Error Message

Enterprise Vault event logs will show the following event:

Event ID: 8391 The EnterpriseVault.DirectoryService object reported an error.| |The parameter is incorrect.| |

V-437-8391

A dtrace of the Directory Service would reveal: 

127987 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executing StripArchivessWithNoAccessEx |
127988 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executed ProcessArchiveDescriptorChunk |
127989 09:18:07.129  [41236] (DirectoryService) <7192> EV:L {AccessCheck:#912} SID [S-1-5-21-94512158-601951286-1270813805-10601] is DENIED access to requested object. DesiredAccess=[1]
127990 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executed ProcessArchiveDescriptorChunk |
127991 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executed StripArchivessWithNoAccessEx |
127992 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executed GetArchivesBySIDsAndPermissions |
127993 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executing ExtractRootIdentitiesFromRecordsetAsCSV |
127994 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executed ExtractRootIdentitiesFromRecordsetAsCSV |
127995 09:18:07.129  [41236] (DirectoryService) <7192> EV:L {VAULTCOCREATEINSTANCEEX.EN_US} CLSID [{4EC6FF76-C97A-11D1-90E0-0000F879BE6A}] Server Name [(null)] Used Server Name [(null)] Num of attempts [1] Total elapsed [0.000s] Result [Success  (0)]
127996 09:18:07.129  [41236] (DirectoryService) <7192> EV:M DirectoryService: ADO: Executing GetIndexVolumeSetsByArchiveAsMap |
127997 09:18:07.129  [41236] (DirectoryService) <7192> EV:H {CDirectoryServiceObject::GetIndexVolumeSetsByArchiveAsMap} HRXEX fn trace : Error [0x80070057], [.\DirectoryServiceObject.cpp, lines {33430,33433}, built Sep 12 21:03:57 2012].
127998 09:18:07.144  [41236] (DirectoryService) <7192> EV~E Event ID: 8391 The EnterpriseVault.DirectoryService object reported an error.| |The parameter is incorrect.| |
127999 09:18:07.144  [41236] (DirectoryService) <7192> EV:H {CDirectoryServiceObject::GetNextLevelArchiveXML} HRXEX fn trace : Error [0x80070057], [.\DirectoryServiceObject.cpp, lines {10297,10310,10325,10326,10328,10394,10399,10401,10402,10408}, built Sep 12 21:03:57 2012].
128000 09:18:07.144  [41236] (DirectoryService) <7192> EV:L CAuthHelper::Reset Cancel registration? True CancelId: 0
128001 09:18:07.144  [41236] (DirectoryService) <7192> EV~E Event ID: 8391 The EnterpriseVault.DirectoryService object reported an error.| |The parameter is incorrect.| |

This can be caused by the owner of an archive being in a security group in Active Directory that is expressly denied access to the owner's archive. The SID shown in the snippet above with the denied access statement belongs to a particular Security Group in Active Directory.  If an archive owner accesses their archive while that owner is a member of this group, and that group specifically is expressly denied access to the owner's archive, then the Directory service will throw the error to deny access to the group.  The user/archive owner, however, will still have full access.

To clear out these events, simply remove the archive owner/user from the Security group. 

1. Query Active Directory for the SID showing in the dtrace to find out which security group is the problem.
2. View the list of members in this group.
3. Determine which users in the group are archive enabled.
4. Check the archive properties for each of those users on the Permissions tab to see if the Security Group is expressly denied permissions to each of the members' archives.
5. Remove the user from the group, if allowable by organizational policy.  If not, the organization may have to change policies, or create a new group in Active Directory to apply the needed rules.

Note:  It's important to recognize that this error will not prevent a user from accessing his/her own archive.  This is simply the Directory Service verbalizing the fact that it's denied access to the entire Security Group that the user is a member of.