Folders not showing within Archive Explorer

Article:TECH125690  |  Created: 2010-01-16  |  Updated: 2013-04-29  |  Article URL http://www.symantec.com/docs/TECH125690
Article Type
Technical Solution

Product(s)

Issue



1. Users cannot see all folders of their assigned archive within Archive Explorer (AE), however users with manually granted permissions display all folders in AE successfully.

2. This issue is also apparent when an imported PST has been performed but shortcuts are not created which bypasses the exchange mailbox. The problem reveals itself when the mailbox is moved to a different domain. When Virtual Vault is in place,this pst imported folder will be visible but not in Archive Explorer. 


Cause



When a user is enabled for archiving, by default an archive for the user is generated and the mailbox permissions are synchronized to the archive as inherited.  This process populates the AutoSecurityDesc column within the SQL Server Root table for each folder associated with the Archive. In order to build the folder view for AE, a security check of each folder in the archive is made. In some cases Enterprise Vault (EV) may not retrieve security information on a user's mailbox folders within Exchange. If this process fails, EV will not populate the AutoSecurityDesc value for folders in the archive. When building the folder view, these individual folders will fail the security check and will not display themselves to the user as EV failed to confirm that the user has permissions to these folders.

Notes:
   a. If a Parent Folder is affected in this way, the Parent Folder and any sub folders associated with this Parent Folder will not be viewable (i.e. If \Inbox\UserFolder is affected, \Inbox\UserFolder\Sub will not be viewable either).
   b. See Technical Article 290151 under Related Documents for further details on how the AE page is constructed.

 


Solution



In order to identify if there are folders where the inherited permissions from the mailbox did not synchronize, do the following:

1. Locate the user's Archive ID:-
  • Open the Vault Administration Console (VAC)
  • Expand Archives -> Exchange Mailbox
  • Right click an affected user's archive and select Properties
  • Click on the "Advanced" tab and copy the value within the Archive ID section at the bottom

2. Perform a count of folders in the ArchiveFolderView to identify if there are any folders affected:

  • Open SQL Server Management Studio
  • Click on New Query
  • In the query window run the following query (The query is not case sensitive):

    Use EnterpriseVaultDirectory
    SELECT COUNT(*) FROM ArchiveFolderView
    WHERE AutoSecurityDesc IS NULL

3. If the result is greater than zero, identify if the archive(s) that are affected:

  • Open SQL Server Management Studio
  • Click on New Query
  • In the query window run the following query (The query is not case sensitive):

    USE EnterpriseVaultDirectory
    SELECT DISTINCT ArchiveVEID FROM ArchiveFolderView
    WHERE AutoSecurityDesc IS NULL

    Note: The above SQL query will provide the ArchiveVEID of archives that have folder permissions not being synchronized to the associated archive.

4. In order to identify the affected folders within the archive, run the following query using one of the ArchiveVEID values from the above query.


SELECT FolderName,FolderPath FROM ArchiveFolderView WHERE AutoSecurityDesc IS NULL AND ArchiveVEID = 'value'

Note: The value above is one of the ArchiveVEID values from Step 3.

Workaround:

Explicitly grant permissions for the user to their own archive. This overrides the "Automatically set" permissions

Note: See Technical Article 316468 under Related Documents below for instructions.

How to Identify the User Archive from the ArchiveVEID:

  • Copy the "ArchiveVEID" found in Step 3.
  • Open the VAC
  • Hold down shift and control and Right click "Archives"
  • Select the top option - "Find Archive or Folder..."
  • Paste the "ArchiveVEID" here and click "Find" - the specific archive is identified.
     

Resolution:

'Zap' all permissions for that user archive and synchronize the permissions.  Note: See Technical Article 280196 under Related Documents below for instructions.

 

To fix Problem 2 listed above, follow the steps below: 

1. Create an EVPM input file with a ResetArchiveFolderPerm value of 1. 
ResetArchiveFolderPerm currently supports two values:
a) 1
Reset the archive permissions on all folders to the user's default permissions.

b) 2
Reset the archive permissions on all folders to the user's default permissions and also performs a mailbox synchronisation after EVPM has reset the archive folder permissions
 
The following is an example of the input file. The values should be modified for the EV environment.

[Directory]
DirectoryComputerName=EV_Directory_Computer_Name
SiteName=EV_Site_Name

[Mailbox]
DistinguishedName= /o=First Organization/ou=First Administrative Group/cn=Recipients/cn=user1
ResetArchiveFolderPerm=1


2. Open a command prompt on the EV server to the EV installation folder and process script using following format.

EVPM [-e Exchange_server] [-f input_file] [-m mailbox_alias]

3. After this has been run, a Partial Reset of Vault Cache is required and after that, the folder will now be visible in Archive Explorer




Legacy ID



345783


Article URL http://www.symantec.com/docs/TECH125690


Terms of use for this information are found in Legal Notices