Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How OWA works with Enterprise vault 10.0

Created: 11 Aug 2013 • Updated: 28 Aug 2013 | 12 comments
This issue has been solved. See solution.

Hi

I'm new to EV and i need to know How OWA works to retrive the archive E-mail in Exchange 2010 step by step please.  Why i'm asking these information because in my environment when users trying to retrieve the Archive E-mails through OWA they are getting below error

symantec enterprise vault - error

You do not have access to this vault

Operating Systems:

Comments 12 CommentsJump to latest comment

AndrewB's picture

first thing i would do is enable logging in the owa web.config file so you can get some detailed information on the issue

Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec National Partner | www.trace3.com

AndrewB's picture

you can also have a look through this

Enterprise Vault OWA Resource Tool (EVORT)

Article:TECH126141  |  Created: 2010-01-03  |  Updated: 2012-05-02  | 

Article URL http://www.symantec.com/docs/TECH126141

Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec National Partner | www.trace3.com

AndrewB's picture

here's a post with the same issue. try what was recommended there too.

https://www-secure.symantec.com/connect/forums/you...

Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec National Partner | www.trace3.com

JesusWept3's picture

A very broad overview is
1 admin installs the EVOWA binaries on the exchange CAS servers
2. Admin creates a text file called ExchangeServers.txt on the EV server with the IP addresses of the CAS servers and saves it in the EV install folder
3. Admin creates an AD user named something like EVAnon that is a regular user and doesn't have any special exchange permissions
4. Admin runs 'cscript owauser.wsf' on the ev server and specifies the EVAnon domain, username and password, this creates the EVAnon virtual directory on the EV server
5. Admin then restarts the EV Admin service on the EV server and synchronizes all the mailboxes
6. When user logs on to OWA the EV OWA add in calls the users mailbox via EWS to try and read the users EV hidden message
7. If the hidden message doesn't exist, then the OWA plugin deactivates itself and user can't see any EV buttons
8. If the hidden message is present then it will display buttons as configured in the OWA section of the users Desktop policy
9. When an EV action is called, it connects to the /EVAnon directory on the EV server where the users archive is located
10. If an item is opened It uses the shopping service on the EV server to "restore" the item to the users \deleted items folder

Chandra Sekhar's picture

Thanks Jesus for your reply . its helps to understand the work flow

Chandra Sekhar's picture

Hello Jesus

Actually when i tried to retrieve the archive E-mail from OWA its connecting to

https:\\website\enterprisevault\viewmessage.asp\vaultid.... but if i see your post (9th point) you have mentioned it will connect to /EVAnon directory.

2) When i try to access archive E-mail from external its working but when i try to open internal network its not working.

Pradeep_Papnai's picture

There are various document present on how EV works with OWA 2010, Few of them are below.

How do the Enterprise Vault (EV) Toolbar options in Outlook Web Access (OWA) communicate with the EV Server to perform Archival, Retrieval and Restore actions (http://www.symantec.com/docs/TECH78412)

What are the requirements, and modifications made, in order to enable Enterprise Vault (EV) options with Outlook Web Access (OWA) 2007 or Outlook Web App (OWA) 2010 (http://www.symantec.com/docs/TECH78377)

How do the Enterprise Vault (EV) Extensions integrate and process archived items with Outlook Web Access (OWA) 2007 or Outlook Web App 2010

(http://www.symantec.com/docs/TECH78411)

OWA section of Admin guide.

Enterprise Vault 9.0 Web.config options for Microsoft Exchange 2010 Outlook Web Access (OWA) http://www.symantec.com/docs/TECH141519

Based on your error "Symantec Enterprise vault-error-you don't have access to this vault", I would ask first question on When does this error come? When you double click on shortcut then does it gives you complete email, Does this error comes when you click on shortcut link or yellow message at the top stating 'the item is currently unavailable, click here......."? You can send screenshot.

I would also suggest you to enable OWA logging on CAS server by putting following lines in web.config

<add key="EnterpriseVault_LogFolder" value="C:\Program Files\Enterprise Vault\OWA 2010\logs\"/>

<add key="EnterpriseVault_LogEnabled" value="true"/>

<add key="EnterpriseVault_LogMailboxes" value="mailbox@mydomain.local"/>

Replace 'mailbox@mydomain.local' with appropriate SMTP address of user you are doing testing with & save this file (you don't need to restart any service OR IIS) and reproduce the issue by double click on archived email. You can upload this file to forum.

