Video Screencast Help

Symantec Enterprise Vault 10 Outlook Anywhere Using Checpoint

Created: 11 Jan 2013 • Updated: 12 Jan 2013 | 8 comments
bilalaker's picture
This issue has been solved. See solution.


I am using enterprise vault for microsoft exchange. On vault server sll(https) is enabled.

There is an exchange 2010 server. Everything works normal on local. 
But I have problem on external user using  OWA and Outlookanywhere
Syncronization,store, restore not working. 

I dont know how to configure rpc over http connection,rpc over http proxy url, use proxy setting and web application URL on desktop policy

Mail local and external adresses are like below. 

vault1.akr.local(  --> vault sever local adress
mail1.akr.local (> exchange local adress --> vault external adress --> mail server external adress has an external ip 195.xx.199.128 has an external ip 195.xx.199.127

On checkpoint Firewall 
smtp,https request to 195.xx.199.128( direct to
https request to 195.xx.199.127( direct to

I dont want to use ISA to public sites.  Can I do Outlook anywhere and OWA configration for symantec vault just using Checkpoint firewall.

If it possible How do i need to configure destop policy on Vault server (pc over http connection,rpc over http proxy url, use proxy setting and web application URL) .


Comments 8 CommentsJump to latest comment

JesusWept3's picture

Typically the way it works is you have the /EnterpriseVault/ virtual directory published through ISA
So you would have -> https://EVServer.internal.dom/EnterpriseVault/

Then in the policy you would set the RPC over HTTP URL set to

However if you wanted to have a firewall thats just forwarding all traffic from
https// -> https://EVServer.internal.dom/

Then you would just point the RPC over HTTP URL to

bilalaker's picture


The configuration on vault server is like you said. But On outlook anywhere syncroniztion not work. error:" Synchronization failed , Not connected to the Enterprise Vault Server"

When triy manually store an item it gives error: "connot process the selected items Reason: SSL certificate contains an incorrect host name"
Note: Exchange certificate contains both and adresses.
Certificate was created by Local domain CA.

I put the full client log at the attachment.

There is an error line:
DR: Could not contact the EV web server using the RPC over HTTP URL (

But I can browse vie Internet Explorer and after login I can search archive items...

ev_client_log_20130111184046.txt 1.6 MB
JesusWept3's picture

OK so its purely an SSL error
I'm assuming its because your SSL is set to https://evserver.internal.dom but you're accessing via

you just need to configure your SSL cert to cater for multiple domain names, thats all

bilalaker's picture


It is true. I create an new certifiace added two external adress for exchange and vault server.
Now I can do restore and store process. (Just asking credential again at first time) 
But Now I have syncronization problem. I haven't found any solution yet. 
The client log is like below(also I put the log at attachment). If need i will put the max tracing client log.

11/01/2013 21:06:09.175[3616][H]: User initiated 'Synchronize Vault Cache'.
11/01/2013 21:06:09.183[7144][H]: HDR:SYNC: Pre-processing.  Type:MANUALLY INITIATED
11/01/2013 21:06:09.185[7144][H]: HDR: Sync status:19
11/01/2013 21:06:09.201[4076][H]: CONTENT:STORE: [Offline Config] Maximum Store Size (MB): 1024
11/01/2013 21:07:09.188[6092][H]: HaveConnection::CallBack - HttpQueryInfo failed 0x80070006 (6) : The handle is invalid.
11/01/2013 21:07:09.210[7144][H]: HDR:SYNC: Updating MDC map
11/01/2013 21:07:09.211[7144][H]: HDR:SYNC: Getting accessible archives
11/01/2013 21:07:09.212[7144][H]: HDR: Requesting page: ListArchives.aspx?x=evoutlookext&evhost=https://akrvault.akr.local/EVAnon
11/01/2013 21:07:09.245[7144][H]: HDR:SYNC: Error (COM) synchronizing: 0xFFFFFFFF
11/01/2013 21:07:09.245[7144][H]: HDR:SYNC: Failed
11/01/2013 21:07:09.246[7144][H]: HDR: Sync status:-1

ev_client_log_20130111230425.txt 11.37 KB
Baris Aydogmusoglu's picture

bilalaker do you have a wild card certificate ?

Senior System Expert

Microsoft Exchange Server

Symantec Enterprise Vault

Rob.Wilcox's picture

maximum logging level needed in the client trace .. I think.  (So we can see the URL that is being hit)

Then review the IIS logs on the EV server to see if that traffic is getting through.

Then review the firewall logs and see if that traffic is being allowed through, or rejected (sounds to me like the latter)