In Enterprise Vault 8 Symantec has followed Microsoft's recommendation to only use signed executable and DLLs to allow authenticity checks that are more reliable than Heuristic based malware detection.
On some customers builds this could lead to to error messages and the inability to start the Discovery Accelerator Manager Service.
This documents outlines the Problem and suggests different resolution options.
Could not start the Enterprise Vault Accelerator Manager Service service on Local Computer.
Error 1053: The service did not respond to the start or control request in a timely fashion.
Enterprise Vault (EV) Discovery Accelerator (DA) files are digitally signed. This causes the Enterprise Vault Accelerator Manager Service (EVAMS) start to take longer to complete as there is an automatic check to Verisign to confirm the publisher certificate has not been revoked.
This problem occurs because of the following behavior:
When the Microsoft .NET Framework loads the Symantec DA assembly, the managed assembly calls the CryptoAPI function to verify the Authenticode signature on the assembly files to generate publisher evidence for the managed assembly.
The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at http://crl.microsoft.com. This action requires an Internet connection.
If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. This problem may also occur if the computer cannot resolve http://crl.microsoft.com.
This long delay causes the CRL check to time out. The Service Control Manager (SCM) determines that the service is taking too long to start and that the service has exceeded the maximum service start time. Therefore, the SCM reports the error message, and the Discovery Accelerator services are not started.
The EVAMS service should now start correctly.
If a router were to send a “no route to host” ICMP packet or similar error instead of just dropping the packets, the CRL check would fail right away, and the service would start. You can add an entry to crl.microsoft.com in the hosts file or on the DNS server and send the packets to a legitimate location on the network, such as 127.0.0.1, which will reject the connection.
To do this, use a text editor to open the Windows\system32\drivers\etc\host file, and then add the following entry:
(Important! You should save a copy of the existing configuration files to a safe location. If there is an error in a configuration file, the applicable service cannot start.)
You must create configuration files for the Enterprise Vault Accelerator Manager service.
How to create a new configuration file:
Open the EnterpriseVaultAcceleratorManager.exe.config in a text editor.
Add the following code to the file.
<configuration> <runtime> <generatePublisherEvidence enabled="false" /> </runtime> </configuration>
Save the changes to the file.
I am not sure if the last option is supported, I am waiting confirmation on this.