Configuring Enterprise Vault for Anonymous Connections
|Article:HOWTO53225|||||Created: 2011-05-26|||||Updated: 2012-07-28|||||Article URL http://www.symantec.com/docs/HOWTO53225|
To prepare Enterprise Vault servers for anonymous connections from Exchange 2007 or 2010 CAS servers, or Exchange 2000 or Exchange Server 2003 back-end servers, perform the following steps as described in this section:
If Enterprise Vault is installed on Windows Server 2008, you need to ensure that IIS Roles and Feature Delegation rights are configured as described in the section, OWA Prerequisites, in the manual, Installing and Configuring.
On each Enterprise Vault server that may receive connection requests from OWA servers, create an ExchangeServers.txt file in the Enterprise Vault installation folder. This file contains a list of the IP addresses for all the Exchange CAS servers, and any Exchange 2000 or Exchange Server 2003 back-end servers, that will connect to the Enterprise Vault server.
Note: Additional entries are needed if you are configuring this file for clustered Exchange Virtual Server configurations. See “About configuring OWA and RPC Extensions in clustered configurations” on page 167 of the Setting up Exchange Server Archiving guide.
Create or select a domain account to be used for anonymous connections from Exchange Servers to the Enterprise Vault server. This is the Data Access account. The account should be a basic domain account; a local machine account cannot be used. The account should not belong to any administrator group, such as Administrators or Account Operators.
To configure the account for OWA, you run a command line script on each Enterprise Vault server on which you have created an ExchangeServers.txt file, run the script, owauser.wsf, to configure the Data Access account
Synchronize mailboxes and restart the Enterprise Vault Admin service.
To create the ExchangeServers.txt file
1 Open Notepad.
2 Type the IP address of each Exchange CAS server, and Exchange 2000 server
or Exchange Server 2003 back-end server that will connect to the Enterprise
Vault server, one entry per line.
3 Save the file as ExchangeServers.txt in the Enterprise Vault installation
folder (typically C:\Program Files\Enterprise Vault).
4 Close Notepad.
5 Log on to the Enterprise Vault server as the Vault Service account.
6 Open a Command Prompt window and navigate to the Enterprise Vault installation folder.
On Windows Server 2008, you must open the Command Prompt window with administrator privileges. To do this, right-click theCommandPrompt shortcut on the Windows Start menu and then click Run as Administrator.
Enter the command line that is appropriate to your system. If you have OWA on both Exchange Server 2000 and Exchange Server 2003 in your organization, use the command line for OWA on Exchange Server 2003.
Command line for OWA on Exchange Server 2010, 2007 and 2003:
cscript owauser.wsf /domain:domain /user:username/password:password
Command line for OWA on Exchange Server 2000 :
cscript owauser.wsf /domain:domain /user:username/password:password /exch2000
The file owauser.wsf is installed in the Enterprise Vault installation folder.
For domain, give the domain of the Data Access account.
For username, give the username of the Data Access account.
For password, give the password of the Data Access account.
To display help for the cscript command, type
cscript owauser.wsf /?
The progress of the script execution is displayed in the command prompt window.
The configuration changes made by the script are described in the following technical note on the Symantec Support Web site: http://entsupport.symantec.com/docs/321591.
When the configuration script finishes, you are prompted to restart the Enterprise Vault Admin service and synchronize mailboxes.
If there are multiple Enterprise Vault servers in your environment, logon to each server on which you created an ExchangeServers.txt file, and run the script, owauser.wsf, using the instructions given in this section.
If you add another Exchange CAS server, or an Exchange 2000 or Exchange Server 2003 back-end server to your environment at a later date, add the IP address of the server to the ExchangeServers.txt file on the Enterprise Vault server to which the Exchange Server will connect, and then rerun the owauser.wsf script.
To complete the configuration, you need to restart the Enterprise Vault Admin service and synchronize mailboxes, as described in this section. Restarting the Admin service ensures that Enterprise Vault authentication knows the identity of the Data Access account. Synchronizing the mailboxes updates the client hidden message with the URL to be used by the OWA extensions when connecting to Enterprise Vault.
To restart the Admin Service
1 Open Control Panel, select Administrative Tools and then select Services.
2 Right-click Enterprise Vault Admin Service and select Restart.
Enterprise Vault services and tasks will restart.
3 Close the Services console.
To synchronize mailboxes
1 Click Start > Programs > Enterprise Vault Administration Console.
2 Expand the Enterprise Vault Directory container and then your site. Expand Enterprise Vault Servers and select the required Enterprise Vault server. Expand this container. Expand Tasks.
3 In the right hand pane, double-click the Exchange Mailbox Archiving task for the Exchange Server, to display the properties window for the task.
4 Select the Synchronization tab. Make sure All mailboxes and Mailbox properties and permissions are selected.
5 Click Synchronize.
6 Click OK to close the properties window.
7 Close the Enterprise Vault Administration Console.
Configuring Enterprise Vault Exchange Desktop Policy
If required, you can customize the Enterprise Vault functionality that you want available in OWA 2003 and later clients.
You can customize OWA clients using the OWA settings on the Advanced page of the Exchange Desktop policy properties. For more information on these settings, see the Enterprise Vault Administrator's Guide.
If you change settings in the Exchange Desktop policy, then you will need to synchronize the mailboxes.
Article URL http://www.symantec.com/docs/HOWTO53225