Clarification on EV Exchange Throttling policy config
Hello
I'm seeking a but of clarification when setting an exchange 2010 throttling policy for an Exchange 2010 DAG that exists in a different AD Forest.
I'm following closely the Veritas Technote article.HOWTO84839 (below) and all seems ok except 1 point which I'd like to get some clarification on please.
The points I want to emphasise is SETP 5 below where, as there wasn't a VSA mailbox, I have created a linked mailbox for the VSA as detailed in the sub-steps 1 - 5. This all worked ok but the first sub step point is " Log on to the Exchange Server in the remote (Forest B\Domain B)" Which I did and this is important to note when it comes to my question (please bear with me). So effectively I have created this Linked Mailbox in ForestB for the VSA account which exists in Forest A.
So here's my quesiton:
I get to the point where I then look to create the Throttling Permission on the Exchange 2010 servers in Forest B. This is point to of the 'Permissions Configuration'. The command line it tells me to run is below with the imprtant bits in BOLD text . But it shows I should be identifying DOMAIN A\VSA_Linked. This fails as the VSA_Linked Mailbox is in DOMAINB..... Is this a typo or have I done something wrong? Should the below command work by sepcifiying DOMAIN A?
SetEVThrottlingPolicy.ps1 –User Domain A\VSA_Linked –Server Exch2010 -Version 2010
I could perhaps set the throttling script manually if I can confirm the VSA Linked mailbox is the one I should be specifying it to be applied against. I do suspect this might be a typo in the technote as I don't get any event errors when I start the archiving task - which I've seen in the past when the throttling policy has been neglected (and also the task stops running). The task runs fine without error.
The final piece of important info here is that the reason for this post is that t I see error 3177 and 3419 on the archive and retrieval tasks. Everything works for a short time after I reboot the EV server but then fails with the above error.... I thought this might be to do with the throttling policy and so needed to check this.
thanks
Caden
Validations Steps
- Ensure that a 2-way trusts relationship has been configured between the 2 forests.
Open AD Domain and Trust in the EV Server Domain (Domain A), go to the properties of Domain A and ensure that the ‘Incoming trusts’ and ‘Outgoing trusts’ has been set to the other forest (Domain B) - Check that the VSA is a member of the Builtin Users group in the remote forest (Forest B\Domain B). This is to allow the domain enumeration to succeed when the provisioning task is running.
- On the Enterprise Vault Server make sure that the Vault Service Account is a member of the local administrators group.
- The following local security user rights should already be applied on the Enterprise Vault Server for the Vault Service Account.
Logon as a process
Replace a process-level token. - Check that the VSA has a mailbox on the Exchange Server in Forest B\Domain B and that the mailbox has been configured as a linked mailbox.
If there is no mailbox, a new one can be created.
The example below is for Exchange 2010:- Log on to the Exchange Server in the remote (Forest B\Domain B)
- In Exchange management Console, create a new mailbox and select linked. Select New User. E.g. VSA_Linked
- Enter the details of the Forest/Domain containing the VSA (i.e. Domain A and VSA account)
- This would automatically disable the newly created account VSA_Linked
- Check that Provisioning Task logon account has been set to use the Vault Service Account. E.g. VSA
After it has been set, ensure that provisioning of the Exchange Server works fine and no errors generated via the provisioning. - Set the Archiving Task Logon account to the Vault Service Account.
- Validate what System Mailbox have been configured for the task and how it has been created. Any Doubt, create a new system mailbox on the Exchange Server.
The System mailbox needs to be located on the Exchange Server being archived, hence created in Domain B.
This is a simple mailbox. Keep it simple and do not create a linked mailbox. E.g. EVSysMbx.Note that it will work with a Linked Mailbox too.
Permissions Configurations
- Log on to the Exchange Server in Forest B\Domain B as a user who has the organization management role. Run the Enterprise Vault Permissions script against the VSA (which runs the Archiving Task) for this Exchange Server.
E.g.:
Note: The account specified is the VSA in the other Domain. The Linked mailbox is not used at this stage. In this example the Exchange Server is called Exch2010, however the same should apply for Exchange 2013.
SetEVExchangePermissions.ps1 –User Domain A\VSA –Server Exch2010 -Action Add –Level ALL –Verbose $true
- Log on to the Exchange Server in Forest BDomain B B as a user who has organization management role and run the Enterprise Vault Throttling script against the Linked Mailbox
E.g.:
SetEVThrottlingPolicy.ps1 –User Domain A\VSA_Linked –Server Exch2010 -Version 2010
- Assign Access rights to the System Mailbox configured under the setting section of the task. In this example, this is the EVSysMbx mailbox, which has been checked in step 8 of the 'Validations Steps' section.
This is step is also done on the Exchange server in DomainB. The User Account to use is the Vault Service account froDomain AnA
E.g.
Add-ADPermission -Identity EVSysMbx -User Domain A\VSA -AccessRights ExtendedRight -ExtendedRights "send as"