Problem accessing EV Archives through Juniper SSL VPN via WSAM
Updated: 22 May 2010 | 11 comments
This issue has been solved. See solution.
Enterprise Vault V 7.5 for Exchange installed. It is working well internally.
When users access the network through Juniper SSL VPN via the Juniper WSAM they
are not able to open archived messages from the Outlook client. Also cannot open the Archive Explorer. Page Not Found.
The EV server IP and FQDN have been added to the WSAM resource profile.
The WSAM debug log shows the host name can be resolved but the connection drops immediately.
Wondering if anyone has run across this issue with EV and Juniper SSL VPN when using WSAM?
discussion Filed Under:
Comments
Try this command from the DOS prompt:
telnet EVSERVERNAME 80
Does the DOS prompt hang (If so a TCP connection is made to the Web server TYPE "get" then hit enter.
An error from the Web server should return.
If you receive and error then what is the error?
the error received was:
HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Fri, 09 Jan 2009 19:26:54 GMT
Connection: close
Content-Lenth: 35
<h1>Bad Request (Invalid Verb)</h1>
So you can access the Web server.
type:
HTTP://VAULTSERVERNAME/EnterpriseVault/Search.asp
where VAULTSERVERNAME is your vault server name.
last note USE IE
Entered the URL in IE, but received the page not found message
In the detailed debug log for WSAM, the entry is
connecting to evserver1:80...
server disconnected from host evserver1:80...
Do you actually see the EV icons in the toolbar? We had a similar problem using Microsoft IAG (formerly known as eGap Whale Communications - we had to amend our EVShared.js file under the EVGETROOT function which allowed passthrough of the correct URL as the 'Whale box' was changing the URL by wrapping its own bits around the original URL needed/used
Not sure if this helps but thought I'd mention it - when we investigated this we came across a known issue regarding Juniper and I'm sure we saw an kb article about from Symantec..
Hope this helps..
Tom,
This sounds an awful lot like some kind of port filtering is in effect. I know plenty of customers using the Cisco VPN tool with no worries, and that should be some indication of something odd with your Juniper setup. If you do a tracert to the EV server do you get there? If you check and see if you have an TCP route for 0.0.0.0 to the VPN interface which is what the Cisco VPN does, it routes ALL traffic into the VPN tunnel.
I'd have a word with your network team, clearly VPN's are pretty normal stuff these days. You could also check your IIS logs and see if the client are actually reaching the server, but my bet's on the VPN doing some port filtering. EV will expect "normal IETF RFC compliant ports" and not PAT (Port Address Translation) which can sometimes be problematic for ANY application.
Hope this helps!
I do not think this is port filtering.
He can connect to the Web server with command line but not with the browser.
Clear your browser proxy settings and try to connect with the browser.
Check netstat with the browser running and verify where it is attempting to connect to.
Sorry, my reply earleir was in reference to EV via OWA - should have read the post properly!
Worked through the issue with Juniper and Symantec support. Problem is due to WSAM does not support Kerberos authentication. Workaround is unchecking Enable Integrated Windows Authentication under Internet Options ; Advanced.
After appying that change is seems to work fine. Need to do further testing but this looks like a good solution so far.
You also can check if the required ports for EV are open at Juniper SSL VPN, you will find the required ports in the EV documentation. Additional try if the client can contact the EVServer Name over DNS mechanism...
_________________
www.longerich.com
_________________
www.longerich.com
Would you like to reply?
Login or Register to post your comment.