Video Screencast Help

Enterprise Vault - PST Import button prompts for authentication

Created: 14 Jul 2014 • Updated: 14 Jul 2014 | 3 comments

I am preparing for a company roll out of EV client and will be using the PST imnport feature. During initila deployment to 20 machines - 3 out of 4 users enabled for PST import are prompted for credentials when clicking the PST button in EV toolbar and also at intervals during normal Outlook usage.

The one machine where this is working has allowed me to make a comparision of network streams using wireshark to analyse capture from netMon.

The key seems to be that a session cookie is not being set on the machines that have this issue. The issue is machine based as it stays with the machine independent of the users that logs on.

The below is a comparison of 2 tcp streams - the left one on 484 works and the cookie is being set - the right hand causes the authentication popup to be displayed and no cookie is set.

I have checked all IE settings and permissions for cookies and removed all group policies from test machine & reset IE to Defauts etc.., but still get this issue. I am at a loss to find differences between these 2 test machines as they have the same build.

Outlook 2010, EV 11, IE11 and IE9, Exchange 2013 (In exchange resouirce forest)

Really need some help here!

 

 

Operating Systems:

Comments 3 CommentsJump to latest comment

AndrewB's picture

what about the other aspects of EV functionality? do they prompt for auth too? such as: double clicking on an EV shortcut, accessing the EV search page, accessing Archive Explorer, manually archiving an email, etc.

Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec National Partner | www.trace3.com

Ozboz's picture

Hi AndrewB, Thanks for the reply - yes all other aspects of EV client function OK without an authentication prompt. Searching the archive, accessing archived emails, manually archiving an email. Connecting directly to the EV URL using IE also doesn't prompt for dcredentials - the URL has been added to Group policy to specify the zone as Local Intranet.

The same prompting for credentials occurs on machines with IE9 and IE11. The assumption is that the majority of our machines will have this behaviour and the 1 good machine is an exception.

The EV log (set to maximum logging) shows the same 401 error then:

11/07/2014 15:13:03.193[4300][L]: CInternetSendDataBase::DisplayLoginDialog

which I imagine is a failback mechanism when the authentication session cookie is not set.

 

=============================================

11/07/2014 15:13:03.114[4300][L]: ~CInternetSendDataBase::AddFieldsAndFiles: 0x0

11/07/2014 15:13:03.183[4300][L]: CInternetSendDataBase::ReadResponse: 0x0

11/07/2014 15:13:03.183[4300][L]: CInternetSendDataBase::ReadStatusCode: 0x0

11/07/2014 15:13:03.183[4300][M]: HttpQueryInfo text is 'Unauthorized' status code is '401'

11/07/2014 15:13:03.184[4300][L]: ~CInternetSendDataBase::ReadStatusCode: 0x0

11/07/2014 15:13:03.184[4300][L]: CInternetSendDataBase::ReadResponseHeaders

11/07/2014 15:13:03.184[4300][L]: Received HTTP/1.1 401 Unauthorized

 

Cache-Control: private

 

Content-Type: text/html

 

Server: Microsoft-IIS/8.0

 

X-AspNet-Version: 2.0.50727

 

WWW-Authenticate: Negotiate

 

WWW-Authenticate: NTLM

 

WWW-Authenticate: Basic realm="Enterprise Vault"

 

X-Powered-By: ASP.NET

 

Date: Fri, 11 Jul 2014 15:13:02 GMT

 

Content-Length: 1293

 

 

 

 

11/07/2014 15:13:03.186[4300][L]: ~CInternetSendDataBase::ReadResponseHeaders

11/07/2014 15:13:03.186[4300][L]: CInternetSendDataBase::ReadResponseBody

11/07/2014 15:13:03.186[4300][M]: Body is <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 

<html xmlns="http://www.w3.org/1999/xhtml">

 

<head>

 

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>

 

<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>

 

<style type="text/css">

 

<!--

 

body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}

 

fieldset{padding:0 15px 10px 15px;}

 

h1{font-size:2.4em;margin:0;color:#FFF;}

 

h2{font-size:1.7em;margin:0;color:#CC0000;}

 

h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}

 

#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"treb

11/07/2014 15:13:03.189[4300][M]: Body is uchet MS", Verdana, sans-serif;color:#FFF;

 

background-color:#555555;}

 

#content{margin:0 0 0 2%;position:relative;}

 

.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}

 

-->

 

</style>

 

</head>

 

<body>

 

<div id="header"><h1>Server Error</h1></div>

 

<div id="content">

 

<div class="content-container"><fieldset>

 

  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>

 

  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

 

</fieldset></div>

 

</div>

 

</body>

 

</html>

 

 

11/07/2014 15:13:03.192[4300][L]: ~CInternetSendDataBase::ReadResponseBody

11/07/2014 15:13:03.192[4300][L]: StatusCode = 401

11/07/2014 15:13:03.193[4300][L]: CInternetSendDataBase::DisplayLoginDialog

11/07/2014 15:13:03.193[4300][L]: DesktopCommonUtil::GetOutlookWindowHandle: 0x0

11/07/2014 15:13:03.193[4300][L]: CComAutoUnlock<class ATL::CComAutoCriticalSection>::CComAutoUnlock

11/07/2014 15:13:03.194[4300][L]: ~CComAutoUnlock<class ATL::CComAutoCriticalSection>::CComAutoUnlock

11/07/2014 15:13:03.194[4300][L]: CComAutoLock<class ATL::CComAutoCriticalSection>::CComAutoLock

11/07/2014 15:13:03.194[4300][M]: Acquiring lock: 0x6B2F7ADC

11/07/2014 15:13:03.195[4300][M]: Acquired lock: 0x6B2F7ADC

Ozboz's picture

Hi, Yes all other functionality for EV works as expected. I can also use IE to connect direct to the URL and perform archive searches.