Video Screencast Help

View Original Item From Internet

Created: 19 Jul 2012 | 18 comments
Pramod Unni's picture

Dear All,

We have published the EV servers externally using F5 load balancers. EV servers are configured in a HA cluster and interally everythins is working fine over outlook, outlook anywhere & OWA as well. 

While accessing from outside using  i can open the archive explorer and can retrieve the mails ( after modifying the web.config entries on the CAS server and specifying the ExternalWebApp URLs & Domains using add key settings).

But when I click any mail item and select the View Original Item it's trying to redirect to the internal name space - which is of the EVcluster (for e.g. id= )

Our issue here is the HTTP is not allowed from outside, secondly the internal name resolution will not happen- for which we can perform a redirection using F5. What happens is that either instead of (http://evcluster/enterprisevault/ViewMessage.asp?vault id= ) if i specify https://evcluster/enterprisevault/ViewMessage.asp?vault id=)  i will be able to open the message.

I have 2 questions related to this, where will i can change this redirection URL setting,  we even tried redirecting the same from the F5 appliance to till the  which opens the search window but how can specify the ViewMessage.asp?vault id= GUID of the shortcut which retrieves the original archived item?

Please note that i had tried tuning the desktop policy- OWA settings but no where i could find a way to get around this issue. Other than all works like charm.. I do know the last option is to install the SSL certificates on both EV cluster nodes. We are trying to workaround on this redirection part.

It will be great if someone can think of a workaround to this.



Discussion Filed Under:

Comments 18 CommentsJump to latest comment

LCT's picture

When you say "But when I click any mail item and select the View Original Item it's trying to redirect to the internal name space - which is of the EVcluster (for e.g. id= )"

Is this when you click the link within OWA or within Outlook whilst using Outlook Anywhere?

If you have done the configuration of the web.config like you mentioned above then this should work within OWA.

For Outlook Anywhere, the links to the Original Items and Attachments won't work as they are embedded into the shortcuts. The easiest workaround is to double click on the shortcuts to retrieve the items or/and attachments. The hard workaround is to change the default webappurl in the Ev diorectory database to use https or/and externalwebappurl which ever is easiest. The consequences of doing this is that you have to enable https on the EV server, and then recreate all the EV shortcuts so that the default webappurl will use and the links will get updated as well.

Pramod Unni's picture

I am looking at OWA from outside not in OA or Outlook. I would like to know where can i set this URL path.

LCT's picture

OK. So there is no link translation in place (i.e. http translate to https) hence you have the F5 firewall and you are publishing your EV server, normally this would be done by the ISA/TMG server. If you want change your EV server to use HTTPS then you can change it at the EV site properties, then change IIS to use HTTPS with a valid SSL certificate of course. You'll need to do this on both cluster nodes as well. I think this is all know need in your case, as you don't need to change the actual webappurl as you have already published on the publis domain.

Once you have done the above, restart EV services and then recreate all the EV shortcuts:

Just a warning, the changes above will force all client connections using https internally and externally. Test everything first before applying to production.

Just a sanity question. Why do users need to click on the View Original Item link, where they can just double click on the EV shortcut to retrieve it anyway?

Pramod Unni's picture

Thanks for your mail,

Finally i have installed SSL certificates and enabled SSL on both EV Cluster nodes and performed the RestoreShortcutBody value in Registry and restarted the services.

Now also when you open the View Original Item it goes to  and it's not opening in https.  One thing we observed was when you change the link manually from the browser to HTTPS then it works.

Yes, as you mentioned from the Light version of OWA if you directly open the archived item also it's not able to open the same.

LCT's picture sounds like the shortcuts have not yet been recreated correctly

You can check by doing the following:

- on your SQL server that hosts the EV directory database

- Open the SiteEntry table

- Under the DefaultWebAppUrl what does it say in there?

- I suspect it's still saying /EnterpriseVault?

- You can change it to <https>/EnterpriseVault (backup your database before you change anything).

- Restart your EV services and then recreate your EV shortcuts again.

Try again.

Pramod Unni's picture

can you please guide how do you do that in SQL, i could see the table entry in SQL by the name but no value there?

LCT's picture

if you are using SQL 2008 then you need to Edit the first 200 items (or rows, or something like that), instead of Open. If you using Open you can't edit it.

LCT's picture

Also, if you have changed the EV Site properties to use HTTPS, this entry should be <HTTPS>/EnterpriseVault. Make sure you have restarted the EV services correctly too.

LCT's picture

You can also check using outlook...if you have an EV shortcut with Reading pane on. If you hover the mouse over the View Original Item link it will tell you what the link is. does it say http or https?

If it is http then your shortcut recreation has not worked.

Check the technote above and follow the steps, step by step.

Pramod Unni's picture

It still opens HTTP only,  is it something to do with the SQL table editing? can you tell me how do we edit and update the table entry.

LCT's picture

BTW, did you change the EV site properties to use HTTPS? If you did this then you don't need to change the SQL database.

Right-click on your EV Site on the EV Admin Console then properties.

Pramod Unni's picture

if you are using SQL 2008 then you need to Edit the first 200 items (or rows, or something like that), instead of Open. If you using Open you can't edit it.

can you clarify it again we are using SQL 2008

LCT's picture

When you right-click on the SiteEntry table do you click on Open or Edit? you need to using Edit.

Pramod Unni's picture

I did change the EV site setting and it's changed to HTTPS. I think there is something wrong in the short cut processing. Can i revert the RestoreShortcutBody value back to 0. which is now set to 1

LCT's picture

I think so too. Have you followed the technote step by step to recreate the EV shortcuts? I think you have missed some steps hence the EV shortcuts are still using http instead of https?

Once the EV shortcuts have recreated successfully you should either change the value to 0 or remove the DWORD. I would remove it afterwards.

LCT's picture

do the last section of the technote to confirm:

1. Open the affected mailbox in Outlook.

2. Add both Message Class and Modified Date to the visible columns.

3. Sort the items in the mailbox by Message Class to group the Enterprise Vault shortcuts, which will have a Message Class of IPM.Note.EnterpriseVault.Shortcut. As the RestoreShortcutBody process works through the mailbox, the Modified Date of each shortcut item will change to the current date and time.

4. When it appears that the entirety of the list has been processed, a final check can be performed using the Advanced Find tool in Outlook to find all items where Message Class contains "shortcut," then sorting by Modified Date to verify that all shortcuts have been modified during the period of the RestoreShortcutBody process.

LCT's picture

try and archive a brandnew message and ensure that the ev shortcut is created, does it work then? If this doesn't work then the EV site properties changes has not yet taken affect.

Other than these I can't think of anything else that would cause the problem unless we are  going into dtracing processing, at this point i would suggest logging a case with Symantec.