Video Screencast Help

user mailbox not archiving, has archive, not showing as provision group member (but is)

Created: 27 Nov 2013 • Updated: 09 Dec 2013 | 20 comments
This issue has been solved. See solution.

Strange issue here, we have a report that shows the sizes of user mailboxes and noticed that one user was creeping up the list pretty quickly. I looked into his account yesterday and noticed that nothign had been archived out of his mailbox since may of 2012. I checked on the vault server and he DOES have an archive. I was able to browse the archive and see all the mail that was archived pre-May 2012.

When I check the archiving status report, his entry looks like 'user, Joe' below. My regular users look like 'working,account'

Mailbox Name Archiving State Mailbox Type Provisioning Target Provisioning Group
User, Joe
Enabled
User mailbox
Unspecified
Unspecified
Working,Account Enabled User mailbox Domain\Enterprise Vault Enabled Email Archiving Default

 

When I check his account in AD, he is a member of the provisioning group that we target (we just have 2 groups, 0 day and a regular enabled policy).

If I do a synchronization run in report mode, and try to select mailboxes, I dont see his mailbox in the list. If I try to run the enable mailbox wizard, I dont see his mailbox in the list (not sure if thats the right thing to do)

 

I am not sure the right sequence of steps to get this to re-associate. It seems like vault has lost track of where his mailbox is in exchange? I ran through the troubleshooting guide here:  https://www-secure.symantec.com/connect/articles/t... The account is not hidden from the GAL, its not disabled.

 

Thanks for any thoughts you can provide!

 

Operating Systems:

Comments 20 CommentsJump to latest comment

GabeV's picture

Hi Nate,

Have you tried zapping the mailbox? Also, delete the entry for this mailbox in the ExchangeMailboxEntry table, Enterprise Vault directory database and run the provisioning task again. Then, try to enable the mailbox for archiivng and see if the mailbox is listed in the wizard.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

Nate.D's picture

I am not sure what it means to zap the mailbox!

 

Deleting entries from the db makes me a little leary, will this have an affect on all the mail in the archive currently? I dont want to run into a split in his archive or anything.

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)

GabeV's picture

Nate,

My apologies.

'Zap' the mailbox means remove the Enterprise Vault properties from the mailbox:

How to remove (zap) Enterprise Vault (EV) properties from Archive-Enabled Exchange mailboxes
http://www.symantec.com/docs/TECH35614

Once you do this, the mailbox will be as a new mailbox for Enterprise Vault. If there is an issue with the hidden message that Enterprise Vault stores in the mailbox, removing it and enabling the mailbox again will create a new hidden message with the EV settings.

If you are not familiar with the Enterprise Vault databeses, I will suggest you to follow the technote above and if that doesn't help, please go ahead and open a case with tech support so we can assist you further.

I hope this helps.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

JesusWept3's picture

ExchangeMailboxEntry is populated by the Provisioning Task and links a mailbox to an archive.
at this moment in time, the users mailbox is not linked to the archive as the user is not provisioned
its unlikely that zapping will help anything, and removing the EME entry *might*

however, most likely the case is that the user just doesn't belong to any provisioning groups
in your event viewer and in the provisioning reports, you're probably seeing it warn that an archive is not associated to any provisioning groups

A quick test, you could simply add the user manually to a provisioning group, run the provisioning and then try again, and it would probably work this time around, but if you're provisioning by DL's, OU's, or specific LDAP queries, it could simply be that the GC that EV is quering is out of sync

You could try DTracing EVExchangePolicySynchTask to capture what the provisioning task is doing 

Nate.D's picture

The strange part is I verified with AD that he IS a member of our provisioning group. We just target a single AD group 'enterprise vault enabled' for provisining, and he is in that group.

WHen you say the GC that EV queries is out of sync, do you mean Global Catalog? Is there some way to check that?

This is what shows up in the provisioning task report:

11:00:22 PM    4    Email Archiving Default    DOMAIN\Enterprise Vault Enabled    Default Exchange Mailbox Policy    Default Exchange PST Migration Policy    CN=User\, Joe,OU=Employees,OU=User Accounts,DC=domain1,DC=domain    New mailbox has an existing entry in the Enterprise Vault database '/o=ccp/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=joeu'. The mailbox GUID does not match the entry in the database

 

It appears in every days log, so something is definetly off!

