Mobile Search fails with "You do not have access to archives".

Article: 100046652
Last Published: 2021-05-12
Ratings: 0 0
Product(s): Enterprise Vault

Problem

Users that belong to many groups in Active Directory will fail to search in Mobile Search. 

Error Message

In the Mobile Search GUI the following error:

You do not have access to archives.  If the problem persists, contact your Enterprise Vault Administrator. 

In a dtrace of the DirectoryService and W3WP processes the following 8418 and 41478 events are seen:

(DirectoryService)    <18456>    EV~I    DirectoryService: GetAllUsersGroups: Getting Users Groups using DC = \\DC and a username of user6 |
(DirectoryService)    <18456>    EV:L    CEventLog::EventIsAllowedByFilter - Thread event filtering - event [0xc00420e2] was filtered out
(DirectoryService)    <18456>    EV~I    DirectoryService: ADO: GetNextLevelArchiveXMLBySite - GetUsersSids Failed |
(DirectoryService)    <18456>    EV:H    {CDirectoryServiceObject::GetNextLevelArchiveXMLBySite} HRXEX fn trace : Error [0x8000ffff], [d:\builds\13_\ev\vh-12.4-m\sources\source\directory\directoryservice\directoryserviceobject.cpp, lines {10061,10071,10096}, built Mar  1 01:08:01 2019].
(DirectoryService)    <18456>    EV~E    Event ID: 8418 Failed to get user groups with domain group error code 234 and local group error code . |
(w3wp)    <11572>    EV:H    {CDirectoryConnectionObject::GetNextLevelArchiveXMLBySite} HRXEX fn trace : Error [0x8000ffff], [d:\builds\16_\ev\v-m-s\sources\source\directory\directoryconnection\directoryconnectionobject_1.cpp, lines {3354,3361,3363}, built Nov  1 13:11:07 2018].
(w3wp)    <11572>    EV~W    |Event ID: 41478 User 'user6' does not have permission on any archive.

Cause

There is a character limit of the sum total of characters of each group the user belongs to.  Users that belong to dynamic groups are more susceptible to this issue. 

To identify the groups that the affected user belongs to run the following PowerShell command on the Domain Controller identified in the dtrace (i.e., DC):

Get-ADPrincipalGroupMembership -Identity user6 | fl name

Solution

Workaround is to reduce the amount of groups the user belongs to. 

Issue has been identified in EV versions 12.3.1 and 12.4.2.  It has been fixed in 12.5.3 and 14.

References

JIRA : CFT-2296

Was this content helpful?