Environment
Security Manager 6.0
Security Manager 6.5
Situation
No real-time or archival events are being sent from the central computer.
Security Manager application Event Id 21239 will occur.
Security Manager application Event Id 21241 might appear 10 or 15 minutes later depending on the speed of the link between the central computer and the SQL server hosting the one point database.
Com+ errors found in the Windows Event Viewer system logs:
============
Event id 1001
Event id 5379
Event id 781
============
The following errors, found in the Security Manager service logs show the process rules are not being committed to the central computer.
Security Manager 6.0 service log: nqsmsvc.mc8 (must have log viewer),
Security Manager 6.5 service log: nqsmsvc.txt
=============================================================
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452`Caught _com_error in TDasObject::CallDasMethod(ProcessRuleSelectAll) from file .\AgentConfig.cpp, line 874.
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452` HRESULT = hr = 8004e002
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452` Message = The root transaction wanted to commit, but transaction aborted
=============================================================
Security Manager application Event Id 21239 will occur.
Security Manager application Event Id 21241 might appear 10 or 15 minutes later depending on the speed of the link between the central computer and the SQL server hosting the one point database.
Com+ errors found in the Windows Event Viewer system logs:
============
Event id 1001
Event id 5379
Event id 781
============
The following errors, found in the Security Manager service logs show the process rules are not being committed to the central computer.
Security Manager 6.0 service log: nqsmsvc.mc8 (must have log viewer),
Security Manager 6.5 service log: nqsmsvc.txt
=============================================================
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452`Caught _com_error in TDasObject::CallDasMethod(ProcessRuleSelectAll) from file .\AgentConfig.cpp, line 874.
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452` HRESULT = hr = 8004e002
AgntCnf`TDasObject::operator() - ProcessRuleSelectAll`-1308442835`30055406`1/23/2010 5:41:22:452` Message = The root transaction wanted to commit, but transaction aborted
=============================================================
Resolution
- On the Central computer go to component services/computers/my computer/properties/options.
- Increase the timeout setting from the default 60 seconds to 300 seconds.
- Restart the ?distributed transaction coordinator? and ?security manager? services.
- Use the Security Manager UI?s to confirm that events are now being processed.
Cause
The network connection between the Central Computer and the Onepoint DB may be slow. Database calls are taking more then 60 seconds (default DTC timeout) are being killed by DTC on the Central Computer side. The call to load the rules is getting killed and the Central Computer does not have any rules to event on.
Additional Information
Formerly known as NETIQKB72064
Even though this might resolve the issue, a slow link between CC and DB is potential for other data related issues
Even though this might resolve the issue, a slow link between CC and DB is potential for other data related issues