Error Message

A dtrace on the source (client) Enterprise Vault Server will report the below:

{VaultCreateInstanceRequest::CreateInstance} Attempt [1] to create COM object failed. CLSID [{2D198DCA-C1F8-49F2-9A7E-169016F562F7} (EnterpriseVault.AdminTasks.1)] Server Name [evserver] Elapsed [0.014s] Result [Access is denied.  (0x80070005)]

VaultCreateInstanceRequest::CreateInstance} Attempt [1] to create COM object failed. CLSID [{7DB927A8-A2F9-4B72-B10B-359353D3A39F} (TaskController.TaskConnector.1)] Server Name [evserver] Elapsed [0.014s] Result [Access is denied.  (0x80070005)]

A review of the System EventLog on the Source (client) Enterprise Vault Server will report the below:

DCOM got error "2147942405" [from the computer xxx.xxx.xxx.xxx when attempting to activate the server:

A review of the System Event Log of the Target (server) Enterprise Vault Server will report the below:

The server-side authentication level policy does not allow the user domain\pc$ SID (domain\pc$) from address xxx.xxx.xxx.xxx to activate DCOM server.  Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.

This issue can occur as a result of Distributed Component Object Model (DCOM).  Remote Protocol is a protocol for exposing application objects using remote procedure calls (RPCs).  DCOM is used for communication between the software components of networked devices. Hardening changes in DCOM were required address the vulnerability noted in CVE-2021-26414. 

Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.

A registry entry can be used to workaround this issue.  The registry entry would be applied on the source (client) Enterprise Vault Server / Discovery Accelerator Server / Compliance Server.

During the timeline phases in which you can enable or disable the hardening changes for CVE-2021-26414, you can use the following registry key:

• Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

• Value Name: "RequireIntegrityActivationAuthenticationLevel"

• Type: DWORD

• Value Data: default= 0x00000000 means disabled. 0x00000001 means enabled. If this value is not defined, it will default to enabled.

Important You must restart your device after setting this registry key for it to take effect.

NOTES:  

1. The Value Data must be entered in hexadecimal format.

2.  Enabling the registry key above will make DCOM servers enforce an Authentication-Level of RPC_C_AUTHN_LEVEL_PKT_INTEGRITY or higher for activation. This does not affect anonymous activation (activation using authentication level RPC_C_AUTHN_LEVEL_NONE). If the DCOM server allows anonymous activation, it will still be allowed even when DCOM hardening changes are enabled.

3. This registry value does not exist by default. It must be created. Windows will read it if it exists and will not overwrite it.