Troubleshooting Enterprise Vault (EV) toolbar display issues in Outlook Web Access/App (OWA) 2007/2010

Article:TECH68743  |  Created: 2009-01-13  |  Updated: 2014-12-03  |  Article URL http://www.symantec.com/docs/TECH68743
Article Type
Technical Solution



Solution



Prior to troubleshooting, confirm that all prerequisites are installed and configured on the OWA Client Access Server (CAS) Role.
   
After the OWA Extensions are installed on each CAS Role of an Exchange 2007 or 2010 environment and a user opens a new OWA session, EV makes requests to locate the EV hidden message:

   [WebDAVRequest::Send] Request url: http://Localhost/Exchange/Username@domain.com
   [MailboxBase::MailboxBase] Connecting to Exchange Web Services using: https://localhost/ews/exchange.asmx
   
Notes:
  • If the initial call to the Exchange Virtual Directory (VD) fails, the secondary call to the EWS (Exchange Web Services) is not made.
  • If either of these calls fail, the mailbox will default to "Not Enabled" and the toolbar options will not be provided in the OWA instance.
  • If the calls to the Exchange/EWS VD's fail, archived items in OWA that have attachments will refer to the attachment as "@65b".  This shows that EV failed to read the hidden message.
  • If the calls to the Exchange/EWS VD's are both successful, and the EV Toolbar Options are not present, confirm that these options are not disabled within the Mailbox/Desktop Policy.  


 How EV determines hidden message settings in OWA 2007

  1. Open OWA. EV will make a WebDAV request on CAS through Exchange VD.
    Example: Request URL https://localhost/exchange/user@domain.com
     
  2. Does it work?
    • If not, then identify the “Exception” error returned during the call and troubleshoot the Exchange Virtual Directory request.
    • If yes, then EV makes a WebDAV request through EWS VD.

Example: Connecting to Exchange Web Services using https://localhost/ews/exchange.asmx

  1. Does Step 2 work?
    • If no, then identify the “Exception” error returned during call to EWS and troubleshoot the EWS Virtual Directory request.
    • If yes, then the calls to Exchange and EWS are both successful and EV will open the hidden message in the mailbox and display “Enabled for archiving” in the diagnostic log.

 

Identify the Error

When the EV OWA extensions have been installed on the CAS Role Server, the <appsettings> section of the web.config file is modified.

Notes:

  • The default location of the web.config file is:
<drive>:\Program Files\Microsoft\Microsoft Exchange\ClientAccess\OWA\web.config
  • b. The web.config may be opened and edited by any standard text editor.
  • c. A quick method to locate the section for Enterprise Vault in the web.config is to search for "ResourceVersion".


Example:
-----------------------------------------------------------------------------------------------------------------------------------
-->
<add key="EnterpriseVault_ResourceVersion" value = "v7.5.3.2138"/>
<add key="EnterpriseVault_WebDAVRequestHost" value="localhost"/>
-----------------------------------------------------------------------------------------------------------------------------------

2. To determine the error, enable OWA Diagnostics in the web.config by creating the following key value
    (Within the <appsettings> section, below the 'ResourceVersion' value, on its own line):

           <add key="EnterpriseVault_LogEnabled" value="true"/>

Notes:
a. See Articles TECH58865 and TECH60712 in Related Articles for details on enabling logging and customizing functions in the web.config.
b. If logging has been enabled and no logs are generated, confirm that the OWA request to the CAS Server is not being proxied to another CAS Role prior to accessing the Mailbox Role.This can be confirmed in the OWA Session -> Options -> About.

