EV Exchange PDF
EV Exchange PDF
EV Exchange PDF
2007
Contents
Chapter 1
Section 1
Chapter 2
Chapter 3
Contents
Pre-installation tasks for Enterprise Vault server ............................... Creating the Vault Service account ............................................ Creating a SQL login ............................................................... Enterprise Vault DNS aliases .................................................... What next? .................................................................................
44 44 46 47 48
Chapter 4
49 49 49 50 50 50
Chapter 5
Chapter 6
57 57 58 58 58 59 59 60 60 63 64 64 64 65 66 66 67
Contents
Prerequisites for RPC over HTTP .................................................... RPC over HTTP with Exchange Server 2003 ................................ RPC over HTTP with Exchange Server 2007 (Outlook Anywhere) ...................................................................... What next? .................................................................................
68 68 68 69
Chapter 7
71 71 72 72 73 73 73 74 76 77 79 81 81 82 82 83 84 85 85 85
Chapter 8
Contents
Chapter 9
93 93 94 94 95 96 97 97
Chapter 10
Chapter 11
Section 2
Chapter 12
Chapter 13
Contents
Chapter 14
Chapter 15
Chapter 16
Contents
Creating retention categories ........................................................ Retention category properties ................................................. Creating a default vault store and partition ..................................... Reviewing the default settings for the site ....................................... Setting the Site archiving schedule .......................................... URL for the Web access application ......................................... What next? ................................................................................
Chapter 17
Section 3
Chapter 18
Chapter 19
Contents
Installing the Outlook Add-Ins on a server ...................................... 179 Users tasks ............................................................................... 180
Chapter 20
Chapter 21
Chapter 22
10
Contents
Chapter 23
Chapter 24
Envelope Journaling
......................................................... 215
Enterprise Vault and Exchange Server Envelope Journaling ............... 215 How Enterprise Vault handles envelope messages from Exchange Server 2000 and 2003 ...................................................... 216 How Enterprise Vault handles envelope messages from Exchange Server 2007 ................................................................... 216
Section 4
Chapter 25
Setting up OWA, RPC over HTTP, and ISA Server .......................................................................... 219
Configuring OWA access to Enterprise Vault .............. 221
Enterprise Vault functionality in OWA clients ................................. About OWA forms-based authentication ................................... OWA configurations ................................................................... OWA 2007 configuration ....................................................... OWA 2007 and OWA 2003 mixed environment .......................... OWA 2000 or 2003 with front-end Exchange Server .................... OWA 2000 or 2003 without front-end Exchange Server ............... Clustered OWA configurations ................................................ Configurations for demonstrating Enterprise Vault with OWA ............................................................................ Which OWA Extensions to install .................................................. Configuring Enterprise Vault access for OWA 2007 users .................. Configuring Enterprise Vault for anonymous connections ........... Configuring Enterprise Vault Exchange Mailbox Policy ............... Installing Enterprise Vault OWA 2007 Extensions ...................... Configuring Enterprise Vault access for OWA 2003 users .................. OWA 2003: Configuring Enterprise Vault for anonymous connections ................................................................... 221 222 223 223 224 226 227 229 230 231 232 233 236 236 237 238
Contents
11
Configuring Enterprise Vault Exchange Mailbox Policy ............... Installing OWA Extensions on a back-end Exchange Server 2003 ............................................................................ Configuring a back-end Exchange Server 2003 ........................... Installing OWA Extensions on a front-end Exchange Server 2003 ............................................................................ Configuring a front-end Exchange Server 2003 .......................... Configuring Enterprise Vault access for OWA 2000 users .................. OWA 2000: Configuring Enterprise Vault for anonymous connections ................................................................... Installing OWA Extensions on a back-end Exchange Server 2000 ............................................................................ Configuring a back-end Exchange Server 2000 ........................... Installing OWA Extensions on a front-end Exchange Server 2000 ............................................................................ Configuring a demonstration system .............................................. Troubleshooting ......................................................................... Troubleshooting OWA 2007 Extensions .................................... Troubleshooting OWA 2000 and OWA 2003 Extensions ...............
241 242 242 245 245 246 247 250 251 253 253 254 254 257
Chapter 26
12
Contents
Chapter 27
Chapter 28
Chapter 29
Using Microsoft ISA Server with OWA and RPC Extensions ..................................................................... 297
Using ISA Server with Enterprise Vault .......................................... Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault .................................................................................. Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault .................................................................................. Configuring access using OWA basic authentication ................... Configuring access using OWA forms-based authentication ......... 297 298 299 299 302
Contents
13
Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault ............................................. Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault ............................................. Configuring an RPC firewall policy .......................................... Configuring an Enterprise Vault firewall policy ..........................
Section 5
Chapter 30
14
Contents
Chapter 31
Chapter 32
Section 6
Chapter 33
Contents
15
Managing archive points .............................................................. Listing, editing, and deleting archive points .............................. Scheduling ................................................................................ Schedule File System Archiving .............................................. Scheduling expiry ................................................................. Scheduling deletion from Celerra ............................................ Scheduling permissions synchronization .................................. Using Run Now .......................................................................... Processing a volume immediately ............................................ Processing a file server immediately ........................................ Tips on archiving policy rules ....................................................... Version pruning ......................................................................... Client access for FSA ................................................................... Retention folders ........................................................................ File Blocking configuration .......................................................... Creating a local quarantine location ......................................... Creating a central quarantine location ...................................... Specifying the mail delivery mechanism ................................... Adding File Blocking to a policy ............................................... File Blocking rules ................................................................ Ensuring specific users are never blocked ................................. Configuring FSA Reporting .......................................................... Configuring the FSA Reporting database and setting the default data collection schedule ................................................... Reconfiguring and disabling or enabling FSA Reporting globally ........................................................................ Installing the FSA Agent on NTFS file servers ............................ Configuring individual file servers for FSA Reporting ................. Enabling or disabling FSA Reporting for a volume ...................... Troubleshooting FSA Reporting .............................................. FSA Agent uninstallation ............................................................. What next? ................................................................................
373 374 375 375 376 376 377 377 378 379 380 381 381 382 382 383 384 385 385 387 391 392 393 393 394 394 395 395 396 396
Chapter 34
16
Contents
Section 7
Chapter 35
Chapter 36
Chapter 37
Contents
17
Section 8
Chapter 38
Section 9
Chapter 39
Chapter 40
18
Contents
Configuring registry settings for Domino server journal filtering ........................................................................ About custom filtering ruleset files .......................................... General format of ruleset files ................................................ Rule actions ........................................................................ Message attribute filters ........................................................ Attachment attribute filters ................................................... How message and attachment filters are applied ........................ Example ruleset file ..............................................................
Chapter 41
Section 10
Chapter 42
Contents
19
Chapter 43
Chapter 44
Chapter 45
Chapter 46
Chapter 47
20
Contents
Section 11
Chapter 48
Chapter 49
587
Preparing to cluster Enterprise Vault ............................................. 587 Setting up the shared disks and volumes ......................................... 588 Setting up the resource groups ...................................................... 589
Chapter 50
Contents
21
Chapter 51
22
Contents
Chapter
Prerequisite knowledge Getting help Related documentation Related resources Comment on the documentation
Prerequisite knowledge
Before installing Enterprise Vault, it is advisable to read the Introduction and Planning manual, in order to have an understanding of the various components of Enterprise Vault. To install and configure Enterprise Vault, you need to know how to administer the following products:
Windows Server 2003 or Windows 2000 Microsoft SQL Server Microsoft Message Queue Server Microsoft IIS (Internet Information Services) Your archive storage hardware and software
If you are going to be using Enterprise Vault with IBM Domino Server, you will also need administrative knowledge of IBM Domino Server and the IBM Lotus Notes client.
24
If you going to be using Enterprise Vault with Microsoft Exchange Server, you will also need administrative knowledge of Microsoft Exchange Server and Microsoft Outlook. If you going to be using Enterprise Vault with Microsoft Windows SharePoint Services and Microsoft SharePoint Portal Server, you will need administrative knowledge of these products. To use the reporting feature of Enterprise Vault Operations Manager, you will need administrative knowledge of Microsoft SQL Server Reporting Services.
Getting help
Symantec offers you a variety of support options.
Contact the Symantec Support staff and post questions to them. Download the latest patches, upgrades, and utilities. View the Enterprise Vault Frequently Asked Questions (FAQ) page. Search the Knowledge Base for answers to technical support questions. Subscribe to automatic email notice of product updates. Find out about Enterprise Vault training. Read current Enterprise Vault white papers, tech notes, and selected documentation.
25
Related documentation
This book is available as HTML Help and as a PDF file on the Enterprise Vault CD-ROM. After installation, the documentation is also available in the Enterprise Vault program folder. Table 1-1 lists the guides that, along with the online help, comprise the Enterprise Vault documentation set. Table 1-1 Guide title
Introduction and Planning
Utilities
Utilities.pdf Utilities.chm
Registry Values Compliance Accelerator Installing and Configuring Discovery Accelerator Installing and Configuring Release Notes
Registry_Values.chm CA_Installing_and_Configuring.pdf
DA_Installing_and_Configuring.pdf
26
Related resources
There is an Enterprise Vault Web page at the following address: http://www.symantec.com/enterprisevault
The title and product version of the guide you are commenting on The topic (if relevant) you are commenting on Your name
Email your comment to evdocs@symantec.com. Please only use this address to comment on product documentation. We appreciate your feedback.
Section
Enterprise Vault hardware prerequisites Enterprise Vault prerequisite software and settings Additional requirements for Operations Manager Requirements for Enterprise Vault Reporting Additional requirements for Exchange Server archiving Additional prerequisites for Domino Server archiving Additional prerequisites for File System Archiving (FSA) Additional prerequisites for SharePoint Server archiving Additional prerequisites for SMTP archiving Prerequisites for a standalone Enterprise Vault Administration Console
28
Chapter
The Enterprise Vault server The SQL Server The target system that is being archived, for example, Exchange Server
For pilot or demonstration configurations only, some or all of these can be installed on the same computer. This section describes the minimum hardware requirements for these servers.
30
It is possible to run Enterprise Vault on a computer with less memory, but this is not recommended for a production system, as it does not allow for any growth in archiving requirements. The extra memory is particularly important if users will be performing large, simultaneous archive searches. If you are just installing a demonstration Enterprise Vault system, and performance is not an issue, it is possible to run Enterprise Vault on less than 1 GB, but the computer must be configured to have at least 1 GB of page file space. Enterprise Vault can be run on a multi-processor system with four or eight CPUs, but in order to take advantage of the extra CPU power, the disk system used must be able to cope with the increased throughput. In a small to medium Enterprise Vault environment, the core Enterprise Vault services will typically all be installed on the same computer. In larger installations, services such as the Storage and Indexing services can be installed on a separate computer. For information on distributing Enterprise Vault services, see the Introduction and Planning manual.
SQL Server
The configuration information for an Enterprise Vault site is held in a SQL database, which is known as the Enterprise Vault Directory database. Similarly, configuration information for the vault stores and details of archived items stored in the archives are held in SQL databases called vault store databases. Monitoring information is held in the Monitoring database. The SQL Server that manages these databases will typically reside on a different computer from the Enterprise Vault server. In general, the specification of the SQL Server computer should match that of the Enterprise Vault server. The performance of the SQL Server will also benefit from extra memory; a minimum of 4 GB is recommended. The amount of memory that the SQL Server can use depends on the Windows and SQL Server versions. Table 2-2 shows the recommended minimum specifications for a production SQL Server.
31
You do not need a separate SQL Server for every Enterprise Vault server. As a general rule, one SQL Server can manage up to eight Enterprise Vault servers.
Network requirements
When Enterprise Vault is running on a LAN and the Enterprise Vault services are on one computer, the impact on the network bandwidth is unlikely to be an issue. When some of the Enterprise Vault services are distributed over a LAN, then the amount of data crossing the network could become significant. Table 2-3 provides guidelines for network traffic between different components. Table 2-3 Between
Enterprise Vault server Enterprise Vault server Archiving task
Network traffic
10 KB per item
Storage Process, if on a different Size of items transferred + 30% server Enterprise Vault server Size of messages transferred + 50%
Exchange Server
32
Storage requirements
Storage is required for the following components of Enterprise Vault:
Vault stores, where the archived items are held. Indexes. SQL Server databases; the Enterprise Vault Directory database, vault store databases and monitoring database. Shopping baskets, which are used by Enterprise Vault for details of items that are to be restored.
In addition a small amount of local storage is needed on the Enterprise Vault server. This section gives a basic guide to the Enterprise Vault storage requirements. For full details of all the supported storage devices and software, see the Enterprise Vault Compatibility Charts.
Vault stores
The Enterprise Vault Storage service computer needs access to storage for the vault stores. Enterprise Vault is very versatile in its use of storage for the vault stores, and is designed to operate with various types of storage solution provided by third party software and hardware products. Many storage solutions provide high performance archiving and retrieval. The types may be categorized as follows:
Local storage NTFS (An NTFS volume or a network share that appears on the network as an NTFS volume) SAN NAS CAF (Centera)
The Write Once Read Many (WORM) feature is supported on several devices. One of the most important factors that will determine the performance of Enterprise Vault is the speed of the storage device.
33
Take the total size of items to be archived and halve it. For email items, divide by the average number of recipients. Add 5 KB multiplied by the total number of items
The compression ratio may vary considerably. Office documents tend to compress well. Other document types, such as ZIP files or JPG files, are already compressed and cannot be compressed further. For this reason, you should always overestimate the amount of storage needed. The above general rule applies to most types of archiving, but care needs to be taken with File System Archiving (FSA). For example, if compressed image or map files are archived, then there is no space saving. For email archiving, growth in the number of mailboxes and the number and size of messages must also be taken into consideration. Because of these extra factors, a more conservative method of estimating storage is to assume that space used by archiving will equal the space used by Exchange Server or Domino Server in storing items.
34
File systems that use slow storage media as part of their solution, such as optical disk, are unsuitable for indexes. If indexes are stored on NetApp devices, and possibly other NAS systems, opportunistic locking must be turned off for volumes that contain indexes.
Index size compared to size of original data Index size as a proportion of original data size
3% 8% 12%
The type of data being archived will also affect the size of indexes. Archiving a large number of text or HTML files will produce larger indexes. Archiving a large number of binary files, such as image files, will produce smaller indexes, as the content is not indexed. There is no sharing of index files.
SQL databases
Storage space is required for the Enterprise Vault directory database, the vault store databases and the monitoring database.
35
Ensure that there is adequate space for database devices to grow as data is added. Transaction logs should be limited to an appropriate size for your back-up and maintenance plan. A basic sizing guide for each vault store database is 250 bytes for each item archived plus 5 GB for static data, transaction logs and temporary data fluctuations.
Shopping baskets
Space is required on the Shopping service computer for shopping baskets. These are used by Enterprise Vault for keeping details of items that users request Enterprise Vault to restore. The amount of space required depends on the extent to which users restore items using the browser search shopping baskets. As a guide, for each shopping basket allow 4 KB for static data plus 1 KB for each item in a basket.
Local storage
A small amount of local storage is needed for temporary files. For example, the local temporary area may be used by the Storage service when processing large files. Local storage is also required for MSMQ files and for Windows system files.
36
Slow local disks can seriously impact the performance of Enterprise Vault. You are recommended to allocate separate disks for MSMQ files. The disks need to be set up for maximum speed; for example using RAID 1+0 rather than RAID 5. During installation Enterprise Vault requires 70 MB of disk space to install all the Enterprise Vault components.
What next?
Now check the prerequisite software and settings for core Enterprise Vault services. See the next chapter for details.
Chapter
About the Enterprise Vault prerequisite software and settings Enterprise Vault Deployment Scanner Basic software requirements Pre-installation tasks for Enterprise Vault server What next?
Software prerequisites for core Enterprise Vault components. Tasks that you need to perform before installing Enterprise Vault.
The Enterprise Vault Compatibility Charts contain details of the supported versions of prerequisite software. There are additional prerequisites for other optional Enterprise Vault components and the different types of archiving. Ensure that you also review the additional prerequisite information for your planned installation, as outlined in later chapters.
