Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archiving Exchange Server 2013 with Enterprise Vault 10

Created: 28 Jan 2013 • Updated: 29 Jan 2013 | 15 comments
Language Translations
Baris Aydogmusoglu's picture
+5 5 Votes
Login to vote

Hello all,

In this article I want to cover the steps of configuring Enterprise Vault for Exchange Server 2013 archiving. In fact I prepared a personal configuration guide and I want to share it. If you have any recommendation, it would be nice for me to update the guide. Anyway, let`s rock :)

Firstly I want to explain my test environment.

VMware Fusion as virtualization software

One Domain Controller (Windows Server 2012 Datacenter)

One Exchange Server 2013 installed on Windows Server 2012 Domain Controller

One Certificate Authority installed on Domain Controller

One SQL Server 2008 R2 (I will install Enterprise Vault on this server)

One Windows 7 Client with MS Office Pro Plus 2013 installed

FQDN of exchange server and domain controller: exc13.aydogmusoglu.com

FQDN of sql server and enterprise vault: evsql.aydogmusoglu.com

Let`s configure the server which we want to install Enterprise Vault 10.

At this stage I assume that;

- SQL Server is properly configured

- Vault Admin Account is properly created and configured with sufficient permissions

Log on to EV server with Vault Admin Account. I will explicitly warn you when you need to log on to Exchange Server.

1- To improve server performance, change the TEMP folder location.

a. image

b. Q:\ drive is for TEMP,CACHE,MSMQ,INDEX and VSG locations for my test server.

c. At production you should use several partitions for best practice.

2- To improve server performance change default msmq path.

a. image

b. You should take MQ offline before changing path. And be sure about sufficient NTFS permissions for new path(in this scenario the system{for example you can use everyone account } has to have sufficient ntfs permission on Q:\msmq folder)

c. Do not forget to take MQ online after path operation!

3- Install .Net 3.5 SP1 feature

4- Install IIS role

5- Open IIS management console and obtain an SSL certificate. Bind it to Default Web Site

a. Note: If you have a wild card ssl certificate you can use it

6- Install MS Outlook 2007 , Install SP3 ,Install KB2596598

7- Log on to Exchange Server .There are two PowerShell scripts those are located on EV installation media. Copy them to exchange server and run these scripts in exchange management shell. You can find the instructions about how to run these scripts in EV Installing and Configuring pdf document(this is also in EV media)

a. SetEVExchangePermissions.ps1

b. SetEVThrottlingPolicy.ps1

8- Log on to Exchange Server. Give “Send As” permission to Vault Admin Account on Vault System Mailbox. You can use either Exchange Admin Center or Exchange Management Shell

a. image

b. Add-adpermission –identity evsysmbx –user domain\vault_admin_account –accessright extendedright “send as”

9- Log on back to EV Server with Vault Admin Account

10- Configure EV system mailbox MS Outlook profile.

11- Keep in mind à Exchange Server 2013 Outlook Anywhere configuration will probably be needed!!!

12- Be sure you can open EV system mailbox outlook profile with EV vault admin account.

13- Run Symantec EV setup.

14- image

15- “Prepare my system” is very important. Because if you have a problem, you will be aware of it before it is too late.

16- image

17- Deployment Scanner is very important too.

18- image

19- A proper example is as shown above

20- image

21- Hit the install

22- After installation and reboot phases, log on to EV server with Vault Admin Account again and go on…

23- You need to run Enterprise Vault Configuration wizard.

24- With this initial configuration you will have Directory DB, EV Alias, Monitoring DB, VAC configuration etc…

25- For mailbox (enable, disable, pst etc..) messages copy “C:\Program Files (x86)\Enterprise Vault\Languages\Mailbox Messages\en\EnableMailboxMessage.msg” to “C:\Program Files (x86)\Enterprise Vault” directory. Of course the language selection is up to you

26- Open IIS management console

27- image

28- Set the value as shown above

29- OPTIONAL: If you have Exchange Server 2010 CAS role, install EV OWA 2010 add-in on CAS server

30- Create ExchangeServers.txt and write Exchange Server CAS IP address in it.

31- Run owauser.wsf script --> cscript owauser.wsf /domain:myDomain /user:evowausr /password:P5ssword

32- Restart Enterprise Vault Admin Service.

33- Open EV Admin Console.

34- Create Vault Store Group, Vault Store, Vault Store Partition

a. image

35- Add Domain and Exchange Server

a. image

36- Configure Mailbox Policy and Desktop Policy

a. image

37- Configure Retention

a. image

38- Set task properties according to your design or environment.

a. image

b. image

39- If you run the mailbox archiving task, EV functionality begins.

