Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6439
  • Last Modified:

External Access to Enterprise Vault (Outlook, Archive Explorer and Serach)

Howdy All,

I'm having dramas with accessing Enterprise Vault when a user is offsite. Basically I think it's an IE7 issue with it not detecting the EV site as an Intranet Site. I have other company sites being detected as Intranet sites fine e.g. OWA.

The workaround I'm using is to take the EV sites out of the Intranet Zone which obviously prompts the user for their credentials, user authenticates and is able to access EV.

Everything works as it should when connected to the network just not externally.

I have done the following:
    * Referenced http://seer.entsupport.symantec.com/docs/295039.htm
    * Downgraded to IE6 from IE7
    * Disabled 'Automatically detect Intranet Sites' in IE7
    * Installed XP SP3 and the latest MS updates
    * Checked the WebApp.ini file

Environment is as follows:
    * Clustered Exchange 2007 MDB
    * Single Exchange 2007 CAS
    * EV 2007 SP3 (7.5-RG2138) upgraded from EV 6.0 SP5

Basically I'm at a loss as to 1 what's causing it and 2 how to resolve it. Any ideas?

Cheers,
Ric
0
Riqsta
Asked:
Riqsta
  • 4
  • 3
2 Solutions
 
RiqstaAuthor Commented:
Further to this I'm seeing this error in the IIS Log - Enterprise+Vault 401 2 2148074254
0
 
Paul SolovyovskySenior IT AdvisorCommented:
Which client are you using, HTTP Only, or the full client?
0
 
RiqstaAuthor Commented:
For testing I'm using the HTTP client.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Paul SolovyovskySenior IT AdvisorCommented:
Have you added all the entries that EV likes to use such as:

http://servername
http://cname_of_servername
http://fqdn_of_servername
http://fqdn_of_cname
\\servername
\\cname
http://*.domain

Give that a shot first, if it doesn't work we'll look at IIS

From you description I am not sure what method of access the user is using for access
0
 
RiqstaAuthor Commented:
Been awhile since the last update. Almost a year in fact!

But I'm using ISA publish OWA, Outlook Anywhere and Enterprise Vault. OWA and EV shortcuts works perfectly as the http session is authenticated with ISA.

However I'm having an issue with accessing EV shortcuts using Outlook 2003 connecting with RPC/HTTPS through ISA. Basically I'm getting asked to authenticate when I open an archive shortcut or Archive Explorer from Outlook.

I've followed these procedures
http://seer.entsupport.symantec.com/docs/305637.htm
http://www.shudnow.net/2008/06/24/publishing-symantec-enterprise-vault-in-isa-2006/
and checked that all EV sites are in the Intranet Zone, checked IIS permissions on EV server and tried the Outlook HTTP-only/Full clients.

Any suggestions?
0
 
Paul SolovyovskySenior IT AdvisorCommented:
Opening with Archive Explorer may be a diffrent issue all together, depending on the configuration it may be trying to open a separate stream and a separate IE window and unless you have Layer 3 VPN access it may not work.  

If you get a prompt for the first time while using RPC/HTTP and it stays up unless you close all IE and Outlook sessions this is normal behavior from what I've seen.  Most of the security personnel I've talked to want at least some type of authentication when connecting to an internal system.

As a baseline you may also try installing full client on a machine and giving it a go
0
 
RiqstaAuthor Commented:
I have finally resolved this issue, I had to set the IIS authentication by running this script.
cscript C:\Inetpub\AdminScripts\adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM"
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now