      Proxy Host Address: https://<IPAddressofCurrentCAS>/owa
        - Example: https://ExternalCASServer/owa
      Proxy servername: <FQDN of proxied destination CAS>  
        - Example: InternalCASServer.domain.com
      Client Access server name: <FQDN of proxied destination CAS>
        - Example: InternalCASServer.domain.com
      Mailbox Server Name: <FQDN of Mailbox Role Server>
        - Example: Mailbox1.domain.com

c. It is required to have the EV OWA extensions installed on every CAS role in the proxy 'path' and logging enable on the 'last' CAS Server which accesses the Mailbox Role.
d. To generate a log, it is necessary to close the current OWA session and open a new session (See Technical Article TECH58865 under Related Articles for additional details)
e. It is unnecessary to recycle Exchange Services or IIS on the Exchange Server for these changes to take effect.
f. To turn off logging, change this value (LogEnabled) from True to False

Access to the Exchange virtual directory


In a properly configured Exchange 2007/2010 environment, standard OWA 2007/2010 requests utilizes the OWA Virtual Directory (VD) only.  Access to the Exchange VD is still required for legacy WebDAV (Exchange 2000/2003) compatibility and Enterprise Vault performs a legacy WebDAV call to the Exchange VD.  

Notes:
a.  When the CAS Roles and Mailbox Roles are located on separate servers, by default the Exchange VD may not exist on the Mailbox Role.  For Legacy WebDAV requests, the Exchange VD is required on the Mailbox Role for EV Integration.
b.  If the Mailbox Role is configured in a Clustered environment, the Exchange VD must be available on each physical node in case of fail over.
c.  For assistance in having this prerequisite configured on the Mailbox Role(s), it is necessary to contact Microsoft for assistance.

If an error occurs during access to the Exchange VD, the error will be reproducible by opening the link directly, outside of OWA.

Example:

In the EV OWA Diagnostic Log, the following Requested url is accessed:

https://localhost/exchange/Username@Domainname.com

This can return the following error:

[WebDAVRequest::Send] Exception sending WebDAV request: System.Net.WebException: The remote server returned an error: (500) Internal Server Error.

On the CAS Server, perform the following to review the native error outside of OWA:
- Copy the Requested URL from the Diagnostic Log
- Open Internet Explorer (IE) on the CAS Server
- Paste this in IE. Select Go.
- A similar error will be observed:

(500) Internal Server Error

When properly configured, direct access to the Exchange VD will be redirected to the OWA VD and open the mailbox.

Known errors when communicating to the Exchange VD:


Below are a number of example and known methods to resolve these errors.  These do not encompass all possible errors that may be received, nor all possible methods to resolve the errors received.  These errors are most commonly due to an issue with the CAS and/or Mailbox Servers in questions.  If the error can be reproduced outside of OWA (IE. Opening https://localhost/exchange/Username@Domainname.com directly), it is recommended to contact Microsoft for further assistance.

One of the most common causes of the EV Toolbar options not being displayed are due to accessing the Exchange VD on the CAS Role going through Localhost via SSL (HTTPS).

Note: See Article TECH65498 under Related Articles for details.

 

Errors connecting to the Exchange VD


  1. [WebDAVRequest::Send] Exception sending WebDAV request: System.Net.WebException: The remote server returned an error: (401) Unauthorized.

          a. Integrated Windows Authentication (IWA) is enabled on the OWA VD but not enabled on the Exchange VD

Note: See Article TECH65704 under Related Articles for details.

          b. If IWA is enabled for the OWA VD and Exchange VD, it is required to enable Constrained Delegation.

Note: See Article TECH57914 under Related Articles for details.

          c.  There may be other issues that may cause this response.  Attempt to access the Exchange VD manually outside of OWA to test further.

  2. [WebDAVRequest::Send] Exception sending WebDAV request: System.Net.WebException: The remote server returned an error: (440) Login Timeout

          a. Time out error can occur with Forms-Based Authentication (FBA) is set on the OWA VD, but is not set on the Exchange VD

Note: See Article TECH54224 under Related Articles for details.

