On a system running EV 10.0.2 seeing a few of these events. What if any action is required?
Any specific EVSVR option to resolve them?
>>
An invalid SIS part was encountered while doing watch file scan. Following further information is available.
Partition Name = xxx
VaultStoreEntryId = 1BE7981FBEAE73F45AD58F87D091A885E1210000KVSEV.xxx
ParentTransactionID = 802B959A2F979A17668CCE24343091D1
Invalid Reason = Verification failed for sis part when post processing Saveset with TID = [603FE5801B5FC4D43FAD6ECF88DA61A1].
Following item details are available:
Mailbox = [xxx]
Subject = [xxx]
Original Location = [Inbox]
Following sis part details are available:
FPDistinctionByte = [255]
FPHashPart1 = [-938829753]
UniqueId = [0].
Hey I don't know whether you have resolved this issue or still seeing it, but check this post from Tony which mentions the issue that you might actually be seeing as a bug
probably best to do a full verify of items on that particular date range, o close to the minute as you can.
It could just be a corrupt file or it could be something more serious such as anti virus deleting files etc
Have also seen this in environmens where the fingerprint transaction log grows to 100% and can't grow anymore and it causes lots of issues with false positive fingerprints being created
1. Log on to the EV server
2. Open a command prompt and CD to your EV installation directory
3. Type EVSVR and press enter
4. Type Edit and press enter
5. Uncheck "Process All Vault Store Groups"
6. Uncheck "Process All Vault Stores"
7. Uncheck "Process All Vault Store Partitions"
8. Uncheck "Process All Archives"
9. In the archive box, choose the Mailbox that was reported in the event
10. Narrow down the users vault store group, vault store and the active partition
11. Set the Date Range to be as close to those events as possible
12. Change Operation to be Verify
13. Change Option to be Complete
14. Save the EVSR and then run it from the evsvr console
OK so you know repair is going to remove them right?
but the option you want is Repair -> DeleteSurplusReferences.
However what i am unsure of is if it will delete an item where the DVS exists but the DVSSP is missing.
I think it will only do a delete from the database when the DVS/DVSCC/DVSPP are all missing together.
What you may end up just having to do is use the blacklist SISPart repair option
Hey I don't know whether you have resolved this issue or still seeing it, but check this post from Tony which mentions the issue that you might actually be seeing as a bug
Yes, for pre 2007 items this is the bug noted and hopefully to be fixed by 10.0.3 due shortly.
There was one date range post 2007 where inconsistencies did exist and this was resolved with EVSVER repair database linkages and other options under guidance from Symantec support.