38
Enterprise Vault prerequisite software and settings Enterprise Vault Deployment Scanner
There are also prerequisites if you are installing Enterprise Vault in a clustered environment.
39
For details of supported versions, see the Enterprise Vault Compatibility Charts. Install Windows with the following options and components:
NTFS file system. Microsoft Message Queuing (MSMQ) services. See Installing MSMQ on page 40. .NET Framework 1.1 and .NET Framework 2.0. See Microsoft .NET Framework on page 42. Internet Information Services (IIS) 5 or later. See Internet Information Services (IIS) on page 42. Active Server Pages and ASP.NET enabled. See Enabling Active Server Pages and ASP.NET on page 42. Internet Explorer 6.0 or later. MSXML. See MSXML on page 43.
Roles-based administration
Roles-based administration uses Microsoft Windows Authorization Manager. Creating and managing roles using the Administration Console requires the Authorization Manager MMC snapin, which is only available on the following:
Windows Server 2003 Windows XP Professional with Windows Server 2003 Administration Tools Pack
Microsoft do not provide an Authorization Manager MMC snapin for Windows 2000 Server, so changes to the roles and role assignments must be done using an Administration Console on Windows Server 2003 or Windows XP Professional. Windows 2000 Authorization Manager Runtime can be downloaded from:
40
http://www.microsoft.com/downloads/details.aspx? FamilyID=7edde11f-bcea-4773-a292-84525f23baf7&DisplayLang=en
You will need to register Microsoft.Interop.Security.AzRoles.dll (version 1.0) in the .NET Global Assembly Cache (GAC). Registration instructions are contained in the Windows 2000 Authorization Manager Runtime RUNTIME_REQUIREMENTS.txt file.
Installing MSMQ
Enterprise Vault tasks use MSMQ to communicate with the Storage service. If you want to install Enterprise Vault services on more than one computer in the network, you must configure MSMQ on each computer. The steps for installing MSMQ on Windows Server 2003 and Windows 2000 are different. Follow the instructions below for your operating system. Note that Active Directory Integration should not be enabled when installing MSMQ. If the Enterprise Vault server is to be installed on the Domain Controller computer, you must perform additional steps to configure MSMQ security to give permissions to the Administrators group. This enables the Vault Service account to access the queues that it needs. You need administration privileges on the Domain Controller computer in order to do this. For more information about how to configure MSMQ, see the Windows Help. To install MSMQ on Windows Server 2003
1 2 3 4 5
In the Windows Control Panel, double-click Add/Remove Programs. Select Application Server and then click Details to open the Application Server window. Click Add/Remove Windows Components. The Windows Components wizard starts. Select the Message Queuing check box, and then click Details to display the Message Queuing dialog box. As installing MSMQ with Active Directory Integration affects the performance of Enterprise Vault, you are strongly recommended to clear the Active Directory Integration check box in the Message Queuing dialog box. Click OK twice to return to the Windows Components wizard. Follow the remaining instructions in the wizard.
6 7
41
1 2 3 4 5 6
In the Windows Control Panel, double-click Add/Remove Programs. Click Add/Remove Windows Components. The Windows Components wizard starts. Click Next. Select the Message Queuing Services check box, and then click Next. The Message Queuing Installation wizard starts. In the Message Queuing Installation wizard, click Message Queuing server. If the computer is an Active Directory controller, click Next to complete the installation. If the computer is not an Active Directory controller, you get the following prompts:
Select the Manually select access mode to Active Directory check box and click Next. Select Message Queuing will not access a directory service and click Next.
1 2 3 4 5 6 7 8 9
Click Start > Programs > Administrative Tools > Computer Management. In the left-hand pane, double-click Computer Management, Services and Applications. Right-click Message Queuing and, on the shortcut menu, click Properties. The Message Queuing Properties window appears. Click Add. The Select Users, Computers, or Groups window appears. Next to Look In, select Entire Directory. In the list, click Administrators and then Add. Click OK to go back to the Message Queuing Properties window. Click Administrators. Under Permissions, click the Allow check box next to Full Control.
42
A suitable version of Microsoft .NET Framework v 1.1 is installed automatically with Windows Server 2003. If necessary, you can download .NET Framework using the link in the Links to related software folder on the Enterprise Vault CD-ROM.
1 2 3 4 5 6
Open Add/RemovePrograms and select Add/RemoveWindowsComponents. Ensure Message Queuing Services and ASP.NET are selected. To install required components and enable Active Server Pages, select Application Server and click Details. Select Internet Information Services (IIS) and click Details. Scroll down to World Wide Web Service. Click this and then Details. Select Active Server Pages and click OK.
43
7 8 9
Click OK to close the dialog boxes until you get back to the Windows component list. Click Next to install the additional components. Click Finish. clicking Start, Programs, Administrative Tools, IIS Manager.
10 To check that Active Server Page scripts can run, start the IIS Manager by 11 Click Web Service Extensions. 12 Check that Active Server Pages are Allowed.
MSXML
All Enterprise Vault server computers require MSXML. This is installed automatically with Internet Explorer 6 Web browser, which comes as the default browser with Windows Server 2003. On Windows 2000, you can select Internet Explorer 6 from a Customized installation. If you are using an earlier version of Internet Explorer, you may need to install MSXML. This is available from a link in the Links to related software folder on the Enterprise Vault CD-ROM.
44
Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server
Note that if both Enterprise Vault and SQL Server are installed on the same Windows Server 2003 computer, you will need at least SQL Server 2000 with Service Pack 3.
Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server
45
this is to make the Vault Service account a local administrator on the SQL Server computer. After the Configuration wizard has been run you can remove this access, if required. During configuration, you are asked to provide the name and password of the Vault Service account. Enterprise Vault automatically grants the account the following advanced user rights:
Log On As a Service Act As Part Of The Operating System Debug programs Replace a process-level token
Note that it may take some time for the Vault Service account to be registered in the Active Directory for the computer that is going to run Enterprise Vault. The account cannot be used until the registration is complete. You are recommended to be logged in to the Vault Service account when you install Enterprise Vault. You must be logged in to the Vault Service account when you run the Enterprise Vault configuration wizard. To create the Vault Service account
1 2 3 4 5 6 7 8
On the domain controller, click Start > Programs > Administrative Tools > Active Directory Users and Computers. In the left-hand pane of Active Directory Users and Computers, double-click the Domain container. Double-click the Users container. On the Action menu, click New and then User. The New Object User screen is displayed. Complete the New Object User screen and click Next. The next screen asks for password details. Enter a password and confirm it. You must set a password; the Vault Service account password cannot be blank. Select the Password never expires check box. Leave the remaining check boxes clear:
User must change password at logon User cannot change password Account is disabled
46
Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server
10 Complete the details and click Next to move to the summary screen. 11 Click Finish to create the new user.
To add the new Vault Service account to the local Administrators group
1 2 3 4 5 6 7
Log on to the Enterprise Vault computer as Administrator. In Control Panel, open Administrative Tools and start the Computer Management console. Expand System Tools and then Local Users and Groups. Select Groups, and then double-click the Administrators group in the right-hand pane. Use Add to add the Vault Service account to this group. Click OK. Repeat these steps on each computer which will have Enterprise Vault installed.
1 2 3 4 5 6 7 8 9
Start Enterprise Manager for SQL 2000. Expand the SQL Server container. Click Security. Right-click Logins and, on the shortcut menu, click New Login. Enter or select the name of the Vault Service account. For example,
domain\vaultadministrator
Check that Windows Authentication is selected and that the correct Domain for the account has been selected. Under Security Access check that Grant access is selected. On the Server Roles tab, select Database Creators. Click OK.
1 2
Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server
47
3 4
Right-click Logins and select New Login. Either type in the Vault Service account as domain\username or click Search and search for the account. In the search dialog, ensure that the correct domain is entered in the Locations box. Select Windows authentication. In the tree, click Server roles. Select the checkbox beside dbcreator. Click OK. You can check that the Vault Service account has the required permissions as follows:
5 6 7 8 9
In the tree, select Security>Server Roles. In the right-hand pane, double-click the dbcreator role. The Vault Service account should be displayed in the membership list.
If the Enterprise Vault Directory is shared between more than one Enterprise Vault site, it allows the configuration information for each of the Enterprise Vault sites to be distinguished. It allows future flexibility if you change the computer that is running the Enterprise Vault services.
If you are setting up Enterprise Vault as a pilot system, you can configure Enterprise Vault without using DNS aliases, to avoid the need to create temporary DNS entries. Instead, you must supply a fully qualified, valid DNS name of the Directory Service computer, when prompted for the Vault Site alias. Similarly, you can use fully qualified, valid DNS computer names for Enterprise Vault servers. In all other situations, you should use a DNS alias.
48
Give the alias a meaningful name, so that you know to which Enterprise Vault site it relates.
What next?
Ensure that you also review the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments.
Chapter
About additional requirements for Operations Manager Where and when to install Operations Manager Additional prerequisite software Additional preinstallation tasks What next?
50
Operations Manager requires Enterprise Vault Services on the same computer. You can install the Operations Manager component at the same time as installing the Enterprise Vault Services component, or at a later date. You must run the Enterprise Vault configuration wizard to configure the Enterprise Vault Services before you configure Operations Manager.
The version of Internet Information Services (IIS) must be IIS 6.0 or later.
IIS must not be locked down. If you are installing Operations Manager on Windows Server 2003 x64 Editions, you must switch to the 32-bit version of ASP.NET 2.0. To do this, see Microsoft Knowledge Base article http://support.microsoft.com/?kbid=894435. Note: You cannot install Operations Manager on a 64-bit edition of Windows Server running Exchange Server 2007. Exchange Server 2007 requires the 64-bit version of ASP.NET 2.0.
Select the Password Never Expires option. Leave the remaining check boxes clear (User Must Change Password At Logon, User Cannot Change Password, and Account Is Disabled).
What next?
Ensure that you review all the additional prerequisite information for your planned installation.
51
There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server.
52
Chapter
About requirements for Enterprise Vault Reporting Where and when to install Enterprise Vault Reporting Prerequisites for Enterprise Vault Reporting Preinstallation tasks What next?
54
Requirements for Enterprise Vault Reporting Prerequisites for Enterprise Vault Reporting
After installing Enterprise Vault Reporting you must run the Enterprise Vault Reporting Configuration utility to configure Reporting and deploy the reports. Note: You must only configure Reporting after running the Enterprise Vault configuration utility successfully on at least one computer in the site on which Enterprise Vault Services are installed.
Microsoft SQL Server 2000 Reporting Services with SP2; or Microsoft SQL Server 2005 Reporting Services (SP1 recommended). Both the following versions of Microsoft .NET Framework:
Note: Enterprise Vault Reporting requires both versions of .NET Framework to be installed. A suitable version of Microsoft .NET Framework v 1.1 is installed automatically with Windows Server 2003. If necessary, you can download .NET Framework using the link in the Links to related software folder on the Enterprise Vault CD-ROM.
IIS registered with ASP.NET 1.1 for SQL Server 2000 Reporting Services SP2, or ASP.NET 2.0 for SQL Server 2005 Reporting Services. A network connection to the computer hosting the Enterprise Vault Directory database. If you are using FSA Reporting, then Enterprise Vault Reporting also requires access to the FSA Reporting database.
55
As a prerequisite, the 32-bit version of SQL Server 2005 Reporting Services requires the 32-bit version of ASP.NET on IIS. To run the 32-bit version of ASP.NET, see Microsoft Knowledge Base article http://support.microsoft.com/?kbid=894435.
Preinstallation tasks
Before installing the Enterprise Vault Reporting component, you must do the following:
Install the required prerequisite software for Enterprise Vault Reporting. See Prerequisites for Enterprise Vault Reporting on page 54. Create a Windows user account named, say, ReportingUser, in the Active Directory domain, for Enterprise Vault Reporting to use when accessing the Enterprise Vault databases. This reporting user account does not require a mailbox, and it need not be a member of the Windows Administrators group. When you create the reporting user account:
Select the Password Never Expires option. Leave the remaining check boxes clear (User Must Change Password At Logon, User Cannot Change Password, and Account Is Disabled).
Give the Vault Service account a "Content manager" role on the Microsoft Reporting Services Report Server. Refer to the Microsoft Reporting Services documentation for instructions on assigning Microsoft SQL Server Reporting Services roles to user accounts. Add the Vault Service account to the Local administrators group on the Microsoft SQL Server Reporting Services server machine.
What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server.
56
Chapter
About the requirements for Exchange Server archiving Required software on Enterprise Vault server Pre-installation tasks for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving Prerequisites for OWA Prerequisites for RPC over HTTP What next?
Exchange 2000 Exchange Server 2003 Exchange Server 2007 with Mailbox Role installed
This chapter describes the additional preparation required before installing and configuring Exchange Server archiving components.
58
Additional requirements for Exchange Server archiving Required software on Enterprise Vault server
Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving
59
Note: Installing Outlook 2007 on the same computer as Exchange System Manager is not supported by Microsoft. Therefore Outlook 2003 is required on the Enterprise Vault server, even if all of your target Exchange servers are running Exchange Server 2007.
1 2 3
Click Start > Programs > Microsoft Exchange > System Manager. In the left-hand pane, double-click the Recipients container. Click Recipient Update Services.
60
Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving
In the right-hand pane, right-click the Recipient Update Service for the domain that contains the Exchange Server computer for which you are adding an archiving task. Click Update Now. The mailbox should be available within a minute or two.
On Exchange Server 2007 with Mailbox Role installed, run adsiedit.msc to configure the permissions for the Vault Service account in Active Directory; adsiedit.msc is included in Windows support tools.
Expand the tree as follows: Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)/CN=Servers.
For each server object representing an Exchange Server 2007 with Mailbox Role installed, do the following:
Right-click the object and select Properties. Click the Security tab. Add the Vault Service account and grant this account Full Control. Click Apply. Click Advanced.
Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving
61
For the permission entry for the Vault Service account: Select the permission entry and click Edit.... Change Apply onto to This object and all child objects. Click OK. Click OK to close the Advanced Security Settings window. Click OK and close the Properties window.
You must also grant the Vault Service account Send As permission on the Enterprise Vault system mailbox object (and all child objects).
In adsiedit.msc click Domain [your_domain]. Locate the mailbox that you created for the Enterprise Vault system mailbox. This is usually under CN=Users. Right-click the object and select Properties. Click the Security tab. Add the Vault Service account and then add Send as permissions to this account. Click Apply. Click OK and close the Properties window. Close adsiedit.msc.
1 2 3 4 5 6 7 8 9
Click Start > Programs > Microsoft Exchange > System Manager. Expand the Servers container. Right-click your Exchange Server and, on the shortcut menu, click Properties. Click the Security tab. Click Add. Double-click the Vault Service account to add it to the list. Click OK to go back to the Security tab. The Vault Service account has been added to the Name list. In the Name list, click the Vault Service account. In the Permissions list, make sure that all check boxes in the Allow column are selected. Select any check boxes that are not already selected.
10 Click OK.
62
Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving
1 2
Enable the display of the Security page by configuring the ShowSecurityPage registry setting (see Microsoft Knowledge Base Article 883381). In the left-hand pane of Microsoft Exchange, System Manager, right-click your Exchange Organization or the administrative group that you want, and select Properties. Select the Security tab and set the required permissions for the Vault Service account, as described in the steps for individual Exchange Servers.
To assign the permissions at Organization or Administrative Group level (Exchange Server 2007)
To assign permissions at Exchange Organization level, expand the tree in adsiedit.msc as follows: Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization] To assign permissions at Administrative Group level, expand the tree as follows: Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)
2 3 4 5 6 7
Right-click the object and select Properties. Click the Security tab. Add the Vault Service account and grant this account Full Control. Click Apply. Click Advanced. For the permission entry for the Vault Service account:
Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving
63
Change Apply onto to This object and all child objects. Click OK to exit the Edit window. Click OK to close the Advanced Security Settings window. Click OK and close the Properties window.
Close adsiedit.msc.
