FileReader fails to start until Server is rebooted.
Restarting the services on Enforce or the server itself does not allow FileReader to start and FileReader will only start when the machine is rebooted.
Reviewing the Filereader0.log shows the following error:
SEVERE:  Interprocess exception caught while opening server shared memory with error message - The system cannot find the file specified., Exception thrown from : ClientShmChannelImpl.cpp(80) HostManager.cpp 129
Feb 4, 2015 1:24:06 PM com.vontu.cracker.jni.NativeContentExtractionEngine create
SEVERE:  Exception caught during starting up host manager. ContentExtractionEngineImpl.cpp 53
Feb 4, 2015 1:24:06 PM com.vontu.messaging.FileReaderSetup initialize
SEVERE: (DETECTION.3) Failed to initialize Detection
com.vontu.cracker.jni.NativeException: Failed to start Engine
FileReader fails to start if event id 6005 (EventLog Startup event) is missing from the windows system event queue.
If Windows Event Log doesn't contain the Startup Event (Event 6005) for any
reason, then get_bootstamp returns an empty string. CallStack:
When create_tmp_and_clean_old tries to delete all the entries for the previous boot sessions, the empty string (that is delete all folders except "") causes it to delete the current session's files as well.
We can use PowerShell to emulate a reboot by introducing a windows reboot event.
Write-EventLog –LogName System –Source “EventLog” –EntryType Information –EventID 6005 –Message “The Event log service was started.”
For each case we have seen with this appears to have Mcafee AV installed.
Check For Mcafee Antivirus and ensure proper exclusions are in place per Servers with Antivirus and Symantec Data Loss Prevention (DLP) Server Software (broadcom.com).
Other items which have been suggested for this issue:
In some cases some level of OS hardening has been performed via group policies or similar, this can prevent the profile for the "SymantecDLP" user from getting created correctly which in turn will cause our FileReader process to fail. The solution is to make the "SymantecDLP" user a member of the local Administrators group for the first startup of the SymantecDLPServer service. This will allow the profile to be created correctly, thereafter the "SymantecDLP" user can be removed from the local Administrators group.
On Linux based systems the following should be checked as a possible cause: