAuthor

3) In the 'Date' line, enter into the "From:" field a date known to not return hits in the scheduled search (i.e, 07/10/2013) and in the "To:" field, there the same date or the next day's date (i.e., 07/11/2013).  Run the sesarch and look at the first page of the output to see if any of the items returned also show lines that begin with the labels in the 'Other Result Attributes' line.  If you don't see any such lines, then no department tagging was done.

4) Run the same search except with yesterday's date in the 'Date' line's "From:" and "To:" fields.  Depending on when in the day you made the change, you may have to scroll through a few pages of returned items to see any with the department tagging; however, just seeing any from yesterday (or today if you want to check with today's date) will be proof that the JC is now doing the department tagging.

I hope this helps.  I look forward to your update on the results of enabling the JC yesterday.

Hi,

Some information about the "KVSCA.Deptartment KVSCA.DeptRecips KVSCA.DeptAuthor" :

 Some of the tags that CA looks for in the message metadata are :

• KVSCA.Department - the DepartmentID of a sender, recipient, or exception.
• KVSCA.DeptRecips - DepartmentID associated with the recipients.
• KVSCA.DeptAuthor - the DepartmentID associated with the author.

Kenneth,

The name of the string prior to changing it was "0" and all our journal messages were being archived properly (converting to pending then being removed from the journal mailbox per our policy).  

I deleted the entry for "LVS.Accelerator.Plug.Filter" and recreated it with a name of "1" as below.  It was the only filter.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KVS\Enterprise Vault\External Filtering\Journaling]

Ah.  So the JC was disabled intentionally.  Interesting.

Look in the Vault Admin Console to see if the journal task (JT) is in a failed state. If it is, there is something wrong with the JC that is causing the task to fail.

If the JT has failed, look in the Symantec Enterprise Vault Event Log on the journaling server to see if there are any errors thrown related to the external filter (which would be the JC).

Possible causes of the JC to stop journaling are:

1) Two or more CA Customers exist in the environment where these Customers share the same CA Configuration database AND more than 1 Customer's properties has a blank for the VaultID(s) entry.  To check for this, the EV Event Log will have an error entry with the description stating the default customer could not be determined.  Also, looking at the Customers in the EVBAAdmin site on the CA server, clicking on each customer in the left pane will display the properties in the right pane where the VaultID(s): field can be easily viewed.  In environemnts where multiple CA Customers exist within the same CA Configuration database, one and ony one Customer must be considered the default customer into which all items not targeted for other customers are placed.  The default Customer is noted by the VaultID(s): field being blank.  All other Customers MUST have something in their VaultID(s): field, and the entries must not contain blanks.

2) An upgrade to CA has been started, but not fully completed.  When CA is upgraded, the CA Configuration database is the first database to be upgraded after the upgraded binaries (the exe, dll, etc files) are installed.  After the CA Configuration database upgrade has completed, each CA Customer must be upgraded.  After all CA Customer upgrades have been completed, the Journal Connector must be upgraded.  All of the databases and the JC must be at the same major and minor release of the product (i.e., all must be at CA 10.0 SP3).

3) The CA Configuration database has been moved from one SQL Server or SQL Server instance to another SQL Server or SQL Server instance.  When a CA Configuration database is moved, there are certain files on the CA server and the EV journaling server that must be updated to reflect that move.  On the journaling server, there is a file in the EV installation folder (default folder is 'C;\Program Files (x86)\Enterprise Vault') named JournalTask.exe.config for Exchange and EVLotusDominoJournalTask.exe.config that must be edited in Notepad (or some other plain text editor) to change the 'server=' entry from the old SQL Server or SQL Server instance to the new SQL Server or SQL Server instance.  Once the file has been edited with the correct SQL information, the JT must be started (the edit should be done with the JT stopped).

Since you can run CA searches, we know that at least the CA Configuration database and one CA Customer are running at the same CA version.  From this information, we know that the SQL Server name or SQL Server instance information in the CA server's CA configuration files is correct.  To confirm the SQL Server or SQL Server instance name that should be in the JC configuration file (i.e., JournalTask.exe.config), look on the CA server in the CA installation folder (default is 'C:\Program Files (x86)\Enterprise Vault Business Accelerator) for the file named AcceleratorManager.exe.config.  Open this file in Notepad and look for the line with the name of the SQL Server or SQL Server instance in the 'server=' entry.  Note that the same line will have an entry labeled 'initial Catalog=' that contains the name of the CA Configuration database.  Note this database name as well as the SQL Server / SQL Server instance name. Take that information and match it to the information in the JC configuration file.  If either the SQL Server / SQL Server instance name or the CA Configuration database name are incorrect, change them and save the JC configuration file, then restart the JT.

Let us know what you find when you go through these troubleshooting steps, please.

Kenneth,

I could see the Event Log entries showing the journal task as failed. But rather than review those entries I think the JournalTask.exe.config file shows where the issue is.  Though we didn't change SQL servers or instances, it doesn't seem to contain the correct info - our SQL server is kvs-sql.domain.com, the CA server is evault-ca.domain.com, and the EV server is entvault.domain.com

Ah.  So the JC was configured with the CA server name instead of the SQL Server name.  That's a common mistake, so it's easy to fix.

Thank you for letting us know the root cause of the problem.  Have you tried the advanced browser search that I noted a few comments ago?  That would tell you if you're getting the department tagging now.  I expect you will be, but it never hurts to be sure.

FYI, the work you did to troubleshoot the issue can be found in our Technical Article TECH50455, "Journaling Stops when the using Journal Connector and how to properly configure the Journal Connector", available at http://www.symantec.com/docs/TECH50455.  I'll be updating this article soon to add the versions of CA that are not currently listed as this applies to all versions of CA.

Hi Ken,

Thanks a lot for providing the Possible causes of the JC to stop journaling. Got more information about the issue and cause.

Kenneth,

I wear many hats here as most of us do, so I did not have an opportunity to test as you had asked.  However, when I arrived this morning, the scheduled search returned results so all is good again.

Thank you for all the helpful information and your quick responses!

Hi Ken,

I really learn many things from this issue. It's happy to know that this issue is resolved.

I understand being too busy to run some tests and having to wait for the normal processing to complete to confirm a fix.  I, too, was busier than expected yesterday after the general availability release of EV/DA/DA 10.0.4 this past Wednesday.

I'm glad that I was able to assist in resolving your issue.