03-20-2013 09:49 AM
Environment: EV 10.0.3 on 2 servers, SQL 2008 R2, Exchange 2010 SP2
I'm noticing a large number of errors (~600 across both servers) very similar to this appearing in my event log since upgrading to SP3. (and just 3 entries on one server before that, my logs go back to Christmas 2012).
Coupled with my recent post about permissions not being applied at all to imported PSTs for one user, I can't help but wonder if this is an issue introduced in SP3? We upgraded from 10.0.1.
I found the following TN which mirrors exactly the issue:
http://www.symantec.com/business/support/index?page=content&id=TECH161770
..but as we do not run public folder archiving, there's no tasks to restart.
The latest person to report a problem is saying she cannot access anything in her vault, and if she opens archive explorer in Outlook, her archive does not appear at all. I've not yet been able to get hold of her to verify 100% what I've been told from my support engineer, but I've got no reason to disbelieve him after seeing 10s of entries in the log saying "Access denied". Using PermissionsBrowser.exe, the permissions /look/ ok. Sample:
So, is there a general issue with 10.0.3 and permissions? When I do get hold of the customer, I'll manually add the permissions to see if it resolves the problem. But as I stated in my other thread, it's not a great solution!
Cheers for any advice, as always.
Solved! Go to Solution.
03-21-2013 08:46 AM
Well first questions first, do you have inherited permissions enabled?
I think it was something like i was added in the domain as a group that didn't have permissions on the archive and for whatever reason it was overtaking my owner permissions, i think....
Honestly i didn't spend too much time troubleshooting it
I think you might need to open a support case, get a dtrace of w3wp, agentclientbroker and AuthServer as well as the permissions browser output and see what they say
03-21-2013 03:57 AM
Again, resolved for one user by manually adding permissions in the EV console. I shouldn't be having to do this.
I'd already tried using EVPM to strip out the permissions and re-add them, as per this article:
http://www.symantec.com/business/support/index?page=content&id=TECH44818
What's the problem?
03-21-2013 08:32 AM
You know, i actually had this same issue in my lab environment. I think it was due to inherited permissions being set on the policy (not delegate permissions but inherited permissions)
03-21-2013 08:37 AM
Is there anything I can do except add manual permissions? I mean, if there's a workaround, fantastic, but the root cause needs to be identified I think. Going forward, I need to know my environment is ok.
Thanks btw!
03-21-2013 08:46 AM
Well first questions first, do you have inherited permissions enabled?
I think it was something like i was added in the domain as a group that didn't have permissions on the archive and for whatever reason it was overtaking my owner permissions, i think....
Honestly i didn't spend too much time troubleshooting it
I think you might need to open a support case, get a dtrace of w3wp, agentclientbroker and AuthServer as well as the permissions browser output and see what they say
03-21-2013 09:02 AM
I think we have inherited permission. Certainly the mailbox owner is automatically added to the archive permissions and I cannot remove it.
Cheers.