Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

OWA 2010 404 error

Created: 14 Jun 2012 • Updated: 27 Jun 2012 | 7 comments
This issue has been solved. See solution.

Hi All

I have been searching through the forums and have not found anything satisfactory to answer my question as yet, but I have gained some information.

What I would like to know is if there is a way to access EV via Exchange 2010 OWA without using either an ISA/TMG server or publishing the EV server directly to the internet.

We have recently upgraded the client to EV and access through OWA from external wont work. I understand the reason for this (the EV server needs to be contacted directly) but I read in a post similar to this a year ago that there were some new extensions coming out that would reintroduce the enterprisevaultproxy directory to allow the CAS server to 'proxy' the connection.

Are these available or was this not done? The customer is small and wont wear the additional cost of an ISA/TMG server and for security reasons we would prefer to not publish the EV server directly to the internet. They have a legal compliance requirement to archive their email which is why they went with EV

Any help or advice would be greatly appreciated


Comments 7 CommentsJump to latest comment

LCT's picture

When you say it won't work could you be more specific?

If you already have OWA 2010 working (without TMG or ISA) then install the EV extensions on the CAS server, configure the web.config and then the Desktop Policy then normal EV fnctions should work (if you setup the configuration correctly. When I say normal EV functions I mean, archiving, restoring and retrieving as these functions will connect via the CAS server.

Search and Archive Explorer won't work as you already mentioned, these two functions connect directly to the EV server. The TMG and ISA does the transaltion link from internal webappurl to external webappurl.

Have a look at this as it may help you understand.

xspader's picture

Thanks for the reply.

As mentioned I understand that they would need an ISA/TMG server to allow access to be able to access search or archive explorer. Currently when accessing it we get a 404 error for both pages when accessing OWA externally.

I read in this post by Jesuswept2 that "Newer versions of the OWA plugins will allow for the reintroduction of /enterprisevaultproxy like the OWA2003 installs use, so the url would be http://casserver/enterprisevaultproxy/archiveexplorerui.asp etc" So my main question was whether this had been done and if this was a possibility, or if Symantec decided not to reintroduce this functionality.

If they decided not to reintroduce it, is there any other way that people have found to get around this issue? As this client does not require a reverse proxy for any other reason than this, it would be a big expense for minimal return.

ZeRoC00L's picture

You can post in the Idea's section:

(Best is to search first if this suggestion already exist).

Security wise it is better to have a TMG/ISA server between the internet and your environment. Most companies run on virtual hardware, so it will be only licenses for Windows and TMG. If you can afford EV, you can also afford a reverse proxy.

If this response answers your concern, please mark it as a "solution"

LCT's picture

The post that JW2 wrote that you mentioned was discussed in 2010 and as far as I know nothing has changed regarding this topic. You may want to discuss this 'issue' with SYMC tech Support to get this officially logged and push for solution or at least a workaround. They will most likely point you in the direction of posting an idea as ZeroCool had mentioned above too.

Your best option for your customer is for you to try and work with Tech Support to configure

without using TMG/ISA. It may be possible but it gets very messy and you need to be very careful with the web.config file as incorrectly configuring the web.config will break EV OWA or/and OWA entirely.

Hope this helps.

xspader's picture

Thanks for the info LCT. I'm currently looking at a VPN to get around the issue as, although they can afford an ISA/TMG server (was never the issue), the ROI for it would be minimal and seems overkill for a single point solution, considering they already have a Cisco ASA firewall which is being swapped out for a Palo Alto. The version of EV they upgraded from could do this so their argument is why cant it do it now. If I used Zerocool's explanation to them they would likely move away from Symantec or my company for support, as thats not an actual answer, and no customer likes to be told to stop being cheap, especially when business is slow and they are not happy about having to have an archiving solution in the first place.

So my solution to this would be to use a VPN so they can connect to and resolve internal host names. Not ideal or graceful but hopefully this will allow them to be more productive when off site also, which is a double win.

Andrew S Jones's picture

I believe what was previously discussed related to an Enterprise Vault Proxy server, however this is for Outlook Anywhere and not OWA Search/Archive Explorer.  Currently the 'Search Archives' and 'Archive Explorer' functionality of the Enterprise Vault OWA Extensions require a direct connection between the client machine and the Enterprise Vault server(s), preferably using an ISA/TMG or similar device.

Ultimately this was a change in functionality from Exchange 2003 OWA support to Exchange 2007 and above OWA support.  In the end it boils down to a business decision on whether an Enterprise Vault server should be published to allow for the Search Archive and Archive Explorer functionality externally, all other operations (Archive, Restore, Retrieval, etc.) function through the Client Access Server.



LCT's picture

No problems xspader.

Have a look at this discussion:

this may help with your customer without having to spend money on the isa/tmg server. Just need to be careful with the firewall config as it may break the internal EV OWA (if they don't use it internally then shouldn't be a problem, if they do then you may need to use split dns internally).