cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

new AD password - users cannot access to their vaults

Go to solution
Maria_Z_
Level 4

‎04-07-2010 07:53 AM

Hi, We have changed the AD password for some users and now these users cannot access their vaults. If the user tries to access to his/her vault from outlook a pop-up windows ask them for the password all the time, it is not possible to access to the archived items. If we try to access the vault storage of the users from the IE, after the 3rd try we get a HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. The other users can access their vaults without any problems. Thanks in advance.
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Maria_Z_
Level 4

‎05-20-2010 09:24 AM

Hi All,

I would like to thank you for your help and replies.

After checking all the server settings, permissions, the AD, connections to the servers...a total nightmare... I found out what the problem was! And it was something really simple!

I think that the users complaint about this issue when the passwords were changed, I am sure that most of them were not opening any archive emails, so that's why this wasn't spot before.  Everybody tried to open an archive email with the new password...then voila! The archive cannot be opened!! S-(

The solution was to update the indexes for the users that had problems opening archive items...that was all...)

If you are having this problem you could try to fix it using the IndexVolumeReplay.exe

I hope this could help someone else.

Regards,
Maria
 

View solution in original post

0 Kudos
17 REPLIES 17

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎04-07-2010 08:04 AM

http://seer.entsupport.symantec.com/docs/295039.htm

Scenario 6: A cached Username and Password is being used on the Desktop
1) On the users desktop, navigate to the Control Panel -> User Accounts

2) Select the Advanced Tab -> click the "Manage Passwords" button

3) From the list of sites in the following dialog, verify that the Enterprise Vault server is not listed, if it is listed, remove the user.

4) Close and re-open Outlook and attempt to download the item again
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎04-07-2010 08:30 AM

I've seen it prompt users for username and password in our environment. Instead of DOMAIN\username it's autopopulating with EVSERVER\username and nobody is noticing. Changing to DOMAIN\username and inputting the AD/network password makes it happy once again.
0 Kudos

Go to solution
Maria_Z_
Level 4

‎04-07-2010 08:49 AM

Hi,

thanks for the replies - the domain name is correct and I tried the "manage passwords" before...no luck (
0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎04-07-2010 10:05 AM

Fair enough, just as a matter of interest does the event log show the web application rejecting the calls?
Also what happens if you do a simple IIS Reset and then having the users try again?

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

‎04-08-2010 01:02 AM


How about synicing the mailboxes using the permissions also.
Regards. Gertjan
0 Kudos

Go to solution
MichelZ
Level 6
Partner Accredited Certified

‎04-08-2010 03:31 AM

Does it work on another PC?

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Go to solution
Maria_Z_
Level 4

‎04-08-2010 07:18 AM

Hi,

I have done the IIS reset but not much luck...

If I use any of the users, accounts:

- From his computer: I cannot access the web site (http://servername.domain.com/enterprisevault), and there are no logs in the server
- From other computer: I can access the web site but the vault search is not working, I get the error- "Failed to perform the search request"
- If I try to download an item from outlook, a failure audit entry is created in the server


I have reset my password and I can access my vault from any computer and run any search.

Bizarre...
0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎04-08-2010 07:47 AM

can you paste the audit failure from the event log
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
Maria_Z_
Level 4

‎04-08-2010 08:06 AM

Sure


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date:  4/8/2010
Time:  6:42:14 AM
User:  NT AUTHORITY\SYSTEM
Computer: (SERVERNAME)
Description:
Logon Failure:
  Reason:  Unknown user name or bad password
  User Name: (USERNAME)
  Domain:  (DOMAIN)
  Logon Type: 3
  Logon Process: NtLmSsp
  Authentication Package: NTLM
  Workstation Name: (COMPUTER NAME)
  Caller User Name: -
  Caller Domain: -
  Caller Logon ID: -
  Caller Process ID: -
  Transited Services: -
  Source Network Address: (IP ADDRESS)
  Source Port: (PORT)
0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎04-08-2010 08:28 AM

Do you have the SPN properly defined in AD for your EV servers?

Example:

C:\>setspn -l EVSERVER
Registered ServicePrincipalNames for CN=EVSERVER,OU=Servers,DC=company,DC=com:
        http/vault1.company.com
        http/vault1
        host/vault1.company.com
        host/vault1
        TERMSRV/EVSERVER.company.com
        TERMSRV/EVSERVER
        HOST/EVSERVER
        HOST/EVSERVER.company.com

0 Kudos

Go to solution
Maria_Z_
Level 4

‎04-09-2010 12:17 AM

Thanks, I will have to check that...but do you think that the problem is that? some users can access without problems...
0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎04-09-2010 01:46 PM

it's worth checking. only takes a couple seconds to run that command.
0 Kudos

Go to solution
Maria_Z_
Level 4

‎04-20-2010 04:58 AM

Hi,

The evault server is not set up as a server, but why should it be? the users were able to login before changing the passwords...so I don't understand why they are not allowed to download the archive items now...
0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎04-20-2010 04:33 PM

"The evault server is not set up as a server"

i'm not entirely sure i understand what you mean
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
Maria_Z_
Level 4

‎04-21-2010 01:40 AM

"Registered ServicePrincipalNames for CN=EVSERVER,OU=Servers,DC=company,DC=com"

The Evault is not register as a server, it is register as a computer. (OU != Servers)

It was working fine before - the problem started after changing the password of the users...
0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎04-21-2010 08:08 AM

did you run setspn -L <name of your evserver> ?
paste the output here so we can see. the location of the computer object doesn't matter.
0 Kudos

Go to solution
Maria_Z_
Level 4

‎05-20-2010 09:24 AM

Hi All,

I would like to thank you for your help and replies.

After checking all the server settings, permissions, the AD, connections to the servers...a total nightmare... I found out what the problem was! And it was something really simple!

I think that the users complaint about this issue when the passwords were changed, I am sure that most of them were not opening any archive emails, so that's why this wasn't spot before.  Everybody tried to open an archive email with the new password...then voila! The archive cannot be opened!! S-(

The solution was to update the indexes for the users that had problems opening archive items...that was all...)

If you are having this problem you could try to fix it using the IndexVolumeReplay.exe

I hope this could help someone else.

Regards,
Maria
 

0 Kudos