Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

EV 2007 7.5 SP3 and Exchange 2007 Shared Mailbox Conundrum

Created: 23 Jan 2013 • Updated: 24 Jan 2013 | 11 comments
This issue has been solved. See solution.

Dear Experts and Gurus,

I already have the settings described in article Tech128017 in place.

TECH128017  

I have a small group of users with 'full access' to a Exchange 2007 SP3 shared mailbox, who are encountering troubles, when attempting to open items in a folder.

The user groups' team leader has been granted 'full access' in her own right as well as via the group that had previously been using the shared mailbox for a considerable period of time. One would expect that she could open any item in any folder, in the archive, too.

The folder concerned contains a number of items. The shortcuts are visible in Outlook 2007 and when opened, the short lists the item but doesn't open the archived content. When the team leader or any of her team click to open the item in EV, they are challenged to enter alternate account details. None of their accounts have the desired access rights.

I've suggested that they do not cut items from their own mailbox and paste them into the shared mailbox, but forward them via email in future.

The problem folder is visible in Outlook 2007, but not via EV 2007 SP3 client on Windows XP or via Windows 7, using an EV 8.x client, using the  'Search Vaults' or 'Archive Explorer' buttons. As mentioned the registry settings detailed in Tech128017 are in place in the users XP Registry.

I suspect that a former team member cut and pasted the problem items from their own mailbox, directly into the shared mailbox, rather than 'forwarding the item' via email to the shared mailbox. Thus, the reason that nobody else can open the items is thanks to the inherited rights of that former team member.

Of course I could be completely wrong....

In a sense this may be solved in a few weeks, when we upgrade to EV 10.0 (At least that's what I've promised the user). Meanwhile, I need a solution...

Look forward to receiving your wisdom !

thanks very much, in advance.

Comments 11 CommentsJump to latest comment

Rob.Wilcox's picture

So are they items which are in the shared mailbox, and have been archived whilst there ?  Or

 

are they items which have been dragged and dropped from someone's archive in to the shared mailbox?

 

The former will work.

The latter won't.

JesusWept3's picture

You are absolutely right, this happens a lot, especially with public folders, shared mailboxes etc where other people's shortcuts end up there instead of the emails

The only solution is to get the original owner to restore the items, or delete the shortcuts

If you use Outlook 2007 or 2003, select the shortcut in question
Then to to Help -> About Enterprise Vault -> Tech Information

From there, scroll down to the section that says "Selected Item"
It will list the archive ID that the item belongs to, copy that archive ID

Then go to the vault admin console and hold Ctrl-Shift and right click "archives" and press Find Archives Or Folders

Paste in the archiveID and it will tell you exactly who that shortcut belongs to

JesusWept3's picture

Oh and the behavior in ev10 will be he exact same

EV_Novice's picture

Thankyou both for the prompt responses.
My understanding is that they are items that were placed in the shared folder by a former team member, who's moved on. I suspect that they were dragged and dropped from personal mailbox to shared mailbox, so presumably have been locked to that users ID. We don't allow restores of mail, as a policy setting. Ones its archived, its archived !
The team leader is out of the country today, shouild be back friday. I'll see if there is any other detail she can provide...
JesusWept3: Thankyou! I'll try out that process you've described. The info may be of use to the team leader, when she returns.

Rob.Wilcox's picture

Sounds like you have a plan then EV_Novice.  I mean there isn't anything that can specifically be done really to stop users dragging and dropping from their archives.  Best bet is user-education.

JesusWept3's picture

Yeah i think the best you can hope for is that you set the shortcut policy to not allow copies, but that only works when the client is installed and running and when they perform a copy and not a move, which is usually pretty unlikely.

One thing i suppose you could do is set them up with virtual vault, that way when they want to drag and drop an item from their mailbox in to another mailbox, what will happen is it will copy the item from the local vault cache and not a shortcut.

