Enterprise Vault™ Compliance Accelerator Administrator's Guide

Last Published:
Product(s): Enterprise Vault (14.3)
  1. Introducing Compliance Accelerator
    1.  
      Key features of Compliance Accelerator
    2.  
      About the Compliance Accelerator components
    3.  
      The Compliance Accelerator process
    4.  
      About randomly sampling items with Compliance Accelerator
    5.  
      About the intelligent review feature in Compliance Accelerator
    6.  
      About the deduplication feature in Compliance Accelerator
    7. Product documentation
      1.  
        White papers on the Veritas Support website
  2. Introducing the Compliance Accelerator client
    1.  
      About the Compliance Accelerator client
    2.  
      Opening the Compliance Accelerator client
    3.  
      Finding your way around the Compliance Accelerator client
  3. Setting up employees and employee groups
    1.  
      About employees and employee groups
    2.  
      Creating employee profiles
    3.  
      Mapping employee properties to Active Directory or Domino directory attributes
    4.  
      Editing the details of employees
    5.  
      Creating employee groups
    6. Assigning roles to employees
      1.  
        About the predefined Compliance Accelerator roles
      2.  
        About the Compliance Accelerator permissions
      3.  
        Creating Compliance Accelerator roles
      4.  
        Editing the properties of Compliance Accelerator roles
      5.  
        Assigning Compliance Accelerator roles to employees or groups
      6.  
        Deleting Compliance Accelerator roles
  4. Working with departments
    1.  
      About departments
    2.  
      Creating departments
    3.  
      Adding monitored employees and groups to departments
    4.  
      Editing the monitoring policy for employees and groups
    5.  
      Moving employees or groups between departments
    6.  
      Moving departments
    7.  
      Assigning department reviewers, compliance supervisors, and delegates
    8. Implementing Chinese Walls security
      1.  
        Enabling Chinese Walls
      2.  
        Managing Department Users
    9. Managing exception employees
      1.  
        Designating employees as exceptions
      2.  
        Assigning further exception reviewers to an exception
      3.  
        Moving an exception employee to another department
      4.  
        Removing exception status
      5.  
        Removing exception reviewers
    10. Grouping departments into partitions
      1.  
        Creating department partitions
    11. Using attributes to classify departments
      1.  
        Setting up department attributes
      2.  
        Assigning attributes to departments
  5. Searching for items
    1. About searching with Compliance Accelerator
      1.  
        Limitations on searching certain types of Skype for Business content
    2.  
      Creating and running Compliance Accelerator searches
    3.  
      About the search criteria options
    4.  
      Guidelines on conducting effective searches
    5.  
      Pausing and resuming Compliance Accelerator searches
    6.  
      About the Monitor Searches tab
    7.  
      Searching the items of exception employees
    8.  
      Selecting the archives in which to search
    9. Building Compliance Accelerator search schedules
      1.  
        Setting up new search schedules
      2.  
        Examples of recurring search schedules
    10.  
      Setting up custom message types
    11. Using hotwords to search for items
      1.  
        Defining hotwords to search for
      2.  
        Adding hotwords
      3.  
        Editing existing hotwords
      4.  
        Deleting hotwords
      5.  
        Adding hotword sets
      6.  
        Editing existing hotword sets
      7.  
        Deleting hotword sets
      8.  
        Importing the predefined hotwords
      9.  
        Enabling the analysis of hotwords
      10.  
        Hotword analysis error handling
    12.  
      Configuring how Compliance Accelerator handles email addresses
    13.  
      Using Compliance Accelerator to search archived Skype for Business content
  6. Manually reviewing items
    1. About reviewing with Compliance Accelerator
      1.  
        Limitations on reviewing certain types of Skype for Business content
    2.  
      About the Review pane
    3.  
      Viewing the hotword statistics for an item in review
    4.  
      How the Prevent self-review option limits the reviewing activities of exception employees
    5.  
      Filtering the items in the Review pane
    6.  
      Assigning review marks to items
    7.  
      Adding comments to items
    8.  
      Viewing the history of items
    9.  
      Displaying printable versions of items
    10.  
      Downloading the original versions of items
    11.  
      Copying the item list to the Clipboard
    12.  
      Changing how the Review pane looks
    13.  
      Setting your Review pane preferences
    14. Escalating items
      1.  
        Assigning escalated items to other escalation reviewers
      2.  
        Closing escalated items
    15.  
      Storing reviewing comments for reuse
  7. Working with research folders
    1.  
      About research folders
    2.  
      Creating research folders
    3.  
      Editing the properties of research folders
    4.  
      Copying items to research folders
    5.  
      Reviewing the items in research folders
    6.  
      Exporting items from research folders
    7.  
      Giving other users access to your research folders
    8.  
      Committing research folder items to the department review set
    9.  
      Removing items from research folders
    10.  
      Deleting folders
  8. Exporting items
    1. About exporting items
      1.  
        Limitations on exporting certain types of content
    2. Performing an export run
      1.  
        How to decrypt RMS-protected items
    3.  
      About the limits on the number of simultaneous export runs
    4.  
      How to optimize export runs
    5.  
      Exporting items from the review set of an exception employee
    6.  
      Making the export IDs visible in Microsoft Outlook
  9. Creating and viewing reports
    1.  
      About the Compliance Accelerator reports
    2.  
      Creating Compliance Accelerator reports
    3. Available Compliance Accelerator reports
      1.  
        Compliance Supervisor Responsibility report
      2.  
        Department Roles Detail report
      3.  
        Department Roles Summary report
      4.  
        Differential Sampling Summary by Department report
      5.  
        Effective Roles by User report
      6.  
        Evidence of message type Review by Department/Employee reports
      7.  
        Item Aging by Department report
      8.  
        Message Stats Summary report
      9.  
        Message Summary report
      10.  
        Monitored IDs by Department report
      11.  
        Questioned Items by Department report
      12.  
        Responsibility by Department report
      13.  
        Responsibility by Reviewer report
      14.  
        Review Activity Summary by Department report
      15.  
        Reviewer Activity by Department report
      16.  
        Reviewer Activity Detail report
      17.  
        Reviewer Mapping report
      18.  
        Search Auto Reviewed Irrelevant Items by Department
      19.  
        Unreviewed Departments report
      20.  
        Unsupervised Departments report
    4.  
      Viewing existing reports
    5.  
      Deleting reports
    6. About viewing Compliance Accelerator datasets using the OData web service
      1.  
        Available Compliance Accelerator datasets
      2.  
        Accessing the Compliance Accelerator datasets
      3.  
        Using the OData service with Microsoft Excel
      4.  
        Using the OData service with Microsoft SQL Server Reporting Services (SSRS)
  10. Appendix A. Customizing Compliance Accelerator
    1.  
      Specifying the Windows domains with which to synchronize employee details
    2.  
      Customizing the reviewing action statuses
    3. Setting Compliance Accelerator system configuration options
      1.  
        Ad Hoc Searches configuration options
      2.  
        Diagnostics configuration options
      3.  
        Document Conversion configuration options
      4.  
        Export/production configuration options
      5.  
        General configuration options
      6.  
        Home Page configuration options
      7.  
        Hotword Analysis configuration options
      8.  
        Item Prefetch Cache configuration options
      9.  
        Item Prefetch Cache (Advanced) configuration options
      10.  
        Policy Integration configuration options
      11.  
        Profile Synchronization configuration options
      12.  
        Random Capture configuration options
      13.  
        Reviewing configuration options
      14.  
        Search configuration options
      15.  
        Security configuration options
      16.  
        System configuration options
      17.  
        Vault Directory Synchronization configuration options
    4.  
      Customizing the columns in the Review pane
  11. Appendix B. Importing configuration data from an XML file
    1.  
      About importing configuration data
    2.  
      Sample XML files
    3.  
      Format of the Dataload.xml file
    4.  
      Importing the configuration data
    5. About the ImportExport command
      1.  
        ImportExport syntax
      2.  
        Examples of ImportExport commands
  12. Appendix C. Troubleshooting
    1.  
      A security warning may appear when you preview certain items in the Review pane of the Compliance Accelerator client
    2.  
      Issues with the random sampling of items
    3.  
      Display issues when you run the Compliance Accelerator client in Windows 8 or later
    4.  
      Display issues when you open a Compliance Accelerator website in Internet Explorer 10 or later
    5.  
      Vault stores not displayed in the Compliance Accelerator client
    6.  
      Compliance Accelerator searches return unexpected results
    7.  
      Errors when exporting items from Compliance Accelerator
    8.  
      TNEF-encoded attachments to Internet Mail (.eml) messages may not be readable after you export the messages from a review set
    9.  
      Synchronization errors after you rename the SQL Server computer
    10.  
      Performance counter errors when the Accelerator Manager service starts
    11.  
      SQL Service Broker warning when restoring a customer database to a different server
    12. Issues with Compliance Accelerator reports
      1.  
        Prompt to install SQL Server when printing a report for the first time
      2.  
        Reports that you export as CSV may not open properly in Microsoft Excel
      3.  
        Garbled Japanese characters when exporting reports in Acrobat format
      4.  
        Troubleshooting OData errors
    13.  
      Error messages when the Intelligent Review (IR) API authentication and authorization fails

