TSM Backup Archive client deleted

Hiten

Unregistered / Unconfirmed
Joined
Sep 14, 2010
Messages
99
Reaction score
0
Points
0
Location
I am living in Mumbai.
PREDATAR Control23

Hi,

We have Microsoft Windows 2008 R2 x64bit OS file server. Recently we have upgraded TSM to 6.4. As same we have upgraded the TSM BA client version to 6.4.2.0. Its worked for 15days & suddenly we have found that from the path "C:\Programe Files\Tivoli\TSM\baclient" all the .exe files getting deleted automatically. Only dsmsched,dsmwebclint,dsmerror logs left in folder. Later we have reinstalled the same package again & observed second time also files got deleted automatically including the logs also.

We have installed the TSM BA client again but not in above path but outside the path it works for 2 days & same incident happened. We have Symantec Endpoint Protection v.12.1.4013 installed in which we have execuded the entire Tivoli folder from regular scan but still same problem occurs. Can some one help if any other way if we can stop the same?
 
PREDATAR Control23

I think the first thing to do is determine what or who is deleting those files. From a TSM Client perspective, other than the installer during an uninstall, I can't think of anything that would delete the files.

Do you use client auto deployment? You can check if the TSM Server send an update or not by looking for the logs:
By default, the log and trace files for a deployment operation are written to the client's disk in C:\Program Files\Tivoli\TSM\IBM_ANR_WIN\Vxxxx\log; where xxxx represents the version for the newly deployed client.

If the directory IBM_ANR_WIN does not exist, auto-eployment has never been used on this computer, which would rule out any issues with automatic client deployment. If you have logs in that path, then check the logs to see if a client was deployed around the timeframe you saw the files being deleted.

If you rule out automatic client deployment as the cuplrit, then I would use a tool like Process Monitor (procmon.exe) from Microsoft(formerly Sysinternals) and monitor the directory to see what process deletes it. Might want to filter on a single file in that directory that gets deleted everytime, that will minimize the amount of output you have to go through. Once you know the culprit, you'll have to investigate further why that program deletes files.
 
PREDATAR Control23

Hi Marclant,

Thanks for the update. As per the path I checked & could not found the IBM_ANR_WIN folder exists on my client server. Yesterday till backup was successfully completed. Now when I checked I could not find the dsm.opt & some of the exe files missing from "C:\Program Files\Tivoli\TSM\baclient" folder. When I go to all programmes & try to open the BA gui automatically the installation window open & all exes are getting back to the BALCIENT folder except dsm.opt file.

How come it's happening? Is there some permission related issue?
 
PREDATAR Control23

If you do not have IBM_ANR_WIN, an uninstall or failed upgrade was not triggered by the automatic client deployment. So this means something else is deleting it. TSM won't delete itself except during an unistall, and even then, it would keep all files that are not part of the software: .opt, .log, and any other file that a user could have saved in there.

This brings us back to my previous message, because we just ruled out automatic client deployment:
If you rule out automatic client deployment as the cuplrit, then I would use a tool like Process Monitor (procmon.exe) from Microsoft(formerly Sysinternals) and monitor the directory to see what process deletes it. Might want to filter on a single file in that directory that gets deleted everytime, that will minimize the amount of output you have to go through. Once you know the culprit, you'll have to investigate further why that program deletes files.
 
PREDATAR Control23

Any entry on the Windows event viewer or from the Antivirus logs that may point to this oddity?

The only thing that deletes files that I know of 'proactively' is an antivirus that thinks the files are not safe or a worm/virus itself.
 
Last edited:
PREDATAR Control23

Hi Guys,
Did you find a reason for this issue, as I'm facing same issue on few nodes.
Thanks ...
 
PREDATAR Control23

I found the solution to it with help of our team expert who is looking after Antivirus product. According to him Antivirus policies can make it happen automatically once policy becomes active. We are running two Products for Antivirus in our Organization.
Symantec and Trend Micro as per our organization security team, policy created to block / delete any suspected exe files as we faced issues in past specially on file servers that lot of exe files observed.

We later discovered and kept the complete path in exception list where the critical software exe remains in OS drive and our issue resolved.
 
PREDATAR Control23

Thanks. Doubted the same. Have put in some exceptions on the AV side.
 
Top