Hillary Clinton broke government rules by using a private email server without approval for her work as US secretary of state, an internal government watchdog has found.
The long-awaited report by the US State Department inspector general is the first official audit of the controversial arrangement to be made public.
It is highly critical of Clinton's use of a server in her home, and immediately fuelled Republican attacks on Clinton, the Democratic front-runner in an already acrimonious presidential race.
The report, which also found problems in department record-keeping practices before Clinton's tenure, has undermined Clinton's earlier defences of her emails.
The report concluded that Clinton would not have been allowed to use the server in her home had she asked the department officials in charge of information security.
It found that staff who later raised concerns were told to keep quiet. Several suspected hacking attempts in 2011 were not reported to department information security officials, in breach of department rules.
The inspector general's office examined email record-keeping under five secretaries of state, both Democratic and Republican.
John Kerry, the current officeholder, and predecessors Madeline Albright, Colin Powell and Condoleezza Rice all agreed to speak to the inspector general's investigators. Clinton was the only one who declined to be interviewed, as did her aides.
The report contradicted Clinton's repeated assertion that her server was allowed and that no permission was needed.
Several other inquiries continue, including a US Justice Department investigation into whether the arrangement broke laws.
The inspector general's report cited "longstanding, systemic weaknesses" with State Department records that predated Clinton's tenure.
The investigation also found problems with the email record-keeping of some of her predecessors, particularly Powell, that failed to comply with the Federal Records Act.