cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Problem accessing EV Archives through Juniper SSL VPN via WSAM

Go to solution
tommcg
Level 2

‎01-09-2009 08:56 AM

Enterprise Vault V 7.5 for Exchange installed. It is working well internally.
When users access the network through Juniper SSL VPN via the Juniper WSAM they
are not able to open archived messages from the Outlook client. Also cannot open the Archive Explorer. Page Not Found.
The EV server IP and FQDN have been added to the WSAM resource profile.
The WSAM debug log shows the host name can be resolved but the connection drops immediately.
Wondering if anyone has run across this issue with EV and Juniper SSL VPN when using WSAM?
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
tommcg
Level 2

‎01-16-2009 03:13 PM

Worked through the issue with Juniper and Symantec support. Problem is due to WSAM does not support Kerberos authentication. Workaround is unchecking Enable Integrated Windows Authentication under Internet Options ; Advanced.

After appying that change is seems to work fine. Need to do further testing but this looks like a good solution so far.

View solution in original post

0 Kudos
11 REPLIES 11

Go to solution
jimbo2
Level 6
Partner

‎01-09-2009 10:54 AM

Try this command from the DOS prompt:

 

telnet EVSERVERNAME 80

 

Does the DOS prompt hang (If so a TCP connection is made to the Web server TYPE "get" then hit enter.

An error from the Web server should return.

 

If you receive and error then what is the error?

0 Kudos

Go to solution
tommcg
Level 2

‎01-09-2009 11:32 AM

the error received was:

 

HTTP/1.1 400 Bad Request

Content-Type: text/html

Date: Fri, 09 Jan 2009 19:26:54 GMT

Connection: close

Content-Lenth: 35

<h1>Bad Request (Invalid Verb)</h1>

0 Kudos

Go to solution
jimbo2
Level 6
Partner

‎01-09-2009 11:37 AM

So you can access the Web server.

 

type:

 

HTTP://VAULTSERVERNAME/EnterpriseVault/Search.asp

 

where VAULTSERVERNAME is your vault server name.

0 Kudos

Go to solution
jimbo2
Level 6
Partner

‎01-09-2009 11:37 AM

last note USE IE
0 Kudos

Go to solution
tommcg
Level 2

‎01-09-2009 01:05 PM

Entered the URL in IE, but received the page not found message

In the detailed debug log for WSAM, the entry is 

connecting to evserver1:80...

server disconnected from host evserver1:80...

 

 

0 Kudos

Go to solution
Jason_G
Level 4
Certified

‎01-09-2009 06:05 PM

Do you actually see the EV icons in the toolbar?  We had a similar problem using Microsoft IAG (formerly known as eGap Whale Communications - we had to amend our EVShared.js file under the EVGETROOT function which allowed passthrough of the correct URL as the 'Whale box' was changing the URL by wrapping its own bits around the original URL needed/used

 

Not sure if this helps but thought I'd mention it - when we investigated this we came across a known issue regarding Juniper and I'm sure we saw an kb article about from Symantec..

 

Hope this helps..

0 Kudos

Go to solution
Steve_C_Blair
Level 4
Employee

‎01-11-2009 03:53 PM

Tom,

 

This sounds an awful lot like some kind of port filtering is in effect. I know plenty of customers using the Cisco VPN tool with no worries, and that should be some indication of something odd with your Juniper setup. If you do a tracert to the EV server do you get there? If you check and see if you have an TCP route for 0.0.0.0 to the VPN interface which is what the Cisco VPN does, it routes ALL traffic into the VPN tunnel.

 

I'd have a word with your network team, clearly VPN's are pretty normal stuff these days. You could also check your IIS logs and see if the client are actually reaching the server, but my bet's on the VPN doing some port filtering. EV will expect "normal IETF RFC compliant ports" and not PAT (Port Address Translation) which can sometimes be problematic for ANY application.

 

Hope this helps!

0 Kudos

Go to solution
jimbo2
Level 6
Partner

‎01-12-2009 03:40 AM

I do not think this is port filtering.

 

He can connect to the Web server with command line but not with the browser.

 

Clear your browser proxy settings and try to connect with the browser.

 

Check netstat with the browser running and verify where it is attempting to connect to.

0 Kudos

Go to solution
Jason_G
Level 4
Certified

‎01-12-2009 05:39 AM

Sorry, my reply earleir was in reference to EV via OWA - should have read the post properly!
Message Edited by Jason_G on 01-12-2009 01:40 PM
0 Kudos

Go to solution
tommcg
Level 2

‎01-16-2009 03:13 PM

Worked through the issue with Juniper and Symantec support. Problem is due to WSAM does not support Kerberos authentication. Workaround is unchecking Enable Integrated Windows Authentication under Internet Options ; Advanced.

After appying that change is seems to work fine. Need to do further testing but this looks like a good solution so far.

0 Kudos

Go to solution
EV_Guru
Level 4
Partner

‎01-17-2009 01:41 AM

You also can check if the required ports for EV are open at Juniper SSL VPN, you will find the required ports in the EV documentation. Additional try if the client can contact the EVServer Name over DNS mechanism...

 

 

_________________

 

www.longerich.com

 

0 Kudos