Problem
eDiscovery Platform (eDP) collection from Enterprise Vault (EV) server fails to connect to EV Storage Server when EV directory service and EV storage service are on the same server.
Error Message
eDP Job Status Log:
02/08/2023 09:17:01 Storage Server XXXXXXXXXXXXXXX is not responding. Retry attempt number = 1. Waiting for 5 minutes before retrying.
02/08/2023 09:22:01 Storage Server XXXXXXXXXXXXXXX is not responding. Retry attempt number = 2. Waiting for 5 minutes before retrying.
02/08/2023 09:27:02 Storage Server XXXXXXXXXXXXXXX is not responding. Retry attempt number = 3. Waiting for 5 minutes before retrying.
02/08/2023 09:32:02 Storage Server XXXXXXXXXXXXXXX is not responding. Retry attempt number = 4. Waiting for 5 minutes before retrying.
02/08/2023 09:37:02 Storage Server XXXXXXXXXXXXXXX is not responding. Retry attempt number = 5. Waiting for 5 minutes before retrying.
02/08/2023 09:42:02 Storage Server XXXXXXXXXXXXXXX is not responding. Exausted max number of retry attempts to connect to the storage server
eDP server Dtrace of EVContentRetriever process:
48 11:05:50.799 [11128] (EVContentRetriever) <14968> EV:M Error accessing SimpleStore. Attempt:1 EntryId:xxxxxxxxx|hr=A security package specific error occurred. (0x80070721)
49 11:05:50.799 [11128] (EVContentRetriever) <14968> EV:M CItem::PerformItemGet Elapsed time 168.3ms
50 11:05:50.810 [11128] (EVContentRetriever) <14968> EV:H {CItem::PerformItemGet} HRXEX fn trace : Error [0x80070721], [d:\builds\16_\ev\v-m-s\sources\source\storage\evstorageapi\item.cpp, lines {792,1352}, built Nov 1 13:11:51 2018].
WireShark will show the error KRB5KDC_ERR_ETYPE_NOSUPP. Looking at the details will show the EV service account name. The Principal unknown error can be ignored.
Cause
The issue occurs when an organization has configured Network Security to only allow AES128_HMAC_SHA1, AES256_HMAC_SHA1 encryption, however the EV service account does not have the Active Directory setting to support Kerberos AES 128 or 256 bit encryption.
The setting needs to be set on the EV service account because when eDP makes a collection request, the connection to the storage server uses the EV service account to authenticate.
Solution
Enable the setting in Active Directory to support Kerberos AES 128bit and 256 bit encryption for the EV service account.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.