Could not synchronize the configuration settings for Enterprise Vault (EV) SMTP Archiving

book

Article ID: 100056039

calendar_today

Updated On:

Description

Error Message

EV Shell command 'Sync-EVSMTPServerSettings' fails with: 

Sync-EVSMTPserverSettings : Could not syncronize the configuration settings for Enterprise Vault SMTP Archiving.

Exception: An error relating to security occurred. (Exception from HRESULT: 0x8013150A)

The dtrace of the AdminService during the failed sync contains: 

[4980]   (AdminService)   <12560>   EV-H   {MSwitchServer.InvokeHelper}Exception: The username or password is incorrect.| Info:Error occured while calling method: Void b__0(). Failed to set TLS. Diag: Type:System.Security.SecurityException ST:  at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn, SafeAccessTokenHandle& safeTokenHandle)|  at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)|  at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)|  at Symantec.EnterpriseVault.SmtpCommon.SmtpHelper.GetVSAUserName()|  at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetPermissionsOnFile(String fileName)|  at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetServerPassword()|  at Symantec.EnterpriseVault.Smtp.Config.TlsConfiguration.Configure()|  at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.<>c__DisplayClass44_0.b__0()|  at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.InvokeHelper(Action act, String errorMessage) Inner:None

[4980]   (AdminService)   <12560>   EV-H   {MSwitchServer.InvokeHelper} Exception: The username or password is incorrect.| Info:Error occured while calling method: Void b__61_0(). Failed to Synchronize SMTP Settings in configuration file from directory database. Diag: Type:System.Security.SecurityException ST:  at System.Security.Principal.WindowsIdentity.KerbS4ULogon(String upn, SafeAccessTokenHandle& safeTokenHandle)|  at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName, String type)|  at System.Security.Principal.WindowsIdentity..ctor(String sUserPrincipalName)|  at Symantec.EnterpriseVault.SmtpCommon.SmtpHelper.GetVSAUserName()|  at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetPermissionsOnFile(String fileName)|  at Symantec.EnterpriseVault.Smtp.Config.MtaConfiguration.SetServerPassword()|  at Symantec.EnterpriseVault.Smtp.Config.TlsConfiguration.Configure()|  at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.<>c__DisplayClass44_0.b__0()|  at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.InvokeHelper(Action act, String errorMessage)|  at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.SetTls(EV_SMTP_TLS tlsType, Object certificate, String encryptedPassphrase)|  at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.b__61_0()|  at Symantec.EnterpriseVault.Smtp.Config.MSwitchServer.InvokeHelper(Action act, String errorMessage) Inner:None

[4980]    (AdminService)    <12560>    EV:H    {CSmtpConfigHelper::SyncSettingsFromDB:#47} Failed to sync MtaTailor setting with DB. Error: <0x8013150a>

Cause

Kerberos authentication is required when trying to set TLS in the SMTP Server settings.

Collecting a Wireshark or Netmon trace at the time of the failed sync could reveal the Kerberos error: KDC_ERR_C_PRINCIPAL_UNKNOWN

krb-error(30)

err-c-PRINCIPAL-UNKNOWN (6)

Resolution

The Kerberos error is actually an 'Access is Denied'.  If such an error occurs, it is requested to add the Vault System Account into the built-in AD group 'Windows Authorization Access Group' 

Issue/Introduction

In rare circumstances, after having added a security certificate within the SMTP properties, the shell command 'Sync-EVSMTPServerSettings' fails with 'Could not synchronize'

Additional Information

JIRA: CFT-5420
Powered by Wolken Software