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)

GabeV's picture

Hello Nate,

Take a look at this technote:

Exchange Provisioning Task generates Event ID 41107 errors in the Enterprise Vault Event Log stating "The mailbox GUID does not match the entry in the database".
http://www.symantec.com/docs/TECH54529

Solution:

1. If the mailbox is hidden from the Global Address List, unhide it..

2. Create the following registry entry:

HKLM\SOFTWARE\KVS\Enterprise Vault\Agents\SynchInMigrationMode
DWORD - 1

The values are as follows:
0 - (Default.) Generate an error in the event viewer log.
1 - Link the new mailbox to the old record.
2 - Create a new record for the new mailbox

3. Run the Provisioning Task and the mailbox will be linked to the old record.

Note; If  the mailbox will not automatically be linked to the old record,enable the mailbox using by Enable Mailbox wizard.

“Success is not final, failure is not fatal: it is the courage to continue that counts.”–Winston Churchill

Nate.D's picture

Searching this out led me here:

https://www-secure.symantec.com/connect/forums/eve...

I checked on it and found that I do not have that key at all in the area it calls out.

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)

JesusWept3's picture

Yeah so sounds like the users mailbox was moved or recreated at somepoint

JesusWept3's picture

Oh and Zapping a user is a method of resetting the mailbox to remove the main Enterprise Vault Hidden Message, all EVPM filters applied and all custom settings the end users may have added themselves.

After the zap is complete, it sets the user to a New User state and then you have to re-enable the user, and it re-adds the Hidden message in the users mailbox

http://www.symantec.com/business/support/index?page=content&id=TECH35614

That being said, you should be careful, because if you have an EVPM script that adds retention folders, then the zap removes that, so you may have a folder called '\3 years retention' that now uses the default retention applied to the mailbox and not the three year retention that was specified in the evpm script
 

And this also applies to folders that you may have set to DoNotArchive, those folders would then begin to archive again until you re-run the EVPM script against this user to re-apply those settings

A_J's picture

Hello Nate,

 

I believe the user was provisioned earlier in EV and the mailbox of this user has been deleted and then re-created.

So the entry in the exchange mailbox entry table is the OLD one which will obviously won't match with the new one.

I would suggested the following process.

  1. Delete the entry of the user from the Exchangemailbox entry table by executing the following queries.
Query 1:
 
Use EnterpriseVaultDirectory
select * from ExchangeMailboxEntry where MbxAlias = 'User1'
 
2. Once you confir that the result is for the same user.
3. Run the below delete Query.
 
Query 2:
delete from ExchangeMailboxEntry where MbxAlias = 'User1'

Note: Instead of 'User1 ' in the query enter the Alias of the affected user.

4. Now re-run the Provisioing task and a New entry for the affected user will be added to the table.

5. Now check the Provisioing task report and see if you get the same error.

6. Once the Provisioing task reports doesn't have any error then we can look on the other part of the problem whether we are ablet o archive that user or not.

7. For archiving then we can Zap the Hidden Message from the mailbox and enable him again with the exsisting archive and then check whether we are able to archive or not.

 

I hope this helps !!!

SOLUTION
Nate.D's picture

Hi A_J,

 

I really appreciate the response! I ran through these steps but after I run the provisioning task, the entry is added to the table but I do not see his name in the report. Any thoughts?

 

*edit* looks like I was wrong, he is in the report with a 'Added new mailbox' status

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)

JesusWept3's picture

Try using the Enable Mailbox Archive Wizard and see if the user is listed, if they are, go through the enablement screens, but attach it to the existing archive

SOLUTION
Nate.D's picture

Do I still need to do the zap process? I am trying to figure out the syntax on the DistinguishedName = field now

*edit* I do see his mailbox available in the enable mailbox wizard

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)

JesusWept3's picture

the you dont need to bother with the zap, just run the enablement wizard and attach his mailbox to the existing archive, if you don't then you will create a new arcchive for him

Nate.D's picture

Thanks much JesusWept and A_J, and the rest on the thread I think I am almost there! I have his mailbox enabled, I just need to check that his archiving is working, I will report back!

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)

John Santana's picture

does the mailbox that is DISABLED from the EXchange Management console still get processed / srchived by EV ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Nate.D's picture

It seems like as long as the ad account is enabled, it will process the mailbox.

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)

A_J's picture

Hi Nate.D,

I am gald that we found the root cause, Let me on once you have his mailbox enabled and whether the archiving is working for the affected user..

If it does please mark one of the post which solved the issue. :-)

 

 

Nate.D's picture

Thanks for all the help everyone, issue is resolved.

If I was helpful in solving your issue please mark my post with a thumbs up or a solution!  Have a great day :)