Enterprise Vault™ Discovery Accelerator Installation Guide

Last Published:
Product(s): Enterprise Vault (12.5)
  1. Introducing Discovery Accelerator
    1.  
      Key features of Discovery Accelerator
    2.  
      About the Discovery Accelerator components
    3. Product documentation
      1.  
        White papers on the Veritas Support website
      2.  
        Discovery Accelerator training modules
  2. Preparing to install Discovery Accelerator
    1. Configuration options for Discovery Accelerator
      1.  
        Discovery Accelerator configuration for large installations
      2.  
        Discovery Accelerator configuration for smaller installations
    2.  
      Supported versions of Enterprise Vault in Discovery Accelerator environments
    3. Prerequisites for Discovery Accelerator
      1.  
        Prerequisites for the SQL Server computer
      2.  
        Prerequisites for the Discovery Accelerator server computer
      3.  
        Prerequisites for the Enterprise Vault server computer
      4.  
        Prerequisites for Discovery Accelerator client computers
    4.  
      Configuring Outlook to enable the processing of items with many attachments or many recipients
    5.  
      Setting the Windows and ASP.NET Temp folder permissions
    6. Security requirements for temporary folders
      1.  
        Granting additional users and groups access to the temporary folders
    7.  
      Disabling networking facilities that can disrupt a Discovery Accelerator environment
    8.  
      Disabling the Windows Search Service on the Discovery Accelerator server
    9.  
      Ensuring that the Windows Server service is running on the Discovery Accelerator server
    10.  
      Configuring the SQL Server Agent service
    11.  
      Assigning SQL Server roles to the Vault Service account
    12.  
      Installing and configuring the SQL full-text search indexing service
    13.  
      Verifying that Enterprise Vault expands distribution lists
  3. Installing Discovery Accelerator
    1. Installing the Discovery Accelerator server software
      1.  
        Allowing Enterprise Vault to communicate with Discovery Accelerator through the Windows firewall
      2. Creating the configuration database and customer databases
        1.  
          Configuring analytics database locations
      3. Setting up a Custodian Manager website
        1.  
          Assigning the required Active Directory permissions to the Custodian Manager synchronization account
      4.  
        Uploading the Discovery Accelerator report templates
      5. Configuring Discovery Accelerator for use in a SQL Server AlwaysOn environment
        1.  
          Using SQL Server Reporting Services in an AlwaysOn environment
      6. Installing Discovery Accelerator in a clustered environment
        1.  
          Configuring Discovery Accelerator for use in a Network Load Balancing cluster
      7.  
        Maximizing security in your Discovery Accelerator databases
    2. Installing the Discovery Accelerator client software
      1.  
        Modifying the configuration file for the Discovery Accelerator client
      2.  
        Using the MSI installer package to install the Discovery Accelerator client
  4. Appendix A. Ports that Discovery Accelerator uses
    1.  
      Default ports for Discovery Accelerator
    2.  
      Changing the ports that Discovery Accelerator uses
  5. Appendix B. Troubleshooting
    1.  
      Error messages appear in the event log when upgrading to Discovery Accelerator 12.5
    2.  
      Enterprise Vault Accelerator Manager service not created
    3.  
      Enterprise Vault Accelerator Manager service does not start
    4.  
      "Access is denied" message is displayed when you try to create a customer database on a UAC-enabled computer
    5.  
      Cannot create or upgrade Discovery Accelerator customer databases when Symantec Endpoint Protection is running
    6.  
      Permissions error when uninstalling the Discovery Accelerator client from a UAC-enabled computer
    7.  
      Uninstalling the Discovery Accelerator client from a shared location may prevent other users from starting the client

Assigning the required Active Directory permissions to the Custodian Manager synchronization account

By default, Custodian Manager uses the account under which the Accelerator Manager service is running when it synchronizes custodians and custodian groups with the corresponding Active Directory accounts. However, if you prefer, you can nominate a different account on a per-domain basis.

For instructions on how to specify a different user account for synchronization purposes, see the Administrator's Guide.

The nominated synchronization account must have certain delegated permissions to query the Active Directory domain.

To assign the required delegated permissions to the Custodian Manager synchronization account

  1. Open Active Directory Users and Computers.
  2. Right-click the domain object, and then select Delegate Control.
  3. In the Delegation of Control Wizard, click Next, and then click Add.
  4. In the Select Users, Computers, or Groups dialog box, enter the required account name, and then click OK, and then click Next.
  5. In the Tasks to Delegate page, in Delegate the following common tasks, select the following tasks, and then click Next:

    • Read all user information

    • Read all inetOrgPerson information

  6. Click Finish.
Enabling the Custodian Manager synchronization account to access the Deleted Objects container

The Custodian Manager synchronization account must also have List Content and Read Property permissions on the Deleted Objects container in Active Directory. Without these permissions, it is not possible to deactivate any custodians and custodian groups whose Active Directory details have been moved to the Deleted Objects container.

The following article on the Microsoft website provides detailed instructions on how to view and set permissions on the Deleted Objects container:

https://technet.microsoft.com/library/cc816824.aspx

Note:

You require a recent version of the dsacls command-line utility to complete the instructions in this article. Some older versions of the utility do not support all the required commands.

In brief, the procedure is as described below.

To enable the Custodian Manager synchronization account to access the Deleted Objects container

  1. Open a Command Prompt window with administrator privileges.
  2. Take ownership of the Deleted Objects container by running the dsacls command-line utility, as follows:

    dsacls deleted_objects_dn /takeownership

    Where the parameters are as follows:

    deleted_objects_dn

    The distinguished name of the Deleted Objects container.

    /takeownership

    Take ownership of the Deleted Objects container.

    For example:

    dsacls "CN=Deleted Objects,DC=Contoso,DC=com" /takeownership

  3. Grant the List Content and Read Property permissions to the user account under which Custodian Manager synchronizes custodians and custodian groups, as follows:

    dsacls deleted_objects_dn /G user_or_group:permissions

    Where the parameters are as follows:

    deleted_objects_dn

    The distinguished name of the Deleted Objects container.

    user_or_group

    The user or group to whom the permissions apply.

    permissions

    The permissions to grant. For List Content and Read Property, specify the permissions as LCRP.

    For example:

    dsacls "CN=Deleted Objects,DC=Contoso,DC=com" /G CONTOSO\VaultAdmin:LCRP