cancel
Showing results for 
Search instead for 
Did you mean: 

Enterprise Vault 12.1 - Unable to Move Archive to Server in another domain

Enry
Level 2

- 2 AD domain with two-way trust

- 2 EV 12.1.0.1424 on every single AD domain

- Follow every step with this reference: EV Move Archive Feature Overview https://www.veritas.com/support/en_US/article.TECH129236

- Domain A  EV VSA is also local administrator on domain B EV server

- No firewall

- No DNS issues

- No way to move EV mailbox archive: There are No Available Archives outside the Vault source store. You can only move the selected source archive to a new Archive - On EV server domain A

- On EV server, domain A

EventID 4289

Unable to connect to server 'evserver.domain-B.local' using Kerberos authentication.
Reason: The parameter is incorrect.  (0x80070057)

The DCOM connection was attempted with:
CLSID: {F4D3EB5B-C7C5-11D1-90DB-0000F879BE6A} (EnterpriseVault.DirectoryService.1)
Server name: evserver.domain-B.local
Server Principal Name:  

The connection was made using WinNT authentication. Check that the server name identifies a known server.
There may be a problem with Kerberos authentication or a security issue. An unknown server could indicate a man-in-the-middle attack.

For more information, see Help and Support Center at http://telemetry.community.veritas.com/entt?product=ev&language=english&version=12.1.0.0&build=12.1....

 

- DTrace mmc.exe on EV server, domain A

3    10:09:51.356     [13076]    (mmc)    <22760>    EV:L    {CBaseDirectoryServiceWrapper::CreateDirectoryService} Directory Name [evserver.domain-B.local ], Try Local Service [False]
4    10:09:52.388     [13076]    (mmc)    <22760>    EV:M    {VaultCreateTrustedInstanceRequest::LogUntrustedConnection} Unable to make trusted (Kerberos) connection to server 'evserver.domain-B.local' [The parameter is incorrect.  (0x80070057)]. CLSID [{F4D3EB5B-C7C5-11D1-90DB-0000F879BE6A} (EnterpriseVault.DirectoryService.1)], Address [evserver.domain-B.local ], Server Principal Name []
5    10:09:52.388     [13076]    (mmc)    <22760>    EV:L    {VaultCreateTrustedInstanceRequest::CreateTrustedRemoteInstance} Connected to 'evserver.domain-B.local'. Authorization service [WinNT] Server Principal Name []
6    10:09:52.388     [13076]    (mmc)    <22760>    EV:L    {VaultCreateInstanceRequest::CreateInstance} CLSID [{F4D3EB5B-C7C5-11D1-90DB-0000F879BE6A} (EnterpriseVault.DirectoryService.1)] Server Name [evserver.domain-B.local] Used Server Name [evserver.domain-B.local] Num of attempts [1] Total elapsed [1.023s] Result [Success  (0)]

3 REPLIES 3

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

Hello,

Is "Domain A  EV VSA" defined in EV B as Power Administrator?

I assume you can ping domain B EV from domain A EV?

Regards. Gertjan

Yes, Domain A  EV VSA is defined in EV B as Power Administrator.

Yes, no firewall block policies.

Any solution to this?