Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Archives are not synchronising permissions from Exchange Server

Created: 27 Nov 2013 • Updated: 03 Dec 2013 | 9 comments
Rdosramos's picture
This issue has been solved. See solution.

Hi All,

I have a client who is having the strangest of problems. The EV server is not synchronizing permissions from Exchange Server/ Active Directory.

I have check the inherit permissions settings in the EV console and the reg keys and it has been. The only way we can add permissions is manually via the VAC or via EVPM.

It is on Server 2008 R2 Standard

EV 9.0.4

Exchange Exchange 2010 SP3

SQL 2008 R2

No errors.

We have also gone through this process

http://www.symantec.com/business/support/index?page=content&id=TECH164682 - This does not explain who or what assigns the additional permissions settings - EV or AD.

 

Any help would be greatly appreciated.

 

Rob

Operating Systems:

Comments 9 CommentsJump to latest comment

Advisor's picture

Do you see any errors in Event logs on EV Server when you perform sync with Folder hierarchy and permissions?

You can Dtrace AgentClientBroker and ArchiveTask processes on EV Server while you carry out the sync.
How to DTrace - www.symantec.com/docs/HOWTO57893

A_J's picture

Hello Rob,

 

As you mentioned if we do a manaul sync via VAC the permissions are OK..

So that means the AgentClientBroker is able to sync the permission but when a schedule sync happens Archivetask is unable to keep the permission.

So i would suggest you to follow the below steps and provide the log.

  1. Enable Dtrace on ArchiveTask you can refer http://www.symantec.com/docs/HOWTO57893
  2. Then Go to the Mailbox Archiving Task Properties - > Synchronization Tab - > Leave the "All Mailboxes" option selected and Make sure all the checkboxes are selected.
  3. Click on the Synchronize button.
  4. Go the EnterpriseVaultEvent log under Applications and services log
  5. You will see a information event logged one the synchronization is completed.
  6. Now stop the Dtrace and upload the file.

Will try to analyze the log..

 

I hope this helps !!!

 

 

GabeV's picture

Hello Rdosramos,

How many users are being affected? Can you do a test and add a single user account (it can be any account) with full access to one mailbox from the Exchange Console and synchronize that mailbox from the Enterprise Vault VAC? See if you get any changes in the permissions tab.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

A_J's picture

Hello Rob,

 

any update on this one ??

Rdosramos's picture

Hi All,

Sorry for the late reply. I am going to try all the suggested ideas now.
This is affecting all the new users in the environment as the legacy users already have there permissions.

I suspect that the problem occurred when the customer upgraded to 9.0.4.

Regards,

Robert

A_J's picture

Hello Robert,

 

Let us know if you have any update on this thread,

 

Also do we have the CAS server in NLB or Cas Array ??

IF yes try to point it to a specific case by implementing the DS Server registry key and then try to sync the maibox and check.

A_J's picture

You follow the below steps to implement the DS Server registry key

  1. Click Start, and then click Run.
  2. In the Open box, type regedit.exe, and then click OK.
  3. Locate and then click the following key in the registry:
    HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider 

    Note You may have to create the registry path.

  4. On the Edit menu, click Add Value, and then add the following registry value:
    Value name: DS Server 
    Data type: REG_SZ (string) 
    Value data: FQDN of the global catalog server.
In Exchange 2010 we have to provide the FQDN of the CAS Server.
For more info you can check the article from microsoft http://support.microsoft.com/kb/319206
Rdosramos's picture

Hi Guys,

 

We landed up opening a support case and as per RahulGit seemed to have resolved the issue. My bigger concern is why it is happening in the first place. I will need to get the Exchange admin to sort it out. 

 

thanks for all the help and comments

 

Rob