But that being said that would negate your rule of not allowing restores as people could copy items out of their vault cache in to their mailbox (and it would be a copy, it wouldn't be a delete on the other end if set up properly)

And also with this scenario, the other previous team members would have had the exact same issue where they tried to open the shortcut but it wouldn't because it belonged to another user...only the owning user wouldn't have had the issue

So really the only fixes are

1. Have the user restore the item, and then move to the mailbox
2. Share out the users entire archive so people aren't prompted, but this would be BAD
3. Have the user add delegate permissions for the users who now access the shared mailboxes...have them add the permissions to the specific folder, again would be bad
4. Use the ECM to get each item as a MSG file and then drag and drop the msg files in to the shared mailboxes folder

So for #4, this would be quite time consuming
You would have to go through each shortcut, go to the Help -> About Enterprise Vault -> Tech Info, scroll down to the Selected Item section, copy out the Saveset ID

Then you would run the get_item.hta, put in the archiveID for the user, and the savesetID and then save it to a message, and then move the item in to the shared mailbox

Which is all very well and good if you're talking a dozen items or so
but if you're talking hundreds, it would take a very very very long time

The ECM Script can be found here and needs to be run on the EV server as the EVAdmin: http://www.symantec.com/connect/blogs/extract-item...

SOLUTION
EV_Novice's picture

Hi Jesus Wept3, just tried the process you described. I couldn't find the 'Selected Item' info. What did I miss ?

This is the content of System Information. Note that I used an EV 8.x client, as I have a Windows 7 laptop.
The user is equipped with an XP desktop, but is unavailable, today.

"VERSION INFORMATION
Operating System (Build 7600)
Outlook Microsoft Outlook 2007
Internet Explorer 9.0.8112.16421
Enterprise Vault Outlook Add-in 8.0.4.1991
VBScript component (Outlvbs.dll) Available

USER DETAILS
User Mailbox Property unavailable in an offline store
Outlook connection state Cached connected full (8)
RPC over HTTP flags 0

TESTING CONNECTION
Skipping DCOM tests HTTP client is in use
HTTP connection failed http://xxxxarcsp01.xxxxxxxx.xx/EnterpriseVault (Status: 0x12)

ORG LIBRARY FORMS
No items found

PERSONAL LIBRARY FORMS
No items found

VAULT CACHE DETAILS
Status Never enabled. Disabled by administrator
Error opening item Error - ref: 80040107

HIDDEN MESSAGES IN FOLDER Computer People1
No hidden messages found

JesusWept3's picture

go back and make sure that the item is actually highlighted, sometimes it does then when the item isn't "focused" correctly

Another thing you can try and do is select the item, hold ctrl shift and right click one of the EV Buttons at the top (such as Archive Explorer, Search, Store In Vault, Restore From Vault etc) and then from the dialog that comes up, you should have a similar information button there

EV_Novice's picture

Gentlemen,
thankyou.

I tried the recommended process but didn't meet with success.
However, it occurred to me that the access denial should have generated an event in the server log...

I checked and found this:
"Client request refused due to insufficient privileges, user ?domain?\xxxxxxx attempted to access the Archive Folder:

Archive name: Surname, Firstname
Archive folder path: \Inbox\Foldername
Vault Id: 1E3B04B62C0FCE24F8F2B0EF78057ACFA1110000?domain1?.xxxxxxxxxxxxxx.?? but does not have permission(s) (Read).
A frequent cause of this Warning is a user attempting an operation on a forwarded, moved, or copied shortcut to a Vault for which they do not have the required permission(s)."

This allowed me to identify the user who'd cut and pasted the item and as the user is still an employee, I will suggest to the shared mailbox owner that they get this user, who did the cut / paste, to access the EV archive, open the items one at a time and forward them to the correct address, by email.
The downside is that each item will now be included twice, but at least the forwarded item can be opened by all legitimate users of the mailbox.

Appreciate your thoughts on this?

Rob.Wilcox's picture

Sounds like a plan.

The original shortcut which was put in the shared mailbox 'incorrectly', can always be manually deleted....

EV_Novice's picture

Hi Rob,

that's a good point: I'll remind the owning user to do that, once she is comfortable with the proposed solution.

Thanks to you and JesusWept3 for the advice and reassurance.

I'll let you know how the plan worked, after the user returns from France.