1 2
On the Exchange Server open the Exchange Management Shell. Enter the following command:
new-publicfolderdatabase -Name "Public Folders" -StorageGroup "First Storage Group" -EdbFilePath "C:\Program Files\Microsoft\ExchangeServer\ Mailbox\First Storage Group\Public Folders.edb"
You may need to create an Offline Address Book with Public Folder integration enabled if you are using clients prior to Outlook 2007.
64
Additional requirements for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving
1 2 3 4 5
Start Internet Explorer. Select Internet Options from the Tools menu. Click the Programs tab. In the E-mail box, select Microsoft Office Outlook. Click OK.
Enterprise Vault Outlook Add-Ins OWA clients, which require Enterprise Vault Exchange Server extensions for OWA Enterprise Vault customized shortcuts. Enterprise Vault search or Archive Explorer in a browser session.
Before users can send items to an archive from within their Outlook client, the Outlook Add-Ins must be installed on their computers. Install Outlook Add-Ins on user computers after you have configured the Enterprise Vault server.
Additional requirements for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving
65
For any of the Add-Ins, user computers must have the following:
Operating system one of Windows Server 2003, Windows 2000, or Windows XP. Note that for the Windows Desktop Search plug-in, the minimum requirements are Windows 2000 SP4 or later, or Windows XP SP1 or later. Internet Explorer 6.0 or later, with Java scripting enabled. This must be installed, even if it is not used. If you intend to make the HTTP-only Self-Installing Outlook Add-In available to users, Internet Explorer must allow them to download signed ActiveX controls. TCP/IP protocol. Mail client one of Outlook 2007, Outlook 2003, Outlook 2002 (XP), or Outlook 2000. Install Internet Explorer before you install the mail client. If you plan to enable the Windows Desktop Search plug-in, then Windows Desktop Search 2.6.5 must be installed on the target desktop computers. An option in the Windows Desktop Search plug-in enables you to add buttons and menu options to Windows Desktop Search and MSN Search Toolbar to enable the user to search their primary (online) archive. For this, you also need MSN Search Toolbar V02.06 installed on desktop computers. The Windows Desktop Search plug-in requires Outlook 2007, Outlook 2003 or Outlook XP and Enterprise Vault 7.0, or later, Outlook Add-In or HTTP-only Outlook Add-In installed on the desktop computers. You can download Windows Desktop Search 2.6.5 and MSN Search Toolbar V02.06 from the following address: http://www.microsoft.com/windows/desktopsearch/downloads/default.mspx
OWA clients
Enterprise Vault functionality can be made available in OWA 2003 and OWA 2007 Basic and Premium clients by installing Enterprise Vault OWA server extensions on the Exchange Server. Enterprise Vault functionality available with OWA 2000 clients is limited to viewing archived items. With OWA 2007 and OWA 2003 you can control the functionality of the clients using OWA settings on the Advanced page of the Exchange Mailbox Policy properties. On user desktops, Internet Explorer 6.0 or later is required to support the full functionality available with OWA 2007 and OWA 2003 clients. You do not need to install Enterprise Vault Add-Ins on user desktop computers.
66
Additional requirements for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving
Customized shortcuts
If you do not want to install the Enterprise Vault Outlook Add-Ins on desktop computers, or users do not use Outlook as their email client, you can configure Enterprise Vault customized shortcuts in the Exchange Mailbox Policy. For example, users may use an IMAP or POP3 email client, or Entourage (on Mac computers). Using customized shortcuts, users can view an HTML version of archived items, and start Archive Explorer and archive search in a browser session to access and manage items stored in archives. On Windows computers, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer. On Mac computers, Entourage email client and Safari browser are supported. For details of supported versions, see the Enterprise Vault Compatibility Charts.
Archive Explorer URL: http://web_server_name/EnterpriseVault/ArchiveExplorerUI.asp Integrated search URL: http://web_server_name/EnterpriseVault/searcho2k.asp Browser search URL: http://web_server_name/EnterpriseVault/search.asp
To use Enterprise Vault browser search or Archive Explorer in a browser session, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer. Note: With Exchange Server Journal archiving, shortcuts are not created in the mailbox. The associated archives can be accessed using archive search, but not Archive Explorer.
67
If you are running Exchange Server 2003 on OWA servers, Exchange Server 2003 Service Pack 1 or later is required. As Enterprise Vault OWA 2003 extensions modify OWA control files on Exchange Server 2003, the version of these files must be one that is supported by Enterprise Vault. See the Enterprise Vault Compatibility Charts. If the back-end OWA 2000 or OWA 2003 server computer is running Windows 2000, it requires either Windows 2000 SP3, or SP2 and a Microsoft hotfix, because of a problem with IIS 5.0. The problem is described in Microsoft support article 294833. MSXML is required on Exchange OWA servers (with the exception of front-end OWA 2000 servers). This is installed automatically with Internet Explorer 6 Web browser, which comes as the default with Windows Server 2003. On Windows 2000, you can select Internet Explorer 6 from a Customized installation. If you are using an earlier version of Internet Explorer, you may need to install MSXML. This is available from a link in the Links to related software folder on the Enterprise Vault distribution media. On user desktops, Internet Explorer 6.0 or later is required to support the full functionality available with OWA 2007 and OWA 2003 clients. Note that the Enterprise Vault buttons are not available in OWA 2000 clients, which means that you can only view archived items. To be able to archive, restore and delete archived items from your OWA client and have integrated access to Archive Explorer and Search features, you need to use OWA 2007 or OWA 2003.
See Configuring Enterprise Vault access for OWA 2007 users on page 232.
68
Additional requirements for Exchange Server archiving Prerequisites for RPC over HTTP
See Configuring Enterprise Vault access for OWA 2003 users on page 237. See Configuring Enterprise Vault access for OWA 2000 users on page 246.
69
What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server.
70
Chapter
Prequisites for all Enterprise Vault servers Prerequisites for Domino Server mailbox archiving Prerequisites for Domino journal archiving What next?
1 2
Set the NOTESNTSERVICE system environment variable to '1'. Restart the server.
For more information about the NOTESNTSERVICE system environment variable and how to set it, see the following articles:
http://www-304.ibm.com/jct09002c/isv/tech/faq/individual.jsp?oid=1:85904 http://support.microsoft.com/kb/324705
If you do not set NOTESNTSERVICE there may be many different errors, such as intermittent failures when restoring archived items, errors when archiving, and errors from the Administration Console.
72
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
One or more Enterprise Vault Domino Gateways. The Enterprise Vault Domino Gateway is a Domino server that is customized by Enterprise Vault configuration. The Enterprise Vault Domino Gateway provides the interface between Lotus Notes clients and Enterprise Vault. All the major actions on archived data (opening, restoring, deleting and searching) are handled by the Enterprise Vault Domino Gateway. One or more Enterprise Vault servers. An Enterprise Vault server can be co-located with an Enterprise Vault Domino Gateway or installed on a separate computer. To ensure control of load balancing, we recommend that you co-locate the Enterprise Vault Domino Gateway and Enterprise Vault server. Target Domino mail servers. Enterprise Vault client extensions for Lotus Notes and Domino Web Access.
This section describes the prerequisite software and settings for Domino mailbox archiving and the tasks that you need to perform before installing Enterprise Vault. If you are going to install Enterprise Vault Administration Console on a remote computer, then you must also install Lotus Notes 7.0.2 or later on that computer in order to manage Domino user archives. This section describes the minimum requirements for Domino mailbox archiving. For details of the latest supported software versions, see the Enterprise Vault Compatibility Charts (http://entsupport.symantec.com/docs/276547).
Domino Server 8.0 and Lotus Notes Client 8.0 Domino Server 7.0.2 and Lotus Notes Client 7.0.2 Enterprise Vault 2007
Depending on which versions of Domino Server and Lotus Notes you use, you may require Lotus Hotfixes. For details of required hotfixes, see the Enterprise Vault Compatibility Charts (http://entsupport.symantec.com/docs/276547).
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
73
You will need at least a Domino Messaging server license for each Enterprise Vault Domino Gateway.
The Vault Service account. A SQL login account for the Vault Service account . DNS aliases for the Enterprise Vault server and site.
See Pre-installation tasks for Enterprise Vault server on page 44. You now need to perform the tasks described in this section to set up Domino server and Lotus Notes on the Enterprise Vault Domino Gateway computer. The following steps must be completed before you install Enterprise Vault on the computer: This ensures that the Enterprise Vault installation program detects
74
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
that this is a Domino server and will install the extension manager files and other database files.
Register the Domino server that will run on the Enterprise Vault Domino Gateway computer, and set up the configuration for this server in the Domino Directory. See Register the Enterprise Vault Domino Gateway on page 74. Identify or create a user ID for the Domino mailbox archiving. See User ID for Domino mailbox archiving on page 76. Configure the server documents for the Domino mail servers from which Enterprise Vault will archive. See Configure the server document for each target Domino mail server on page 77..
On the computer that will host the Enterprise Vault Domino Gateway, do the following:
Install Domino server binaries and configure the Domino server. See Install and configure Enterprise Vault Domino Gateway on page 79.. Install Lotus Notes client binaries and hotfix, and configure the client. See Install and configure Lotus Notes on Enterprise Vault Domino Gateway on page 81..
After you have completed these tasks, you can install Enterprise Vault and perform the initial configuration. See Installing Enterprise Vault on page 111. You can then complete the configuration of Domino mailbox archiving. See Preparation for Domino mailbox archiving on page 314.
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
75
Configure the HTTP port. Configure server security. Add trusted servers. Set up Single Sign-On.
1 2 3
In Domino Administration client open the server document for the Enterprise Vault Domino Gateway. Select Ports tab and then Internet Ports tab in sub-document. On Web tab, set TCP/IP port number to something other than 80; for example, 8080.
1 2
Open the Security page of the server document. In the Programability restrictions Who can section, ensure that the user who will sign the mail templates is displayed in the field Sign agents to run on behalf of the invoker of the agent. Scroll down to Server Access. Add the user who will sign the mail templates to Create master templates. Add the target Domino mail servers to Trusted servers. Click Save and Close. Repeat the above steps for each Enterprise Vault Domino Gateway.
3 4 5 6 7
76
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
For more detail on how to configure Single Sign-On using Web Configuration, see the following IBM article: http://www-1.ibm.com/support/docview.wss?rs=2272&context= SSTJRP&dc=DA400&uid= swg27002760&loc=en_US&cs=UTF-8&lang=en&rss=ct2272lotus To configure Single Sign-On
In the Domino Administrator client go to Configuration tab and select Server > All Server Documents view. Select (but do not open) the server document for the Enterprise Vault Domino Gateway. Click Web and select Create Web SSO Configuration from the drop down box .
In the Configuration Name field, change the default name to EVLtpaToken. In the DNS Domain field, enter the DNS domain of the participating Domino servers. In the Domino Server Names field, add all the Enterprise Vault Domino Gateways. If you want Single Sign-On to cover DWA users, then you also need to add the target Domino mail servers. Click Keys and in the drop down menu select Create Domino SSO Key. Click OK. Save and Close the Web SSO Configuration.
While the server document for the Enterprise Vault Domino Gateway is selected, click Edit server.
Click Internet Protocols tab and then Domino Web Engine sub-tab. Change the Session Authentication field to Multiple Servers (SSO). In the Web SSO Configuration field select EVLtpaToken. Save and close the server document.
Add hidden views. Add or update a hidden Enterprise Vault profile document. Change mail items into shortcuts.
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
77
To comply with the Domino security model, this access to Domino mail databases needs to be done by an authenticated user using a Lotus Notes ID file. When you configure the server document for target Domino mail servers, you will give this ID at least Editor access and Delete Documents and Create shared folders/views permissions on mail files to be archived. See Granting the Domino archiving user access to mail files on page 78. Later, you specify this ID in the Enterprise Vault Administration Console when you are configuring Domino mailbox archiving. The ID details (including the password) are encrypted and stored in the Enterprise Vault directory database. Although you can use any user ID file that has the correct level of access, we recommend that you create a generic user account and grant the user the access permissions required.
Configure the server document for each target Domino mail server
When configuring the server document for each of the target Domino mail servers, you will need to do the following:
The server document for each target Domino mail server must have Enterprise Vault Domino Gateways added as trusted servers: The signing ID that will be used to sign the Enterprise Vault client templates also needs to be given the following permissions:
Sign agents to run on behalf of the invoker of the agent, on target Domino mail servers. Create master templates.
The Domino archiving user needs to be given access to target user mail files. Optionally, you may want to enable Single Sign-On for DWA users.
78
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
1 2
Open the Security page of the server document. In the Programability restrictions Who can section, ensure that the user who will sign the mail templates is displayed in the field Sign agents to run on behalf of the invoker of the agent . Scroll down to Server Access, and add all the Enterprise Vault Domino Gateways in the domain as trusted servers. Click Save and Close. Repeat the above steps for each Enterprise Vault target Domino mail server.
3 4 5
Note: If you intend not to archive unread items then the Domino archiving user requires Manager access to the mail files. This is because Domino requires Manager access in order to determine which items are unread. If Domino administrators have Manager access to all mail files, then you can use the Manage ACL tool in the Domino Administrator client to add the Domino archiving user to all mail databases. Repeat the following steps for each target Domino mail server. To add the Domino archiving user to all mail databases
1 2 3 4 5
In the Domino Administrator client, navigate to the Domino mail server and click the Files tab. In the tasks pane, click the Mail folder to display a list of all the mail databases in the results pane. Select the first mail database, and then press Shift and End together to select all the mail databases. Right-click and select Access Control > Manage. Click Add and then press the person icon to select the Domino archiving user from the Domino directory list. Click OK.
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
79
6 7 8
When the user is in the ACL dialog box, change the Access field to Editor and the User Type to Person. Select Delete Documents and Create shared folders/views. Click OK to add the user to the ACL of all mail databases selected.
Warning: It is very important to set the User Type to Person to prevent any user from creating a group within the Domino directory of the same name as the Domino archiving user and granting the group access to all mail databases. If no user has Manager access to every mail database, then do the following:
Place the Domino server administrators user name in the Full Access Administrators field in the server document. Restart the Domino server. In the Domino Administrator client choose Administration > Full Access Administration and complete the procedure described above. If necessary the administrator can then be removed from the Full Access Administrators field.
Single Sign-On
The main requirement for Single Sign-On is to enable users to use the Enterprise Vault search feature. However, if Single Sign-On is not configured, DWA users will need to re-enter authentication details when opening archived items. To avoid this, you may want to configure Single Sign-On on DWA servers, even if you do not plan to give users access to the Enterprise Vault search feature. See Configure Single Sign-On on page 75.
80
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
an account other than the system account. This is a Microsoft Windows limitation. To see the console, you can connect to it remotely. If you want to have the server console displayed locally while you are configuring Domino Mailbox archiving , you can run the Domino server as an application as follows:
Log on to the Enterprise Vault Domino Gateway computer using the Vault Service account. In Windows Services console, if the Lotus Domino Server service is running, stop it. Disable the Lotus Domino Server service. Start the Lotus Domino Server (by double-clicking the desktop icon or running Domino program directory\nserver.exe), and select the option to start the server as a regular application. The Domino server configuration starts.
Supply the Domino Server ID that was created when you registered the Domino server on the Enterprise Vault Domino Gateway. Select the option Web Browsers (HTTP Services) on the Internet Services page to add the HTTP server task. For optimum performance, you can use the Customize button to remove all but the minimum server tasks. The following Domino server services are the minimum required on the Enterprise Vault Domino Gateway:
Note: In a production environment, start the Domino Server on the Enterprise Vault Domino Gateway as a service running under the Vault Service account. To ensure that Enterprise Vault can configure user mail files for archiving, and subsequently update the users' mail files with any archiving policy changes, the Domino Directory should replicate frequently to the Enterprise Vault Domino Gateway. To enable DWA users to open those archived MIME items that are signed or encrypted there must be an SSL connection to the Enterprise VaultDomino Gateway. In this case, you must configure the Enterprise Vault Domino Gateway for SSL. If you do not do this configuration, DWA users receive the following error message:
Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving
81
to complete the current operation. required for secure mail, not enabled on Domino Server. notify your administrator.
