Be sure your Vault Service Account is NOT a member of the Domain Admins. See the section Creating the Vault Service account in the Installing and Configuring guide.
This is also from the Installing guide.
Assigning Exchange Server permissions to the Vault Service account
For Exchange Server 2010 and Exchange Server 2007, Enterprise Vault includes a PowerShell script which assigns the necessary permissions to the Vault Service account.
Although you must run this script on Exchange Server 2010 or Exchange Server 2007, the script assigns permissions required by all the Exchange versions in your environment, including Exchange Server 2003 and Exchange 2000. However, if your environment contains Exchange servers no later than Exchange Server 2003, you must assign permissions manually..
To assign Exchange Server permissions to the Vault Service account
Log in to the Exchange Server using an account that is assigned the following management roles:
Active Directory Permissions
Exchange Servers
Organization Configuration
By default, members of the "Organization Management" role group are assigned these roles.
On the Enterprise Vault server, locate the script called SetEVExchangePermissions.ps1 and copy it to the Exchange Server.
The Exchange 2010 PowerShell scripts are in the PowerShellScripts subfolder of the Enterprise Vault installation folder (normally c:\Program Files\Enterprise Vault).
On the Exchange Server, open the Exchange Management Shell.
Run SetEVExchangePermissions.ps1.
The syntax for this script is:
SetEVExchangePermissions.ps1 -user domain\user_name
where:
domain is the Active Directory domain that the Vault Service account belongs to.
user_name is the Vault Service account. If user_name contains spaces, enclose it in quotation marks.
If you want to force these changes to take effect immediately, restart the Microsoft Exchange Information Store service on each Exchange mailbox server.