Error messages when the Intelligent Review (IR) API authentication and authorization fails

Error: Login failed for user NT AUTHORITY\ANONYMOUS LOGON

This is a Kerberos double hop error. This error appears if the Kerberos constrained trusted delegation is not set correctly between the Compliance Accelerator Server and the Compliance Accelerator Database Server.

To fix this error, perform the following steps:

  • Verify if the Compliance Accelerator Server is trusted for delegation.

  • Check if the installation setup/environment has Kerberos constrained trusted delegation is set properly. Verify the SQL Service Service Principal Names (SPNs) for correctness, duplication, and missing SPNs. Use the Kerberos Configuration Manager tool.

  • Verify if the Compliance Accelerator Server is using Fully Qualified Domain Name (FQDN) and not IP Addresses for connecting to the Compliance Accelerator Configuration and the customer databases. For configuration database, verify if the <install dir \Veritas Intelligent Review\IR.APIEndPoint \appsettings.json-> ConfigDBConnection key is using the FQDN and not IPAddress for connection string. For the customer database, verify if the configuration database->tblCustomer table for the 'Server' field for that customer is using FQDN and not IPAddress.

  • Verify if the SQL Server service account is a user, then that user is trusted for delegation, and various properties like the user is allowed for the delegation are set correctly.

Refer to the sample screen below.

SQL Always On Setup > Kerberos delegation issues

To fix this issue, perform the following procedure:

  1. Create the correct SPNs. For example, If the SQL Service is running as a Vault Service account (VSA) user, create or check if proper SPNs exist for VSA.
  2. Create SPNs for the availability group listener as well as the actual SQL nodes.
  3. Enable the Compliance Accelerator Server to trust for delegation (only the listener). Refer to the sample image below.

    Note:

    Choose Add… while trusting for delegation and choose the SQL Service account (VSA) on which the SPNs are configured.

  4. Restart the Active Directory Domain service on the Domain Controller.
  5. Restart Internet Information Services (IIS) on the Compliance Accelerator Server.
  6. Call the Intelligent Review (IR) API directly or via Enterprise Vault. Refer to the sample image below.