Event Code 3007 - Failed to remove orphaned file in DLP
search cancel

Event Code 3007 - Failed to remove orphaned file in DLP

book

Article ID: 200108

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Discover Data Loss Prevention Data Loss Prevention Network Discover

Issue/Introduction

This issue occurs after the Detection server is rebooted, or the FileReader service restarts.

The FileReader logs shows many warnings about failing to remove orphaned files, referring to remote indexes.

WARNING: Failed to remove orphaned file. ..LegacyEndpointDocSource.16592.9.rdx

The warnings may be related to DocSource rdx files, EndpointDocSource rdx files, and LegacyEndpointDocSource rdx files.

The "ls -al" command in the "/var/Symantec/DataLossPrevention/EnforceServer/<version>/index" directory shows many duplicate rdx files.

A duplicates start with a "." (period), the rest of the file name is identical.

Example:

-rwx------. 2 SymantecDLP SymantecDLP   19028384 Jul 14 12:57 .DataSource.1.16552.572.rdx.0
-rwx------. 2 SymantecDLP SymantecDLP   19028384 Jul 14 12:57 DataSource.1.16552.572.rdx.0

Environment

Component : FileReader

Cause

This is generally caused by a failure to gracefully stop the Detection server services.

Resolution

15.7 MP3 and 15.8 include fix. For all other versions, please contact Support.

Powered by Wolken Software