08-01-2011 05:54 AM
We had an instance during the pilot of Evault where it archived a RMS (Microsoft Windows Rights Management Services ) protected email. The original email was replaced with a stub that says "You have received a message with restricted permission. Open this item to read its content. If you are not running an e-mail application that supports messages with restricted permission, such as Microsoft Office 2003 or 2007, you can view..." and added a "message.rpmsg" attachment. The user, which happens to be our senior IT director, was unable to open original message through his Outlook 2010 client. He had to install an additional plugin to view the message. With other users, they double-click the RMS message, get prompted with the credentials for RMS once and they can view the email immediately. They are not prompted for their RMS credentials again. I couldn't find any documentation on RMS and Evault...Any help is appreciated.
Solved! Go to Solution.
08-17-2011 02:21 AM
I *could* be wrong, but it might be that it's trying to get the item back out of Vault Cache, but the item isn't there, so just the shortcut is being displayed. (It *should* download the item from the EV server, in this situation, but maybe it's not)
Or.. maybe the item in the vault cache is the pending item... hmm.. interesting :)
Is there anyway that you could retest (I know.. I'm getting boring now!) with OVEnabled = 0 in the client registry key, which should stop Vault Cache from being in the way. This will mean, temporarily, that we'll always go to the EV server for the data.
With regards to setting the key, have a look under HKEY_CURRENT_USER\Software\KVS\Enterprise Vault\Client. If it's not there, have a look under the Store key, which has a GUID looking key name. Look in there, and if OVEnabled is present it'll be set to 1, change that to 0.. and restart Outlook.
08-01-2011 07:27 AM
Has the user received any other encrypted email, and if so could they open it? Outlook requires that the RMS AD template be added to be able to decrypt the email. Possibly somewhere in the installation of the EV client extensions the RMS template was disabled.
08-01-2011 09:45 AM
Yes user has received encrypted mail before, he was able to open message prior to it being archived. Where can I check to see if RMS template was disabled?
08-01-2011 12:44 PM
User had to install Rights Management Add-on for Internet Explorer in order to view the "message.rpmsg" attachment.
08-05-2011 08:15 AM
I got clarification from user. The sender had used Outlook's "Do not Forward" permission prior to sending the protected email. The message class is ipm.note, so it got archived. Is there a way to bypass these types of messages from being archived?
08-05-2011 08:45 AM
I'm confused. Why do you want them to not get archived?
08-05-2011 09:17 AM
I want users to be able to view original content within Outlook, not install additional software on their internet explorer in order to view it. Its going to cause some confusion and it wont be as seemeless as other emails that are archived...know what I mean?
08-05-2011 10:32 AM
This something I've not got setup.. but let me try to see what it is you're seeing.
On regular non-archived items, everything is good? Double clicking one of those in Outlook shows the item properly?
On archived items, everything is good, unless the underlying was an RMS protected item? What happens when you double click one of those?
08-05-2011 01:26 PM
Double-clicking on an archived message, works fine. To reproduce, create a new email in Outlook, use the "Do not forward" permission and send it to yourself, eventually that message will get archived by enterprise vault. Our current configuration is set to delete the original item and replaced with a shortcut after backup. If you double click the shortcut to open original email, you only get body content that says "You have received a message with restricted permission. Open this item to read its content. If you are not running an e-mail application that supports messages with restricted permission, such as Microsoft Office 2003 or 2007, you can view..." and has an attachment link to a "message.rpmsg" attachment. You are not able to open original email content. This is not using RMS, but rather Outlook's out of the box configurations to restrict permissions on viewing email.
08-10-2011 05:37 AM
Having battled for a while to get my (virtual) machines to correctly talk to the internet, I've reproduced the following :
Here is a regular message, with Outlook's Windows Rights Management (via my Windows Live ID) :
Obviously double clicking on that non-archived item, Outlook needs to go and do it's "thing" to validate the Rights.. but the item opens up nicely :
All good to there, right?
You can also see in the first screenshot, a second message which I've archived manually. When I look at that item we see :
When you double click on that item, it should be correctly retrieved from the vault... just like before :
So.. that's what you should see.
Of course there might be an intermediate stage, when the item is "pending archive" :
When you open that item, you get what's there in that right hand pane. That is unavoidable. As soon as your item turns fully archived (eg after a vault store backup, or if you vault store safety copy is set to "immediately after archive" - recommend the former, not the latter for obvious reasons) then it will be as before.
So what of this is it that you are seeing?
08-10-2011 06:59 AM
Thanks for testing Rob. Issue seems to be when Evault archives items after backup (safe copy enabled). Evault does the archiving, deletes original item and replaces with the stub (view contents is enabled), user can't open and view messge when double-clicking it. The last image in post is exact message in stub, if your user double-clicks, then they see error attached.
08-10-2011 07:24 AM
So when the item is fully archived, like in your screenshot, double clicking on it, should retrieve the archived item, and it should open properly.
Next steps would be :-
a/ A client trace showing what happens when you double click on a fully archived item.
08-10-2011 11:24 AM
File
08-10-2011 01:40 PM
hmm I can't work it out from that trace.
Can you set OVEnabled to 0 in the registry, which will disable Vault Cache. And then do a client trace of :-
a/ Open Outlook, wait 2-3 minutes, double click on a NORMAL archived item, not one protected by RMS.
b/ Wait 2-3 more minutes, and double click on an archived item that is protected by RMS.
In your client trace I do not see ANY :-
08-12-2011 11:20 AM
We opened about 3 good ones - normal emails, one bad rms email (archived by server), one good rms email(manually archived)
08-13-2011 11:55 PM
I see 6 references to CStore::OpenShortcut in that trace... which is good. What I can't tell is which is the bad one. Can you do seperate traces of :-
a/ A fully archived RMS message
b/ A full archived normal (non-RMS) message
Also it wasn't clear before.. you're saying *some* of these messages do open and others don't?
By fully archived what I mean is ones which have changed to a shortcut - not a pending shortcut. The pending ones we can't do anything about .. they need to go through the full process to turn to a full shortcut, and then they should be retrievable.
In addition, since you're saying you see a difference in behaviour manually archived RMS messages, and server archived RMS message.. I'll give that a quick test on Monday.
If you can summarise which ones work, and which don't that might help.
08-16-2011 04:35 PM
Bad one, double-clicking doesn't open original item.
08-16-2011 04:40 PM
Good one, opens just fine. Store vault was used to archive this email.
08-16-2011 04:42 PM
Normal email, no special permissions.
08-17-2011 02:21 AM
I *could* be wrong, but it might be that it's trying to get the item back out of Vault Cache, but the item isn't there, so just the shortcut is being displayed. (It *should* download the item from the EV server, in this situation, but maybe it's not)
Or.. maybe the item in the vault cache is the pending item... hmm.. interesting :)
Is there anyway that you could retest (I know.. I'm getting boring now!) with OVEnabled = 0 in the client registry key, which should stop Vault Cache from being in the way. This will mean, temporarily, that we'll always go to the EV server for the data.
With regards to setting the key, have a look under HKEY_CURRENT_USER\Software\KVS\Enterprise Vault\Client. If it's not there, have a look under the Store key, which has a GUID looking key name. Look in there, and if OVEnabled is present it'll be set to 1, change that to 0.. and restart Outlook.