VOX

Please refer to the foloowing.

<http://seer.entsupport.symantec.com/docs/278290.htm>

Reading this it sounds like what I may need to do.  Is there another document that pertains to Exchange 2007?

Chris

Just run the following two powershell scripts on the exchange server

get-mailboxserver "<mail_server_name>" | add-exchangeadministrator "yourEVAdmin" -role ViewOnlyAdmin

get-mailboxserver "<mail_server_name>" | add-adpermission -user "yourEVAdmin" -accessrights ExtendedRight -extendedRights Send-As, Receive-As, ms-Exch-Store-Admin

I get an error when I run the first script.  I ran it without and with the -Identity paramenter with the same error.  I did the same with the domain name for the user account, with the same error.  I went ahead and ran the second script and it came back with warnings that the

WARNING: Appropriate ACE is already present on object.

[PS] C:\Windows\system32>get-mailboxserver -Identity NRMX3 | Add-ExchangeAdmini
trator NRDNR\nrvaultSAnrmx3  -Role ViewOnlyAdmin
Add-ExchangeAdministrator : The input object cannot be bound to any parameters
for the command either because the command does not take pipeline input or the
input and its properties do not match any of the parameters that take pipeline
input.
At line:1 char:62
+ get-mailboxserver -Identity NRMX3 | Add-ExchangeAdministrator <<<<  NRDNR\nrv
aultSAnrmx3  -Role ViewOnlyAdmin
    + CategoryInfo          : InvalidArgument: (NRMX3:PSObject) [Add-ExchangeA
   dministrator], ParameterBindingException
    + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.Exchange.Managemen
   t.RecipientTasks.AddDelegate

Reading further, I re-read that the Vault Service Account should only be a member of the Domain Users group which it is.  But I have the VSA as a member of the Exchange View-Only Administrators, shoud the VSA also be a member of this group?  I have read so many Tech Notes, I am losing track of what I have done and what they have reccomended to do.

Chris

Have you seen the following TechNote?

http://www.symantec.com/docs/TECH51293

At the bottom of this there's a link to another article that contains the PowerShell script for correctly setting permissions required which shipped originally in EV 9.0 but is suitable for an install with Exchange 2007 (or mixed mode).

If using this script you no longer need to worry about being a member of Exchange View-Only administrators.  Although it shouldn't hurt - only groups such as Domain Admins that have explicit denies on certain permissions are harmful.

Thanks

Karl

I saw the technote before, but I didn't run it as I thought because I made the permissions changes thorugh adsiedit, thats all I needed to do.  I ran the script a few minutes ago (no errors), I can't restart the Exchange Information Store service right now.  I will attempt to start the Mail Archiving Task later today.

To add more information on what I have been able to succesfully do:

Using the VSA:

I can logon to the EV server and access the VAC

Logon to the email server

Send and Recieve email using Outlook with VSA and corresponding email box.(v. 2010)

I deleted my email server and Task Service from EV and re-added. earlier today (prior to running script), same issue.

After I restart the task service later, I will post if it failed or is running.

wait hang on...what??
Are you saying that it wasn't working because you were giving permissions to the wrong account? or are you saying you got it working by giving the permissions to the VSA?

That was it.  I think I had to many other things going on the at the sametime and I selected the wrong user account when adding permissions.