Strive for IT Excellence

Enterprise Vault Errors Flooding Your Event Logs??

With Enterprise Vault (EV) you can sometimes see strange behavior in the event logs. For example, reoccurring 29014 errors with an interesting host name or Vault ID:

Type:        Error
Date:        3/30/2017
Time:        2:21:07 PM
Event:        29014
Source:        Enterprise Vault 
Category:    Web Application (WP)
User:        N/A
Computer:    EV-EVMV.domain.com
Description:
Storage DCOM error.
Reason: No such host is known.  (0x80072af9)
Reference: Get storage object: Computer name [1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV (1)], Context [VaultID: 1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV (1)]

Take note of the (1) at the end of the names.

The archive itself seems fine. A quick look at its SQL entries shows everything looking normal:

Use EnterpriseVaultDirectory
select * from [dbo].[ExchangeMailboxEntry] where DefaultVaultId = '1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV'
Use EnterpriseVaultDirectory
select * from [dbo].[Root] where VaultEntryId = '1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV'
Use EVVSMailboxVS_3
select * from [dbo].[ArchivePoint] where ArchivePointID = '1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV'
Use EVVSMailboxVS_3
select * from [dbo].[Vault] where VaultID = '1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV'

A dtrace will show:

246900    14:21:07.535     [2960]    (w3wp)    <7636>    EV:L    {VaultCoCreateInstanceEx} Attempt [1] to create COM object failed. CLSID [{F019A230-FF92-11D1-8C20-0000F87502DE}] Server Name [1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV (1)] Elapsed [0.001s] Result [The RPC server is unavailable.  (0x800706ba)]
246901    14:21:07.736     [2960]    (w3wp)    <7636>    EV:H    VaultCoCreateInstanceEx GetMachineNameUsingHostNameHelper failed. Server Name [1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV (1)] Error [No such host is known.  (0x80072af9)]
246902    14:21:07.736     [2960]    (w3wp)    <7636>    EV~E    Event ID: 29014 Storage DCOM error. |Reason: No such host is known.  (0x80072af9) |Reference: Get storage object: Computer name [1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV (1)], Context [VaultID: 1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV (1)] |For more information, see Help and Support Center at http://entced.symantec.com/entt?product=ev&language=english&version=11.0.1.0&build=11.0.1.3598&error=V-437-29014
246903    14:21:07.736     [2960]    (w3wp)    <7636>    EV:H    {GetStorageObject} Status: [No such host is known.  (0x80072af9)]
246904    14:21:07.736     [2960]    (w3wp)    <7636>    EV:H    {CAutoStorageOnline::CreateStorageOnlineByComputerName} Status: [No such host is known.  (0x80072af9)]
246905    14:21:07.736     [2960]    (w3wp)    <7636>    EV:H    {CAutoStorageOnline::CreateStorageOnlineByVaultId} (Exit) Status: [Exception]
246906    14:21:07.736     [2960]    (w3wp)    <7636>    EV:H    {CAutoStorageOnline::GetVaultRange:#1388} _com_error exception: [No such host is known.  (0x80072af9)]
246907    14:21:07.736     [2960]    (w3wp)    <7636>    EV:H    {CAutoStorageOnline::GetVaultRange} (Exit) Status: [No such host is known.  (0x80072af9)]
246908    14:21:07.737     [2960]    (w3wp)    <7636>    EV-H    {Common.DTraceExceptionAndVEID} Exception: No such host is known. (Exception from HRESULT: 0x80072AF9) Info:VEID:1154E5E3E65F2304DB411ED0C4D9DFA8E1110000-EV (1) Diag:HRESULT: 80072af9 Type:System.Runtime.InteropServices.COMException ST:   at KVS.EnterpriseVault.Interop.AutoStorageOnlineClass.IAutoStorageOnline3_GetVaultRange(String bstrArchiveID, UInt32& apArchPointId, UInt32& apHighSeq, UInt32& apItemsSize, UInt32& apRetCountItems, DateTime& apItemCreationDate, DateTime& apItemModifiedDate, DateTime& oldestItem, DateTime& newestItem, UInt32& lowestSeqNum, UInt32& highestSeqNum, DateTime& oldestArchDate, DateTime& youngestArchDate)|   at DesktopClientCacheWeb.GetVaultInformation.CreateResults(String archiveId, HttpResponse pResponse) Inner:None

Also, within the IIS logs you will see a 500 status for the user at the time of the errors.

Using the Vault ID and IIS logs you can find the user and look up their workstation name. UNC to the Vault Cache location (i.e. C:\Users\xxxxxx\AppData\Local\KVS\Enterprise Vault\xxxxxxxxxxxx) and you will find multiple MDC files. One with the correct name, and another with the (1) at the end, which is the root of the 29014 errors flooding the event logs.

If you look at the date and time on the MDC file, it should correspond to the date and time of the 29014 error in the Event Logs.

This looks similar to: https://www.veritas.com/support/en_US/article.000019599 however, the errors are different and there are no 6281 errors in the Event Logs. And since there are multiple MDC files (one normal and one with (1)) you can’t simply rename per this technote.

The file with (1) at the end will let you delete it as it won’t be locked. You’ll want to monitor the end-users’ Vault Cache for synchronization and to see if resets or full rebuilds are needed.

EV can always surprise you with different errors, even in a healthy environment. If you are experiencing any errors in your environment or would like an Enterprise Vault Health Check and Enterprise Vault Best Practice Check, reach out to our specialists today!

New Resource

IaaS Guide
Click here to download our Guide to Infrastructure as a Service (IaaS).