cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Archive Explorer through OWA issue

Go to solution
syfan
Level 3
Partner Accredited

‎04-21-2011 03:42 AM

Hi all,

We are experiencing the following issue with Archive Explorer in EV versions 8.0.4 and 9.0.2 (Exchange/OWA 2007).

 

- A user opens OWA from a PC without being the logged-on user (while another user is logged on to Windows).
- He enters his windows credentials in OWA logon dialog and accesses his mailbox just fine
- When he tries to access Archive Explorer or EV Search through OWA, he enters his windows credentials once more but instead of his archives, he is presented with the archives of the user logged on to Windows.
 
By clearing IE cache & re-logon in OWA & EV the user opens his archives normally (everything needs to be clear from cache, clearing just cookies is not enough).
 
Several tests with different users and IE 8, 9 showed that IE actually uses the credentials of the last user that opened Archived Explorer through OWA (whether he was the user logged-on to Windows or not)
 
How can we prevent this behaviour?  Is there any IE or EV/AE setting to mitigate this issue? (most clients do not accept as a solution to clear the IE cache on exit)
 
Thank you very much in advance 
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎04-26-2011 10:50 AM

hi syfan,

i did a little testing in my lab and what you're seeing is realted to the fact that the EnterpriseVault virtual directory in IIS uses windows authentication. If you disable windows auth and only allow basic (leave ASP.net as is) you'll see that AE will prompt you for credentials and you'll be able to access the page. However, disabling this is not suggested and will cause the rest of your users that log in to their own computers to be prompted for credentials all the time and come hunt you down.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎04-21-2011 03:54 AM

Is it really that common for users to be accessing someone roses mailbox through OWA? What version is ev now? (you said 8 AND 9???) What version of OWA?? What version of windows server is ev on? You using forms based authentication for OWA? Premium or lite version of OWA? Did you say that AE prompts for authentication and it still gigs them the wrong archive? Or does user A come in and put in his/her credentials, everythings aol then userb comes along and still sees user a's mailbox) Also any chance of getting OWA logging enabled?
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
syfan
Level 3
Partner Accredited

‎04-21-2011 06:30 AM

It's not that common but it may happen when shared PCs are used. In all cases, the specific users access their mailbox and try to access their archives through OWA (by giving their credentials), they do not try to access someone else's mailbox/archive.

We have the issue in 2 separate environments

1) EV 8.0.4 on Win 2003 R2 & Exchange/OWA 2007

2) Ev 9.0.2 on Win 2008 R2 & Exchange/OWA 2007

In both cases, OWA 2007 uses forms based authentication & the issue appears for OWA premium.

Although AE prompts the user for credentials (and the user enters his credentials correctly), he is getting the wrong archive. The user have logged on in OWA and access his mailbox just fine (from another user's Windows session/profile) but when he tries to access AE through OWA he's getting the wrong archive.

I will also enable OWA logging for results.

thank you

0 Kudos

Go to solution
syfan
Level 3
Partner Accredited

‎04-26-2011 03:43 AM

 

OWA logging shows that, whenever user A gets the archive of user B, the correct username (UserA) has been used to connect to AE. 
[RequestProcessor::ProcessEVAction] Redirecting client to: https://evserver.DomainName.tld/enterprisevault/ArchiveExplorerUI.asp?mbx=UserA@DomainName.tld&server=MBOXServer&OWA2007=1&Owa2007Url=https%3a%2f%2fDomainName.tld%2fowa%2f
 
Actually, when the user gets the wrong archive, he cannot do anything more than view the folder tree. If he tries to retrieve an archived message he gets the message "You do not have access to this vault". But still, he cannot access his own archive until the IE cache is cleared. 
0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎04-26-2011 10:50 AM

hi syfan,

i did a little testing in my lab and what you're seeing is realted to the fact that the EnterpriseVault virtual directory in IIS uses windows authentication. If you disable windows auth and only allow basic (leave ASP.net as is) you'll see that AE will prompt you for credentials and you'll be able to access the page. However, disabling this is not suggested and will cause the rest of your users that log in to their own computers to be prompted for credentials all the time and come hunt you down.

0 Kudos

Go to solution
AndrewB
Moderator
Moderator
Partner    VIP    Accredited

‎05-16-2011 10:33 AM

syfan, any updates on your issue?

0 Kudos