Clear the option Setup Instant Messaging. For Additional Services accept the default, None.
Note: In a production environment it is recommended that you do not run the Lotus Notes client on the Enterprise Vault because doing so may cause conflicts. If you must do so, stop all all Enterprise Vault Domino tasks before running Lotus Notes.
82
Additional prerequisites for Domino Server archiving Prerequisites for Domino journal archiving
Admin service Directory service Storage service Indexing service Task controller service
See Installing Enterprise Vault on page 111. After you have installed and configured Enterprise Vault, you can set up your Domino mailbox archiving environment using the Enterprise Vault Administration Console. See Preparation for Domino mailbox archiving on page 314.
Determine the location of the file Msoxmlmf.dll. The file is in the Office shared folder, the default location for which is as follows:
C:\Program Files\Common Files\Microsoft Shared\Office11
Additional prerequisites for Domino Server archiving Prerequisites for Domino journal archiving
83
Type regsvr32.exe /u and then the path to Msoxmlmf.dll. For example, if the file is in the default location, you might type the following:
regsvr32.exe /u "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
Click OK.
Periodic Rollover or Size Rollover. If you choose either of these options in Domino 6.5.n, Domino does not create the rollover databases in the same directory as the initial database. This means that you must manually move rollover databases into the Domino journal directory in order for them to be archived. None. If you select this method the database will continue to grow, so we recommend that you compact the journal directory each night.
Configure Domino Journaling so that the Journaling database is in a subfolder of the servers Data directory. If Domino Journaling is already configured, you may need to move the Journaling database and update the server configuration document.
84
Additional prerequisites for Domino Server archiving Prerequisites for Domino journal archiving
Each Domino Server in the cluster should be independently journaling to a local database. Mail journaling databases should not be configured to replicate to other Domino servers in the cluster. This includes both cluster replication and scheduled replication. Enterprise Vault should be configured to archive from the Domino journal databases on each server in the cluster.
Access to the Domino domain. This is provided by the ID file of a user who is enabled for Lotus Mail and whose account is in the same domain as the server. This account must have read access to the Domino Directory. Access to the Domino server. This is provided by the ID file of a user who has access to the Domino server and its directories. By default, Enterprise Vault will use the same ID file as is used to access the domain. Access to the Domino Journaling location This is provided by the ID file of a user who has Editor, Designer, or Manager access to the journaling databases, and also has the Delete Documents permission. If the database is encrypted, this ID file must be the one that was used to encrypt the database. By default, Enterprise Vault will use the same ID file as is used to access the server. If you do not specify a file for server access, Enterprise Vault will use the same ID file as is used to access the domain.
Create suitable ID files and place them in the Lotus Notes data folder on the Enterprise Vault server that will run the Domino Journaling task. By default, this is C:\Program Files\lotus\notes\data.
85
What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If your Enterprise Vault server is already set up, then configure Domino Server archiving using the Enterprise Vault Administration Console.
86
Chapter
About the prerequisites for FSA Enterprise Vault server requirements About FSA shortcuts The FSA Agent Preparing file servers Configuring Internet Explorer on NTFS file servers Client requirements What next?
88
Additional prerequisites for File System Archiving (FSA) About FSA shortcuts
files that have been archived using a previous version of Enterprise Vault, then Outlook is still required on the Enterprise Vault server. An Enterprise Vault Storage service is required on the Enterprise Vault server that hosts FSA. Internet Explorer 6.0 or later is required on the Enterprise Vault server computer that is to host FSA.
A placeholder shortcut. This is a special file that appears exactly as the original file but, when opened, forces Enterprise Vault to fetch the archived file. A Placeholder service needs to be configured to create these shortcuts. An internet (URL) shortcut. This is a .url text file containing a hypertext link to the archived file. The Placeholder service is not required to create these shortcuts.
Enterprise Vault cannot create placeholders for certain legacy files. This is particularly true of files that have extended attributes because they were previously stored in an HPFS (OS/2) file system.
NTFS. The FSA Agent must be installed on each NTFS file server to provide the Placeholder service. See The FSA Agent on page 89. Each disk on which placeholder shortcuts are required must be an NTFS device; it is not sufficient to use a non-NTFS device that appears on the network as an NTFS device. The Enterprise Vault server uses CIFS when accessing the file system, for example, to archive files. NetApp Filer with Data ONTAP 7.0 or later. The Placeholder service for NetApp Filer devices runs on the Enterprise Vault server computer and accesses the NetApp Filer using CIFS. EMC Celerra.
Additional prerequisites for File System Archiving (FSA) The FSA Agent
89
The Placeholder service for EMC Celerra file systems runs on the Enterprise Vault server and accesses the EMC Celerra file system using CIFS. Before installing and configuring FSA, ensure that the target file system that you want to archive is supported. See the Enterprise Vault Compatibility Charts.
Use Placeholder shortcuts Implement File Blocking Gather data for FSA Reporting's reports
Instructions for installing the FSA Agent are included in the instructions for installing and configuring FSA on NTFS file servers. The FSA Agent can be used in a clustered environment. See About FSA clustering on page 397. Note: The FSA Agent requires Microsoft .NET Framework v 2.0 as a prerequisite on the file server.
Local administrator rights on the file server Full control on the share that is configured as the target volume
Optionally the Vault Service account also requires browse permissions on the target folders, and on any folders in the paths to the target folders. If these optional permissions are not set, the administrator is unable to browse in the Administrator Console for the target folder, and so must specify the path by typing it in. The remainder of this section gives instructions on how to prepare NetApp Filer devices for archiving. As preparing EMC Celerra file servers requires information about the Enterprise Vault server configuration, the steps are described in a later section.
90
Additional prerequisites for File System Archiving (FSA) Configuring Internet Explorer on NTFS file servers
Add the Vault Service account as an Administrator on the NetApp filer by following these steps in the order listed:
Log on to a Windows server as a user who already has administrative rights on the NetApp filer. On the Windows desktop, right-click My Computer and then, on the shortcut menu, click Manage. In Computer Management, select Connect to another computer from the Action menu and then enter the name of the NetApp filer.
2 3 4
Expand Local Users and Groups and click Groups. In the right pane, right-click Administrators and then, on the shortcut menu, click Add to Group. Click Add to add the Vault Service account to the list of group members.
1 2 3 4 5 6
Log on as the Vault Service account to the NTFS file server that is running the Placeholder service. On the Windows Start menu, click Settings > Control Panel. Double-click Internet Options. Click the Security tab. In the list of zones, click Local intranet. Click Sites.
91
7 8 9
Click Advanced. Enter the name of the Web access application computer, without the DNS domain, and then click Add. Click OK.
10 Click OK to close the local intranet settings. 11 On the Security tab of the Internet Options dialog box, click Custom Level. 12 Under User Authentication in the Security Settings dialog box, select either
Automatic logon only in Intranet zone or Automatic logon with current username and password.
13 Click OK to close the Security Settings dialog box. 14 Click OK to close the Internet Options dialog box.
Client requirements
The following client access to archived items is available with FSA:
If shortcuts are created in the items original location, users can access an archived item simply by double-clicking the shortcut on the file server. If shortcuts are not created, users can access the archived items in the archives using archive search or Archive Explorer.
To use Enterprise Vault browser search or Archive Explorer, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer.
What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server. If your Enterprise Vault server is already set up, then configure File System Archiving using the Enterprise Vault Administration Console.
92
Chapter
Enterprise Vault server requirements SharePoint Server requirements Installing Enterprise Vault SharePoint components Running the configuration wizard What next?
94
The version of Microsoft SharePoint products must be at least one of the following:
Microsoft Windows SharePoint Services 2.0 with Service Pack 1 Microsoft SharePoint Portal Server 2003 with Service Pack 1 Microsoft Windows SharePoint Services 3.0 (WSS 3.0) Microsoft Office SharePoint Server 2007 (MOSS 2007)
If you have SharePoint Portal Server 2003 with Backwards Compatible Document Libraries (BCDL), see the installing and configuring instructions in the following Technical Note, available from the Symantec knowledge base: http://entsupport.symantec.com/docs/284469
Ensure that the Vault Service account is either a member of the SharePoint administration group for the SharePoint virtual servers or has local administrator privileges on the SharePoint computer. The account under which the Enterprise Vault SharePoint task runs (typically the Vault Service account) must have full access to target site collections and their content. When archiving from SharePoint 3.0 sites, the account must have Site Collection Administrator privileges on the target SharePoint site collections. SharePoint Servers must be running Windows Server 2003 with Service Pack 1 or later.
For full details of all the supported versions of prerequisite products, see the Enterprise Vault Compatibility Charts.
95
Install and configure Enterprise Vault with SharePoint Server 2003. Upgrade SharePoint Server to SharePoint 2007.
The following information provides an overview of the steps. Detailed instructions are given in later sections in this manual. To install and configure Enterprise Vault with SharePoint 2003
1 2 3 4 5 6
Install Enterprise Vault on the Enterprise Vault server. Install the Enterprise Vault SharePoint components on the SharePoint server. Run the Enterprise Vault configuration tool on the SharePoint server. Run the Enterprise Vault Administration Console on the Enterprise Vault server and configure SharePoint sites for archiving. Return to the SharePoint Server and install the Enterprise Vault Web Parts and the Archive Version History link. Check that archiving is working correctly.
1 2 3 4
Upgrade SharePoint Server 2003 to 2007. Repeat the installation of the Enterprise Vault SharePoint components on the SharePoint server. Install the Enterprise Vault Web Parts and the Archive Version History link again. Ensure that the account that the SharePoint task runs under is a Site Collection Administrator on the target SharePoint site collections. The migration is now complete.
96
Additional prerequisites for SharePoint Server archiving Installing Enterprise Vault SharePoint components
The following example shows the use of redirection during the gradual migration process. Before upgrade:
SharePoint site URL: http://sharepoint/sites/site1 Enterprise Vault target URL: http://sharepoint/sites/site1 Enterprise Vault will archive site URL: http://sharepoint/sites/site1
SharePoint site URL: http://sharepoint/sites/site1 is redirected to http://sharepoint:8003/sites/site1 Enterprise Vault target URL is unchanged: http://sharepoint/sites/site1 Enterprise Vault will archive unmigrated site at redirected URL: http://sharepoint:8003/sites/site1
SharePoint site URL: http://sharepoint/sites/site1 - no redirection Enterprise Vault target URL is still unchanged: http://sharepoint/sites/site1 Enterprise Vault will archive migrated site URL: http://sharepoint/sites/site1
1 2 3 4 5 6 7
Log on to the SharePoint Server using the Vault Service account. Load the Enterprise Vault CD-ROM on your SharePoint Server computer. Open the Enterprise Vault folder. Open the Server folder. Double-click SETUP.EXE to start the installation. Work through the installation wizard until you reach the Select Components to Install screen. Select Microsoft SharePoint Components. If you are installing only the Enterprise Vault SharePoint components on this computer, clear the check boxes for other Enterprise Vault components.
Additional prerequisites for SharePoint Server archiving Running the configuration wizard
97
8 9
1 2 3
Click Start > Programs > Enterprise Vault > SharePoint Configuration to start the configuration wizard. Click Next to continue. You are prompted for details of the account that Enterprise Vault services will use. Enter the details of the Vault Service account. You must use the format domain_name\username when you specify the account. Alternatively, use the Browse button to browse for the account. Enter the password for the account and confirm it.
Click Next. A warning message is displayed if the account you are using does not have sufficient privileges to validate the password (see SharePoint Server requirements). Click Yes to continue.
On the last screen of the configuration wizard click Finish to exit the program.
What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server. If your Enterprise Vault server is already set up, then configure SharePoint Server archiving using the Enterprise Vault Administration Console.
98
Chapter
10
About the prerequisites for SMTP archiving Microsoft SMTP Server requirements Enterprise Vault server and holding area requirements Client access for SMTP archiving What next?
100
Additional prerequisites for SMTP archiving Enterprise Vault server and holding area requirements
As Microsoft SMTP Server is included in IIS, install IIS on the Microsoft SMTP Server computer, and configure an SMTP virtual server. The following software versions are required on the Microsoft SMTP Server computer:
For instructions on how to configure Microsoft SMTP Server, see the Microsoft documentation. As the Microsoft SMTP Server is the destination messaging server for any SMTP messages to be archived by Enterprise Vault, configure the required domain addresses in DNS. All messages sent to SMTP archiving are stored; it does not perform any filtering. For this reason, only SMTP messages should be sent to this server, and not Exchange MAPI messages. We recommend that you do not install SMTP archiving on a server that is running Microsoft Exchange Server. Although you can install the Microsoft SMTP Server on the same computer as Enterprise Vault, it is more common to install it on a separate computer. You must not configure this server to relay messages to other messaging servers; it should only receive messages for archiving.
101
To use Enterprise Vault browser search or Archive Explorer, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on the users desktop computer.
What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server. If your Enterprise Vault server is already set up, then configure SMTP archiving.
102
Chapter
11
About the prerequisites for a standalone Enterprise Vault Administration Console Additional requirements for Exchange Server archiving What next?
Windows Server 2003, Windows 2000 (with Service Pack 3 or later), Windows XP Professional (with Service Pack 2 or later), or Windows 2000 Professional (with Service Pack 3 or later). MDAC 2.6 or later. A suitable version is installed automatically with Windows Server 2003. IIS 5 or later. Both Microsoft .NET Framework v 1.1 and Microsoft .NET Framework v 2.0. You need to install both versions of Microsoft .NET Framework.
104
Prerequisites for a standalone Enterprise Vault Administration Console Additional requirements for Exchange Server archiving
Administration tools for Windows Server 2003 or Windows 2000. These are not required if you have installed Windows Server 2003 or Windows 2000 Server on the standalone console computer. The Administration Tools for Windows Server 2003 require Windows XP Professional or later.
Server Manager for Exchange 2000 or Exchange Server 2003. The version you will require depends on the operating system running on the Enterprise Vault computer and the version of Exchange being managed. See the Enterprise Vault Compatibility Charts. Outlook 2003.
What next?
Ensure that you review all the additional prerequisite information for your planned installation. If you have reviewed all the prerequisite information, then you can install and configure the Administration Console. See Before you install Enterprise Vault on page 111.
Section
Licenses and license keys Installing Enterprise Vault Postinstallation tasks Configuring Enterprise Vault Initial Enterprise Vault setup Uninstalling Enterprise Vault
106
Chapter
12
Overview of licensing Obtaining license keys Installing Enterprise Vault license key files Replacing licenses and installing additional licenses What next?
Overview of licensing
Enterprise Vault uses the Enterprise Licensing System (ELS). To run the associated Enterprise Vault services, you must install a license key file that covers the Enterprise Vault features that you want to implement. The following types of Enterprise Vault license are available:
Production license. This license comprises a product base license and any additional feature licenses. When the license file is installed, the functionality of Enterprise Vault depends on the feature licenses that you have purchased. Production licenses generally do not have an expiry date. Trialware license. With this 30 day license, the full functionality of Enterprise Vault is available, but the functionality is time-limited, as defined by the key. When the license expires, the software continues to run in restricted, read-only mode, which allows archived items to be viewed and retrieved, but no items can be archived. Enterprise Vault tasks will not start, and you cannot migrate the contents of personal folder (PST) files to Enterprise Vault. Temporary licenses. Temporary licenses are available for 10 day to 90 day duration.
108
When the license expires, the software continues to run in restricted, read-only mode, which allows archived items to be viewed and retrieved, but no items can be archived. Enterprise Vault tasks will not start, and you cannot migrate the contents of personal folder (PST) files to Enterprise Vault.
