Solved: Thanks all your help, I

PatKwan · ‎06-19-2012

Thanks all for your help first.

I'm setting up ev9.03 with exchange 2010sp2

- owa 2010 extension is installed to exchange 2010 cas server

- I install TMG to publish owa and outlook anywhere connection from internet.

First, I test the owa connection from internal network, the result as follow:

- all connection should be in HTTPS

- I can open archived email

- I can open archive explorer link and open archived email there

- On Win7 client, when I click the "Search archive" buttion, it dispaly a prompt

" Do you want to view only the webpage content that was delivered securely? Theis webpage contains that will not be delivered using secure HTTS connection, which could compromise the security of the entire webpage."

- when I click yes, the "Search Archives" page can not be displayed?

- when i click no, the "Search Archives" page can be displayed?

Question 1, why the "Search Archives" link page not using HTTS connection?

Second, I test it on internet client via TMG to connect to the exch2010 cas server:

- I can open the arhived email

- both "Archive Explorer" and "Search Archives" not work, expected page can't be display.

- I already publish /Enterprisevault/* folder in TMG server

- the "External Web Application URL" in EV owa policy is set to: <https>/enterprisevault

Question 2, How can I troubleshoot this issue?

Thanks again.

Patrick

Andrew_G_ · ‎06-20-2012

For the external access to work (and use the external URL), you need to put the IP address of the TMG server in the EnterpriseVault_ExternalIPAddresses setting. This will then trigger the extensions to use the external URL for any client coming through the TMG server.

There is an article on using internal/external urls for OWA. Search for TECH63250

View solution in original post

Ameen · ‎06-19-2012

As far I know OWA 2010 may not work with Exchange 2010 SP2 CAS.

Please check https://www-secure.symantec.com/connect/forums/enterprise-vault-owa-extensions-exchange-2010-sp2

Please confirm the same in Enterprise Vault Compatibility List http://www.symantec.com/business/support/index?page=content&id=TECH38537

PatKwan · ‎06-19-2012

Thanks your information, Ameen,

Yes, the compatibility list did not list ex2010 sp2 owa extension is support

Any workaround on this?

Our usage is just simple:

- open archived email

- restore archived email

- search archived email from "Archive Explorer"

- search archived email fom "Search Archives" page

Thanks

Patrick

Ameen · ‎06-20-2012

I am also looking for a work around and the support says that there is no supported work around. I am checking with support that is it supported in future service packs.

LCT · ‎06-20-2012

your question 1. Search and Archive Explorer is now connecting directly to EV server therefore it will use HTTP and not HTTPS, hence you need to click no for that question. It is how it works internally, unless you configure https to redirect to http for the EV server internally.

question 2. externally, as I said before search and archive explorer are now connecting directly to the EV server so you need to configure the link translation on your TMG OWA rule in order to get it working externally.

http://www.symantec.com/business/support/index?page=content&id=HOWTO59068

http://www.blackcurrant.be/lng_EN/index.php?page_id=6&subpage_id=125&tutorial_id=126

Look at this bit:

configure link translations: the left side url is the part of the url on the internal side. the right side url is the string that replaces the left one to form the external url. ( EXAMPLE: Replace: http://evserver1 with https://webmail.heerwegh.ch )

LCT · ‎06-20-2012

Also, it's not supported doesn't mean that it won't work. I have got it working. Not supported just means that when you have problems Tech Support won't fix the problem for you.

Andrew_G_ · ‎06-20-2012

For the external access to work (and use the external URL), you need to put the IP address of the TMG server in the EnterpriseVault_ExternalIPAddresses setting. This will then trigger the extensions to use the external URL for any client coming through the TMG server.

There is an article on using internal/external urls for OWA. Search for TECH63250

PatKwan · ‎06-20-2012

Thanks all your suggestion.

I'll try it and update you the status.

Thanks again

Patrick

PatKwan · ‎06-20-2012

About external access, I still can't make it work.

I use HTTPS for my owa. eg. https://owa.test.com

For access to "Archive Explorer" and "Serach Archvies" link inside owa, does it still able to use https conencton.

I remember I have not bind any cert to evserver.

Do I need to publish http not https to make it ?

if yes, how can use all https for owa and "Archive Explorer" and "Serach Archvies" link access?

In my last ev7.0 version, it works on https for all owa and "Archive Explorer" and "Serach Archvies" link.

Thanks

Patrick

Andrew_G_ · ‎06-20-2012

You should configure TMG to use https from the external client and forward it to EV using http.

What do the external users see when trying to get to Archive Explorer?

Can you verify they are in fact using the correct URL using something like Fiddler?

PatKwan · ‎06-21-2012

Thanks

I got 4.4 - File or directory not found.

I've some question about the config:

- the https: owa connection is work now

- I add the path EnterpriseVault/* to the same rule.

Any other setting I need to add?

When I click the "Archive Explorer" link, it show owa.test.com/Enterprisevault/ArchiveExplorerUI.asp?mbx=..........

I think the url is correct.

Do I need to add a separte rule in TMG?

Can you explain more details about how to:

"configure TMG to use https from the external client and forward it to EV using http"

Thanks again

Patrick

Andrew_G_ · ‎06-21-2012

Sounds like it might be forwarding the request to the CAS rather than the EV server.

You probably need a different rule forwarding to EV but using the same listener. Have a read of this:

http://www.symantec.com/business/support/index?page=content&id=HOWTO59068

PatKwan · ‎06-21-2012

Thanks all your help, I finally make it works. You all are very helpful.

- add a sepearte rule for EV only using same listener with owa

- add a link translation according LCT instruction.

eg. http://evserver.test.com replace with https://cas.test.com

- set EnterpriseVault_ExternalIPAddresses to my TMG server IP address

And I have some questions still not very clear:

1. EV server is published to internet via TMG?

2. Internet users can access EV server's "Archive Explorer" and "Serach Archvies" directly via TMG?

3. Access logic flow: user ->owa -> when user click "AE" and SA" link: Does User access directly to EV server or CAS server will access the EV server on behalf of user and pass the return to user?

4. during create the rule for EV, I choose non secure connection (http) and add a link translation in this rule: Does All connection are https in this setup?

Thanks

Patrick

Andrew_G_ · ‎06-21-2012

1. Yes, the enterprisevault virtual directory is published

2. Yes

3. AE and search will be accessed client -> TMG -> EV, no CAS involvement (until items are opened)

4. If you have an SSL cert on your EV server you could use https. This is configuring the connction from TMG to EV, i.e. on your internal network. The connection from client to TMG is determined by the listener.

Hope that helps

Andrew

PatKwan · ‎06-21-2012

Thanks A_S_G.

Fully understand, thanks again.

Patrick

VOX

owa 2010 extension question