Forum Discussion

CadenL's avatar
CadenL
Level 6
9 years ago

Using RestoreShortcutBody for EV http to https change

Hi

To change an existing EV server from the default http to https will require a number of things - firstly I need to change it in the EV site properties, then I need to change IIS and finally I need to run the RestoreShortcutBody for all mailbox users.

The EV environment is currently running EV11.0.1 having been upgraded periodically over the years from the initial install on EV7. It;s just a single EV server doing Exchange mailbox archiving only for about 1500 mailboxes. Retention category is for 7 years and storage expiry is enabled.

I get how the users shortcuts will fail as soon as the https change is made but not entirely sure how the RestoreShortcutBody registry setting detects that the https change has taken place and update all the existing shortcuts - but I'll assume it gets the infromation somehow (from the setting in the EVsite properties I guess).

But is it the case that I just need to update the registry setting on the EV server and EV will then proceed to make the https changes in the shortcuts without any further prompting?

Secondly I also understand there is a big impact when RestoreShortcutBody runs on both the EV server and the Exchange servers as new shortcuts mean new messages written to every single users mailbox...... and it's recommended to do this is batches by running shortcut processing on small numbers of mailboxes at a time.

I'm trying to determine a suitable strategy here that will cause the least end user impact and could do with some ideas if possible:

1) When I make the change to https then every user is impacted straight away - therefore to minimise this I need to restore the shortcut body as fast as possible.... so perhaps doing batches is not the best way forward and a big bang approach is better?

2) I'd like to pilot the process so can I make the change on a temp basis over a weekend for a couple of test mailboxes, run the restoreshortcutbody to make sure the procedures are working and then change it back before Monday morning? This would also give me a chance to review the impact on the application servers which the shortcut updates are being made so I can calculate the time to complete all the users etc.

3)Is there a way that EV and\or IIS can be configured to allow both http and https to be accepted when opening shortcuts so users that have not yet had the shortcuts updated will still be able to open archived items? I can then turn off http when all the users have been updated - just leaving https enabled?

4)If i do decide to go with a 'batches' approach I guess I need to reconfigure the scheduled tasks not to do shortcut processing when archiving items overnight as this will effectively apply the restoreshortcutbody setting to all the users anyway.

 

thanks in advance for any thoughts on how to approach this.

  • you are correct. reference this for how to do http and https. http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

    they key is that you dont have to "require ssl" (https) until you're ready to do so. leaving that option unchecked in IIS will allow both http and https.

  • Yes - thanks.... I'm pretty sure it can be done at a VD level as I've already set /MonitoringWebApp and /EnterpriseVault/Search to use https only, so I was wondering if you knew which virtual directories I'd need make sure is set for the both http and https if I just wanted to isloate the mailbox shortcuts as the only action that can use http?

  • i suppose you could do that, easy enough if it's in there as an option for the individual virtual directories in IIS

  • Hi

    Sorry - no I will want it all to be secure, just interested to know which ones apply to the recall so I can make sure I defintiely reconfigure those ones for both http and https whereas the others I'd like to move straight to https only

    thanks

  • i guess it's your call but why would you want only shortcut recall to be secure? i would do it for the whole server.

  • Brilliant - thanks very much. I'll take a look.

    in IIS what are the actual websites that are used by EV when recalling an archived item.... I guess I don't need to do anything with /MontoringWebApp or /EnterpriseVault/Search

    is it just the /EnterpriseVault or do I need to make any changes to  any other websites?

  • you are correct. reference this for how to do http and https. http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis

    they key is that you dont have to "require ssl" (https) until you're ready to do so. leaving that option unchecked in IIS will allow both http and https.

  • Ah - that sounds cool

    So that is basically my option 3 above?

    That being the case I should be able to change to https within EV but allow both the old shortcuts and the newly created ones to still work. And then as users get their shortcuts updated there won't be any impact - once I'm happy that all users have been updated I can then turn off the http settings in IIS?

    I don't suppose you have any information on how I configure IIS for that to work do you?

    many thanks

  • you can setup IIS to allow both http and https requests. the change in the EV site properties just means all new shortcuts will be created with https.