EventTriggers revisited – Who stole my catalog!



EventTriggers is my new best friend.  


Many moons ago, I blogged about using EventTriggers in my Troubleshooting WSS Event 1000 DB Connectivity Problems post.  (Speaking about that problem, expect an updated posting on it soon).


Another scenario came up where I saw how I could utilize it again to determine a problem I'm researching in regards to Search Propagation.


Here's the problem event:


Event Type: Error
Event Source: Microsoft SharePointPS Search Service
Event Category: Search service
Event ID: 7051
Date: X/XX/2006
Time: 12:00:00 AM
User: N/A
Computer: SERVER
Description:
Index propagation to search server <SERVER (IP xxx.xxx.xxx.xxx)> was not accepted.
Context: http://portalserver/ Application, Portal_Content Catalog
Details:
The process cannot access the file because it is being used by another process. (0x80070020)
For more information visit http://www.microsoft.com/servers/redirect/contentredirect2.asp
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The event tells us that search propagation was not expected specifically because The process cannot access the file because it is being used by another process.


Some of the typical things you want to rule out first of course are,



  • File Level Antivirus scanning
  • File level backups that may lock those files

If any of those are active, disable them.  If they lock the file, then MSSearch cannot open/write/delete them if necessary to propagate, load, etc


If you can't tell specifically what is opening those files outside of MSSearch, then a combination of EventTriggers and the handle tool written by Mark Russinovish can easily determine who is doing what :).



  • First, create a script to execute the handle tool on every file in the catalog folders:


doit.cmd





REM Use for to enumerate over every file in the data directory and issue handle on.  Append the output to handle_output.txt on the root of C:\
for /R "C:\Program Files\SharePoint Portal Server\DATA" %%f in (*.*) do handle "%%f" >> C\handle_output.txt


  • Then create an event trigger to monitor for the event and then run the command.





eventtriggers /Create /TR "7051 Trigger" /EID 7051 /T "ERROR"
/SO "Microsoft SharePointPS Search Service" /TK C:\doit.cmd

  Note: It's important to specify the exact path to the script file so that when the event occurs, the script will be run.


The next time the event occurs, the handle_output.txt file will contain a list of processes which have open handles on the file.


Note: You're not limited to just hooking off of event ID 7051, there are other search related events where it might be helpful to do something like this.


See the documentation on EventTriggers to delete the trigger when you are done!


HTH


Keith







For more information on EventTriggers:
http://technet2.microsoft.com/WindowsServer/en/Library/e33bcf4c-dece-4b47-9bb7-31ecfcbc76d51033.mspx


For more information on For:
http://technet2.microsoft.com/WindowsServer/en/Library/7a2c7d08-bf35-414a-8a04-7e870559c82d1033.mspx


For more information on handle:
http://www.sysinternals.com/Utilities/Handle.html


 


 

Skip to main content