Attempting to configure actions to audit in Enhanced Auditing is not allowed.

book

Article ID: 100054666

calendar_today

Updated On:

Description

Error Message

In a blue banner on the CA\VAS or DA web client’s Auditing Configuration widget > Audit Settings page:

The audit feature is not configured yet.  Audit-specific settings will be available after the feature is configured.

 

In the Veritas Enterprise Vault Event Log:

Source:        Accelerator Service Processor
Event ID:      597
Task Category: None
Level:         Error
Keywords:      Classic
Description:
APP AT - Customer ID: X - Error configuring customer: 1 tenant: 1 with audit server: https://:448 . Error details :Status Code: 403  Body:

IIS 10.0 Detailed Error - 403.503 - Forbidden

 

HTTP Error 403.503 - Forbidden

 

You do not have permission to view this directory or page.

 

Most likely causes:

 

       
  • This is a generic 403 error and means the authenticated user is not authorized to view the page.

 

 

Things you can try:

 

       
  • Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here.

 

 

Detailed Error Information:

 

  

   

   

   

   

    

Module   IpRestrictionModule
Notification   BeginRequest
Handler   aspNetCore
Error Code   0x80070005

 

 

  

   

   

   

   

   

Requested URL   https://:448/api/AuditConfiguration
Physical Path   C:\Program Files\Veritas Enhanced Auditing\api\AuditConfiguration
Logon Method   Not yet determined
Logon User   Not yet determined

  

 

 

 

More Information:

  This generic 403 error means that the authenticated user is not authorized to use the requested resource. A substatus code in the IIS log files should indicate the reason for the 403 error. If a substatus code does not exist, use the steps above to gather more information about the source of the error.

 

View more information »

 

V-437-597

 

In the IIS logs:

{Date and time} {IP Address} POST /api/AuditConfiguration - 448 – {IP Address} - - 403 503 5 X
{Date and time} {IP Address} POST /api/AuditConfiguration - 448 - {IP Address} - - 403 503 5 X
{Date and time} {IP Address} POST /api/AuditConfiguration - 448 - {IP Address} - - 403 503 5 X

 

Cause

The Enhanced Auditing feature requires specifying the IP address of the Accelerator server to be added to the IIS AuditingServer virtual directory’s IP Address and domain name restrictions settings.  On an Accelerator server that has both IPV4 and IPV6 installed, specifying only the IPV4 address will cause any attempts to configure the auditing actions to not be available.

Resolution

Allow the IPV6 address for the Accelerator server in the Auditing Server virtual directory’s IP address restrictions.

  1. Obtain the IPV6 IP address of the Accelerator  server.  This can be through the IIS logs when referencing Port 448 or using the command ipconfig /all.
  2. Open IIS Manager.
  3.  Navigate to the AuditingServer virtual directory.
  4. Open the IP Address and Domain Restrictions object.
  5. Click the Add Allow Entry… option.
  6. Paste the IPV6 address into the Specific IP address: field.
  7. Click the OK button.
  8. Use the Services MMC to stop the Enterprise Vault Accelerator Manager Service (EVAMS).
  9. In an Administrative Command Prompt, execute iisreset.
  10. When the iisreset command has successfully completed, start the EVAMS.

Accessing the Configuration widget > Audit Settings tab should have no error message about Auditing not being configured and the Edit button should now be available.

Applies to:

CA/VAS 14.1.0 and greater, DA 14.4.0 and greater.

 

Issue/Introduction

After installing Enhanced Auditing for Compliance Accelerator (CA) / Veritas Advanced Supervision (VAS) 14.1 or greater, or Discovery Accelerator (DA) 14.4 or greater, accessing the Configuration widget > Settings > Auditing feature shows a message that auditing is not configured.
Powered by Wolken Software