Arctera Enterprise Vault™ Insight Surveillance Installation Guide

Last Published:
Product(s): Enterprise Vault (15.2)
  1. Introducing Insight Surveillance
    1.  
      About Insight Surveillance desktop application
    2.  
      About Insight Surveillance web application
    3.  
      Feature comparison: Arctera Insight Surveillance desktop application Vs Arctera Insight Surveillance web application
    4. Product documentation
      1.  
        White papers on the Arctera Support website
  2. Preparing to install Insight Surveillance
    1. Configuration options for Insight Surveillance
      1.  
        Insight Surveillance configuration for large installations
      2.  
        Insight Surveillance configuration for smaller installations
    2.  
      Supported versions of Enterprise Vault in Insight Surveillance environments
    3. Prerequisites for Arctera Insight Surveillance
      1.  
        Prerequisites for the SQL Server computer
      2.  
        Prerequisites for the Arctera Insight Surveillance server computer
      3.  
        Prerequisites for the Enterprise Vault server computer
      4. Prerequisites for Insight Surveillance
        1.  
          Additional requirements for Arctera Insight Surveillance
        2.  
          Set Kerberos Trusted Delegation
    4.  
      Configuring Outlook to enable the processing of items with many attachments or many recipients
    5.  
      Setting the Windows and ASP.NET Temp folder permissions
    6. Security requirements for temporary folders
      1.  
        Granting additional users and groups access to the temporary folders
    7.  
      Disabling networking facilities that can disrupt a Insight Surveillance environment
    8.  
      Disabling the Windows Search Service on the Insight Surveillance server
    9.  
      Ensuring that the Windows Server service is running on the Insight Surveillance server
    10.  
      Configuring the SQL Server Agent service
    11.  
      Assigning SQL Server roles to the Vault Service account
    12.  
      Installing and configuring the SQL full-text search indexing service
    13.  
      Verifying that Enterprise Vault expands distribution lists
    14. Configuring Intelligent Review API Authentication and Authorization
      1.  
        Setting Kerberos trusted delegation between Surveillance Servers and Surveillance Database Servers
      2.  
        Setting Kerberos trusted delegation between Surveillance Servers and Surveillance Database Servers on IP address
  3. Installing Insight Surveillance
    1. Installing the Insight Surveillance server software
      1.  
        Allowing Enterprise Vault to communicate with Insight Surveillance through the Windows firewall
      2.  
        Creating the configuration database and customer databases
      3.  
        Configuring a dedicated server for Intelligent Review processing (optional deployment configuration)
      4. Configuring Insight Surveillance for use in a SQL Server Always On environment
        1.  
          Using SQL Server Reporting Services in an Always On environment
      5. Installing Insight Surveillance in a clustered environment
        1.  
          Configuring Insight Surveillance for use in a Network Load Balancing cluster
      6.  
        Maximizing security in your Insight Surveillance databases
    2.  
      Uninstalling Insight Surveillance
  4. Appendix A. Ports that Insight Surveillance uses
    1.  
      Default ports for Insight Surveillance
    2.  
      Changing the ports that Insight Surveillance uses
  5. Appendix B. Troubleshooting
    1.  
      Error messages appear in the event log when upgrading to Insight Surveillance 15.2
    2.  
      Enterprise Vault eDiscovery Manager service not created
    3.  
      Enterprise Vault eDiscovery Manager service does not start
    4.  
      "Access is denied" message is displayed when you try to create a customer database on a UAC-enabled computer
    5.  
      Cannot create or upgrade Insight Surveillance customer databases when Symantec Endpoint Protection is running
    6.  
      Error messages when the Intelligent Review (IR) API authentication and authorization fails
  6. Appendix C. Installing and configuring the Enhanced Auditing feature
    1.  
      Overview
    2.  
      Prerequisites for the Enhanced Auditing feature
    3.  
      Installing the Enhanced Auditing feature
    4.  
      Post installation steps
    5.  
      Upgrading the Enhanced Auditing setup
    6.  
      Modifying the Enhanced Auditing setup
    7.  
      Repairing the Enhanced Auditing setup
    8.  
      Uninstalling the Enhanced Auditing setup
    9.  
      Managing access from Arctera Insight Surveillance

Error messages when the Intelligent Review (IR) API authentication and authorization fails

Error: Login failed for user NT AUTHORITY\ANONYMOUS LOGON

This is a Kerberos double hop error. This error appears if the Kerberos constrained trusted delegation is not set correctly between the Surveillance Server and the Surveillance Database Server.

To fix this error, perform the following steps:

  • Verify if the Surveillance Server is trusted for delegation.

  • Check if the installation setup/environment has Kerberos constrained trusted delegation is set properly. Verify the SQL Service Service Principal Names (SPNs) for correctness, duplication, and missing SPNs. Use the Kerberos Configuration Manager tool.

  • Verify if the Surveillance Server is using Fully Qualified Domain Name (FQDN) and not IP Addresses for connecting to the Surveillance Configuration and the customer databases. For configuration database, verify if the <install dir \Arctera Intelligent Review\IR.APIEndPoint \appsettings.json-> ConfigDBConnection key is using the FQDN and not IPAddress for connection string. For the customer database, verify if the configuration database->tblCustomer table for the 'Server' field for that customer is using FQDN and not IPAddress.

  • Verify if the SQL Server service account is a user, then that user is trusted for delegation, and various properties like the user is allowed for the delegation are set correctly.

Refer to the sample screen below.

SQL Always On Setup > Kerberos delegation issues

To fix this issue, perform the following procedure:

  1. Create the correct SPNs. For example, If the SQL Service is running as a Vault Service account (VSA) user, create or check if proper SPNs exist for VSA.
  2. Create SPNs for the availability group listener as well as the actual SQL nodes.
  3. Enable the Surveillance Server to trust for delegation (only the listener). Refer to the sample image below.

    Note:

    Choose Add… while trusting for delegation and choose the SQL Service account (VSA) on which the SPNs are configured.

  4. Restart the Active Directory Domain service on the Domain Controller.
  5. Restart Internet Information Services (IIS) on the Surveillance Server.
  6. Call the Intelligent Review (IR) API directly or via Enterprise Vault. Refer to the sample image below.