I am using enterprise vault for microsoft exchange. On vault server sll(https) is enabled.
There is an exchange 2010 server. Everything works normal on local.
But I have problem on external user using OWA and Outlookanywhere
Syncronization,store, restore not working.
I dont know how to configure rpc over http connection,rpc over http proxy url, use proxy setting and web application URL on desktop policy
Mail local and external adresses are like below.
vault1.akr.local(10.0.0.128) --> vault sever local adress
mail1.akr.local (10.0.0.127)--> exchange local adress
vault.akr.com --> vault external adress
mail.akr.com --> mail server external adress
Vault.aker.com has an external ip 195.xx.199.128
Mail.aker.com has an external ip 195.xx.199.127
On checkpoint Firewall
smtp,https request to 195.xx.199.128(mail.akr.com) direct to 10.0.0.128(mail1.akr.local)
https request to 195.xx.199.127(vault.akr.com) direct to 10.0.0.127(vault1.akr.local)
I dont want to use ISA to public sites. Can I do Outlook anywhere and OWA configration for symantec vault just using Checkpoint firewall.
If it possible How do i need to configure destop policy on Vault server (pc over http connection,rpc over http proxy url, use proxy setting and web application URL) .
Solved! Go to Solution.
Typically the way it works is you have the /EnterpriseVault/ virtual directory published through ISA
So you would have
https://mail.myCompany.com/EnterpriseVault/ -> https://EVServer.internal.dom/EnterpriseVault/
Then in the policy you would set the RPC over HTTP URL set to http://mail.myCompany.com/EnterpriseVault/
However if you wanted to have a firewall thats just forwarding all traffic from
https//EVServer.myCompany.com/ -> https://EVServer.internal.dom/
Then you would just point the RPC over HTTP URL to https://EVServer.myCompany.com/EnterpriseVault/
The configuration on vault server is like you said. But On outlook anywhere syncroniztion not work. error:" Synchronization failed , Not connected to the Enterprise Vault Server"
When triy manually store an item it gives error: "connot process the selected items Reason: SSL certificate contains an incorrect host name"
Note: Exchange certificate contains both mail.aker.com and vault.aker.com adresses.
Certificate was created by Local domain CA.
I put the full client log at the attachment.
There is an error line:
DR: Could not contact the EV web server using the RPC over HTTP URL (https://vault.aker.com/EnterpriseVault)
But I can browse https://vault.aker.com/EnterpriseVault vie Internet Explorer and after login I can search archive items...
It is true. I create an new certifiace added two external adress for exchange and vault server.
Now I can do restore and store process. (Just asking credential again at first time)
But Now I have syncronization problem. I haven't found any solution yet.
The client log is like below(also I put the log at attachment). If need i will put the max tracing client log.
11/01/2013 21:06:09.175[H]: User initiated 'Synchronize Vault Cache'.
11/01/2013 21:06:09.183[H]: HDR:SYNC: Pre-processing. Type:MANUALLY INITIATED
11/01/2013 21:06:09.185[H]: HDR: Sync status:19
11/01/2013 21:06:09.201[H]: CONTENT:STORE: [Offline Config] Maximum Store Size (MB): 1024
11/01/2013 21:07:09.188[H]: HaveConnection::CallBack - HttpQueryInfo failed 0x80070006 (6) : The handle is invalid.
11/01/2013 21:07:09.210[H]: HDR:SYNC: Updating MDC map
11/01/2013 21:07:09.211[H]: HDR:SYNC: Getting accessible archives
11/01/2013 21:07:09.212[H]: HDR: Requesting page: ListArchives.aspx?x=evoutlookext&evhost=https://akrvault.akr.local/EVAnon
11/01/2013 21:07:09.245[H]: HDR:SYNC: Error (COM) synchronizing: 0xFFFFFFFF
11/01/2013 21:07:09.245[H]: HDR:SYNC: Failed
11/01/2013 21:07:09.246[H]: HDR: Sync status:-1
maximum logging level needed in the client trace .. I think. (So we can see the URL that is being hit)
Then review the IIS logs on the EV server to see if that traffic is getting through.
Then review the firewall logs and see if that traffic is being allowed through, or rejected (sounds to me like the latter)
I dont have wildcard certificate.
you can find the logs in the attachment