Enterprise Vault Search (EVS) prompts for user credentials after applying a server hardening Group Policy Object to the Enterprise Vault (EV) Server

book

Article ID: 100055823

calendar_today

Updated On:

Description

Error Message

IIS logs show 401.1 status that comes after some 401.2 (which are normal) entries:

2023-04-13 05:32:21 10.194.20.190 GET /enterprisevault/Search/Shell.aspx - 80 - 10.72.9.97 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/111.0.0.0+Safari/537.36 - 401 1 3221225819 15

The highlighted number, 3221225819, is the "win32-status".

Conversion of 3221225819 to HEX results into 0xC000015B, which is defined as:

A user has requested a type of logon (e.g., interactive or network) that has not been granted. An administrator has control over who may logon interactively and through the network. STATUS_LOGON_TYPE_NOT_GRANTED

Cause

As per the applied GPO, the domain users were not provided access to the server via network, only administrators and power users were allowed.

Resolution

1. On the EV Server, right-click on Start button and click on Run, or hit Windows button + R.

2. Type Secpol.msc and hit Enter.

3. Expand Local policies and select User Rights Assignment.

4. Look for the policy named Access this computer from the network and add Domain User in there.

Issue/Introduction

After applying a server hardening Group Policy Object (GPO), access to EVS prompts user credentials multiple times for domain users.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"