Enterprise Vault core services Exchange Server mailbox archiving Exchange Server journal archiving Domino Server journal archiving Domino Server mailbox archiving Exchange Server public folder archiving Migrating PST files SharePoint Server archiving Archive Explorer Offline Vault File System Archiving (FSA) SMTP archiving Policy Manager (EVPM) Custom filters and properties Migrating collected Enterprise Vault files
Note that other Enterprise Vault tools and features that are not mentioned in this guide may also need licenses. After you have purchased licenses and received your License Certificate, Voucher Document, or Upgrade Notification, you need go to the Symantec Licensing Portal at the following address:
Licenses and license keys Installing Enterprise Vault license key files
109
https://licensing.symantec.com/acctmgmt/index.jsp to register and generate your license key file. You will need the serial number on the license document or notification in order to generate a Symantec Licensing Portal account. When you have generated a license key file, you download a zipped and digitally-signed ELS license file. The ELS license file has a unique name and the extension .slf. Each license file can contain the license keys for several Enterprise Vault features. For information about generating license key files, contact Symantec Customer Care at the following address: http://www.symantec.com/enterprise/support/index.jsp
110
1 2 3 4 5
Place the new .slf license file in the Enterprise Vault folder (typically C:\Program Files\Enterprise Vault). Restart the Enterprise Vault Admin service. The service moves any license files it finds in the Enterprise Vault folder to the Installed Licenses folder under the Enterprise Vault folder. The Admin service writes a license information report message to the event log. For a multi-server Enterprise Vault deployment, you must repeat the steps on each Enterprise Vault server.
What next?
You can augment your Enterprise Vault functionality by obtaining additional appropriate licenses and keys from your supplier and then installing the new keys. If you have obtained temporary or trialware licenses, the license keys will expire at the end of the license period and Enterprise Vault will revert to running in restricted, read-only mode. The features will be enabled when you install new production license keys.
Chapter
13
Before you install Enterprise Vault Installing Enterprise Vault What next?
1 2 3 4 5 6
Restart the IIS Admin Service, and ensure it is running. Log in to the Vault Service account to install Enterprise Vault. Load the Enterprise Vault CD-ROM into your CD-ROM drive. Double-click Admin Documentation link in the top-level folder to display the Enterprise Vault administrator documentation. Click the ReadMe link to display the ReadMe text and read it before continuing with the installation. Open the Enterprise Vault folder.
112
7 8 9
Open the Server folder. Double-click SETUP.EXE to start the installation. Install the required Enterprise Vault components for this computer. The core components for an Enterprise Vault server are as follows:
Enterprise Vault Services. Installs all the core Enterprise Vault services. After the installation, you must configure the services before using them. This is done when you run the Enterprise Vault configuration wizard. See About configuring Enterprise Vault on page 123. Administration Console. Installs the Administration Console. This is a snap-in to the Microsoft Management Console (MMC) that enables you to manage Enterprise Vault. This component also installs the Enterprise Vault configuration wizard and the PST Migrator. If you want to install a standalone Administration Console on a remote system, then select this component only.
A number of other components can be installed as required, if their prerequisites are met. Some of these components are listed only if certain software is present:
SMTP Archiving Components, Exchange Server Extensions and Microsoft SharePoint components are usually installed on computers other than the Enterprise Vault server. For details, see the appropriate section elsewhere in this manual. Enterprise Vault Operations Manager must be installed on at least one Enterprise Vault server in your site if you wish to use it to monitor the Enterprise Vault servers in that site. Enterprise Vault Reporting is listed for selection only if Microsoft SQL Server Reporting Services (SSRS) are installed on the computer. Enterprise Vault Reporting can be installed on an Enterprise Vault server, but is more typically installed on a separate server running SSRS.
What next?
You must run the appropriate configuration programs to configure the Enterprise Vault components you have installed. See About configuring Enterprise Vault on page 123.
113
You must perform the postinstallation tasks described in the next chapter before you start the Enterprise Vault Administration Console. If the installation was unable to configure the security for the Web access application, you must configure it manually.
114
Chapter
14
Postinstallation tasks
This chapter includes the following topics:
Security for the Web access application Customizing security for the Web access application Customizing security on the client computers What next?
A user logging in with a browser that supports Integrated Windows Authentication, such as Internet Explorer, must supply domain name and username separately: Username: username Password: password Domain: domain This domain can never be defaulted. An Internet Explorer user with suitably-customized browser settings does not need to supply logon details manually because the logon is automatic; Internet Explorer automatically uses the details of the account to which the user is currently logged on. See Customizing security on the client computers on page 119.
116
A user logging in to the Web access application with a browser that does not support Integrated Windows Authentication, must supply both domain name and username in response to a single username prompt: Username: domain\username Password: password It is possible for you to set up a default domain. See Using a default domain with basic authentication on page 117.
For other Web access application security options, see Customizing security for the Web access application.
1 2 3 4 5 6 7 8 9
Log in to the IIS computer as Administrator. Click Start > Programs > Administrative Tools > Internet Services Manager. Expand the container for the Enterprise Vault Web access application computer. Expand the Default Web Site container. Right-click the EnterpriseVault folder and, on the shortcut menu, click Properties. Click the Directory Security tab. In the Anonymous access and authentication control section, click Edit. Clear the Anonymous access check box. Select Basic authentication. A security message appears, warning about transmitting passwords without encryption. Click Yes to continue. Note the following:
If all clients will be using Internet Explorer, you can clear Basic authentication. If any clients will be using other Web browsers, make sure that Basic authentication is selected.
117
Do not add a domain name in Basic authentication unless you also create a WebApp.ini file as described in Using a default domain with basic authentication.
10 Select the Integrated Windows Authentication check box. 11 Click OK. 12 Click the Virtual Directory tab. 13 On Windows 2000 only, click Create. The path to the Web access application
is now set up.
14 Click Configuration. 15 Click the App Options tab. 16 Increase the ASP Script Timeout. A value of 900 seconds is normally
sufficient. This increase in the ASP script timeout is so that users can restore baskets containing large numbers of items.
17 Click OK.
On Windows 2000, if there is a prompt about Inheritance Overrides, click Select All and then OK.
118
domain name when starting the Web access application. Users in other domains must still specify a domain name.
1 2 3 4 5 6 7 8 9
Click Start, Programs, Administrative Tools, Internet Information Services (IIS) Manager. Expand the Web Sites container for the Enterprise Vault Web access application computer. Expand the Default Web Site container. Right-click the EnterpriseVault folder and, on the shortcut menu, click Properties. Click the Directory Security tab. In the Authentication and access control section, click Edit. Clear Enable anonymous access if it is selected. If Basic authentication is not already selected, then select it. To select the default domain, click Select on Windows Server 2003, and click Edit on Windows 2000. that will be using the Web access application and click OK. If there is a prompt about Inheritance Overrides, click Select All and then OK.
10 Enter the name of the domain that contains the majority of the user accounts
119
To set up the Web access application so that it uses the same default authorization domain as you have set up in IIS
Use a text editor to create an initialization file called WebApp.ini, containing the following line:
Domain=DomainName
where DomainName is the name of the domain that you have specified in IIS for Basic authentication. Note that entries in this file are case-sensitive. For example, to use a domain called myDomain, the line to use is as follows:
Domain=myDomain
Save the file in the Enterprise Vault program folder, normally C:\Program Files\Enterprise Vault, on the computer that runs the Web access application.
Using the proxy bypass list Explicitly naming the Web access application computer
See the Internet Explorer help if you need more information on configuring browser security.
120
1 2 3 4 5 6 7 8 9
In Internet Explorer, click Tools and then Internet Options. Click the Security tab and then click the Local Intranet zone. Click Sites and then select Include all sites that bypass the proxy server. Click OK. Click Custom Level. Under Logon, select Automatic logon only in Intranet zone. Click OK. Click the Connections tab, and click LAN Settings. Check that a proxy server is being used. sure that the Web access application computer is in the automatic configuration exceptions list.
1 2 3 4
In Internet Explorer, click Tools and then click Internet Options. Click the Security tab and then click the Local Intranet zone. Click Custom Level. Under Logon, select Automatic logon only in Intranet zone and then click OK.
121
5 6
Click Sites and then Advanced. In the Add this Web site to the zone box, enter the fully-qualified domain name of the Web access application computer and then click Add. For example, vault.company.com. In the Add this Web site to the zone box, enter the computer name, without the DNS domain, of the Web access application computer and then click Add. Click OK.
7 8
1 2 3 4
Click Start, Programs, Administrative Tools, Local Security Policy. The Local Security Settings window appears. Expand the Local Policies container. Click User Rights Assignment. Set up Basic authentication access by following the steps below in the order listed:
(On Windows 2003) In the right-hand pane, right-click Allow log on locally and, on the shortcut menu, click Properties. The Local Security Policy Setting window appears. (On Windows 2000) In the right-hand pane, right-click Log on locally and, on the shortcut menu, click Security. The Local Security Policy Setting window appears. Check that the Users group appears in the list.
122
(On Windows 2000) Check that Local Policy Setting is selected. If Local Policy Setting is not selected, add it.
Set up Integrated Windows Authentication access by following the steps below in the order listed:
In the right-hand pane, right-click Access this computer from the network and, on the shortcut menu, click Properties (on Windows Server 2003) or Security (on Windows 2000). The Local Security Policy Setting window appears. Check that the Users group appears in the list. (On Windows 2000) Check that Local Policy Setting is selected. If Local Policy Setting is not selected, add it. If you do not want to add the Users group, see the other options below.
By default, the Users group includes Domain Users. If the Users group does not include Domain Users, or if some Web access application users are in a different domain, you must do one of the following:
Add the Web access application users to the Users group. Add the Web access application users to some other group and then grant the access right to that group. Grant the access right to each Web access application users account.
The Enterprise Vault Web access application is now set up and ready to be used by users in the same domain as IIS.
What next?
You have now completed the post-installation tasks. Ensure that you have the required Enterprise Vault licenses installed. If you have not yet run the Enterprise Vault configuration wizard, you can run it now. If you have already run the Enterprise Vault configuration wizard, then start to set up your Enterprise Vault server using the Administration Console.
Chapter
15
About configuring Enterprise Vault Running the Enterprise Vault configuration wizard Configuring Enterprise Vault Operations Manager Configuring Enterprise Vault Reporting What next?
If you installed the Enterprise Vault Services component, you must run the Enterprise Vault configuration wizard before running any other configuration programs. See Running the Enterprise Vault configuration wizard on page 124. If you installed the Enterprise Vault Operations Manager component, you must configure Enterprise Vault Operations Manager. See Configuring Enterprise Vault Operations Manager on page 129. If you installed the Enterprise Vault Reporting component, you must configure Enterprise Vault Reporting. See Configuring Enterprise Vault Reporting on page 131.
124
If you installed only the Administration Console component, you do not need to run any configuration program. If you installed components for specific archiving implementations such as Exchange, Domino, SharePoint or SMTP, you may need to perform separate configuration steps for those components. See the relevant section elsewhere in this manual.
If you run the configuration wizard immediately after the installation, remember that there are some additional tasks that you need to do before users can use Enterprise Vault. See the previous chapter for details. If you exit from the configuration wizard before configuration is complete, you can run the configuration wizard again and have the option to delete the Directory database. Once you have successfully completed the configuration wizard, you cannot run it again on the same computer.
Select which SQL Server you want to use for the Enterprise Vault Directory database. Create the Enterprise Vault Directory database. Create the Enterprise Vault Monitoring database. Create an Enterprise Vault site. Add the computer to the site. Select the Enterprise Vault services you want to run on the computer. Choose the storage areas to use for Enterprise Vault data.
125
Some tasks, such as adding a service or assigning storage areas for the data, can also be done using the Enterprise Vault Administration Console. However, the following tasks can only be done using the configuration wizard:
Creating a new Enterprise Vault Directory Creating a new Enterprise Vault site Adding a new Enterprise Vault server
Click Start > Programs > Enterprise Vault > Enterprise Vault Configuration. The Configuration wizard starts. The first screen asks whether you want to create a new Enterprise Vault Directory database.
Click Yes and then Next. The wizard asks you to select the language you want Enterprise Vault to use when populating the default settings in the Administration Console.
Select the required language and then Next. The wizard asks for details of an account for Enterprise Vault services to use.
126
Enter the details of the Vault Service account that you created earlier. See Creating the Vault Service account on page 44. You must use the format domain_name\username when you specify the account. Alternatively, browse for the Vault Service account. Enter the password for the Vault Service account and confirm it.
Click Next. A warning message is displayed if the account you are using does not have sufficient privileges to validate the password to the Vault Service account. Click Yes to continue. A message tells you that the Vault Service account has been added to the local Administrators group. Click OK to close the message. A second message notifies you that the account will be given the advanced user rights, Log On As a Service and Act as Part of the Operating System, Debug programs, and Replace a process-level token. Click OK to close the message. The configuration wizard creates the Directory service and then the next screen asks for the location of the SQL Server that you want to use for the Directory database.
6 7
Enter the location of the SQL Server that you want to use. You can specify a SQL Server instance if required. Click Next. The wizard shows the default locations for the Directory database files and transaction log.
Change the locations if necessary. If you have specified that SQL Server is on a remote computer, the paths for the data file and transaction log file must be valid on that remote computer.
Click Next. The wizard creates the Directory database. The next screen asks for the location of the SQL Server that you want to use for the Monitoring database.
10 Enter the location of the SQL Server that you want to use. You can specify a
SQL Server instance if required. Leave Start Monitoring immediately selected to begin monitoring as soon as the configuration is complete on this Enterprise Vault server.
127
11 Click Next.
The next screen shows default locations on the SQL server for the Monitoring database files and transaction log.
13 Click Next.
The wizard creates the Monitoring database. The next screen asks for details of the new Enterprise Vault site.
14 Enter a name and description for the new Enterprise Vault site. 15 Enter the Enterprise Vault site alias that you created earlier.
For more information about the Vault site alias, see Enterprise Vault site alias.
16 Click Next.
The next screen asks for a DNS alias for current computer (the Enterprise Vault server alias). See Enterprise Vault site alias on page 47. You are recommended to enter a DNS alias, but you can, if necessary, enter the computers fully-qualified DNS name.
17 Enter a DNS alias for the current computer and click Next. 18 Click Next to add the computer to the Enterprise Vault site.
An information screen lists software that is installed on your computer. Based on this list, the wizard automatically selects Enterprise Vault services to add to your computer.
19 Click Next. The list shows the services that will be added to your computer. 20 Check the list of services. If there are services in the that you do not need,
you can remove them now.
21 To add additional services to this computer, click Add and select the service
that you want to add.
22 Once you have the correct list of services, click Properties for each service
and review the settings. Change the settings as necessary.
128
23 When you have finished reviewing the services properties, click Next.
The default storage locations for the Shopping service and the Indexing service are displayed.
24 Check that the storage locations are suitable. Click Back if you want to change
them. Note the following points:
You must ensure that the default index storage location is on an accessible device and that the Vault Service account can write to it. With Exchange Server archiving, Enterprise Vault adds information about the index storage location to the Directory database when you enable mailboxes. You cannot easily change the index storage location for mailboxes after you have enabled them. However, you can use the Administration Console to change the index storage location, or add further locations, before you enable any mailboxes.
25 If you do not want to change the default locations for the Indexing and
Shopping services, click Next. If you do want to change the locations, click Back, select the service that you want to modify and click Properties to change the location. The next screen asks for details of the service mailbox.
129
Note: Remember that you can run the configuration wizard successfully only once on a computer. If you exit the configuration wizard after successfully configuring Enterprise Vault, you cannot run the wizard again. To do any further setup or management of the Enterprise Vault components, other than that related to Enterprise Vault Operations Manager or Enterprise Vault Reporting, you must use the Administration Console.
130
1 2
Ensure you are logged in under the Vault Service account. Click Start > Programs > Enterprise Vault > Operations Manager Configuration. The Operations Manager Configuration utility starts.
Provide the details of the monitoring user account you have created for Operations Manager to run under. Enter the Active Directory domain, the user name, and the password for the monitoring user account.
Click Configure to run the utility. The utility gives the account the required permissions, and adds the user to the EnterpriseVaultDirectory database as the monitoring user.
When the utility has finished, click OK on the displayed dialog to quit the utility.
Note: If you ran this utility to update the details of the monitoring user account, remember to rerun the utility on any other Enterprise Vault server with Operations Manager installed. You can now try accessing Operations Manager to confirm it has been successfully installed and configured.
