Error Message

Dtrace Log:

(mmc) <10112> EV:M {CSecurityWrapper::CheckObjectAccess:#372} User [domain\user] is [denied] permission [Read (0x1)] on object [17057D184B5C9AB4DD184B5523A808BA401410000evsite] 
(mmc) <10112> EV:M CSecureAdminDotNet::SecAdObjectCheckAccess: Denied 

(mmc) <10112> EV:M {CSecurityWrapper::CheckObjectAccess:#372} User [domain\user] is [denied] permission [Read (0x1)] on object [16DA48216F1BB614948216542CC7D303401410000evsite] 
(mmc) <10112> EV:M CSecureAdminDotNet::SecAdObjectCheckAccess: Denied

Vault Service account and/or an AD account has been added under Enterprise Vault server properties > Admin Permissions tab.

When the Admin Permissions list is empty, all administrators in an appropriate role have access to the Enterprise Vault server. When a user account is added to the list with either Grant or Deny access, the access is then restricted to the Vault Service account and those Enterprise Vault administrators to whom Grant access has been assigned and who are in a suitable role.

In order to verify if this is the case, follow these steps:

1. Log in to the Enterprise Vault server using VSA.
2. Open Enterprise Vault Admin Console
3. Expand Enterprise Vault > Directory > EV Site > Enterprise Vault Servers.
4. Right click on one of the Enterprise Vault Servers and click on Properties.
5. Open the Admin permissions tab.
6. Confirm if VSA is added to the list.
    

If the Vault Service Account was added to restrict access to the Enterprise Vault server, then the EV admin needs to add the user accounts to this list. If not, the EV admin needs to remove the account and close the Enterprise Vault Admin console. Once the Enterprise Vault Admin Console is opened using the user added to the 'Power Administrator' role, the Enterprise Vault Servers list should be visible.