cancel
Showing results for 
Search instead for 
Did you mean: 

Possible to configure each Exchange archiving task to run under a different (system mailbox?) user

Sani_B
Level 6
Partner Accredited

Hi,

I'm having connection issues with archiving / retrieval tasks.

Environmeant:

2 EV servers (both clustered active/passive failover) version 11.0.1 / Outlook 2013 SP1

12 Exchange 2013 CU5 nodes (DAG) + 4 CAS servers that actually handles the connections to the 12 mail server nodes.

Each EV server handles 6 exchange mail nodes archiving tasks

1# EV server handles also storage and indexing alone, the 2# EV servers has been added purely to handle the archiving tasks (thread account restriction reasons)

In article  http://www.symantec.com/docs/TECH198553

(I know it's about exchange version previous than 2013 CU1 and should not concerne our environmeant) BUT at the bottom of that article is section:

Option 2


Configure each Exchange archiving task to run under a different user. This means that the 32 MAPI session store limit per user should not be reached because each task has its own 32 session limit, rather than sharing a single 32 session limit.

 

  1. Stop all Exchange archiving tasks.
     
  2. For each Exchange archiving, mailbox, journal, and public folder task, create a new user with an Exchange mailbox.
     
  3. Grant each user the required Enterprise Vault and Exchange Server permissions using the Enterprise Vault documentation.
     
  4. Go to the each Exchange archiving task's Log on tab.
     
  5. Click Use this account.
     
  6. Enter the newly user account to be used with the task.
     
  7. Enter the password for the user account.
     
  8. Click OK to commit the task properties changes.
     
  9. Restart the Exchange archiving tasks.

 

Do you think doing that would have any benefits at all? And if it is something to try, can the Log in account be same as system mailbox account or does it need to be separate account? What additional permissions would the system mailboxes need if those can be used here?

 

Sani B.

1 ACCEPTED SOLUTION

Accepted Solutions

JesusWept3
Level 6
Partner Accredited Certified
I'm pretty sure I tried it with ev11 and it just stops the tasks Other than that, you're best off concentrating on and fixing connectivity issues rather than complicating the set up
https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

5 REPLIES 5

JesusWept3
Level 6
Partner Accredited Certified

Each exchange server in the other site/domain should have its own system mailbox
and the EVAdmin in the other domain should have its own user and have the permissions and throttling scripts run against it.

All the steps that you listed above would work

so you would have something like


DOMAINA\EVAdmin (evadmin@internal.dom)
 - Has a mailbox hosted on an exchange server in domaina.internal.dom
 - Permission and throttling powershell scripts run against evadmin@internal.dom 
 - All EV Services and tasks run under this account

 -> exchange1.domaina.internal.dom -> smtp:exchange1-evsysmbx@internal.dom
 -> exchange2.domaina.internal.dom -> smtp:exchange2-evsysmbx@internal.dom
 -> exchange3.domaina.internal.dom -> smtp:exchange3-evsysmbx@internal.dom

DOMAINB\EVAdmin2 (evadmin2@internal.dom)
 - Has a mailbox hosted on an exchange server in domainb.internal.dom
 - Permission and throttling powershell scripts run against evadmin2@internal.dom
 - Only Tasks that target Exchange servers in DomainB.internal.dom will use this account

 -> exchange4.domainb.internal.dom -> smtp:exchange4-sysmbx@internal.dom
 -> exchange5.domainb.internal.dom -> smtp:exchange5-sysmbx@internal.dom
 -> exchange6.domainb.itnernal.dom -> smtp:exchange6-sysmbx@internal.dom

DOMAINB should be given local admin access on the EVServer
It should be logged on to, and make sure a valid Outlook profile is created, check to make sure you can logon to any mailbox in DomainB without being prompted for a username and password

You should probably add DOMAINB\EVAdmin2 to the Power Users group via the Authorization manager in the VAC, and also you should probably set DS Server to use GC://exchangeCAS.domainb.internal.dom
so that when it does GC lookups and mapi profiles for domainB using the EVAdmin2 , it goes against the CAS servers in the other site/domaine tc

 

https://www.linkedin.com/in/alex-allen-turl-07370146

Sani_B
Level 6
Partner Accredited

Thank you for your reply.

All of the EV servers and exchange servers are in the same domain. The question is can the system mailbox be used as service account for each task as well as a sysmbox account or will it somehow mess things up for the system...?

 

Sani B.

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

It might be possible but it would not be recommended..  

http://www.symantec.com/docs/TECH76700 explains that they are supposed to be different accounts.

JesusWept3
Level 6
Partner Accredited Certified
I'm pretty sure I tried it with ev11 and it just stops the tasks Other than that, you're best off concentrating on and fixing connectivity issues rather than complicating the set up
https://www.linkedin.com/in/alex-allen-turl-07370146

Sani_B
Level 6
Partner Accredited

Yeah I know it's not ideal in any way to use the sysmbox accounts as Log in accounts for the tasks (Would not be same as VAC though 'cause those would only have the exchange rights through the Auth manager).

Was just wondering if this account per task was something to try and not wanting to create 12 new accounts just for this experiment...

The connectivity / task issues has been under investigation from ever since the exchange was updated to 2013 version over a year ago... Been investigating the problem with all sorts of symantec and microsoft specialists but no fault has been found yet... just bunch of system behavioral problems that seem to be the after math from the real problem... (which have not been determined).

 

But thank you for your input I'll keep looking into the problem.

 

Sani B.