131
where host_ipaddress is the IP address of the computer hosting an Enterprise Vault server on which the Enterprise Vault Operations Manager Web application feature is installed. Alternatively, if you are accessing Operations Manager from the computer on which it is installed, you can use the following URL, which does not require the next step:
http://localhost/MonitoringWebApp/default.aspx
In the Connect to <IP Address> dialog, enter the user name and password of an account in the host computers domain. If you wish, you can use the user credentials created for use by Operations Manager as part of the Operations Manager installation prerequisites. Then click OK. If the user credentials are valid, Operations Manager displays its Site Summary page.
Confirm that you have satisfied all the pre-installation steps described in About additional requirements for Operations Manager. Check that IIS 6 is not locked down. Ensure that Integrated Windows Authentication is enabled for the default Web site in IIS 6, then restart IIS.
If this does not solve the problem, see the following TechNote on the Enterprise Vault Support Web site: http://entsupport.symantec.com/docs/288138. The TechNote provides detailed troubleshooting information related to installing and using Operations Manager.
132
1 2
Ensure you are logged in under the Vault Service account. Click Start > Programs > Enterprise Vault > Reporting Configuration. The Reporting Configuration utility starts.
Configure Reporting and deploy or upgrade reports. Select this option to do either of the following:
Configure Reporting and deploy the reports on this server, Deploy new and upgraded Enterprise Vault reports, after performing an upgrade of Enterprise Vault.
Reconfigure data access settings for Reporting. Select this option to change the details of the reporting user account, or to specify a change in the location of the SQL server for the Enterprise Vault Directory database.
133
Provide the details of the reporting user account you have created for Reporting to run under: Enter the Active Directory domain, the user name, and the password for the reporting user account.
If you are using Microsoft SQL Server Reporting Services 2005, select the Microsoft SQL Server Reporting Services instance on which you want to deploy the reports. To deploy the reports on the default instance, select the instance name MSSQLSERVER. Select the language you want the reports to use. Select the Directory database SQL Server. If the server does not appear in the list, type in the name of the server.
6 7
Click Configure or Reconfigure to run the utility. When the utility has finished, click OK on the displayed dialog to quit the utility.
Now follow the postconfiguration steps for Enterprise Vault Reporting, if you are configuring Reporting for the first time.
Check that the reporting user account has an SQL logon on all the SQL servers used for:
The Enterprise Vault Directory database The Enterprise Vault Monitoring database The Enterprise Vault Audit database All Vault store databases
If a logon does not exist on all these SQL servers, create it.
Check that the SQL server role EVReportingRole has been added to each Enterprise Vault database, and that this role has been assigned to the reporting user. Microsoft SQL Server Reporting Services uses roles-based access for its reports. You need to assign the "Browser" role to user accounts that require access to Enterprise Vault Reportings reports on the Microsoft SQL Server Report Manager Web application.
134
Note: Some reports rely on Enterprise Vault Monitoring or Enterprise Vault Auditing being enabled in order to provide the source data. Monitoring may be enabled or disabled from the Enterprise Vault configuration wizard, or from the Enterprise Vault Operations Manager Web application, if it is installed. Auditing may be enabled from the Administration Console, as described in the Administrator's Guide. You can now try accessing Enterprise Vault Reporting's reports to confirm that Reporting has been successfully installed and configured.
where:
host_name is the fully qualified host name of the computer hosting the
or
http://alderaan.evdomain.com/Reports$MyInstance/
135
Enter the credentials of a user account that has been assigned "Browser" role access to Microsoft Reporting Services reports. See Postconfiguration steps for Enterprise Vault Reporting on page 133.
From the Reporting Services Web application Home page, select Symantec Enterprise Vault > language > Operation Reports . where language is the language. The Operation Reports folder contains the Enterprise Vault reports.
Select the required report from the list of available reports on the Operation Reports page. This generates a report using default values for the report parameters. To run the report again with your required parameter values, enter the parameter values and then click View Report.
Note: To run the FSA Data Analysis Reports, you must first configure FSA Reporting. See Configuring FSA Reporting on page 392.
What next?
If you have not already done so, perform the postinstallation tasks for the Enterprise Vault Web access application, if required, as described in the previous chapter. You can then continue with setting up the Enterprise Vault server from the Enterprise Vault Administration Console. To find out how to start the Administration Console, see Starting the Administration Console.
136
If you have another computer to add to the Enterprise Vault site, you must install all prerequisite software on that computer, install Enterprise Vault, and then follow the instructions in this chapter to configure it.
Chapter
16
License keys Using the Administration Console Adding services Creating retention categories Creating a default vault store and partition Reviewing the default settings for the site What next?
License keys
At the end of the configuration wizard you were asked to start the Enterprise Vault services. These services will not start until you have installed the appropriate license keys.
138
The Administration Console enables you to manage the Enterprise Vault sites, services, archiving tasks, policies and targets. If people are using separate administration consoles at the same time to make changes to Enterprise Vault, the changes made by one person are not necessarily shown in the other consoles. You are recommended to avoid using multiple consoles simultaneously when managing Enterprise Vault. If you do use multiple consoles, press F5 to refresh the Administration Console display before you make any changes.
Exchange Server mailbox names Archive names and descriptions The Web access application system message Retention category names and descriptions
Follow the steps below on each computer that is to run the Administration Console. To set up the Administration Console to display Japanese characters
139
In the Windows Control Panel, double-click Regional Options. On the General tab, under Language settings for the system, select Japanese if it is not already selected. Click OK.
On Windows 2003:
In the Windows Control Panel, double-click Regional and Language Options. In Regional and Language Options, click the Languages tab. Under Supplemental language support, select Install files for East Asian languages. There is an information message that tells you the files will be installed after you click OK or Apply. Click OK.
The values given here work well but, if you want to experiment with other settings, you can change the fonts while the Administration Console is running.
On the Windows Start menu, click Programs > Enterprise Vault > Administration Console. MMC starts and loads the Administration Console snap-in. The left pane of the main Administration Console shows you the hierarchy of components that make up your Enterprise Vault site. The right pane shows you the contents of whatever you select in the hierarchy.
To get help
To access online help for Enterprise Vault, click Help > Help on Enterprise Vault. This online help includes Enterprise Vault manuals. To find out more about MMC, click Help > Help on MMC in the MMC window. The MMC help appears.
140
Roles-based administration. Many administrative tasks do not require all the permissions that are associated with the Vault Service account. Roles-based administration enables you provide individual Enterprise Vault administrators with exactly the permissions required to perform their individual administrative tasks. You can assign individuals or groups to roles that match their responsibilities and they are then able to perform the tasks that are included in those roles. Because the permissions are associated with roles, rather than with individual administrators, you can control the role permissions without having to edit the permissions for each administrator. Admin permissions. You can grant or deny access to the following containers in the Administration Console tree:
File Server Exchange Server SharePoint Virtual Server Enterprise Vault Server
You can control access by assigning roles, or by using admin permissions, or both. When you install or upgrade to Enterprise Vault 7.0 only the Vault Service account has access the Administration Console. You can restrict the tasks administrators can perform by assigning roles and you can further restrict access by using admin permissions to restrict administrators to managing specific Administration Console containers. Roles-based administration enables you to use Microsoft Authorization Manager to configure the various administrator roles. All such configuration is performed using the Vault Service account. See Roles-based administration on page 39. For instructions on setting up roles-based administration, see the Administrators Guide.
141
Adding services
Use the Administration Console to add the following core Enterprise Vault services:
When creating services, you may be prompted for the password of the Vault Service account. The index storage location is on an accessible device to which the Vault Service account has write access. When you add archiving tasks, such as Exchange Mailbox or File System archiving tasks, they will run under the control of the Task Controller service. If you stop the Task Controller service, all tasks running under the control of this service will also stop. The same instructions can be repeated to add each of these services. To add a service
1 2 3
In the left pane, expand the Enterprise Vault site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Right-click the name of the computer to which you want to add the service and, on the shortcut menu, click New and then Service. The Add Service dialog box appears, listing the services you can add.
4 5
142
1 2 3
Expand the Enterprise Vault site hierarchy until Retention Categories is visible. Right-click Retention Categories. From the shortcut menu, select New > Retention Category. The New Retention Category wizard starts.
Work through the wizard. Click Help on any of the wizard screens if you need more information.
Description
Initial Enterprise Vault setup Creating a default vault store and partition
143
Retention period
This is the minimum amount of time to retain an item that has been archived using this retention category. The period runs from the date the item last changed, not from the date that the item is stored in an archive, as follows: For mail messages, the date is the date that the message was received. For documents, the date is the date the document was last modified.
Prevent deletion of Select this to prevent users deleting items that have been archived archived items in using this retention category. This protection applies during the this category retention period, and also after the retention period has expired. In other words, while this option remains selected, users can never delete items that have been stored using this retention category. This setting affects only those items that are stored in archives. It does not affect items that are still on archiving target servers. Hide this category Check this to prevent users using this category when archiving new from users items. The category is still available to users when they are searching for items that have already been archived. Enterprise Vault does not allow the site default retention category to be hidden from users. If you hide the site default retention category, Enterprise Vault automatically chooses another retention category and makes it the site default. Lock this Retention Category Administrative Note To prevent unintentional changes, check this to lock all the retention category settings.
For your notes. Edit this text as necessary. This text is visible only to Enterprise Vault administrators.
144
Initial Enterprise Vault setup Creating a default vault store and partition
storage media, if required, but only one partition is active at a time. You can create a new partition within a vault store as needed. The partitions within a vault store can be on different types of device; for example, you could have some partitions on NTFS and some on EMC Centera. You must create a vault store and a vault store partition before archives can be created. Archives may be created automatically by the archiving task, or manually, depending on the type of archiving and whether you configure auto-enabling of the archiving target. If archives are automatically created, then they are created in the default vault store. The default vault store can be set on the Enterprise Vault server. With Exchange Server archiving, the default vault store can also be set for the Exchange Server or for a Provisioning Group. Note: A vault store can have only one open partition, which is the partition into which all new items are archived. When you create a new partition, the wizard asks whether you want it to be open or closed. If you choose to create an open partition any existing open partition is automatically closed. On the partition properties you can configure and schedule the collection and migration of archived data files. Collection involves collecting multiple small files into CAB files. Migration involves moving the collected files onto longer term storage devices. See online help for details on setting these options. Other storage applications have been integrated with Enterprise Vault to enable the collection and migration of data files. Supported applications are listed in the Enterprise Vault Compatibility Charts. For instructions on how to configure collection and migration using other applications, see collection and migration articles on the Symantec support knowledge base. To create a vault store and partition
1 2
In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until Vault Stores is visible. Right-click Vault Stores and then click New > Vault Store. The New Vault Store wizard starts.
Work through the wizard. You will need to provide the following information:
The computer hosting the Storage service that the vault store is to use. The name of the vault store. The name can contain letters, numbers, and spaces.
Initial Enterprise Vault setup Reviewing the default settings for the site
145
The SQL server that is to create and manage the vault store database, and the locations for the database files. When safety copies are to be removed from the archiving target. This can be Never, After backup or Immediately after archiving. Some of these options are not available with some storage devices. See the online help for details.
When the vault store has been created, the wizard then takes you through creating a partition. You will need to provide the following information:
The partition name. Whether the new partition should be created open or closed. There can only ever be one open partition. If you create an open partition, all existing partitions are closed. The type of device on which the partition is to be created. You can select the required type of storage device from the drop-down list. The additional information that you need to provide will depend on which device you select. For help with the options, see the online help on the wizard pages. The location on the device for the vault store. This can be entered as an UNC address. The location must be empty. Whether to store a single copy of items that are shared by multiple users. Whether to use Security ACLs. This option does not apply to Centera devices. It is usual to create a vault store partition with security ACLs in the folders in the partition. Some optical devices, however, do not allow Enterprise Vault to add the ACLs.
1 2
In the Administration Console, expand the contents of the left pane until the Enterprise Vault site is visible. Right-click the Enterprise Vault site and then, on the shortcut menu, click Properties. Alternatively, select the site and click the Review site properties button on the toolbar.
Click Help on any of the Site Properties screens for further information.
146
Initial Enterprise Vault setup Reviewing the default settings for the site
Site properties include the following settings. Note that you can override some of these at a lower level. For example, you can override the site archiving schedule for a particular task by setting the schedule in the task properties. The indexing level can also be set at policy and archive level and the default retention category can be set at policy level (and at Provisioning Group level for Exchange Server mailbox archiving).
General
The site name and description. Whether users can delete items from their archive. The URL to use for the Web access application. PST holding area details. A system message for users, if required. A system message for administrators, if required.
The default indexing level. The schedule for running storage expiry to delete from archives any items that are older than the retention period assigned. If required, you can set limits on the size of archives.
Storage Expiry
The schedule for running automatic, background archiving. Performance counters for monitoring Enterprise Vault.
Click Help on any of the site properties screens for further information.
The default schedule, which is the one that you set in the site properties. This schedule applies to all archiving tasks in your Enterprise Vault site. The task's own schedule, which is the one that you set by editing its properties. You edit this schedule if you want to provide specific settings for that task, overriding those in the site properties.
Initial Enterprise Vault setup Reviewing the default settings for the site
147
1 2 3 4
In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the name of the site is visible. Right-click the site name and then click Properties. Click the Site Schedule tab. Modify the schedule as required. The online help gives detailed instructions on using the schedule page.
where EV_Webserver is the address of the Enterprise Vault server computer on which the Web access application is installed and location is the name of the virtual directory for the Web access application. For new installations this is always EnterpriseVault. For example:
http://our_EV_Webserver/EnterpriseVault
If you are implementing an environment with built in resilience, using building blocks, for example, you may prefer to modify the URL to be less computer-specific. If all Enterprise Vault servers must use the same virtual folder name, you can enter the URL as just the virtual directory. For example:
/EnterpriseVault
This forces Enterprise Vault to dynamically generate the URL as needed, with the appropriate server name for each user. If your IIS computer requires secure connections, using HTTPS, then you would change the above URL to:
https://our_EV_Webserver/EnterpriseVault
If you want to access the Web server using a port other than the default port, you can specify the port in the URL as follows:
https://our_EV_Webserver:port/location
For example, to access the Web access application on the Web server, EVWebserver1, using HTTPS and port 321, you would specify the URL as:
https://EVWebserver1:321/EnterpriseVault
148
What next?
Go to the appropriate section for further setup instructions for the type of archiving that you want to implement.
Chapter
17
If you uninstall Enterprise Vault on the primary Enterprise Vault server that is associated with the Directory database, the Directory database will also be removed. If you uninstall Enterprise Vault on a secondary Enterprise Vault server, the Directory database will not be removed. If you are uninstalling Enterprise Vault on a secondary Enterprise Vault server, and you want to preserve the Directory database, first backup the database and then close down the primary Enterprise Vault server computer, before uninstalling Enterprise Vault on the secondary Enterprise Vault server computer. If an Enterprise Vault service has data associated with it, you cannot use the Enterprise Vault Administration Console to remove that service.
150
1 2
From the Windows Control Panel, select Add/Remove Programs. From the list of programs, select Enterprise Vault, and then click Add/Remove. You are asked to confirm that you want to remove Enterprise Vault from your system.
Click Yes. The uninstaller stops Enterprise Vault services that are still running. It then removes all Enterprise Vault Services and Enterprise Vault software from your system. The uninstaller does not delete data.
1 2
Re-run the Setup program. You do not have to select the same installation folder for Enterprise Vault that you previously selected. Run the Enterprise Vault configuration wizard. When this program prompts you for a Directory Computer, give the same name as for the previous installation. The configuration wizard automatically creates the same services as the computer had before. If you do not want to reinstall Enterprise Vault, delete the Enterprise Vault data manually.
Section
Distributing Exchange Server Forms Setting up archiving from mailboxes Setting up users desktops Offline archives for offline users Setting up archiving from public folders Setting up archiving of journaled messages Envelope Journaling
152
Chapter
18
Install the forms in folders in the Organizational Forms Library on the Exchange Server. See Using Organizational Forms Library on page 153.. Allow the Outlook Add-in to store forms in each user's Personal Forms Library. See Using Personal Forms Libraries on page 157.
