Symantec has identified an issue with the installation routine of the Enterprise Vault File System Archiving (FSA) 10.0.X agent which causes individual files that are not locked or set to read-only to be deleted from the root of C:\ on the File Server. Folders that are located in the root of C:\, read-only files and locked (open) files are not deleted. This issue only occurs at the point of installation – files that are subsequently placed in the root of C:\ post-installation are not affected.
This only occurs during an upgrade of the FSA agent from Enterprise Vault 9.0.X to 10.0.X, or from 10.0.0 to 10.0.1. Both Microsoft Cluster Server (MSCS) and VERITAS Cluster Server (VCS) FSA Agent cluster installs are also affected. Fresh installs, or upgrades where the previous FSA agent has been manually uninstalled before upgrading, are not affected.
As part of an automatic upgrade installation our FSA agent installer runs some custom action routines. These custom actions were ordered incorrectly and caused individual files to be deleted from the root of C:\.
What is affected:
- Enterprise Vault for File System Archiving 10.0.0
- Enterprise Vault for File System Archiving 10.0.1
The above versions of Enterprise Vault FSA Agent are affected if the FSA agent was upgraded from 9.0.X to 10.0.X or from 10.0.0 to 10.0.1, either by using the Enterprise Vault FSA Agent wizard in the Vault Administration Console, or performed locally on the file server.
Note: Servers where the Enterprise Vault FSA Agent had been manually uninstalled prior to upgrade are not affected.
How to Determine if Affected:
Confirm the Enterprise Vault FSA Agent is running the affected versions of 10.0.0 build 1316 or 10.0.1 build 1171:
1) Navigate to the location where EVPlaceholderService.exe has been installed.
a) On 32bit systems the default location is “C:\Program Files\Enterprise Vault”
b) On 64bit systems the default location is “C:\Program Files (x86)\Enterprise Vault”
2) Right-click on the file and select Properties.
3) Select the Details tab.
4) Review the File version field.
a) For Enterprise Vault 10.0.0 the file version should be 10.0.0.1316
b) For Enterprise Vault 10.0.1 the file version should be 10.0.1.1171 (as per the example below).
- If running either of these versions, and have upgraded your FSA Agent from a pre-10 version, you have been affected by this issue. Please follow the steps outlined in the Solution section.
- Some systems files may be present in C:\. Typically these are marked as read-only (e.g. boot.ini on Windows 2003) or locked for access on startup (e.g. pagefile.sys) so will not be deleted. If any of these files have had the read-only attribute manually removed, or if the files are not locked, they may be deleted. Restarting the operating system may prevent the file server from loading correctly. Any individual files located in the root of C:\ may have been deleted.
2. Compare the files in the root of c:\ with those of the last good backup prior to upgrade. Restore any files which have been deleted from the last good backup
3. Apply the following Enterprise Vault FSA Agent hotfix. This hotfix will ensure the issue described in this article will not occur. However, the hotfix will not be able to recover the items that were affected.
The Enterprise Vault FSA Agent 10.0.1 hotfix (.msi) can run against Enterprise Vault server versions 9.0.X and 10.0.X. Please refer to TECH38537 for further details on compatibility of Enterprise Vault server and Enterprise Vault FSA Agent versions.
If planning an upgrade of the FSA agent from version 9.0.x to 10.0.x or from version 10.0.0 to 10.0.1 you should download the updated Enterprise Vault FSA Agent from article TECH193483 to perform the upgrade.
Subscribe to this article by clicking on the Subscribe via email link on this page to receive notification when this article is updated.
Symantec Strongly Recommends the Following Best Practices:
1. Always perform a FULL backup prior to and after any changes to your environment.
2. Always make sure that the environment is running the latest version and patch level.
3. Subscribe to technical articles for updates.