cancel
Showing results for 
Search instead for 
Did you mean: 

Symantec Enterprise Vault 10 Outlook Anywhere Using Checpoint

bilalaker
Level 3
Partner

Hi,

I am using enterprise vault for microsoft exchange. On vault server sll(https) is enabled.

There is an exchange 2010 server. Everything works normal on local. 
But I have problem on external user using  OWA and Outlookanywhere
Syncronization,store, restore not working. 

I dont know how to configure rpc over http connection,rpc over http proxy url, use proxy setting and web application URL on desktop policy

Mail local and external adresses are like below. 

vault1.akr.local(10.0.0.128)  --> vault sever local adress
mail1.akr.local (10.0.0.127)--> exchange local adress

vault.akr.com --> vault external adress
mail.akr.com --> mail server external adress 
Vault.aker.com has an external ip 195.xx.199.128
Mail.aker.com has an external ip 195.xx.199.127

On checkpoint Firewall 
smtp,https request to 195.xx.199.128(mail.akr.com) direct to 10.0.0.128(mail1.akr.local)
https request to 195.xx.199.127(vault.akr.com) direct to 10.0.0.127(vault1.akr.local)

I dont want to use ISA to public sites.  Can I do Outlook anywhere and OWA configration for symantec vault just using Checkpoint firewall.

If it possible How do i need to configure destop policy on Vault server (pc over http connection,rpc over http proxy url, use proxy setting and web application URL) .

Thanks...

 

 

 


 

1 ACCEPTED SOLUTION

Accepted Solutions

JesusWept3
Level 6
Partner Accredited Certified

OK so its purely an SSL error
I'm assuming its because your SSL is set to https://evserver.internal.dom but you're accessing via https://evserver.myDomain.com/

you just need to configure your SSL cert to cater for multiple domain names, thats all

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

8 REPLIES 8

JesusWept3
Level 6
Partner Accredited Certified

Typically the way it works is you have the /EnterpriseVault/ virtual directory published through ISA
So you would have

https://mail.myCompany.com/EnterpriseVault/ -> https://EVServer.internal.dom/EnterpriseVault/

Then in the policy you would set the RPC over HTTP URL set to http://mail.myCompany.com/EnterpriseVault/

However if you wanted to have a firewall thats just forwarding all traffic from
https//EVServer.myCompany.com/ -> https://EVServer.internal.dom/

Then you would just point the RPC over HTTP URL to https://EVServer.myCompany.com/EnterpriseVault/
 

https://www.linkedin.com/in/alex-allen-turl-07370146

bilalaker
Level 3
Partner

Hi,

The configuration on vault server is like you said. But On outlook anywhere syncroniztion not work. error:" Synchronization failed , Not connected to the Enterprise Vault Server"

When triy manually store an item it gives error: "connot process the selected items Reason: SSL certificate contains an incorrect host name"
Note: Exchange certificate contains both mail.aker.com and vault.aker.com adresses.
Certificate was created by Local domain CA.

I put the full client log at the attachment.

There is an error line:
DR: Could not contact the EV web server using the RPC over HTTP URL (https://vault.aker.com/EnterpriseVault)

But I can browse https://vault.aker.com/EnterpriseVault vie Internet Explorer and after login I can search archive items...

JesusWept3
Level 6
Partner Accredited Certified

OK so its purely an SSL error
I'm assuming its because your SSL is set to https://evserver.internal.dom but you're accessing via https://evserver.myDomain.com/

you just need to configure your SSL cert to cater for multiple domain names, thats all

https://www.linkedin.com/in/alex-allen-turl-07370146

bilalaker
Level 3
Partner

Hi,

It is true. I create an new certifiace added two external adress for exchange and vault server.
Now I can do restore and store process. (Just asking credential again at first time) 
But Now I have syncronization problem. I haven't found any solution yet. 
The client log is like below(also I put the log at attachment). If need i will put the max tracing client log.


11/01/2013 21:06:09.175[3616][H]: User initiated 'Synchronize Vault Cache'.
11/01/2013 21:06:09.183[7144][H]: HDR:SYNC: Pre-processing.  Type:MANUALLY INITIATED
11/01/2013 21:06:09.185[7144][H]: HDR: Sync status:19
11/01/2013 21:06:09.201[4076][H]: CONTENT:STORE: [Offline Config] Maximum Store Size (MB): 1024
11/01/2013 21:07:09.188[6092][H]: HaveConnection::CallBack - HttpQueryInfo failed 0x80070006 (6) : The handle is invalid.
11/01/2013 21:07:09.210[7144][H]: HDR:SYNC: Updating MDC map
11/01/2013 21:07:09.211[7144][H]: HDR:SYNC: Getting accessible archives
11/01/2013 21:07:09.212[7144][H]: HDR: Requesting page: ListArchives.aspx?x=evoutlookext&evhost=https://akrvault.akr.local/EVAnon
11/01/2013 21:07:09.245[7144][H]: HDR:SYNC: Error (COM) synchronizing: 0xFFFFFFFF
11/01/2013 21:07:09.245[7144][H]: HDR:SYNC: Failed
11/01/2013 21:07:09.246[7144][H]: HDR: Sync status:-1
 

Baris_A
Level 4
Partner

bilalaker do you have a wild card certificate ?

Rob_Wilcox1
Level 6
Partner

maximum logging level needed in the client trace .. I think.  (So we can see the URL that is being hit)

 

Then review the IIS logs on the EV server to see if that traffic is getting through.

 

Then review the firewall logs and see if that traffic is being allowed through, or rejected (sounds to me like the latter)

Working for cloudficient.com

bilalaker
Level 3
Partner

Hi,

I dont have wildcard certificate.

you can find the logs in the attachment

TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

Question has been moved here:

https://www-secure.symantec.com/connect/forums/outlookanywhere-error-com-synchronizing-0xffffffff