When performing a Bulk restore using the FSAUtility it is possible to receive Event log error 4223 and 4224 from the AuthServer process
Article ID: 100023281
Updated On:
Description
Error Message
Event Type: Error
Event Source: Enterprise Vault
Event Category: Auth Server
Event ID: 4224
Date: 10/10/2009
Time: 10:00:00 AM
User: N/A
Computer: ServerName
Description: Authentication request failed.
Reason: Attempt to authenticate with an invalid token
Caller: Domain\UserName
Token: 00.00.00.00 Q9HO*****
Failure Count: 3293
V-437-4224
Authentication is currently being delayed due to a suspected brute-force attack.
Resolution
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and server be made prior to making any registry changes.
During Enterprise Vault File System Archiving Bulk Restores the Authentication time limit can be increased to allow for the tokens to exist for a longer timeframe on the EV server, the default value is 3600 seconds (1 hour), increase the value prior to performing a large restore as needed. Improvements have been seen when this value is increased to 4000 or 4500.
After setting or removing this value restart the Enterprise Vault Admin service:
Create a DWORD Value ' ClientAuthenticationExpiryTime ' on the Enterprise Vault Server in the Registry key:HKLM\Software\KVS\Enterprise Vault\ Note: This registry value should be deleted or set to the default value after the Bulk Restores have completed
Issue/Introduction
The event log will quickly fill up with the '4224' errors during this time frame, an example of the error is listed below.
