Configure Enterprise Vault for web connections in preparation for Domino mailbox archiving
|Article:HOWTO58405|||||Created: 2011-08-01|||||Updated: 2013-07-12|||||Article URL http://www.symantec.com/docs/HOWTO58405|
When Lotus Notes users start an archive search, a web connection is made to the Enterprise Vault Domino Gateway. You need to perform the configuration tasks described in this section to support these connections.
A new IIS virtual directory called EnterpriseVaultDomino is used to authenticate user access to Enterprise Vault archives when users perform an archive search. The virtual directory points to the Enterprise Vault\WebApp folder and has anonymous access enabled. For security, a web account is required for this virtual directory. It is advisable to create an account specifically for the purpose of web access.
Do not change the name of the virtual directory, EnterpriseVaultDomino.
If you have already configured an account for Exchange Server OWA access, then you must use the same account for Domino mailbox archiving.
Create a Windows domain user account to use as the Enterprise Vault Data Access account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account must not belong to any administrative group.
To configure the Enterprise Vault Data Access account
Log on to the Enterprise Vault Domino Gateway computer using the Vault Service account.
Start the Enterprise Vault Administration Console.
Expand the tree and right-click the Directory container.
In the Directory Properties window, click the Data Access Account tab.
In the Account box, select the Enterprise Vault Data Access account.
Enter and confirm the password for the account.
The EnterpriseVaultDomino virtual directory is created and Anonymous access is granted automatically to the account specified.
To check the configuration of the Data Access account
On a computer that is not a domain controller, open Local Security Policy in Administrative Tools. On a domain controller, open Domain Controller Security Policy.
Click Local Policies > User Rights Assignment.
The following permissions should be set:
Access this computer from the network (SeNetworkLogonRight).
Bypass traverse checking (SeChangeNotifyPrivilege).
Log on as a batch job (SeBatchLogonRight).
Allow log on locally (SeInteractiveLogonRight).
The following registry value is also created containing the Enterprise Vault Data Access account. This ensures that only this user can obtain a list of archives accessible by a Domino User:
HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser
HKEY_CURRENT_USER is the Vault Service account. The value of this setting is the full name, including the Windows domain, of the anonymous user, for example, mydomain\DomAnonUser.
Article URL http://www.symantec.com/docs/HOWTO58405