06-19-2012 07:37 PM
Thanks all for your help first.
I'm setting up ev9.03 with exchange 2010sp2
- owa 2010 extension is installed to exchange 2010 cas server
- I install TMG to publish owa and outlook anywhere connection from internet.
First, I test the owa connection from internal network, the result as follow:
- all connection should be in HTTPS
- I can open archived email
- I can open archive explorer link and open archived email there
- On Win7 client, when I click the "Search archive" buttion, it dispaly a prompt
" Do you want to view only the webpage content that was delivered securely? Theis webpage contains that will not be delivered using secure HTTS connection, which could compromise the security of the entire webpage."
- when I click yes, the "Search Archives" page can not be displayed?
- when i click no, the "Search Archives" page can be displayed?
Question 1, why the "Search Archives" link page not using HTTS connection?
Second, I test it on internet client via TMG to connect to the exch2010 cas server:
- I can open the arhived email
- both "Archive Explorer" and "Search Archives" not work, expected page can't be display.
- I already publish /Enterprisevault/* folder in TMG server
- the "External Web Application URL" in EV owa policy is set to: <https>/enterprisevault
Question 2, How can I troubleshoot this issue?
Thanks again.
Patrick
Solved! Go to Solution.
06-20-2012 06:44 AM
For the external access to work (and use the external URL), you need to put the IP address of the TMG server in the EnterpriseVault_ExternalIPAddresses setting. This will then trigger the extensions to use the external URL for any client coming through the TMG server.
There is an article on using internal/external urls for OWA. Search for TECH63250
06-19-2012 10:07 PM
As far I know OWA 2010 may not work with Exchange 2010 SP2 CAS.
Please check https://www-secure.symantec.com/connect/forums/enterprise-vault-owa-extensions-exchange-2010-sp2
Please confirm the same in Enterprise Vault Compatibility List http://www.symantec.com/business/support/index?page=content&id=TECH38537
06-19-2012 10:56 PM
Thanks your information, Ameen,
Yes, the compatibility list did not list ex2010 sp2 owa extension is support
Any workaround on this?
Our usage is just simple:
- open archived email
- restore archived email
- search archived email from "Archive Explorer"
- search archived email fom "Search Archives" page
Thanks
Patrick
06-20-2012 12:49 AM
I am also looking for a work around and the support says that there is no supported work around. I am checking with support that is it supported in future service packs.
06-20-2012 01:40 AM
your question 1. Search and Archive Explorer is now connecting directly to EV server therefore it will use HTTP and not HTTPS, hence you need to click no for that question. It is how it works internally, unless you configure https to redirect to http for the EV server internally.
question 2. externally, as I said before search and archive explorer are now connecting directly to the EV server so you need to configure the link translation on your TMG OWA rule in order to get it working externally.
http://www.symantec.com/business/support/index?page=content&id=HOWTO59068
http://www.blackcurrant.be/lng_EN/index.php?page_id=6&subpage_id=125&tutorial_id=126
Look at this bit:
06-20-2012 01:48 AM
Also, it's not supported doesn't mean that it won't work. I have got it working. Not supported just means that when you have problems Tech Support won't fix the problem for you.
06-20-2012 06:44 AM
For the external access to work (and use the external URL), you need to put the IP address of the TMG server in the EnterpriseVault_ExternalIPAddresses setting. This will then trigger the extensions to use the external URL for any client coming through the TMG server.
There is an article on using internal/external urls for OWA. Search for TECH63250
06-20-2012 03:17 PM
Thanks all your suggestion.
I'll try it and update you the status.
Thanks again
Patrick
06-20-2012 11:40 PM
About external access, I still can't make it work.
I use HTTPS for my owa. eg. https://owa.test.com
For access to "Archive Explorer" and "Serach Archvies" link inside owa, does it still able to use https conencton.
I remember I have not bind any cert to evserver.
Do I need to publish http not https to make it ?
if yes, how can use all https for owa and "Archive Explorer" and "Serach Archvies" link access?
In my last ev7.0 version, it works on https for all owa and "Archive Explorer" and "Serach Archvies" link.
Thanks
Patrick
06-20-2012 11:50 PM
You should configure TMG to use https from the external client and forward it to EV using http.
What do the external users see when trying to get to Archive Explorer?
Can you verify they are in fact using the correct URL using something like Fiddler?
06-21-2012 12:25 AM
Thanks
I got 4.4 - File or directory not found.
I've some question about the config:
- the https: owa connection is work now
- I add the path EnterpriseVault/* to the same rule.
Any other setting I need to add?
When I click the "Archive Explorer" link, it show owa.test.com/Enterprisevault/ArchiveExplorerUI.asp?mbx=..........
I think the url is correct.
Do I need to add a separte rule in TMG?
Can you explain more details about how to:
"configure TMG to use https from the external client and forward it to EV using http"
Thanks again
Patrick
06-21-2012 12:52 AM
Sounds like it might be forwarding the request to the CAS rather than the EV server.
You probably need a different rule forwarding to EV but using the same listener. Have a read of this:
http://www.symantec.com/business/support/index?page=content&id=HOWTO59068
06-21-2012 01:50 AM
Thanks all your help, I finally make it works. You all are very helpful.
- add a sepearte rule for EV only using same listener with owa
- add a link translation according LCT instruction.
eg. http://evserver.test.com replace with https://cas.test.com
- set EnterpriseVault_ExternalIPAddresses to my TMG server IP address
And I have some questions still not very clear:
1. EV server is published to internet via TMG?
2. Internet users can access EV server's "Archive Explorer" and "Serach Archvies" directly via TMG?
3. Access logic flow: user ->owa -> when user click "AE" and SA" link: Does User access directly to EV server or CAS server will access the EV server on behalf of user and pass the return to user?
4. during create the rule for EV, I choose non secure connection (http) and add a link translation in this rule: Does All connection are https in this setup?
Thanks
Patrick
06-21-2012 02:33 AM
1. Yes, the enterprisevault virtual directory is published
2. Yes
3. AE and search will be accessed client -> TMG -> EV, no CAS involvement (until items are opened)
4. If you have an SSL cert on your EV server you could use https. This is configuring the connction from TMG to EV, i.e. on your internal network. The connection from client to TMG is determined by the listener.
Hope that helps
Andrew
06-21-2012 02:54 AM
Thanks A_S_G.
Fully understand, thanks again.
Patrick