154
Distributing Exchange Server Forms About distributing the Microsoft Exchange forms
1 2 3
Click Start, Programs, Microsoft Exchange System Manager. Expand the Organization (Exchange) object. Expand your Administrative Group. If this is not available, right-click your Organization and select Properties. Then check Display Administrative Groups and click OK.
4 5 6
Expand Folders. Right-click Public folders and, on the shortcut menu, click View System folders. The right-hand pane displays the system folders. In the right-hand pane, right-click EFORMS REGISTRY and, on the shortcut menu, click New, and then click Organizational Form. A Properties window appears. Fill in the details on the Properties window. Under E-forms language, select the language that is appropriate to the forms you are going to install and then click OK to return to the Exchange System Manager screen. In the right-hand pane, double-click the EFORMS REGISTRY folder. Properties.
7 8
10 Right-click the folder you just created and, on the shortcut menu, and click 11 On the properties screen, click the Permissions tab. 12 Click Client Permissions. 13 Click Add. 14 Click a user name for the account that will be the owner of the forms. This
will usually be the Enterprise Vault Service account.
15 Click the Roles down arrow and, in the list, click Owner. 16 Click OK to return to the Properties screen.
Distributing Exchange Server Forms About distributing the Microsoft Exchange forms
155
Click Start, point to All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Shell. Run the following command at the Exchange Management Shell prompt:
New-PublicFolder -Path "\NON_IPM_SUBTREE\EFORMS REGISTRY" -Name "Enterprise Vault Forms (English)"
The name given here is just an example. Repeat this command to create a folder for each language that you want to publish.
Use an account that belongs to the Exchange Administrators Group to log on to an Enterprise Vault server that has Outlook 2003 installed. Configure a new mail profile and start Outlook. If the public folder store does not appear within a few seconds, you may need to wait for Exchange Server to update. Alternatively, restart the Exchange Server information store to force an update.
Add the PR_EFORMS_LOCALE_ID property to set language of the forms folder, as follows:
Start the Microsoft Exchange Server MAPI Editor (MfcMapi.exe) from the MFCMAPI folder. Select or create a MAPI profile as necessary. On the Session menu, click Logon and Display Store Table. On the MDB menu, click Open Public Folder Store, and then click OK. Expand Public Root, expand NON_IPM_SUBTREE, and then expand EFORMS REGISTRY. Click the public folder that you created in step 1. For example, click "Enterprise Vault Forms (English)". On the Property pane menu, click Modify Extra Properties. Click Add, and then click Select Property Tag. Click PR_EFORMS_LOCALE_ID in the list, and then click OK.
156
Distributing Exchange Server Forms About distributing the Microsoft Exchange forms
Click OK twice. A red mark is displayed next to the new PR_EFORMS_LOCALE_ID property. Double-click PR_EFORMS_LOCALE_ID. In the Unsigned Decimal box, type the locale ID you require, and then click OK. For example, type 1033 for English, or 1040 for Italian. To determine the locale ID for other locales, visit the following Microsoft Web site: http://msdn2.microsoft.com/en-us/library/aa579489.aspx Select PR_PUBLISH_IN_ADDRESS_BOOK, right click and select Edit Property, clear Boolean and then click OK. Exit MAPI Editor.
1 2 3 4 5 6 7 8 9
On the Outlook Tools menu, click Options. Click the Other tab. Click Advanced Options. Click Custom Forms. Click Manage Forms. On the right-hand side of the dialog box, click the Set button. Click Forms Library and select the name of your forms library. Click OK. Click the Install button. Select the Languages\Forms subfolder in the Enterprise Vault Program folder. you want to install.
10 Select the language folder that is appropriate to the language of the forms 11 Change the Files to type filter to Form Message (*.fdm)
157
13 Click OK. 14 Click the Install button. 15 Change the Files to type filter to Form Message (*.fdm). 16 Double-click EVShortcut.fdm and review the displayed properties to check
that this is the Enterprise Vault Shortcut.
17 Click OK. 18 Click the Install button. 19 Change the Files to type filter to Form Message (*.fdm). 20 Double-click EVPendingRestore.fdm and review the displayed properties to
check that this is the Enterprise Vault Restore Pending Item.
21 Click OK. 22 Click the Install button. 23 Change the Files to type filter to Form Message (*.fdm). 24 Double-click EVPendingDelete.fdm and review the displayed properties to
check that this is the Enterprise Vault Delete Pending Item.
25 Click OK.
What next?
You can now use the Enterprise Vault Administration Console to set up Exchange Server mailbox, journal or public folder archiving, as required.
158
Chapter
19
Vault store and partition Defining archiving policies Adding Exchange Server archiving targets Adding an Exchange Provisioning task Adding an Exchange Mailbox archiving task Reviewing the default archiving settings for the site Using customized shortcuts Controlling the appearance of desktops Editing automatic messages Starting the Task Controller service and archiving task Enabling mailboxes for archiving Installing the Outlook Add-Ins on a server Users tasks
160
1 2 3
Expand your Enterprise Vault site. Click Policies > Exchange > Mailbox. Right-click Default Exchange Mailbox Policy in the right pane and select Properties. You can modify the properties of this policy, as required, and also create new policies.
1 2 3 4
In the Administration Console, expand your Enterprise Vault site and then click Policies, Exchange, Mailbox. Right-click the Mailbox container and select New, Policy to launch the new policy wizard. The new policy is displayed in the right pane. To adjust the policy properties, right-click the policy and select Properties.
Indexing level
On the General page of the properties you can define the required indexing level for the group of mailboxes to which the policy is assigned. The level of indexing defines what users can filter on when searching for archived items. With brief
161
indexing, only information about the item, such as the subject and author, can be searched. With medium indexing you can also search on the content of each item, excluding phrase searches. Searching content for phrases is only available with full indexing. You can set a default indexing level for the site, in site properties, and then override this in the mailbox policies, for particular groups of mailboxes, or in the archive properties, for particular users.
Default value
2 weeks
Large items
Whether to archive larger items Not set. before smaller items and, if so, the minimum size of the items that are given priority. Archiving is based on the period of time since an item was modified. The time period is six months. Setting is locked. Not set.
Archiving strategy Whether to archive based on the period of time since an item was modified, or based on the percentage of the mailbox storage limit that is released. Archive messages Archive an item only if it has an with attachments attachment, assuming all other only archiving criteria are met. Note that this is not the same as archiving attachments only. See the Administrators Guide for more details.
162
Create shortcut to After it has been archived, the item in the mailbox is replaced with a archived item after shortcut. archiving Setting is locked. Archive unread items Overall lock Unread items in the mailbox are not archived. Setting is locked. Force users to use the policy settings for mailbox archiving. This locks the settings in the Archiving Actions section and the Archiving Strategy setting on the Archiving Rules tab.
Shortcuts tab
Table 19-3 describes the settings on the Shortcuts tab, with which you can control the size and behavior of Enterprise Vault shortcuts. Table 19-3 Setting
Include recipient information in shortcut
Default value
Shortcuts include recipient information.
163
How much of the message body to None store in shortcuts. Regardless of the setting value, the full message, with attachments, are still stored in the archive. None. None of the message text is stored in the shortcut. Use message body. Shortcuts contain all of the message body text, but no attachments. Customize. Select the amount of text and links that you want included in shortcuts. See Using customized shortcuts on page 171.
Whether double-clicking a Show contents. shortcut displays the contents of the original item or the properties of the shortcut.
The file, ShortcutText.txt, is required if you configure customized shortcuts. You can also use this file to process standard shortcuts for untitled attachments. See Using customized shortcuts on page 171.
Advanced tab
The list shows settings that you can use to tune various settings. These settings are applied by any task that uses this policy. You can create another policy if you require more than one version of these settings.
164
Outlook. Settings that control features and functionality available on user desktop computers. Offline Vault. Settings that control the behavior and availability of the Enterprise Vault offline vault feature. OWA. Settings that control the behavior and availability of Enterprise Vault features in OWA 2007 and OWA 2003 clients. Information about each setting is given in the online help and in the Administrators Guide. Reset All This returns all the settings in the list to their default values. There is a confirmation prompt that asks if you are sure you want to reset all the values. Enables you to change the value for the selected setting. You can also double-click the setting to modify it. A brief description of what each setting controls.
Modify
Description
Targets tab
Later, when you create provisioning groups to add mailboxes as archiving targets, you will assign the required Exchange mailbox policy to each group. The associated provisioning groups will then be displayed in the Targets page of the policy.
Deletes shortcuts that are older than the age you specify on this page. Deletes orphaned shortcuts. These are shortcuts to items that have been deleted, typically by a user, from an archive.
Shortcut Deletion takes place according to the schedule that you define on the Shortcut Deletion tab of the Exchange Mailbox task. Table 19-5 describes the available settings.
165
Delete shortcuts in Setting this makes Enterprise folders Vault delete shortcuts that are older than the age you specify. This does not affect the corresponding archived items. Users can still search for the archived items. For example, you could choose to delete all shortcuts older than 12 months, but retain archived items for several years. Delete orphaned shortcuts This setting makes Enterprise Vault delete shortcuts in mailboxes if the corresponding archived item has been deleted. If you use shortcuts that contain text from the original message, those shortcuts might be useful to users even though the archived items have been deleted. However, deleting large shortcuts will regain space in the Exchange Server store.
Not selected
166
To add a domain
1 2
In the left pane of the Administration Console, expand Targets. Right-click Exchange and, on the shortcut menu, click New and then Domain. The New Domain wizard starts
Work through the wizard. You will need the following information:
The name of the domain containing the Exchange Servers that you want to archive. Enterprise Vault attempts to find the Global Catalog automatically. This is recommended. However, you can optionally specify a Global Catalog server, if required.
1 2 3
In the left pane of the Administration Console, expand Targets. Expand the Exchange domain that you added. Right-click Exchange Server and, on the shortcut menu, click New and then Exchange Server. The New Exchange Server wizard starts.
Work through the wizard to add the Exchange Server. You need the following information:
The name of the Exchange Server. Optionally, the wizard enables you to create Exchange Server archiving tasks for user mailboxes, journal mailboxes and public folders. If you create an Exchange Mailbox task, there must also be an Exchange Provisioning task for the domain. If one does not exist, an Exchange Provisioning task for the domain is created automatically when you select the Exchange Mailbox task check box. The name of the Enterprise Vault server on which you want the tasks created, if not the local computer. The name of the system mailbox to be used to connect to the Exchange Server. See The Enterprise Vault system mailbox on page 59.
167
Windows group Windows user Distribution Group (the Active Directory Group type, Distribution) Organizational Unit LDAP query Whole Exchange Server organization
Note: A mailbox must be part of a provisioning group before you can enable that mailbox for archiving. Provisioning groups are processed, and mailboxes enabled by the Exchange Provisioning Task. To add a Provisioning Group
1 2 3
In the left pane of the Administration Console, expand Targets. Expand the Exchange domain that you added. Right-click Provisioning Group and, on the shortcut menu, click New and then Provisioning Group. The New Provisioning Group wizard starts.
Work through the wizard to add a Provisioning Group. You need the following information:
The domain containing the Exchange Servers that you want to archive. The Exchange Mailbox and PST Migration policies to apply The default retention category to apply, when archiving from the mailboxes. The wizard enables you to create a new retention category, if required.
168
Whether you want Enterprise Vault to enable new mailboxes for archiving automatically. A new mailbox is one that is new to Enterprise Vault. When you first start using Enterprise Vault, all the mailboxes are new. With auto-enabling set, all existing mailboxes are enabled when the Exchange Mailbox Task next runs. All mailboxes created in the future will also be enabled and the associated archives automatically created. You can use the Disable Mailbox wizard to explicitly disable individual mailboxes. This prevents the mailbox being enabled automatically, so the mailbox is never archived unless you choose to enable it. If auto-enabling is selected, whether to initially suspend archiving. This means that archiving of the mailbox does not start until the user enables it. This gives the users the opportunity to change archiving defaults, if required, before archiving begins. The default vault store in which the mailbox archives are to be created by Enterprise Vault. If mailboxes in the provisioning group are automatically-enabled for archiving, the vault store will be used for any future mailboxes added to the provisioning group. If you do not explicitly set the vault store for the provisioning group, the default vault store setting is inherited from the Exchange Server properties. If the vault store is not specified in the Exchange Server properties, then the setting in the Enterprise Vault server properties is used. The default Indexing Service that will be used for mailboxes in the provisioning group that are automatically-enabled for archiving. If you do not explicitly set the Indexing Service for the provisioning group, the default Indexing Service setting is inherited from the Exchange Server properties. If the Indexing Service is not specified in the Exchange Server properties then the setting in the Enterprise Vault server properties is used.
169
1 2
In Administration Console tree, right-click the Provisioning Group container and select Properties. Use Move Up and Move Down buttons to rearrange the groups.
1 2 3 4
In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers. Expand the name of the computer on which you want to create a provisioning task. Right-click Tasks and, on the shortcut menu, click New and then Exchange Provisioning Task. The new task wizard starts.
Work through the wizard. You will need the following information:
170
To review the property settings for the task, double-click the task in the right-hand pane. You can modify properties such as the task schedule, the level of reporting required and whether to run the task in report mode. Whenever new mailboxes are added, they must be processed by the Exchange Provisioning task before they can be enabled.
1 2 3 4
In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers. Expand the name of the computer on which you want to create an archiving task. Right-click Tasks and, on the shortcut menu, click New and then Exchange Mailbox Task. The new task wizard starts.
Work through the wizard. You will need the following information:
The name of the Exchange Server to be archived The Enterprise Vault system mailbox to use
If an Exchange Provisioning task does not exist for the domain, then one will be created automatically.
1 2 3
In the Administration Console, right-click your Enterprise Vault site. On the shortcut menu, click Properties. Site properties include the following settings. Note that you can override some of these at a lower level. For example, you can override the site archiving
171
schedule for a particular task by setting the schedule in the task properties. The indexing level can also be set at policy level and the default retention category can be set at provisioning group or policy level.
General
The site name and description. The URL to use for the Web Access application. PST holding area details. A system message for users, if required. A system message for administrators, if required. The default retention category. The default indexing level. Whether users can delete items from their archive. Whether users can recover deleted items. The schedule for running storage expiry to delete from archives any items that are older than the retention period assigned. If required, you can set limits on the size of archives.
Archive Settings
Storage Expiry
The schedule for running automatic, background archiving. Performance counters for monitoring Enterprise Vault.
Click Help on any of the site properties screens for further information.
From and Subject information. Recipient information: To, CC, BCC. A banner containing a link to the complete archived item. No text from the message body. No list of attachments or links to attachments
172
You can change the settings so that shortcuts contain just as much information as you require. If you have users with IMAP, POP3 or Entourage clients, you probably want to customize shortcuts so that they contain links to archived attachments, because this enables the users to open attachments. Note that the changes you can make apply to shortcuts that are generated in the future, not to shortcuts that have already been created. Details of custom shortcut content are held in the file, ShortcutText.txt, in the Enterprise Vault folder (typically C:\Program Files\Enterprise Vault). On a new installation, an English version of this file is placed in the Enterprise Vault folder. Language versions of the file are available in the language folders under Enterprise Vault\Languages\ShortcutText. Note that this file may also be used to process untitled attachments in standard shortcuts. To define custom shortcut content
1 2
Locate the required language version of the ShortcutText.txt file (under Enterprise Vault\Languages\ShortcutText). Open ShortcutText.txt with Windows Notepad. and make any required changes to the file. See Layout of ShortcutText.txt on page 173.
3 4 5 6
Save the file as a Unicode file. Copy the file to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault). Copy the file to the Enterprise Vault program folder on all other Enterprise Vault servers in the Enterprise Vault site. Restart the Exchange Server archiving tasks (for mailboxes or public folders or both) to pick up the changes.
1 2 3 4
Start the Administration Console and go to the Shortcuts tab in the Exchange Mailbox Policy properties. Select Customize and then specify which options you want. Click Help on the tab for more information. Open the properties window for the Exchange Mailbox archiving task and click the Synchronization tab. Synchronize the Archiving settings for the required mailboxes.
