cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Exchange archive folders loosing permissions

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎06-11-2015 07:08 AM

Hello, 

a customer is having the problem that sometimes some of the exchange archives are loosing the inherited folder permissions from exchange. Synchronization takes place at 12 am and 12 pm. From what I understand the folder hierarchy and permissions should be synchronized on an exchange mailbox archiving task Run which is scheduled between 3 and 7 am. Am I right here? 

So the normal synchronization at 12 am and 12 pm should not be respsonsible for the loose of the permissions. 

We tried tracing the archiving task and it shows:

{CFolderHelper::GetFolderSettings:#1192} Synchronising folder permissions for folder [Posteingang]

....

{CSynchHelper::SynchroniseFolderPermissions:#1054} (Posteingang) - add permissions to dacl

....

CSynchHelper::APTEVD(Posteingang) - Adding SID [<SID>] to Security Descriptor, Grant Mask = 0x0000007F, Deny Mask = 0x0000000

....

{CSynchHelper::SynchroniseFolderPermissions:#1094} (Posteingang) - Set the dacl in the security descriptor

{CSynchHelper::SynchroniseFolderPermissions:#1106} (Posteingang) - Calling UpdateArchive as it has changed from the copy stored in the database

 

Does this mean that the archiving tasks detects that permissions have changed? 

If this is the case - What could have changed the permissions on the folders in the archive? Nothing has changed on exchange side. 

Is this a common problem or does anyone know how to investigate further on this? 

Enterprise Vault version is 11.0.1.3474

 

Regards

Marc 

 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions

Go to solution
Ben_Watts
Level 6
Employee Accredited

‎06-12-2015 07:27 AM

I would hazard a guess and say that it is connectivity being broken during the operation somewhere along the line, being that unpredictable points along that path to me.

Try hardcoding a GC into the mix on the EV Server to see if that helps.

 

View solution in original post

0 Kudos

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎11-01-2015 11:46 PM

Just to close this. 

Not sure which step exactly solved this but we hardcoded the gc in the vac as mentioned by Ben and entered the exchange 2013 (my fault, I thought it was 2010) connection point.

The problem reoccured a few weeks after we entered the gc so we added the exchange 2013 connection point also. 

 

We made these last changes about 3 months ago and it didn't reoccur. 

 

 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
Ben_Watts
Level 6
Employee Accredited

‎06-12-2015 12:25 AM

You are right that the perms are synced during the Archiving run but you can also sync perms on a manual Sync of the mailbox via the properties of the Task - Sync tab.

How often do the perms get stripped?

Is it all mailboxes when it does happen or just some?

Do you have a NLB in the mix anywhere? (Reason I ask is that it has been seen where NLB have helped to cause issues like this in the past at times)

 

0 Kudos

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎06-12-2015 07:14 AM

It's varying. Sometimes there weren't any permission problems for days and sometimes it was one after the other day. 

Customer uses a single multirole exchange 2010 system without a nlb. 

 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
0 Kudos

Go to solution
Ben_Watts
Level 6
Employee Accredited

‎06-12-2015 07:27 AM

I would hazard a guess and say that it is connectivity being broken during the operation somewhere along the line, being that unpredictable points along that path to me.

Try hardcoding a GC into the mix on the EV Server to see if that helps.

 

0 Kudos

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎06-16-2015 12:34 AM

I've checked the environment again. GC is not hardcoded in VAC and DS Server or Closest GC are not set in the registry. 

I will give it a try and enter the GC in der Vault Admin Console. 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
0 Kudos

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎07-01-2015 01:08 AM

Hello Ben,

I just want to give you an update on this. Since hardcoding the gc in vac everything is fine.

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
0 Kudos

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎07-20-2015 05:04 AM

Hello Ben, 

after some weeks without problems the error now reoccured. 

Do you have further ideas or other troubleshooting steps? 

 

 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
0 Kudos

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎11-01-2015 11:46 PM

Just to close this. 

Not sure which step exactly solved this but we hardcoded the gc in the vac as mentioned by Ben and entered the exchange 2013 (my fault, I thought it was 2010) connection point.

The problem reoccured a few weeks after we entered the gc so we added the exchange 2013 connection point also. 

 

We made these last changes about 3 months ago and it didn't reoccur. 

 

 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
0 Kudos

Go to solution
JimmyNeutron
Level 6
Partner Accredited

‎11-02-2015 10:00 PM

What does your Mailbox policy - Advanced setting - Inherited Permissions show? Is it set to inherit permissions from Exchange?

You also might want to start off by using PermissionBrowser.exe to begin analysing the permissions inherited on all your archvies.

0 Kudos

Go to solution
Ben_Watts
Level 6
Employee Accredited

‎11-03-2015 01:13 AM

I would mark this/your answer as the solution personally, sounds like it was a mixture of things but basically down to communication to the GC at the end of the day.

 

Thanks for updating us Marc, could be handy for others in the future.

0 Kudos

Go to solution
Marcde
Moderator
Moderator
Partner    VIP    Accredited

‎11-03-2015 02:19 AM

I don't have access to the environment any longer.

We used PermissionBrowser to analyze this. 

 

As I said I think this one is solved. 

PMCS GmbH & Co. KG - A Serviceware Company
www.serviceware.de
0 Kudos

Go to solution
JimmyNeutron
Level 6
Partner Accredited

‎11-03-2015 05:51 AM

Kindly mark the solution
0 Kudos