08-15-2018 10:15 AM - edited 08-15-2018 10:17 AM
Hello everyone,
we do have an environment where the indexing backlog for all index volumes / archives is increasing. A few minutes after restarting the indexing service Event 41352 is occuring for many index volumes:
The processing of the Index Volume has stopped following errors.
Archive name: "Name of the archive"
Task: <none>
Index Volume ID: "ID of the volume"
Reason: <none>
Error Type: NonCritical
Description: Die COM-Klassenfactory für die Remotekomponente mit der CLSID {3A92686F-E5E8-4505-ABB5-49E5F725617A} konnte aufgrund des folgenden Fehlers nicht von Computer "evserver" abgerufen werden: 80070005 "evserver".
sometimes with the following error description:
Description: Could not connect to the storage service on "evserver". ArchiveId=["ID"] Inner exception: Die COM-Klassenfactory für die Remotekomponente mit der CLSID {3A92686F-E5E8-4505-ABB5-49E5F725617A} konnte aufgrund des folgenden Fehlers nicht von Computer "evserver" abgerufen werden: 800706ba "evserver".
At the same time DCOM Event 10006 and 10016 do appear in the system eventlog.
10006:Fehler "2147942405" in DCOM wurde vom Computer "evserver" empfangen, als versucht wurde, den folgenden Server zu aktivieren:
{3A92686F-E5E8-4505-ABB5-49E5F725617A}
10016: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\ANONYMOUS-ANMELDUNG" (SID: S-1-5-7) unter der Adresse "Adress of the evserver" keine Berechtigung vom Typ "Remote Aktivierung" für die COM-Serveranwendung mit der CLSID
{3A92686F-E5E8-4505-ABB5-49E5F725617A}
und der APPID
{9FB267AD-C6CE-4084-A18F-5100B54964B3}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
I can see the dcom events already occurring when starting the storage service but for a variety of CLSIDs. The CLSID mentioned above lead me to Enterprise Vault.StorageCrawler for which we modified the dcom configuration but the issue persists.
We already checked the following: https://www.veritas.com/support/en_US/article.000088120 .Firewall was disabled as well. Anyone having another idea what else to check? Version is 12.3 Please excuse the German phrases in the events, I can surely add the English ones if necessary. Search for items already indexed seems to be not affected.
Regards
Marc
Solved! Go to Solution.
08-28-2018 10:53 PM - edited 08-28-2018 10:57 PM
Hello Marc,
The only reference I found to the error you mention is below: errorcode
Interestringly, this points to firewall, which you say is disabled. See if the advise in the entry resolves it. It might also be that a MS KB patch causes this. That however is hard to find, as you need to figure out when you started getting these events, and then figure out what changed on the system.
I don't have further ideas, sorry.
<edit> Further Googling showed:
https://www.veritas.com/support/en_US/article.000087698
other articles indicate firewall issue.
10-31-2018 04:39 AM
Hi everyone,
Gertjan might have been right. A few hours after installing September Windows updates on the EV server the issue is completely gone. DCOM messages stayed away and the indexing backlog went below the threshold within a few hours. Except of the Windows updates nothing else has been performed on the EV server.
Kind Regards
Marc
08-15-2018 10:39 PM
Hi Marc,
Try doing a reboot of the EV server and see if that helps.
Also, veryfy the SQL databases fragmentation and ensure the SQL maitenance is performed regularly.
08-15-2018 11:09 PM
Hi Virgil,
restarts have been performed several times and yes, fragmentation is present but I'll need to check if a maintenance is configured and working. However I do clearly see an error in EV so I am not sure how fragmentation should be relevant here.
Regards
Marc
08-20-2018 01:04 AM
Hi Marc,
Have you tried re-entering the VSA password in the console, then restart all EV services? That most of the times fixes the DCOM issues.
08-20-2018 03:27 AM
Hi Gertjan,
not yet but I'll have a try as soon as I get access to the environment.
08-24-2018 11:00 AM
does dns resolution work on all names? can the server lookup his alias?
08-28-2018 04:39 AM
Same issue here but rebooting the server seemed to fix it.
08-28-2018 06:08 AM
Hi everyone,
hostname and alias are correctly resolved. We entered the VSAs credentials in the vac and restarted the service without any improvement. We also entered the password again for every EV services but no change.
Any other idea?
Regards
Marc
08-28-2018 10:53 PM - edited 08-28-2018 10:57 PM
Hello Marc,
The only reference I found to the error you mention is below: errorcode
Interestringly, this points to firewall, which you say is disabled. See if the advise in the entry resolves it. It might also be that a MS KB patch causes this. That however is hard to find, as you need to figure out when you started getting these events, and then figure out what changed on the system.
I don't have further ideas, sorry.
<edit> Further Googling showed:
https://www.veritas.com/support/en_US/article.000087698
other articles indicate firewall issue.
09-20-2018 12:08 AM
Hi Marc,
Any update on this issue?
09-20-2018 01:16 AM - edited 09-20-2018 01:22 AM
Hi Gertjan,
unfortunately not. A few things that we did:
-Execution of get-service powershell cmdlet showed that service RPCSS (Remote Procedure Call (RPC)) was not listed which I thought could be relevant. However the service is there, started and seems to be working.
-Executed FileReRegister.bat without a change
-Checked if any DCOM restrictions have been applied (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DCOM)
-Double checked firewall and the firewall status of the AV solution
We are not allowed to involve technical support at this point.
Regards
Marc
10-31-2018 04:39 AM
Hi everyone,
Gertjan might have been right. A few hours after installing September Windows updates on the EV server the issue is completely gone. DCOM messages stayed away and the indexing backlog went below the threshold within a few hours. Except of the Windows updates nothing else has been performed on the EV server.
Kind Regards
Marc