EVPM and Vault permissions "zap"
This tech article is straight forward and I have used it successfully in the past:
http://www.symantec.com/business/support/index?page=content&id=TECH44818
Our environment has changed a little bit, and I'm struggling to successfully zap permissions.
EV 904 and Exchange 2007 were originally in DomainA. EV 904 continues to be in DomainA, but all mailboxes have moved to Exchange 2010 in DomainB. (Linked mailboxes, linked back to the original AD user objects in DomainA). There is a two-way transitive trust between DomainA and DomainB.
There are a subset of mailboxes that I inherited full vault permissions to, due to "full access" assigned to the mailbox. These mailboxes now exist in DomainB, and are also disabled. I'm not having success with my EVPM syntax.
This ends successfully but does not "zap" the permissions like I need it to:
evpm.exe" -e <Exchange2007MailboxServer in DomainA> -m SA-EVault -f ZapSpecificVaultPerms.ini
This produces "Error creating privileged MAPI session"
evpm.exe" -e <Exchange2010CASArray in DomainB> -m SA-EVault -f ZapSpecificVaultPerms.ini
Same errror with this syntax:
evpm.exe" -e <Exchange2010MailboxServer in DomainB> -m SA-EVault -f ZapSpecificVaultPerms.ini
Service account SA-EVault exists in DomainA and has full mailbox permissions within DomainB.
try specifying an Exchange 2010 mailbox server name, rather than CAS
yup definitely specify the exchange mailbox server
also for the system mailbox use the smtp:EVAdmin@domainb.comAlso make sure when you run the EVPM you are running as the EVAdmin
try creating a new outlook profile, connecting to the Exchange 2010 server using the same smtp address that you'd use in the evpm command and make sure you can connect without it prompting for credentials