Configuring EV and EVOWA in a Cross Forest environment
Following are the two scenarios considered for this excercise:-
a) User 1 with AD account and EV setup in Forest 2(veritas.com) with an Exchange mailbox in Forest 1(Symantec.com)
Linked mailbox: Linked mailbox is a name for a mailbox that is accessed by a security principle (user) in a separate, trusted forest.
Linked mailbox can be created as per the document below:
b) User 2 with AD account and mailbox in Forest 1 and EV in Forest 2:
Following are the pre-requistes for configuring Enterprise Vault archiving for Exchange to work in the cross forest environment.
- Trust relationship between two forests is essential for communication however before setting up a trust setup your DNS properly. There is a technote from microsoft which shall help as a quick checklist :
- Once the DNS is setup correctly you can create a trust relationship between two forests.
- Enterprise Vault Service account (in Forest 2) requires full access to all mailboxes and public folders on Exchange that needs to be archived in Forest 1.
Assuming that above pre-requistes are met perform the following steps to configure EV:-
- Add the domain in the Forest 1(symantec.com) into the Vault Admin console of the EV Server residing in Forest 2(veritas.com)
- Add the exchange server in Forest 1(Symantec.com).
- Create a new provisioning group for the Exchange server.
- Create an Exchange mailbox archiving task for Exchange server in Forest 1 and a provisioning task for the domain in Forest 1.
- After running the provisioning task users can be enabled and the Exchange archiving should work as a normal process.
Enterprise Vault OWA configuration in a cross forest environment:-
- Steps to configure Enterprise Vault OWA can be referred from the link below :-
- For the cross forest configuration of OWA following points should be noted:-
a) ExchangeServers.txt should be created on EV server enterprise vault installation folder in Forest 2 with the ip address of the Exchange server in Forest 1.
b) There should be anonymous user(EVanon) created in Forest 1 that should have permission on the EVAnon directory in Forest 2
c) In our case following script should be run on EV server in Forest2:-
Cscript OWAUser.wsf /domain:domain(Forest1) /user:anonymous(Forest1) /password:<password>
d) Restart the EV admin service..
- This should enable EV for the OWA users.
Below are few good articles for troubleshooting EV OWA issues:-
1) Enterprise Vault OWA Resource Tool (EVORT) - Troubleshooting
2) Whitepaper: Troubleshooting OWA Extensions
3) How To: Troubleshooting and Common Causes why Enterprise Vault (EV) Toolbars do not display in Outlook Web Access (OWA) 2007 or Outlook Web App (OWA) 2010