04-30-2012 04:08 PM
In the doc it states that "If you are running Enterprise Vault on Windows Server 2008, then the following
Role Services must be installed for the Web Server (IIS):
■ IIS Management Scripts and Tools
■ IIS 6 Management Compatibility
■ IP and Domain Restrictions"
Does this mean the roles need to be on the CAS server or Vault Servers?
Also, I see in the logs it is looking for WebDav. Does does the servers need webdav?
I am not using a proxy, and I am on Windows 2008, Exchange 2007 only, CAS servers are seperate from the Mailbox, and EV 10.0
Solved! Go to Solution.
05-02-2012 10:01 AM
Well Archive Explorer is in the left Navigation Pane, so I don't expect a button for that. The Cancel Operation button will only be a menu option in OWA. It is documented in the help under Exchange Desktop Policy: Options.
For the recall issue, you need to gather some logs.
05-02-2012 10:25 AM
Seems like the link you sent is down. However, I did take an OWA extension log. I hope this is what you needed.
A Dtrace came back clean.
EDIT** also permissions on EVANON VD is set correctly and CAS is defined in the IP Add & Domain restrictions with all the CAS servers defined as Allowed.
05-02-2012 10:36 AM
Link works for me, try this one:
Article URL http://www.symantec.com/docs/TECH58865
05-02-2012 10:41 AM
Yep, that's how i got the logs.
05-02-2012 10:51 AM
Well you are getting this:
5/2/2012 11:44:34 AM [3328,21] [RestoreRequest::Send] Exception sending request to restore item: System.Net.WebException: The remote server returned an error: (403) Forbidden. at System.Net.HttpWebRequest.GetResponse()
Which is typically if the CAS server isn't allowed.
Look at the IIS log on the EV Server for the following:
W3SVC1 10.10.10.10 GET /EVAnon/restoreo2k.asp
Do you see that in there?
For the CAS make sure you have every possible IP listed.
Article: TECH56581 | | | Created: 2008-01-06 | | | Updated: 2012-02-23 | | | Article URL http://www.symantec.com/docs/TECH56581 |
05-02-2012 12:10 PM
yes, I do see GET /EVAnon/restoreo2k.asp
The IP is from my client machine where I accessed OWA.
I did everthing the article, and no good. I also deleted the VD and reran the scripts.
I also looked at http://www.symantec.com/business/support/index?page=content&id=TECH51077 with no success.The only thing is I do not see the regkey mentioned in the article...HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\Install\InstallPath. I am on EV 10.0, Server OS is 2008. I do not know if that is also for Win2k8 or just Win2k3
***EDIT****--- I noticed the IP for ET /EVAnon/restoreo2k.asp is my clusterIP for my EV server nodes. Is that OK?
05-02-2012 12:11 PM
Is your clusterIP listed in the Allow list? If not add it.
05-02-2012 12:20 PM
Exchange Cluster...yes
EV cluster...no since the file is for Exchange Servers
Here are my IP:
10.30.11.182 --Exchange Cluster IP
10.30.11.179--Exchange Virtual IP
10.30.11.180 --Exchange Node 1
10.30.11.181--Exchange Node 2
10.60.55.21 --DR Exchange Node
10.30.11.186 --CAS Server1
10.30.11.187----CAS Server2
10.60.55.20----DR CAS Server
05-02-2012 01:56 PM
Ok, so the fact you are seeing the action in the IIS logs on the EV server means the request is getting to EV but as noted by the 403 is being denied access.
As a test remove the restriction for the EV Anon virtual directory.
And just fyi, if you are 64-bit the registry are under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\...
05-02-2012 06:02 PM
Ok, on the EV Server, I removed all the IP Address in IP Addess & Domain restrictions. It is now blank.
I failed over the cluster to second node to restart Admin service. Failed Back and ran the synch task.
I still have the same error;
5/2/2012 8:50:11 PM [3328,7] [ArchiveSettingsRequest::Send] Exception sending request for archive settings: System.Net.WebException: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at Symantec.EnterpriseVault.Owa.EVServerRequests.ArchiveSettingsRequest.Send()
Could it be because; 5/2/2012 8:50:11 PM [3328,7] Authentication type: Basic
Should this be anonymous or IWA?
05-02-2012 07:01 PM
I must have done something wrong. I now removed all IP adresses from the IP Address & Domain Restrictions and I set it by default to allow. Everything works great!
When I add back the CAS servers to allow and set default to deny it fails.
05-02-2012 08:05 PM
OK, I got it to work!!!!!
I found in the EV IIS log, /EVAnon/getarchivesettings.asp which had a 403 error. The funning thing is, the IP associated to this request was from a different IP that was assigned to our OWA website. We have two websites on our CAS server. One is OWA and the other is a different application. For some reason, the other application website is appearing in the IIS logs.
Once I added this second IP it started working!
05-02-2012 08:15 PM
OOps, spoke to soon. Now I can archive and view shortcuts, but when access Archive Explorer or Search Vault I get access denied.
What now?
05-02-2012 08:39 PM
TO get access to the Archive Explorer, if I add the EV server to the IP Address & Domain Restriction Allowed list it works.
However, search archive still fails with Navigation to webpage has been canceled.
EDIT*** it seems internally if i add the EV server IP archive explorer works, but external, it fails with access denied.
05-03-2012 04:33 AM
For Archvie Explorer and Search your client tries to access EV directly so you need to do some configuration to publish the EV server to the clients
When Archive Explorer or archive search is started in an OWA 2007 or 2010 client, the client will attempt to access the Enterprise Vault server directly. If you are using a firewall or ISA Server, you need to ensure that both the Exchange CAS server and Enterprise Vault server Web server URL are published to clients.
For details of how to configure different URLs for internal and external access to Enterprise Vault, see the following technical note on the Symantec Support Web site: http://www.symantec.com/docs/TECH63250.
Also see:
Article: HOWTO59068 | | | Created: 2011-08-27 | | | Updated: 2012-01-26 | | |
Article URL http://www.symantec.com/docs/HOWTO59068 |
Article: HOWTO58379 | | | Created: 2011-08-01 | | | Updated: 2012-03-31 | | | Article URL http://www.symantec.com/docs/HOWTO58379 |
Otherwise, if you don't want to publish EV just modify the policy and remove Archive Explorer and Search from OWA.
05-03-2012 05:01 AM
I do not have a firewall or ISA. When I open the IP Address & Domain Restrictions by granting everyone access, it works fine. Once it is locked down that is when I get a 403 error.
This is all internal to my network trying to access owa.
I am assuming, once I go external it will fail, correct?
05-03-2012 05:48 AM
If you don't publish the EV Server externally Archive Explorer and Search will fail if you are accessing OWA outside of your network.
Some customers I have worked with have just decided to not publish AE and Search. Others set up their Firewall rules and publish it.
05-03-2012 06:38 AM
The problem is, it is not working INTERNALLY via outlook either. This used to work.
05-03-2012 06:42 AM
based on the length of this thread, I think its probably easier and quicker for you to call support, just direct them to this thread so they can see what you've done, what you've tried etc to save yourself time explaining the situation to them
05-03-2012 06:45 AM
I think i might have screwed up my EnterpriseVault permissions in IIS. Should this be IP address & Domain restrictions default deny? Should there be ANY settings on this VD or only on EVANON?