Enterprise Vault Storage Service fails to start after updating Service Account to new account.

book

Article ID: 100061635

calendar_today

Updated On:

Description

Error Message

Event ID: 28940 There was an error verifying a Partition Network Share. |Error: Access is denied.  (0x80070005) |Details of the last partition that was processed: |VaultStore: |Partition:  |Partition Root Path:  |Secondary Storage Location: none |

V-437-28940

Dtrace log error:

{CSecurityWrapper::IsServerClientTheVSA:#1020} Checking if server client is VSA...
{CSecurityWrapper::IsServerClientTheVSA:#1050} Client server is running as VSA: [False] (in a client COM call: [True]).
{CSecurityWrapper::CommonRoleAccessCheck:#1101} Checking access for operation [1523]. Impersonating client: [True]...
{CSecurityWrapper::UpdateAzStoreCacheIfNecessary:#1628} Updating if required...
{CSecurityWrapper::CommonRoleAccessCheck:#1178} Access [denied]
 

Cause

Enterprise Vault Services in DCOM Config are using the old vault service account as the identity, causing the DCOM lookups to use the incorrect service account.  This is validated by seeing the Client server is running as VSA: [False] in the Dtrace log.  If the correct identity is used, the function would return a True value.

Resolution

Re-enter the Vault Service Account credentials under the Service Account tab, which can be found under the Directory Properties tab in the Administration Console, which will update the Identity user for all Enterprise Vault services.

Issue/Introduction

Enterprise Vault (EV) Storage Service fails to start with Access Denied error after updating the Vault Service Account with a new Active Directory account.
Powered by Wolken Software