40- Now, time to open archived items. You need to do few more steps. You can configure some settings from Desktop Policy

a. image

b. image

41- For Office 2013 and OWA 2013 users you need to deploy a mail application either to an individual or to whole organization.

a. $Mbx = get-mailbox "baris"

b. New-App -mailbox $Mbx.LegacyExchangeDN -Url ("http://evsql.aydogmusoglu.com/EnterpriseVault/OfficeMailAppManifest.aspx?LegacyMbxDn=" + $Mbx.LegacyExchangeDN)

c. You can use two lines above in one PS script obviously

d. This script will deploy mail application to baris@aydogmusoglu.com

e. For more information you can see Setting up exchange server archiving pdf document.(in installation media)

42- For Office 2013 users you can also install an add-in as you have already known from previous versions. (You can find the proper add-in from EV installation media)

43- For Office 2010 users you need to install an add-in. (You can find the proper add-in from EV installation media)

44- image

45- As you can see from above, EV add-in is deployed and EV Mail Application is deployed too. If you do not deploy mail application to a user, that user cannot see the Enterprise Vault Mail Application but that user can use Enterprise Vault add-in!!!

46- image

47- As a result if you have Office 2013 users and Internet Explorer 9 or newer users and only have Exchange Server 2013 organization, you need only EV Mail Application. No need to install add-in :)

This is the end. I hope this is informative for you.

Comments 15 CommentsJump to latest comment

bert.geiger's picture

Superb article! What version of EV supports Office 2013?

0
Login to vote
Rob.Wilcox's picture

10.0.3, but, that's for the client machine.  Do not install anything higher than Outlook 2007 on the EV server itself.

[Outlook 2007 with appropriate HF/Service Pack]

+2
Login to vote
Baris Aydogmusoglu's picture

Thank you bert.geiger.

Thank you Rob for explanation.

As Rob said, Outlook 2007 is supported on EV server.

At step 6 , I wrote the service pack level and kb number. 

Senior System Expert

Microsoft Exchange Server

Symantec Enterprise Vault

http://www.aydogmusoglu.com

http://www.e-vault.info

0
Login to vote
John Santana's picture

Cool, many thanks for the clarification, so in this case eventhough the EV is 10.0.3, the Outlook should just be the Outlook 2007 SP3 not even Outlook 2010 SP1.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
Rob.Wilcox's picture

Outlook on the EV server should be 2007 SP 3 + hotfix from Microsoft.

Outlook 2010 on the EV is NOT supported.

+2
Login to vote
John Santana's picture

Rob, may I know what Hotfix is needed to be applied for the Outlook Client 2007 SP3 on the EV server ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
Rob.Wilcox's picture

Per the Compatibility Charts:

To target Exchange Server 2013, you must install Outlook 2007 SP3 with update package KB2596598 or later

support.microsoft.com/?id=2596598

+1
Login to vote
Baris Aydogmusoglu's picture

Hi John ,

At step 6, I wrote the service pack level and kb hotfix number of MS Office Outlook .

By the way thank you Rob.

Senior System Expert

Microsoft Exchange Server

Symantec Enterprise Vault

http://www.aydogmusoglu.com

http://www.e-vault.info

+1
Login to vote
John Santana's picture

COol, many thanks people !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
Abhijeet Kakade's picture

A very good article Baris :)

However, the correct syntax for "send as" permissions for Step #8(b) should be:

Add-ADPermission -Identity VaultSystemMailbox -User VSA -AccessRights ExtendedRight -
ExtendedRights “Send As”

Where VaultSystemMailbox is a Mailbox configured in Exchange for the exclusive access of the Vault Service Account. And VSA is the Vault Service Account using which all the Enterprise Vault Tasks and Services are running.

Cheers!!

Best Regards,

Abhijeet Kakade (ABHI)

Senior Principal Technical Education Consultant

Information Intelligence (Enterprise Vault, EV.cloud, Clearwell eDiscovery)

Symantec Australia

0
Login to vote
John Santana's picture

I have install the Outlook 2007 SP3 in the Windows Server 2012 R2 where I install th EV 10.0.4, however the KB2596598 is not applicable ?

Capture_5.JPG

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

0
Login to vote
imrich's picture

John,

     It depends on what version of EV you have. If you have EV 10.0 base (and only if exchange had been in a mixed environment, exch2007/2010 and exch2013 in the same environment), then you need the hotfix installed but if you have at least EV 10.0.4 CHF2, then it's not necessary as that version of EV should already be able to handle archiving from exch2013. See this:  

http://www.symantec.com/docs/TECH211666

You can see the update for Etrack 3274458. That confirms that changes needed to address the problems EV used to have are rolled into CH2.

@Baris: great article

+1
Login to vote
Baris Aydogmusoglu's picture

Hello Abhijeet,

Thank you for you comment.

Add-adpermission –identity evsysmbx –user domain\vault_admin_account –accessright extendedright “send as”   -->  cmdlet used in article

Add-ADPermission -Identity VaultSystemMailbox -User VSA -AccessRights ExtendedRight -
ExtendedRights “Send As”   --> cmdlet should be used in article.

Actually both of them are correct. 

evsysmbx is the VaultSystemMailbox

vault_admin_account is the VSA

domain is where VSA(vault_admin_account as well) belongs to

My shortening style is a bit different :)

But I agree with you. Your suggestion is the official one.

Thank you.

Regards.

Senior System Expert

Microsoft Exchange Server

Symantec Enterprise Vault

http://www.aydogmusoglu.com

http://www.e-vault.info

0
Login to vote
tony.wu's picture

Please advise is there any impact if the customer only use DA

Tony W.

0
Login to vote