Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Desktop Policy - RPC/HTTP - Vault Cache & PST Import

Created: 15 Oct 2012 • Updated: 15 Oct 2012 | 5 comments
AKL's picture
This issue has been solved. See solution.

Hello

I've been testing RPC over HTTP in exchange environment and making sure Enterprise vault works seamless along with it for end users when we roll it out in production.

While testing, I disabled vault cache & PST import via desktop policy in EV as I thought it would be safer for these files / data not to flow over unsecured network or unknown machines.

But to my surprise, no matter test Outlook is connected via TCP (MAPI) or HTTP (RPC/HTTP), vault cache always remains disabled. As soon as I un-check the RPC/HTTP setting in Outlook profile, vault cache shows up again.

Any thoughts how we can make EV smart enough to determine that Outlook is connecting on MAPI and vault cache/PST import should not be disabled?

Comments 5 CommentsJump to latest comment

JesusWept3's picture

When you uncheck Outlook anywhere, and you restart outlook, are you absolutely sure that Outlook Anywhere has not re-enabled itself and can confirm that in the client trace?

AKL's picture

Yep, quiet sure that it doesn't re-enables itself, didn't take client trace during that time though.

But again, the issue is not after un-checking or disabling Outlook anywhere. Issue is when the setting is enabled AND Outlook is connecting over MAPI (traditional RPC) which I confirmed using netstat.

So to quick summarize:

  • Outlook Anywhere Disabled - Vault cache works fine.
  • Outlook Anywhere Enabled - Outlook connecting over HTTP - Vault cache & PST import disabled (As expected)
  • Outlook Anywhere Enabled - Outlook connecting over RPC - Vault Cache & PST Import disabled (not as expected) [Confirmed using netstat that its not using HTTP]

I apologize if I wasn't clear originally.

Thank You

AKL

JesusWept3's picture

Outlook Anywhere regardless of HTTP or RPC will always be considered to be RPC over HTTP and will follow what the policy says

SOLUTION
AKL's picture

Drats, that's what I was afraid of. Will probably need to weigh security risks around this now. :S

Given vautl cache files are unencryped *.db format of *.pst files, I feel its bit risky to enable vault cache overall.

Would've been nice if EV could've determined the port used and determine policy setting based on that? But I sound too selfish now ;-) LOL

Thank You

AKL

JesusWept3's picture

So the answer I was always given numerous time is that Outlook doesn't really give any API for an add-in to determine what kind of connection is being used unfortunately