Added EV domain admin - 8596 Data decryption has failed

Question

vault service account was accidently added to domain admins. it has been removed but EV now gives there following error even though it is removed. any ideas?

Log Name: Symantec Enterprise Vault
Source: Enterprise Vault
Date: 9/16/2020 4:31:00 PM
Event ID: 8596
Task Category: Directory Service
Level: Error
Keywords: Classic
User: N/A
Computer: EV1.domain.com
Description:
Data decryption has failed.

Caller: domain\evadmin

Cipher text: EV//AwAAAD8GAAC.......................................

sheldondsouza · Answer

Hello&nbsp;VersEV1&nbsp;Were you getting these errors prior to the VSA being in the Domain Admins Group?A very foolish question (of me) to ask is have you restarted the EV services after removing the VSA from Domain Admins Group?Also, a very basic thing we tend overlook in this scenario but considering the fault of someone else adding the VSA to the Domain Admins group, then there would be some other changes made without your knowledge and you would want to revisit this article;&nbsp;Enterprise Vault Accounts and Permissions&nbsp;Let us know if any of the above helped.

versev1 · Answer

now that you mention it looks like it did occur before vsa was local admin. will review permissions on sql and ev

versev1 · Answer

permissions are good. it's just one ev server out of two. any thoughts?

sheldondsouza · Answer

Hello&nbsp;VersEV1&nbsp;If the issue is local to the EV Server in question, then, I guess we need to focus on the Server itself.After redacting environment information, Could you share the Dtrace of the Directory Service?Follow the steps mentioned below...- Start the Dtrace- Enable Verbose Logging for the Directory Service- Restart the EV Admin Services (effectively restarting all the EV services) or stop the EV Services and restart them in this order&nbsp; &nbsp;- EV Admin Service&nbsp; &nbsp;- EV Directory Service&nbsp; &nbsp;- EV Storage Service&nbsp; &nbsp;- EV Task Controller Service&nbsp; &nbsp;- EV Shopping Service&nbsp; &nbsp;- EV Indexing Service&nbsp; &nbsp;- EV SMTP Service (if installed and present)- Monitor the Event Viewer for Event ID 8596- Once event is logged, wait for a few seconds and stop the Dtrace&nbsp;

sheldondsouza · Answer

Hello&nbsp;VersEV1&nbsp;Any luck with your issue raised in this post?Did you find anything on the server that was out of place which you fixed and it resolved the issue?

Forum Discussion

Added EV domain admin - 8596 Data decryption has failed

5 Replies

Related Content

Replication to multiple domains

Can't restore from old domain

Migration from one domain to new domain

Migrate Enterprise Vault from old domain to new domain

Data Domain to Data Domain file transfers

Recent Discussions

EV Client Reset for MAC book

Attachments in Mails - EnterprsieVault

Enterprise Vault MPIP encrypted email decryption is not working

Defender 365 detecting malware in a CAB/DVSSP file

Broken link