11-27-2014 03:34 AM
We are running Enterprise Vault 10.0.4 and have recently moved to Exchange 2010 from Exhange 2003.
Archived mail retrieval via Outlook Web Access was never a problem before however now whenever a user attempts to retrieve the archived mail all they get is the "Page Can't Be Displayed" error.
I was wondering how best to troubleshoot the cause of the issue.
I have installed the EV Extensions for 2010 onto the CAS server and the EnterpriseVault Folder is displaying in IIS manager under owa.
Also in 2010 I don't believe you need to install EV on the Exch server where the mailbox resides, which used to be the case in 2003. Is this correct?
As far as I'm aware there isn't a requirement to have the EV server on the external facing bit of our network. I thought that only the cas server needed to be there, I could be wrong.
The firewall administrator believes that when I click on the link to open the archived mail in OWA it is openning it on the ev server which will work internally but not from outside. So if the user doesn't vpn into the network they won't be able to retrieve the archived mail. Surely this is contrary to the purpose intended for the OWA Extensions.
11-27-2014 06:17 AM
Your firewall admin is correct if you are trying to open an EV web page, e.g. search or archive explorer, and you will need to arrange for the EV webapps to be published via the firewall.
However, opening items within OWA should work as the extensions on the CAS server talk to the EV server to get the item temporarily restored to the mailbox to view, and the client only talks to the CAS.
Have you updated the ExchangeServers.txt file with the Exchange 2010 IP addresses and rerun OWAUser.wsf?
11-27-2014 06:47 AM
Thanks for replying. The Firewall admin believes that when openning the archived item when you click on
"The archived item is currently unavailable Click here to preview the original item. "
it goes to the EV server which isn't available outside of our internal network
I've attempted many times to edit the ExchangeServers.txt and run the owauser.wsf file, but it isn't having the desired effect.
In this file I've placed IP addresses for the CAS server ,the Exchange server and the reverse proxy server.
11-27-2014 07:02 AM
The preview is an EV web page, so the firewall will be blocking that too.
So you have two issues:
1. The item is unavailable.
2. The firewall is blocking traffic to EV.
Your firewall admin can create a rule to fix the second.
For the first, please turn on logging in the OWA extensions and look at the request which is trying to restore the item.
You can turn on logging via the OWA web.config file found in somewhere like this: C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa. There will be an existing setting in there for EnterpriseVault_LogEnabled. Once you've set it to true, any new OWA sessions will be logged to C:\Program Files\Enterprise Vault\OWA 2010\logs.
11-27-2014 07:10 AM
Taken from log on cas server
Redirecting client to: http://<hostname>/EnterpriseVault/Viewmessage.asp?vaultid=1D32A1CA66F15AA41BB1F4385999B84CE1110000ev...
11-27-2014 07:14 AM
Taken from log
27/11/2014 15:07:24 [4456,11] Request processing started
27/11/2014 15:07:24 [4456,11] Url: https://<exchange url>/owa/forms/premium/SubPageContainer.aspx?ae=Item&a=Open&t=ipm.note.enterprisev...
27/11/2014 15:07:24 [4456,11] RawUrl: /owa/?ae=Item&a=Open&t=ipm.note.enterprisevault.shortcut&id=RgAAAACQ7PneI6cDRY69oFVIMntxBwBBJ8StQ0f%2bQpT6Jk8tJMrzAAAC2LXqAAC%2bnj%2bnlqKZT41IZWVBFUVRAAAMukA6AAAJ&EVItemUnavailable=1&EVReason=403+Forbidden
27/11/2014 15:07:24 [4456,11] Query String parameters:
27/11/2014 15:07:24 [4456,11] ae: Item
27/11/2014 15:07:24 [4456,11] a: Open
27/11/2014 15:07:24 [4456,11] t: ipm.note.enterprisevault.shortcut
27/11/2014 15:07:24 [4456,11] id: RgAAAACQ7PneI6cDRY69oFVIMntxBwBBJ8StQ0f+QpT6Jk8tJMrzAAAC2LXqAAC+nj+nlqKZT41IZWVBFUVRAAAMukA6AAAJ
27/11/2014 15:07:24 [4456,11] EVItemUnavailable: 1
27/11/2014 15:07:24 [4456,11] EVReason: 403 Forbidden
27/11/2014 15:07:24 [4456,11] subpage: ReadMessage.ascx
11-27-2014 08:42 AM
That's almost certainly the IP address restrictions on the EVAnon virtual directory on your EV server. You'll probably find it's using an IPv6 address.
Check the IIS log on the EV server and look for the client address and status code 403 6 for requests to EVAnon.
11-27-2014 09:35 AM
I'm not sure the IIS log is telling me anything, taken from
C:\Inetpub\logs\LogFiles\W3SVC1
2014-11-27 17:28:03 <ev server>GET /EnterpriseVault/Viewmessage.asp vaultid=1D32A1CA66F15AA41BB1F4385999B84CE1110000evsvr&savesetid=201304045103098~201301032346320000~Z~C13443D62979FE96C3AEC9699781C151&OWA2007=1&OWA2007Url=https%3a%2f%2fexchange.npl.co.uk%2fowa%2f 80 <domain>\<user> <IP ADDRESS> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/6.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E) 200 0 0 21684
11-27-2014 09:47 AM
That's the preview request to "EnterpriseVault". That comes direct from the client.
You need to look at the entries that are "GET /EVAnon/Restoreo2k.asp" that come from the OWA extensions.
11-28-2014 01:50 AM
Any idea why this IP address is showing in this format?
2014-11-28 06:56:32 2002:8b8f:123::8b8f:123 GET /EVAnon/restoreo2k.asp vaultid=1D32A1CA66F15AA41BB1F4385999B84CE1110000evsvr&savesetid=201311134373775~20
I took this from IIS logs on the ev server
11-28-2014 02:10 AM
It's an IP v6 address, which I suspect you haven't added into the ExchangeServers.txt file, and so is being blocked, hence the 403 error. You haven't posted it above, but you 'll probably see "403 6" towards the end of that line in the log file, which means the IP address is blocked.
In which case, add that address the ExchangeServers.txt file and rerun OWAUser.wsf.
11-28-2014 02:20 AM
Ok thanks for that, however it appears to be the ip address of the ev server itself?
12-02-2014 08:07 AM
In the end I reluctantly added the IP addresses of the reverse proxy server and cas server directly using IIS manager. This despite all of the advice to add to ExchangeServers.txt and run owauser.wsf.
For some reason this time it worked.
12-02-2014 08:21 AM
Unless the reverse proxy is between the CAS and EV then you shouldn't need the IP address of the reverse proxy.
If you ever need to run OwaUser.wsf again though, you'll need to also check in IIS manager that the settings are what you want them to be.
Glad you've got it working!