cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Security problem for restore and archive explorer problem

Jason_Mok
Level 3

‎12-04-2005 08:22 PM

Hi ,



As the scenario, have two domain in this site , one is Win NT4 domain, and the second one is Win2K AD, NT4 domain have a one-way trust to Win2K, all of user account use clonepr(ADMT) to clone SID from NT4 to Win2K, all of the user right are same between them. EV Server and all of user are stand in Win2K Domain, Exchange5.5 is stand in WinNT domain.

Problem: user cannot restore after search, I discover that we must add the user in local admin group(EV machine) and restart the task controller service, it will be normal, but it may be have security issue, pls advise how to do

Another problem, user cannot use archive explorer to restore, only service account can to do it. It may prompt the error
"Fail to copy item,
Reason : cannot log on, Incorrect server or mailbox.
Click "OK"to continue or "cancel" to stop the operation

Pls advise how to do

Best regards

Jason
0 Kudos
7 REPLIES 7

Aaron_Mears
Level 4
Employee Accredited Certified

‎12-05-2005 08:04 AM

Where does the EV Service Account reside and what rights does the EV Service Account have to the other domain?

Have you tried explicitly adding Win2K users to the Archive permissions from the Exch 5.5 server mailbox (in EV)

Aaron
0 Kudos

Michael_Bilsbor
Level 6
Accredited

‎12-05-2005 08:05 AM

Hi,

You need to ensure that the user doing the restore has sufficient permissions to write back to the mailbox.

What access do they have. Remember it's the account that you are logged into that is used.
0 Kudos

Jason_Mok
Level 3

‎12-05-2005 06:08 PM

Hi,

The service account is local admin group in EV machine, service account admin in exchange 5.5 in site and Organization Setting, Normal user will be domain user.

Normal user can use Outlook toolbar to restore, restore after search i try it ok if assign local admin right in EV machine, but it is not reasonable.
0 Kudos

David_Messeng1
Level 6

‎12-06-2005 12:00 AM

Jason,

I think Dodo is after the permissions assigned to the Archive in the EV Administration console.

What is the O/S on the EV server?


David
0 Kudos

Jason_Mok
Level 3

‎12-06-2005 12:15 AM

O/S is Win2003 Enterprise Server
EV Version 6.0

Target Exchange is 5.5(SP4) in WinNT(SP6)
0 Kudos

David_Messeng1
Level 6

‎12-06-2005 12:27 AM

Do you have Win2K3 SP1 on the EV server? Check out:

http://seer.support.veritas.com/docs/279588.htm

and

http://forums.veritas.com/discussions/thread.jspa?forumID=106&threadID=55543&messageID=4401357⣍
0 Kudos

Tremaine
Level 6
Employee Certified

‎12-06-2005 03:01 AM

If you go to the permissions of the Mailboxes in the NT 4 domain, do the mailboxes have the w2k users added as mailbox owners on the permissions tab (not just mapped to the w2k account)

Then also if you look at the permissions on the Archive in the vault admin console what permissions do you see applied to the archive?

Cheers
0 Kudos