I'm having connection issues with archiving / retrieval tasks.
2 EV servers (both clustered active/passive failover) version 11.0.1 / Outlook 2013 SP1
12 Exchange 2013 CU5 nodes (DAG) + 4 CAS servers that actually handles the connections to the 12 mail server nodes.
Each EV server handles 6 exchange mail nodes archiving tasks
1# EV server handles also storage and indexing alone, the 2# EV servers has been added purely to handle the archiving tasks (thread account restriction reasons)
In article http://www.symantec.com/docs/TECH198553
(I know it's about exchange version previous than 2013 CU1 and should not concerne our environmeant) BUT at the bottom of that article is section:
Configure each Exchange archiving task to run under a different user. This means that the 32 MAPI session store limit per user should not be reached because each task has its own 32 session limit, rather than sharing a single 32 session limit.
Do you think doing that would have any benefits at all? And if it is something to try, can the Log in account be same as system mailbox account or does it need to be separate account? What additional permissions would the system mailboxes need if those can be used here?
Solved! Go to Solution.
Each exchange server in the other site/domain should have its own system mailbox
and the EVAdmin in the other domain should have its own user and have the permissions and throttling scripts run against it.
All the steps that you listed above would work
so you would have something like
- Has a mailbox hosted on an exchange server in domaina.internal.dom
- Permission and throttling powershell scripts run against firstname.lastname@example.org
- All EV Services and tasks run under this account
-> exchange1.domaina.internal.dom -> smtp:email@example.com
-> exchange2.domaina.internal.dom -> smtp:firstname.lastname@example.org
-> exchange3.domaina.internal.dom -> smtp:email@example.com
- Has a mailbox hosted on an exchange server in domainb.internal.dom
- Permission and throttling powershell scripts run against firstname.lastname@example.org
- Only Tasks that target Exchange servers in DomainB.internal.dom will use this account
-> exchange4.domainb.internal.dom -> smtp:email@example.com
-> exchange5.domainb.internal.dom -> smtp:firstname.lastname@example.org
-> exchange6.domainb.itnernal.dom -> smtp:email@example.com
DOMAINB should be given local admin access on the EVServer
It should be logged on to, and make sure a valid Outlook profile is created, check to make sure you can logon to any mailbox in DomainB without being prompted for a username and password
You should probably add DOMAINB\EVAdmin2 to the Power Users group via the Authorization manager in the VAC, and also you should probably set DS Server to use GC://exchangeCAS.domainb.internal.dom
so that when it does GC lookups and mapi profiles for domainB using the EVAdmin2 , it goes against the CAS servers in the other site/domaine tc
Thank you for your reply.
All of the EV servers and exchange servers are in the same domain. The question is can the system mailbox be used as service account for each task as well as a sysmbox account or will it somehow mess things up for the system...?
Yeah I know it's not ideal in any way to use the sysmbox accounts as Log in accounts for the tasks (Would not be same as VAC though 'cause those would only have the exchange rights through the Auth manager).
Was just wondering if this account per task was something to try and not wanting to create 12 new accounts just for this experiment...
The connectivity / task issues has been under investigation from ever since the exchange was updated to 2013 version over a year ago... Been investigating the problem with all sorts of symantec and microsoft specialists but no fault has been found yet... just bunch of system behavioral problems that seem to be the after math from the real problem... (which have not been determined).
But thank you for your input I'll keep looking into the problem.