Enterprise Vault™ Compliance Accelerator Administrator's Guide

Last Published:
Product(s): Enterprise Vault (15.0)
  1. Introducing Compliance Accelerator
    1.  
      Key features of Compliance Accelerator
    2.  
      About the Compliance Accelerator components
    3.  
      The Compliance Accelerator process
    4. Product documentation
      1.  
        White papers on the Veritas Support website
  2. Introducing Veritas Surveillance
    1.  
      About Veritas Surveillance
    2.  
      Routine operations executed with Veritas Surveillance
    3.  
      About Veritas Surveillance system security
    4.  
      Feature comparison: Compliance Accelerator desktop client Vs Veritas Surveillance web client
  3. Creating and viewing reports
    1.  
      About the Compliance Accelerator reports
    2.  
      Accessing data through the Microsoft SQL Server Reporting Services (SSRS)
    3. Enhanced reporting
      1.  
        Configuring a reporting endpoint
      2.  
        Authentication
      3. Departments API
        1.  
          Departments - List
      4. Roles API
        1.  
          Roles - List
        2.  
          Roles - List by filters
      5. Users API
        1.  
          Users - List
      6. UserRoles API
        1.  
          UserRoles - List by filters
      7. ItemMetrics API
        1.  
          ItemMetrics - List
        2.  
          ItemMetrics - List by filter
      8. Evidence of Review by Department API
        1.  
          EvidenceOfReviewByDept - List by filter
      9. Evidence of Review by User API
        1.  
          EvidenceOfReviewByUser - List by filter
      10.  
        Supported OData query options
      11.  
        Supported reporting endpoint API filters and their values
      12.  
        Responses
    4. Accessing reports through the OData web service
      1.  
        Available Compliance Accelerator datasets
      2.  
        Accessing the Compliance Accelerator datasets
      3.  
        Using the OData service with Microsoft Excel
      4.  
        Using the OData service with Microsoft SQL Server Reporting Services (SSRS)
    5.  
      Configuring a Power BI template for reporting
  4. Appendix A. Troubleshooting
    1.  
      Veritas Surveillance user interface user interface is not displayed properly in non-English environment
    2.  
      Issues with the random sampling of items
    3.  
      Display issues when you open a Compliance Accelerator website in Internet Explorer 10 or later
    4.  
      Vault stores not displayed in the Veritas Surveillance web client
    5.  
      TNEF-encoded attachments to Internet Mail (.eml) messages may not be readable after you export the messages from a review set
    6.  
      Synchronization errors after you rename the SQL Server computer
    7.  
      Performance counter errors when the Accelerator Manager service starts
    8.  
      SQL Service Broker warning when restoring a customer database to a different server
    9.  
      Error messages when the Intelligent Review (IR) API authentication and authorization fails
    10.  
      Known issues after enabling FIPS

Error messages when the Intelligent Review (IR) API authentication and authorization fails

Error: Login failed for user NT AUTHORITY\ANONYMOUS LOGON

This is a Kerberos double hop error. This error appears if the Kerberos constrained trusted delegation is not set correctly between the Compliance Accelerator Server and the Compliance Accelerator Database Server.

To fix this error, perform the following steps:

  • Verify if the Compliance Accelerator Server is trusted for delegation.

  • Check if the installation setup/environment has Kerberos constrained trusted delegation is set properly. Verify the SQL Service Service Principal Names (SPNs) for correctness, duplication, and missing SPNs. Use the Kerberos Configuration Manager tool.

  • Verify if the Compliance Accelerator Server is using Fully Qualified Domain Name (FQDN) and not IP Addresses for connecting to the Compliance Accelerator Configuration and the customer databases. For configuration database, verify if the <install dir \Veritas Intelligent Review\IR.APIEndPoint \appsettings.json-> ConfigDBConnection key is using the FQDN and not IPAddress for connection string. For the customer database, verify if the configuration database->tblCustomer table for the 'Server' field for that customer is using FQDN and not IPAddress.

  • Verify if the SQL Server service account is a user, then that user is trusted for delegation, and various properties like the user is allowed for the delegation are set correctly.

Refer to the sample screen below.

SQL Always On Setup > Kerberos delegation issues

To fix this issue, perform the following procedure:

  1. Create the correct SPNs. For example, If the SQL Service is running as a Vault Service account (VSA) user, create or check if proper SPNs exist for VSA.
  2. Create SPNs for the availability group listener as well as the actual SQL nodes.
  3. Enable the Compliance Accelerator Server to trust for delegation (only the listener). Refer to the sample image below.

    Note:

    Choose Add… while trusting for delegation and choose the SQL Service account (VSA) on which the SPNs are configured.

  4. Restart the Active Directory Domain service on the Domain Controller.
  5. Restart Internet Information Services (IIS) on the Compliance Accelerator Server.
  6. Call the Intelligent Review (IR) API directly or via Enterprise Vault. Refer to the sample image below.