cancel
Showing results for 
Search instead for 
Did you mean: 

Added EV domain admin - 8596 Data decryption has failed

VersEV1
Level 4

vault service account was accidently added to domain admins. it has been removed but EV now gives there following error even though it is removed. any ideas?

Log Name: Symantec Enterprise Vault
Source: Enterprise Vault
Date: 9/16/2020 4:31:00 PM
Event ID: 8596
Task Category: Directory Service
Level: Error
Keywords: Classic
User: N/A
Computer: EV1.domain.com
Description:
Data decryption has failed.

Caller: domain\evadmin

Cipher text: EV//AwAAAD8GAAC.......................................

 

5 REPLIES 5

SheldonDsouza
Level 4
Certified

Hello @VersEV1 

Were you getting these errors prior to the VSA being in the Domain Admins Group?

A very foolish question (of me) to ask is have you restarted the EV services after removing the VSA from Domain Admins Group?

Also, a very basic thing we tend overlook in this scenario but considering the fault of someone else adding the VSA to the Domain Admins group, then there would be some other changes made without your knowledge and you would want to revisit this article; Enterprise Vault Accounts and Permissions 

Let us know if any of the above helped.

Regards,
Sheldon Dsouza

now that you mention it looks like it did occur before vsa was local admin. will review permissions on sql and ev

permissions are good. it's just one ev server out of two. any thoughts?

Hello @VersEV1 

If the issue is local to the EV Server in question, then, I guess we need to focus on the Server itself.

After redacting environment information, Could you share the Dtrace of the Directory Service?

Follow the steps mentioned below...

- Start the Dtrace
- Enable Verbose Logging for the Directory Service
- Restart the EV Admin Services (effectively restarting all the EV services) or stop the EV Services and restart them in this order
   - EV Admin Service
   - EV Directory Service
   - EV Storage Service
   - EV Task Controller Service
   - EV Shopping Service
   - EV Indexing Service
   - EV SMTP Service (if installed and present)
- Monitor the Event Viewer for Event ID 8596
- Once event is logged, wait for a few seconds and stop the Dtrace

 

Regards,
Sheldon Dsouza

Hello @VersEV1 

Any luck with your issue raised in this post?

Did you find anything on the server that was out of place which you fixed and it resolved the issue?

Regards,
Sheldon Dsouza