Clearwell is being installed at an account I support. Symantec is doing the install, but they are having touble with the account that gives Clearwell access to EV and I suppose the accounts that run services as well.
Do I just need to assign permissions to this account as stated below. Are all pemissions needed like SQL?
The VSA must belong to the Local Administrators group on all Enterprise Vault servers
The installation script does this. Do I need to add these manually?·
The VSA must have Full Control permissions (both NTFS and Share) on the PST Holding folder, and it is recommended that this folder be located on the Enterprise Vault server.
The VSA’s requirements in SQL Server
Note: Granting the sysadmin server role to the VSA covers all of the necessary permissions. Read on for the least-privilege requirements.
· The VSA must have a SQL login with the following permissions to the SQL server (instructions:(
Server role: dbcreator
Server permission: View server state
· The VSA also requires the following rights on the msdb system database (instructions:(
Select permissions on the sysjobs, sysjobschedules, sysjobservers, and sysjobsteps tables.
SQLAgentUserRole database role
The VSA’s requirements in Exchange
· The VSA requires full access to all mailboxes and public folders. Choose one of the following options:
· For Exchange 2003 and earlier, grant the permissions manually using Exchange System Manager (instructions).
· For Exchange 2007 and later, grant the permissions using the PowerShell script included on the Enterprise Vault media (instructions).
· For any version of Exchange, grant the permissions manually using ADSIEdit (list of the required permissions).
· If archiving from Exchange 2010, the VSA is required to have its own mailbox with a custom Throttling Policy (instructions).
(Note that the mailbox receiving this Throttling Policy is the mailbox associated with the VSA, not the EV System Mailbox discussed below. They are separate mailboxes.)
· In a multiple-domain environment, the VSA must be able to access all domains associated with any Exchange Servers that are to be archived (further details and examples).
· The VSA should not be a member of the built-in Exchange Organization Administrators group.
Thanks for any help
Solved! Go to Solution.
Sorry, I don't understand the issue. Are you using the VSA? Also, do the EV services (the crawler and retriever), run as the VSA? That would be the simplist thing.
On a normal EV integration you dont use the VSA account on the services
You create an account on the domain lets say called CWAppAdmin
This account needs to be added to the Power Administrator role in EV
The EsaEVCrawlerService and the EsaEVRetriever service need to use this account
The account also needs to be local admin on the Clearwell appliance
Once that is done you next add a source account within Clearwell to do all the talking with EVfor holds and collections and such. This source account should be the VSA account.
Finally you need to add EV as a source and select the VSA account which you specified as the source account in Clearwell for EV
On page 19 in the Symantec Clearwell System Administration Guide 7.1.2.pdf it says:
Responsible for crawling and retrieving documents on Symantec Enterprise Vaults. The login user name must match the name used by the Symantec services (generally the “Vault Service Account”).
Are you saying that isn't correct or am I misunderstanding the recommendation? Also, what is the downside to using VSA?
So should I use the VSA ? The account does not want to do that. I think they are concerned as to what would happen if the VSA Password was changed or something like that.
Tony/Liam , are you saying to use the VSA on the Clearwell side for collections and holds
An account to run the EsaEVCrawlerService and the EsaEVRetriever service that needs:
I apologize. I've never touched a Clearwell Appliance and the account asking for my guidance ... Go figure!
Honestly, if Symantec is doing the install they should know this!
Basically the account that the services is running under needs to be a Power Admin in EV and a Local Admin on the Clearwell box if it isn't the VSA.
You will also create a Source Account. Liam and I are both saying that the source account should be the VSA.
What are the actual issues you are seeing?