Our end-users use encryption technology to protect their emails\attachments. Before Journal Report will be archived by EV, original encrypted email must be decrypted.
We have dedicated server for journal report decryption process. But, if decryption server is busy (server isn't available, decryption failed, network issue, server overloaded,etc.), then Exchange server keeps journal report up to 3 days, until decryption server is available for processing journal report and decrypt original email. So, in worst case Exchange keeps journal report up to 3 days. After 3 days, regardless of journal report decryption process (was original email decrypted or not), journal report goes to journal mailbox for further archiving with EV.
During these possible 3 days delay, operator can see delayed journal report with Exchange Message Queue console.
Operator can see Journal Report message-ID, but not an attached (original email) message-ID. Surely operator has no rights to see original email message ID.
IDEA: Operator see that journal report is 3 days in queue because of failed decryption. He hands over Journal Report Message ID information (as the only one available for him information) to e-discovery team. Discovery team, based on Journal Report Message ID do a search and retrieve message from archive for further manual decryption.
Would it be possible to retrieve email from EV archive using Journal Report Message ID?
P.S.: Sorry, experience troubles with inserting pictures into this forum. Can't attach any print screens.
Thanks for assist.
what version of EV are you using? check out the example in this article. you may need to make a tiny adjustment to your search term if you're using 64bit indexes
|Article:TECH209912|||||Created: 2013-08-23|||||Updated: 2014-05-19|||||Article URL http://www.symantec.com/docs/TECH209912|
Hi AndrewB. Thanks for you response.
My EV is version 9, x32.
Unfortunately approach by using advanced search and IDEN attribute doesn't work for me.
I see that journal email and original email (from journal attachment) have also different suffixes:
In my case original email:
So, advanced searching is completed successfully in case of using B3D4B9E250904A4792A73C361CA667FEB2A663D6@mydomain.local as a value for IDEN attribute.
But searching brings no result in case of using