Seems like the link you sent is down. However, I did take an OWA extension log. I hope this is what you needed.

A Dtrace came back clean.

EDIT** also permissions on EVANON VD is set correctly and CAS is defined in the IP Add & Domain restrictions with all the CAS servers defined as Allowed.

Link works for me, try this one:

Article URL http://www.symantec.com/docs/TECH58865

Yep, that's how i got the logs.

Well you are getting this:

5/2/2012 11:44:34 AM [3328,21] [RestoreRequest::Send] Exception sending request to restore item: System.Net.WebException: The remote server returned an error: (403) Forbidden.
   at System.Net.HttpWebRequest.GetResponse()

Which is typically if the CAS server isn't allowed.

Look at the IIS log on the EV Server for the following:

W3SVC1 10.10.10.10 GET /EVAnon/restoreo2k.asp

Do you see that in there?

For the CAS make sure you have every possible IP listed.

Unable to open archived items through Outlook Web Access (OWA) generates the error 'The archived item is currently unavailable'.

yes, I do see GET /EVAnon/restoreo2k.asp

The IP is from my client machine where I accessed OWA.

I did everthing the article, and no good. I also deleted the VD and reran the scripts.

I also looked at http://www.symantec.com/business/support/index?page=content&id=TECH51077   with no success.The only thing is I do not see the regkey mentioned in the article...HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\Install\InstallPath. I  am on EV 10.0, Server OS is 2008. I do not know if that is also for Win2k8 or just Win2k3

***EDIT****--- I noticed the IP for ET /EVAnon/restoreo2k.asp  is my clusterIP for my EV server nodes.  Is that OK?

Is your clusterIP listed in the Allow list?  If not add it.

Exchange Cluster...yes

EV cluster...no since the file is for Exchange Servers

Here are my IP:

10.30.11.182 --Exchange Cluster IP
10.30.11.179--Exchange Virtual IP
10.30.11.180 --Exchange Node 1
10.30.11.181--Exchange Node 2
10.60.55.21 --DR Exchange Node
10.30.11.186 --CAS Server1
10.30.11.187----CAS Server2
10.60.55.20----DR CAS Server
 

Ok, so the fact you are seeing the action in the IIS logs on the EV server means the request is getting to EV but as noted by the 403 is being denied access.

As a test remove the restriction for the EV Anon virtual directory.

And just fyi, if you are 64-bit the registry are under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\...

Ok, on the EV Server, I removed all the IP Address in IP Addess & Domain restrictions. It is now blank.

I failed over the cluster to second node to restart Admin service. Failed Back and ran the synch task.

I still have the same error;

5/2/2012 8:50:11 PM [3328,7] [ArchiveSettingsRequest::Send] Exception sending request for archive settings: System.Net.WebException: The remote server returned an error: (403) Forbidden.
   at System.Net.HttpWebRequest.GetResponse()
   at Symantec.EnterpriseVault.Owa.EVServerRequests.ArchiveSettingsRequest.Send()
 

Could it be because; 5/2/2012 8:50:11 PM [3328,7]     Authentication type: Basic

Should this be anonymous or IWA?

I must have done something wrong.  I now removed all IP adresses from the IP Address & Domain Restrictions and I set it by default to allow. Everything works great!

When I add back the CAS servers to allow and set default to deny it fails.

OK, I got it to work!!!!!

I found in the EV IIS log, /EVAnon/getarchivesettings.asp which had a 403 error. The funning thing is, the IP associated to this request was from a different IP that was assigned to our OWA website. We have two websites on our CAS server. One is OWA and the other is a different application. For some reason, the other application website is appearing in the IIS logs.

Once I added this second IP it started working!

OOps, spoke to soon. Now I can archive and view shortcuts, but when access Archive Explorer or Search Vault I get access denied.

What now?

TO get access to the Archive Explorer, if I add the EV server to the IP Address & Domain Restriction Allowed list it works.

However, search archive still fails with Navigation to webpage has been canceled.

EDIT*** it seems internally if i add the EV server IP archive explorer works, but external, it fails with access denied.

I do not have a firewall or ISA.  When I open the IP Address & Domain Restrictions by granting everyone access, it works fine. Once it is locked down that is when I get a 403 error.

This is all internal to my network trying to access owa.

I am assuming, once I go external it will fail, correct?

If you don't publish the EV Server externally Archive Explorer and Search will fail if you are accessing OWA outside of your network.

Some customers I have worked with have just decided to not publish AE and Search.  Others set up their Firewall rules and publish it.

The problem is, it is not working INTERNALLY via outlook either. This used to work.

based on the length of this thread, I think its probably easier and quicker for you to call support, just direct them to this thread so they can see what you've done, what you've tried etc to save yourself time explaining the situation to them

I think i might have screwed up my EnterpriseVault permissions in IIS. Should this be IP address & Domain restrictions default deny? Should there be ANY settings on this VD or only on EVANON?