Most probably EV extension are unable to restrive the emails & when you are click on yellow warning message the above error message is observered.

I would also suggest you to check if EVAnon Virtual directory exist on EV server, if not then please create by following steps (detail steps are given in TN http://www.symantec.com/docs/HOWTO38207).

1. Create a text file with name "ExchangeServers.txt" and place all CAS+NLB IP into that, save this file under EV installation directory (c:\program file 86\enterprisevault\ExchangeServer.txt)

2. Run command prompt using run as Administrator & explore to EV installation directory.

c:\program file 86\enterprisevault>cscript owauser.wsf /domain:domain /user:username  /password:password

(need to create a simple domain user a/c which should be used as anonymous a/c)

Restart all EV services and synchronize affected mailbox (open VAC \ Expand EV servers \ select task \ right click on task \ synchronization).

Try to retrieve archived email. If still have issue then please send us OWA log.

Chandra Sekhar's picture

Hi

When i try to access archive E-mail from external its working but when i try to open internal network its not working some times it used to work, seems interminent issue

add key="EnterpriseVault_LogFolder" value="C:\Program Files\Enterprise Vault\OWA 2010\logs\"/>

<add key="EnterpriseVault_LogEnabled" value="true"/>

<add key="EnterpriseVault_LogMailboxes" value="mailbox@mydomain.local"/>

from above keys i don't see thrid key existed on config file(web.config). Also i am going to follow the below steps to enable logging  please correct me if there is anything wrong
1) Enable the above keys on Web.config file

2) I will try to re-produce the issue

3) collect the information from IIS logs on both cas and EV servers(Archive server).

I've another query. How exactly virtual directories(Evanon and enterprisevault) reterive data from SQL and partitions.

Pradeep_Papnai's picture

There is syntax error in your first line, it should be like below (missing '<')

<add key="EnterpriseVault_LogFolder" value="C:\Program Files\Enterprise Vault\OWA 2010\logs\"/>

If you don't put last line then OWA logging would be enable all current archiving enabled users those are using OWA, So keeping our testing with limited with affected few user, we should use followings line.

when user's perform EV action such retrival/Restore/archive/Delete, the request from CAS server hit to EV server on /EVAnon VD.
(restoreO2k.asp for retrival, clientaction.asp for archive/restore, ...etc).

Refer TN http://www.symantec.com/docs/TECH78412 (How do the Enterprise Vault (EV) Toolbar options in Outlook Web Access (OWA) communicate with the EV Server to perform Archival, Retrieval and Restore actions?)

You can share OWA log with us.

Regards
EV-C

GabeV's picture

This error message could be related to a configuration issue on your CAS servers, network settings and/or EV server policies and configuration. Let me give you a brief descripton of each component:

- On each CAS server you need to install the EV OWA extensions.

- On the Enterprise Vault server, you need to:

  1. Modify the ExchangeServers.txt file, adding the IP of each CAS server on your network that would be accessing the EV Server(s).
  2. Run the cscript owauser.wsf to create a virtual directory in IIS called EVAnon. In order to run this script, you need to create a standard user in Active Directory, an anonymous account.
  3. Add this anonymous account to the Site properties > Data Access Account tab.

Some customers add specific configuration settings to the web.config file in the CAS servers. If you go to IIS Manager >  owa [virtual directory] > Application Settings you can see it in the list.

For troubleshooting, you need to enable OWA logging and collect a dtrace at the same time. If you are not familiar with the entire EV archiving and retriecval process, I'd suggest you to open a ticket with support since they can provide more assistance and guide you through the troubleshooting process.

I hoipe this helps.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

SHI-CRO's picture

You might also check the IIS logs on the EV server to see what IP addresses are trying to access the EVAnon web site.  Often CAS servers have multiple IP addresses or are part of an NLB cluster and the IP addresses that are put in the ExchangeServers.txt file might not be IP addresses the CAS will use to talk to the EV servers.

SOLUTION