Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Symantec Enterprise Vault 10 Outlook Anywhere Using Checpoint

Created: 11 Jan 2013 • Updated: 12 Jan 2013 | 8 comments
bilalaker's picture
This issue has been solved. See solution.

Hi,

I am using enterprise vault for microsoft exchange. On vault server sll(https) is enabled.

There is an exchange 2010 server. Everything works normal on local. 
But I have problem on external user using  OWA and Outlookanywhere
Syncronization,store, restore not working. 

I dont know how to configure rpc over http connection,rpc over http proxy url, use proxy setting and web application URL on desktop policy

Mail local and external adresses are like below. 

vault1.akr.local(10.0.0.128)  --> vault sever local adress
mail1.akr.local (10.0.0.127)--> exchange local adress

vault.akr.com --> vault external adress
mail.akr.com --> mail server external adress 
Vault.aker.com has an external ip 195.xx.199.128
Mail.aker.com has an external ip 195.xx.199.127

On checkpoint Firewall 
smtp,https request to 195.xx.199.128(mail.akr.com) direct to 10.0.0.128(mail1.akr.local)
https request to 195.xx.199.127(vault.akr.com) direct to 10.0.0.127(vault1.akr.local)

I dont want to use ISA to public sites.  Can I do Outlook anywhere and OWA configration for symantec vault just using Checkpoint firewall.

If it possible How do i need to configure destop policy on Vault server (pc over http connection,rpc over http proxy url, use proxy setting and web application URL) .

Thanks...

 

 

 

 

Comments 8 CommentsJump to latest comment

JesusWept3's picture

Typically the way it works is you have the /EnterpriseVault/ virtual directory published through ISA
So you would have

https://mail.myCompany.com/EnterpriseVault/ -> https://EVServer.internal.dom/EnterpriseVault/

Then in the policy you would set the RPC over HTTP URL set to http://mail.myCompany.com/EnterpriseVault/

However if you wanted to have a firewall thats just forwarding all traffic from
https//EVServer.myCompany.com/ -> https://EVServer.internal.dom/

Then you would just point the RPC over HTTP URL to https://EVServer.myCompany.com/EnterpriseVault/
 

bilalaker's picture

Hi,

The configuration on vault server is like you said. But On outlook anywhere syncroniztion not work. error:" Synchronization failed , Not connected to the Enterprise Vault Server"

When triy manually store an item it gives error: "connot process the selected items Reason: SSL certificate contains an incorrect host name"
Note: Exchange certificate contains both mail.aker.com and vault.aker.com adresses.
Certificate was created by Local domain CA.

I put the full client log at the attachment.

There is an error line:
DR: Could not contact the EV web server using the RPC over HTTP URL (https://vault.aker.com/EnterpriseVault)

But I can browse https://vault.aker.com/EnterpriseVault vie Internet Explorer and after login I can search archive items...

AttachmentSize
ev_client_log_20130111184046.txt 1.6 MB
JesusWept3's picture

OK so its purely an SSL error
I'm assuming its because your SSL is set to https://evserver.internal.dom but you're accessing via https://evserver.myDomain.com/

you just need to configure your SSL cert to cater for multiple domain names, thats all

SOLUTION
bilalaker's picture

Hi,

It is true. I create an new certifiace added two external adress for exchange and vault server.
Now I can do restore and store process. (Just asking credential again at first time) 
But Now I have syncronization problem. I haven't found any solution yet. 
The client log is like below(also I put the log at attachment). If need i will put the max tracing client log.

11/01/2013 21:06:09.175[3616][H]: User initiated 'Synchronize Vault Cache'.
11/01/2013 21:06:09.183[7144][H]: HDR:SYNC: Pre-processing.  Type:MANUALLY INITIATED
11/01/2013 21:06:09.185[7144][H]: HDR: Sync status:19
11/01/2013 21:06:09.201[4076][H]: CONTENT:STORE: [Offline Config] Maximum Store Size (MB): 1024
11/01/2013 21:07:09.188[6092][H]: HaveConnection::CallBack - HttpQueryInfo failed 0x80070006 (6) : The handle is invalid.
11/01/2013 21:07:09.210[7144][H]: HDR:SYNC: Updating MDC map
11/01/2013 21:07:09.211[7144][H]: HDR:SYNC: Getting accessible archives
11/01/2013 21:07:09.212[7144][H]: HDR: Requesting page: ListArchives.aspx?x=evoutlookext&evhost=https://akrvault.akr.local/EVAnon
11/01/2013 21:07:09.245[7144][H]: HDR:SYNC: Error (COM) synchronizing: 0xFFFFFFFF
11/01/2013 21:07:09.245[7144][H]: HDR:SYNC: Failed
11/01/2013 21:07:09.246[7144][H]: HDR: Sync status:-1
 

AttachmentSize
ev_client_log_20130111230425.txt 11.37 KB
Baris Aydogmusoglu's picture

bilalaker do you have a wild card certificate ?

Senior System Expert

Microsoft Exchange Server

Symantec Enterprise Vault

http://www.aydogmusoglu.com

http://www.e-vault.info

Rob.Wilcox's picture

maximum logging level needed in the client trace .. I think.  (So we can see the URL that is being hit)

 

Then review the IIS logs on the EV server to see if that traffic is getting through.

 

Then review the firewall logs and see if that traffic is being allowed through, or rejected (sounds to me like the latter)