Enterprise Vault (EV) Compliance Accelerator (CA) Monitored Employee Groups' synchronization may not be attempted after a failure occurs until the error is cleared from the SyncError field of the tblTargetGroup table.
- EV Event Log
Source: Accelerator AD Synchronizer
APP AT - Customer ID: 3 - An error occured in ProfileSynchroniser::SynchroniseEmployeeProfile while retrieving properties.
System.Runtime.InteropServices.COMException (0x8007203A): The server is not operational.
- tblTargetGroup table SyncError field entry and Employee Group properties error:
The server is not operational
CauseCA Monitored Employee Group can be configured to synchronize against Lotus Domino Directory servers using LDAP commands. If the LDAP Service is stopped on the Domino Directory server while a synchronization attempt is made, the synchronization will fail. The synchronization failure will log the above Event ID 34 error into the Symantec Enterprise Vault Event Log on the CA server and will log the error "The server is not operational" into the CA Customer database's tblTargetGroup table SyncError field for each group that fails to synchronize as well as the the General tab of the CA Monitored Group properties for each group that fails the synchronization attempt.
When the LDAP Service is running again, subsequent synchronizations do not clear the error from the General tab or the database table.
SolutionThere are currently 3 possible workarounds for this issue.
1. Modify the synchronization interval to 12 hours and start the Enterprise Vault Accelerator Manager Service (EVAMS) such that the LDAP service will be running at the end of the 12 hour cycle.
2. Stop the Enterprise Vault Accelerator Manager Service (EVAMS) while the LDAP service is stopped.
3. Create a Stored Procedure to clear the SyncError field of the tblTargetGroup table , then configure and activate a SQL Job to run the Stored Procedure after the LDAP service has been started.
Workaround 1 - Modify the synchronization interval
By default, the ADSynchronization process that synchronizes Monitored Employees and Monitored Employee Groups with Active Directory or Lotus Domino Directory runs when the Enterprise Vault Accelerator Manager Service (EVAMS) starts, then every 8 hours thereafter. Change the synchronization interval to 12 hours and ensure EVAMS is started such that the LDAP service will be running every 12 hours thereafter.
1. Determine the time frame when the LDAP Service on the Domino Directory Server is stopped.
2. Change the CA synchronization interval to 12 hours as follows:
2.1. Launch the Compliance Accelerator Client using an account with sufficient Application level permissions to change configuration settings, such as the Vault Service Account (VSA)
2.2. Click on the Configuration tab.
2.3. Click on the Settings sub-tab.
2.4. Expand the Profile Synchronization group.
2.5. Locate and click on the Synchronization interval (hours) option. Note: Do not change the Active Directory synchronization interval (hours) option.
2.6. Click on the number in the Value column (default is 8).
2.7. Change the value to 12, then click on any other line.
2.8. Click the Save button in the lower right corner of the page.
2.9. Click the OK button to acknowledge the requirement to restart the Customer Background Task.
2.10. Close the CA Client.
3. Log onto the CA server as the VSA at a time that will allow the synchronizations to occur at least 1 hour before or after the time frame determined in Step 1.
4. Launch the Services Microsoft Management Console (MMC) snap-in.
5. Restart the Enterprise Vault Accelerator Manager Service (EVAMS).
Workaround 2 - Stop the EVAMS while the LDAP service is stopped
1. Review the Lotus Domino Server Event Logs to determine the time frame in which the LDAP service is stopped (i.e., stop and start times)
2. Configure a batch job on the CA server to stop EVAMS:
2.1. Create a folder on the Accelerator Server to contain the batch files (i.e., C:\BatchFiles)
2.2. Create a batch file to stop EVAMS (i.e., StopEVAMS.bat).
2.3. Edit the batch file to contain the following text as a minimum (additional text can be added if needed):
net stop "Enterprise Vault Accelerator Manager Service"
2.4. Save and close the file.
2.5. Launch the Microsoft Windows task scheduler application under Start | All Programs | Accessories | System Tools | Scheduled Tasks (for Windows Server 2003) or Task Scheduler (for Windows Server 2008).
2.6. Create a new task. For Windows Server 2003, double click on the Add Scheduled Task option and follow the wizard to create the task to use the stop batch file. For Windows Server 2008, click the Create Task option and fill in the appropriate information in each tab to create the task to use the stop batch file. As part of the task creation, schedule the batch job to run just before the LDAP service is stopped.
3. Configure another batch job on the CA server to start EVAMS:
3.1. In the same folder that contains the stop batch file, create another batch file to start EVAMS (i.e., StartEVAMS.bat)
3.2. Edit the batch file to contain the following text as a minimum:
net start "Enterprise Vault Accelerator Manager Service"
3.3. Save and close the file.
3.4. In the Microsoft Windows scheduler application, create a new task configured to run the start batch file a few minutes after the LDAP service has been started.
4. Close the Windows scheduler application when both batch files are configured in tasks that are set to run at the appropriate times.
Workaround 3 - Create a Stored Procedure to clear the SyncError field of the tblTargetGroup table , then configure and activate a SQL Job to run the Stored Procedure after the LDAP service has been started
1. Review the Lotus Domino Server Event Logs to determine the time frame in which the LDAP service is stopped (i.e., stop and start times).
2. Log onto the SQL Server with an account that has sufficient permissions to modify the CA Customer database contents, such as the VSA.
3. Launch the SQL Server Management Studio (SSMS).
4. Expand the SQL Server Agent folder.
5. Expand the Jobs folder.
6. Right click on the Jobs folder.
7. Select the New Job... option.
8. Go through the different pages to configure a daily job to run after the LDAP service has been started, with a job step to execute the following query against the affected CA Customer database:
IF EXISTS(SELECT 1 FROM tblTargetGroup WHERE SyncError <> '')
UPDATE tblTargetGroup SET SyncError ''
9. Close SSMS when finished.
Symantec Corporation has acknowledged that the above-mentioned issue is present in the version(s) of the product(s) referenced in this article.
There are currently no plans to address this issue by way of a cumulative hotfix or service pack in the current or previous versions of the software at the present time. This issue may be resolved in a future major revision of the software at a later time, but is not scheduled for any release. If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Symantec Sales representative or the Symantec Sales group to discuss these concerns. For information on how to contact Symantec Sales, please see http://www.symantec.com.