cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir_Vucini
Level 5
Partner Accredited

Changing ports on EV server – from http to https – file shortcuts problem

Looking at Symantec KB http://www.symantec.com/docs/HOWTO31916 and having a customer that would need to move from http to https we wanted to test if file placeholders can be recreated with FSAUtility and if we can offer the proper solution to updating FSA shortcuts. Again, looking at above HOWTO31916, first step was to configure IIS and change Default Web Site from http to https. If you are using IIS 7.0 this is easy done from “Bindings…” by adding https. The only problem could be certificate that you would like to use. If you would like to use it with IIS 7.0 self-signed certificate and if you follow up best practice and are using alias for EV site, than you could end up with a problem – self signed certificate would not be considered valid because it will point out to the original IIS server name and not alias, so access to EV would not be possible.

Thanks to the old tools for IIS 6.0, selfssl.exe, you can create certificate for domain name you need, using command like this:

selfssl /N:CN=evserver1.example.com /V:1095 /S:1

where V: is number of days that certificate would be valid and S: is site number (you can find the site number in IIS manager). This command must be run on IIS server. After that, is’t easy, you need just to install this new certificate on a servers and using EV service account to be able to access EV.

Back to the file placeholders problem. After you change IIS port from http to https and after you change port on EV site properties the current file placeholders will not work any more. But, there is a nice tool, called FSAUtility that can recreate file placeholders. You can delete placeholders that are not valid and run the following command from EV server:

fsautility –c –s \\<file_server>\<shared_archived_folder_name> -l 0 –r

(-l 0 is to log success and failures, -r is to run command in report mode) and you will get report of what this command would recreate. If you want to actualy do the work, just omit the –r from the above command. If you would like to delete existing placeholder and recreate new one in one step, just add -f switch at the end of command line.

Please notice that recreate placeholder option will only recreate placeholders in the folder where EV was originally archived the file from. If the placeholder had subsequently been moved to a new folder on the same volume, FSAUtility would recreate in the original folder and you would still be left with the old placeholder in the folder it was moved to. 

We did this testing in demo enviroment just to be sure if this can be done instead of restoring all files back to the file server and then archiving them and it seems that recreating placeholders would be better. This is just short introduction in a possible solution for problem described in above HOWTO31916, not instructions how to do it in production system.

Comments
patriot3w
Level 5
Partner Accredited

Great article, the selfssl.exe looks like can solve EV self-signed issue when do manually mailbox archive, will give it a try.

Is there anyway to recreate the exchange mailbox shortcut after enable SSL?

Thanks.

Vladimir_Vucini
Level 5
Partner Accredited
Yes, it is easy. You just have to sync mailboxese, after the change from http to https. If you didn't use custom shortcuts, then changes will be automatic.
patriot3w
Level 5
Partner Accredited

How about if use custom shortcuts? I got an warning: if you change port or protocal, you will break the shortcut already archived.

Vladimir_Vucini
Level 5
Partner Accredited

If you change the port after items have been archived, existing shortcuts will no longer work. Shortcuts in Outlook and Lotus Notes can be updated with the new protocol or port information using Synchronize mailboxes in the Enterprise Vault Administration Console, but customized shortcuts, FSA shortcuts and SharePoint shortcuts cannot be updated.

Based on the above, if you have links in customized shortcuts they will not work. Those links will still point to the http instead of new https, so you will not be able to open attachement for example, using link in the shortcut. My guess is (didn't try, not sure if works) that you can remove shortcuts and then recreate them, but this is something that should be tested as idea.

Best regards,

Vladimir

patriot3w
Level 5
Partner Accredited

Is there any tech doc regarding this one?

Thanks.

patriot3w
Level 5
Partner Accredited

http://www.symantec.com/business/support/index?page=content&id=TECH47364

Not sure whether this is the step...anyone tested?

Version history
Last update:
‎03-25-2011 08:29 AM
Updated by: