Error Message

'You do not have access to archives'.

Note: In the Enterprise Vault Mobile Search view the following full error is received:

You do not have access to archives. If the problem persists, contact your Enterprise Vault Administrator.

In a dtrace of W3WP and DirectoryService the following errors are seen:

(DirectoryService)    <8924>    EV~I    DirectoryService: GetAllUsersGroups: Getting Users Groups using DC = \\DC1 and a username of User1 |
(DirectoryService)    <8924>    EV:L    CEventLog::EventIsAllowedByFilter - Thread event filtering - event [0xc00420e2] was filtered out
(DirectoryService)    <8924>    EV~I    DirectoryService: ADO: GetNextLevelArchiveXMLBySite - GetUsersSids Failed |
(DirectoryService)    <8924>    EV:H    {CDirectoryServiceObject::GetNextLevelArchiveXMLBySite} HRXEX fn trace : Error [0x8000ffff], [d:\builds\13_\ev\vh-12.4-m\sources\source\directory\directoryservice\directoryserviceobject.cpp, lines {10061,10071,10096}, built Mar  1 01:08:01 2019].
(DirectoryService)    <8924>    EV~E    Event ID: 8418 Failed to get user groups with domain group error code 1722 and local group error code . |
(w3wp)    <9676>    EV:H    {CDirectoryConnectionObject::GetNextLevelArchiveXMLBySite} HRXEX fn trace : Error [0x8000ffff], [d:\builds\16_\ev\v-m-s\sources\source\directory\directoryconnection\directoryconnectionobject_1.cpp, lines {3354,3361,3363}, built Nov  1 13:11:07 2018].
(w3wp)    <9676>    EV~W    |Event ID: 41478 User 'User1' does not have permission on any archive.

The error code 1722 in the Event ID 8418 translates to 'RPC Server Unavailable'.  This suggests that there is a communication issue between the Enterprise Vault server and the Global Catalog server (DC) when trying to lookup the user groups. 

Enterprise Vault is attempting to establish a connection to the domain controller \\DC1 using the netbios name from the Enterprise Vault server / Enterprise Vault Mobile search proxy server however the name is not resolvable. 

Ensure that the netbios name of the domain controller that Enterprise Vault / Enterprise Vault Mobile search proxy server is attempting to utilize for account look-ups is resolvable. 

Workaround:

A possible workaround would be to modify the DNS suffix setting on the Enterprise Vault / Enterprise Vault Mobile search proxy server. 

The DNS suffix of the domain controller(DC1) can be added to the DNS tab of the Advanced TCP/IP Settings.

1) Open the Advanced TCP/IP Settings of the network adapter on the EV proxy and archive servers.

2) On the DNS tab add the domain suffix of DC1

Note: If user mailboxes are in a different domain than the user accounts ensure both domains in the list of DNS suffixes, putting the domain that the Enterprise Vault servers are in first at the top of the list.  

3) Flush the DNS cache (ipconfig /flushdns) on all updated servers.