  3. [WebDAVRequest::Send] Exception sending WebDAV request: System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
       
          a. Internal Server Errors may be caused by a configuration or lack of a prerequisite on the CAS/Mailbox Server.  Confirm that the Exchange VD is accessible manually (See above). On Windows 2008 CAS servers check the following services roles installed (ISAPI Extension, ISAPI Filters,Basic & IWA Authentication, ASP.NET, ASP)

  Note: Most commonly, a (500) Internal Server Error is not seen when initially opening OWA however it is possible to receive a (500) Internal Server Error when attempting to open archived items.  Enterprise Vault Support has a number of Articles devoted to troubleshooting access to archived items through OWA and is outside the scope of this article.

  4. [WebDAVRequest::Send] Exception sending WebDAV request: System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond <IPAddress>:443

         a. May be caused by a configuration issue with a Firewall between the CAS and Mailbox Server, or the Windows Firewall being started on the Mailbox Server itself.

Note: See Article TECH68255 under Related Articles for details.

 

Access to the EWS virtual directory


Once the call through the Exchange VD is successful, a secondary call to the Exchange Web Services (EWS) VD is performed. As with access to the Exchange VD, this is a standard function for Exchange legacy functions. When making a successful call outside of OWA, the page is redirected to the Web Services Definition Language file "Services.wsdl" xml page (Example 1).

Example 1:

In the EV OWA Diagnostic Log, the following Requested url is accessed:

https://localhost/ews/exchange.asmx

- Open IE
- Copy the following line to IE:

https://localhost/ews/exchange.asmx

- This call will be redirected to the following xml page:

https://localhost/ews/Services.wsdl

When this call fails, the following is an example of the error as reference in the EV OWA Diagnostic log (Example 2).

Example 2:

[MailboxBase::MailboxBase] Connecting to Exchange Web Services using: https://localhost/ews/exchange.asmx
[ConvertId::DoConvertId] Converting ID using web services
[ConvertId::DoConvertId] Exception calling ConvertId: System.InvalidOperationException: Client found response content type of 'text/html; charset=utf-8', but expected 'text/xml'.

Below shows an example of an access failure and resolution to the EWS VD (Example 3)

Example 3:

Issue:
- Open Internet Explorer (IE) on the CAS Role
- Copy the following line to IE:
https://localhost/ews/exchange.asmx
- This link fails

Change link to the following:
https://10.20.30.40/ews/exchange.asmx
- This link is successful.

Resolution:
In web.config, add the following line:

<add key="EnterpriseVault_ExchangeWebServicesUrl" value="https://10.20.30.40/ews/exchange.asmx"/>

Errors connecting to the EWS VD

  1. The web.config located under the \Program Files\Microsoft\Exchange Server\ClientAccess\exchweb\EWS was edited incorrectly

     a.  Locate a previous version of this web.config and revert this file to before being edited manually.

  2. Access to the EWS VD is 'locked down' though Localhost.

    a.  Add the following to the ClientAccess\OWA\web.config
   
      <add key="EnterpriseVault_ExchangeWebServicesUrl" value="https://<IP_Address_Of_CAS>/ews/exchange.asmx"/>

Note: See Article TECH60712 in Related Articles for details.

  3. Error : [ConvertId::DoConvertId] Exception calling ConvertId: System.Net.WebException: The request failed with HTTP status 403: Forbidden.
   
    Cause: The EWS VD was set to use Anonymous credentials.
    Resolution: Uncheck "Enable anonymous access" from the EWS VD => Directory Security.

Note: See Article TECH68738 under Related Articles for details

Once the calls to the Exchange VD and EWS VD are successful, the following will be observed in the EV OWA Diagnostics:

[EVContext::LoadHiddenSettings] Retrieved hidden message from web services

If the EV Toolbar options display and additional issues occur with Archiving or Restoring through OWA, these issues refer to a configuration issue on the EV Server and the EVAnon VD.  (See Technical Articles TECH78377 and TECH78412 under Related Articles for details.)

 




Legacy ID



321015


Article URL http://www.symantec.com/docs/TECH68743


Terms of use for this information are found in Legal Notices