173
Layout of ShortcutText.txt
ShortcutText.txt is laid out using the standard Windows .ini file format: [Section] Item1="value1" Item2="value2"
You can change any of the values within the file. Remember to enclose each value in quotes. For example:
"IPM.Task=This task has been archived. "
[Attachment table] The Title entry in this section specifies the text immediately before the list of attachments. The DefaultItemTitle entry is used to label any attachments that have no title of their own.
Figure 19-1 shows how the definitions in these sections affect a shortcut.
174
Figure 19-1
Structure of a shortcut
Automatically deploy Exchange forms for Enterprise Vault to the user's Personal Forms Library. Show or hide Enterprise Vault buttons and menu options, such as Archive Explorer, Search vaults, Store in vault and Restore from vault. Show or hide the Delete From Vault button.
175
Customize deletion behavior when the user deletes a shortcut. Permit or deny user access to the Enterprise Vault properties on Outlook folders and mailbox items. Enable users to search their offline or online archive using Windows Desktop Search.
Never: Never deploy forms locally. When no Org Forms: This is the default. Deploy forms only when there is no Organizational Forms Library available. Always: Always deploy forms locally. Delete: Always delete Enterprise Vault forms from the user's Personal Forms Library.
176
where lang indicates the language used. The Welcome message is in a file called EnableMailboxMessage.msg. To set up the Welcome message
1 2 3
Decide which language version of EnableMailboxMessage.msg you want to use and locate the file. Using a computer that has Microsoft Outlook installed, double-click the file EnableMailboxMessage.msg in Windows Explorer to edit the message. Review the text and make any changes that you require. If necessary, include instructions to users about how to install the Enterprise Vault Add-Ins on their computers. Save the message. Copy EnableMailboxMessage.msg to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault) on every Enterprise Vault server in the site.
4 5
where lang indicates the language used. The message files are called ApproachingArchiveQuotaLimit.msg and ArchiveQuotaLimitReached.msg.
Setting up archiving from mailboxes Starting the Task Controller service and archiving task
177
Decide which language version of the messages you want to use and locate the files, ApproachingArchiveQuotaLimit.msg and ArchiveQuotaLimitReached.msg. Using a computer that has Microsoft Outlook installed, double-click the files in Windows Explorer to open the messages. Review the text and make any changes that you require. Save the messages. Copy the two message files to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault) on every Enterprise Vault server in the site.
2 3 4 5
1 2 3 4 5
In the left pane of the Administration Console, expand the Enterprise Vault Servers container. Expand the computer to which you added the Task Controller service and then click Services. In the right pane, right-click Enterprise Vault Task Controller Service and, on the shortcut menu, click Start. In the left pane, click Tasks and ensure that the Exchange Mailbox archiving task has started. The task will run automatically at the times that you have scheduled. You can also force an archiving run by using the Run Now option, which is available on the Schedule properties page and on the menu when you right-click the task.
178
also force a run to process new mailboxes that have been added to provisioning groups. After Exchange Server mailboxes have been processed by the Provisioning task, they need to be enabled. This can be done automatically, when the Exchange Mailbox task runs, or manually. When an Exchange Server mailbox is enabled, a new archive is created for the mailbox in the vault store specified for the Provisioning Group. An archive has an associated account that is used for billing purposes, and one or more users who can access the information stored in it. To force the Exchange Provisioning task to process mailboxes
1 2 3 4
In the left pane of the Administration Console, expand Enterprise Vault Servers, and then your Enterprise Vault server. Click Tasks. In the right-hand pane, right-click the Exchange Provisioning task and select Properties. Check that the reporting level is as you require. Full reporting will list each mailbox that is processed, the provisioning group, Mailbox and PST policies assigned the username associated with the mailbox and the action taken. Summary statistics about the task run are included at the end of the report. You can configure the task to generate reports when the task is run in both report or normal mode.
5 6 7
In the right-hand pane, right-click the Exchange Provisioning task and select Run now. Select whether you want the task to run in report or normal mode. The task will then start processing the mailboxes in the provisioning groups. If you selected the option for mailboxes to be enabled for archiving automatically, they will be enabled the next time the Exchange Mailbox task runs. If you did not select the option to enable new mailboxes automatically, you must enable them manually.
In the Administration Console, click Enable Mailbox on the Tools menu or click the Enable Mailboxes for Archiving icon on the toolbar. The Enable Mailbox wizard starts.
Follow the instructions, and click Help on any of the wizard screens for further information.
179
1 2 3 4
Start the Enterprise Vault Administration Console. In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the Archives container is visible. Expand the Archives container to display the various archive types. Right-click Shared and then click New > Archive. The New Archive wizard starts.
Answer the wizard's questions to create the archive. You will be asked to provide the following information:
The vault store for the archive Indexing service and indexing level to use Billing account
1 2 3 4 5
In the left pane, expand the Enterprise Vault site hierarchy until the Archives container is visible. Expand the Archives container, and click Shared. In the right pane, double-click the name of the archive that you want to modify. Right-click the archive you want to change and then click Properties. Modify the permissions as required.
180
Users tasks
If you have set automatic enabling of mailboxes in the Provisioning Group, and you have chosen to initially suspend archiving, users must manually enable automatic archiving for their mailboxes. Instructions on how to turn on archiving for a mailbox are given in the online Enterprise Vault help in Outlook and also included in the Welcome message. How users turn on automatic archiving for their mailbox
1 2 3 4
Open Outlook. In the folder list view, right-click the Mailbox and then click Properties. Click the Enterprise Vault tab. Clear Suspend Enterprise Vault archiving for this mailbox.
Chapter
20
Outlook Add-Ins Making the HTTP-only Self-Installing Outlook Add-In available Forcing Outlook synchronize forms Getting users started What next?
Outlook Add-Ins
The following Enterprise Vault Add-Ins are available:
Outlook Add-In These extensions are available as an Microsoft Windows Installer (MSI) kit, and provide the full Enterprise Vault client functionality. Installer kits for the supported languages are located under Enterprise Vault 2007\Outlook Add-Ins\Outlook Add-In on the Enterprise Vault distribution media. HTTP-only Outlook Add-In These extensions are available as an Microsoft Windows Installer (MSI) kit, and provide the same functionality as the Outlook Add-In extensions, with the exception of access to Enterprise Vault properties on folders, and selecting the archive and retention category when archiving an item manually. Installer kits for the supported languages are located under Enterprise Vault 2007\Outlook Add-Ins\HTTP-only Outlook Add-In. HTTP-only Self-Installing Outlook Add-In These extensions are available as cab and html files. You can set up a web link that installs the files automatically when a user clicks the link. The extensions
182
provide the same functionality as the HTTP-only Outlook Add-In, with the exception of Windows Desktop Search (WDS) support, which is not included. Files for the supported languages are located under Enterprise Vault 2007\Outlook Add-Ins\HTTP-only Self-Installing Outlook Add-In\xx where xx denotes the language. If Outlook users access Exchange Server 2003 using RPC over HTTP, you will also need to configure Enterprise Vault access on the Exchange Server using the Enterprise Vault RPC server extensions. With Exchange Server 2007, Enterprise Vault server extensions are not required for RPC over HTTP connections. See About configuring RPC over HTTP access on page 261. Before users have access to Enterprise Vault features from within their Outlook, the Add-Ins must be installed on each desktop computer. There are various ways of distributing the Add-Ins. You could, for example, use one of the following methods:
Send users a shortcut to the required MSI kit. See Shortcut to the Setup file in the Welcome message on page 184. Deploy the MSI kit to desktop computers using a software distribution application, such as Systems Management Software (SMS) or Active Directory Group Policy. See Publishing the Add-Ins in Active Directory on page 184. Make the HTTP-only Self-Installing Outlook Add-In available from a link on a Web page, so that they can be installed automatically. See Making the HTTP-only Self-Installing Outlook Add-In available on page 185.
183
1 2 3 4 5
In the Administration Console, open the Advanced properties page of the Exchange Mailbox Policy. Select Offline Vault settings from the drop-down list. Set WDS search auto-enable to Force on. On the Synchronize page of the Exchange Mailbox task properties, synchronize the user mailboxes. When users next start Outlook, the policy changes are implemented. Users can then start Windows Desktop Search indexing items in their offline vault. See Configuring Windows Desktop Search on page 190. Note that to use Windows Desktop Search to search their offline archive, users do not require Administrator privileges on their desktop computer.
where path_to_installer is the path to the required language version of the Enterprise Vault Outlook Add-In and HTTP-only Outlook Add-In MSI file. To enable searches of online archives using Windows Desktop Search
1 2 3 4
To be able to use this feature, users must have Administrator privileges on their desktop computers. In the Administration Console, open the Advanced properties page of the Exchange Mailbox Policy. Select Outlook settings from the drop-down list. Set WDS integration to Full or Partial. You can also modify the settings WDS button and menu name and WDS search application to suit. For full details of these settings, see the online help or the Administrators Guide.
184
5 6
On the Synchronize page of the Exchange Mailbox task properties, synchronize the user mailboxes. When users next start Outlook, the policy changes are implemented. When they start Windows Desktop Search, users will see either a button or an option in the Locations menu for searching their online archive. If MSN Search Toolbar is installed, the online archive option is also added to the drop-down search locations menu.
1 2 3 4 5 6 7
Copy the appropriate MSI file from the Enterprise Vault distribution media to the network share from which you want it to be distributed: Click Start, Programs, Administrative Tools, Active Directory Users and Computers. In the left panel, navigate to the Organizational Unit to which you want to make the Add-Ins available. Right-click the Organizational Unit and, on the shortcut menu, click Properties. Click the Group Policy tab. Click New. Enter a name for the new Group Policy Object, for example, "EV Desktop Rollout".
Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available
185
8 9
Click Edit. The Group Policy window appears. In the left pane, under Computer Configuration, expand Software Settings. then Package.
10 Right-click Software installation and, on the shortcut menu, click New and 11 Type in the UNC path of the MSI file that you copied in step 1, for example,
\\mycomputer\distribute, and then click Open.
Place the language folder you want to use into an IIS Virtual Directory. Edit the Enterprise Vault Archived Item form to enable the automatic installation of the HTTP-only Self-Installing Outlook Add-In. By default, this is not enabled. Edit the Enterprise Vault Archived Item form to add the URL of the HTTP-only Self-Installing Outlook Add-In files. Check that the edited form works correctly. Publish the edited form in the Organizational Forms Library.
186
Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available
If you are implementing an Enterprise Vault building blocks solution, create the same Virtual Directory on each of the Enterprise Vault servers and copy the files to those Virtual Directories. This ensures that, in the event of a fail-over, the Add-In files will still be available for download.
1 2 3 4 5 6
On the Tools menu, click Options. Click the Other tab. Click Advanced Options. Click Custom Forms. Click Manage Forms. On the left-hand side of the dialog box, click the Set button.
Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available
187
7 8 9
Click Forms Library and select the Organizational Form Library folder that you created earlier, in About distributing the Microsoft Exchange forms. On the right-hand side of the dialog box, click the Set button. Click Forms Library and select Personal Forms.
10 In the list of Organizational Forms, select Enterprise Vault Archived Item. 11 Click Copy.
The Archived Item form is copied to your Personal Forms library.
12 Click Close and then exit from all the dialog boxes. 13 On the Outlook Tools menu, click Forms and then Design a Form. 14 Next to Look In, select Personal Forms Library. 15 Click Enterprise Vault Archived Item. 16 Hold down the Shift key and click Open.
The form opens, ready for you to make changes.
17 In Outlook 2007, click View Code. In Outlook 2003, click View Code on the
Form menu.
18 Scroll down the form to the Enterprise Vault Administrator section. 19 Find the following line:
Const USE_SELF_INSTALLING_USER_EXTENSIONS=False
188
Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available
22 On this line, change the URL so that it points to the IIS Virtual Directory that
contains the language folder with the downloadable files. For example, if the full URL of the folder that the files are in is:
http://server.mydomain.com/EVextensions/en
Close Outlook. Delete the Outlook file FRMCACHE.DAT. This is normally in C:\WINNT\forms\. Start Outlook.
Double-click a shortcut to an archived item. A message gives you the option of downloading the HTTP-only Self-Installing Outlook Add-In. Click Yes to download and install the software.
Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available
189
1 2 3 4 5 6 7 8 9
On the Tools menu, click Options. Click the Other tab. Click Advanced Options. Click Custom Forms. Click Manage Forms. On the left-hand side of the dialog box, click the Set button. Click Forms Library and select Personal Forms. On the right-hand side of the dialog box, click the Set button. Click Forms Library and select Organizational Forms.
10 In the list of Personal Forms, select Enterprise Vault Archived Item. 11 Click Copy.
The Archived Item form is copied to the Organizational Forms library.
How to Publish ActiveX Controls in Windows 2000 Using IntelliMirror (http://support.microsoft.com/?kbid=241163) HOWTO: Install ActiveX Controls in Internet Explorer Using the Active Directory (http://support.microsoft.com/?kbid=280579)
Note that, to permit the installation of the Self-Installing Outlook Add-Ins, each users Windows Server 2003 or Windows 2000 computer must have a registry value with a name of UseCoInstall under the following registry key:
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \Internet Settings \UseCoInstall
190
UseCoInstall can be any type of value and can contain any or no data.
1 2 3 4 5 6 7
Start Outlook. Click Tools > Send/Receive > Send/Receive Settings. Click Define Send/Receive Groups. Select All Accounts Online and Offline and click Edit. Select Synchronize Forms. Exit from Outlook and then restart it. Open an archived item. This automatically installs the forms.
191
their online archive (depending on the settings that you have configured in the Exchange Mailbox Policy). Before they can do this, they need to start Outlook and the Windows Desktop Search. They can use the following steps to check that the offline archive is configured in Windows Desktop Search indexing, and force Windows Desktop Search to index archived items. To check that offline vault is included in Windows Desktop Search
On the desktop computer, right-click Windows Desktop Search in the icon tray and select Desktop Search Options. (Alternatively, you can access Desktop Search Options from the Views icon in the Windows Desktop Search menu bar.) Select Custom folders and email locations and click Browse. In the Locations dialog, ensure that the evoffline entry is selected. Click OK. Click OK to close Windows Desktop Search options. When the computer is idle, Windows Desktop Search will update the index to include items in the offline archive. If required, you can force the Windows Desktop Search to update the index.
2 3 4 5 6
1 2 3
Right-click Windows Desktop Search in the icon tray and select Index Now. Indexing will begin and may take some time if you have a large offline archive. Select Index Status to check if indexing of offline archive items is finished.
What next?
You should now have a fully functioning Enterprise Vault system. You may find over time that you need to change some of the properties of Enterprise Vault to suit your requirements. For details about these and any other features of Enterprise Vault, refer to the online Help.
192
Chapter
21
About this chapter How the offline archive works Offline archive without Archive Explorer Offline archive with Archive Explorer Setting up offline archives
Provides instant access to archived items, even when the user is not connected to your corporate network. Is in addition to, not instead of, the normal, online archive. Works with both mailbox folders and public folders. Is useful to mobile users who use laptop computers. Such users are often used to synchronizing their offline and online folders. May be useful in normal offices if you need to conserve bandwidth or improve performance, because the retrieval of an archived item all takes place on the local computer.
194
Offline archives for offline users How the offline archive works
If the user does not have access to Archive Explorer, the offline archive relies on the user having shortcuts to archived items. When the user opens a shortcut, the Enterprise Vault client opens the copy of the archived item that is in the offline archive, rather than attempting to open the version archived online in the user's archive. If the item is not available in the offline archive the client gives the user the choice of downloading the item immediately or later. This mechanism means that the offline archive contains only items that were archived from one of the folders that the user synchronizes using Outlook synchronize; other folders are ignored. If the user has Archive Explorer, offline archive does not rely on shortcuts. Instead, the Enterprise Vault client downloads all items that are in the online archive.
This mechanism means that the offline archive contains a copy of everything that is in the online archive, regardless of which folder it was archived from.
A short while after Outlook starts, the Enterprise Vault client automatically begins checking through the offline folders, looking for the following:
Enterprise Vault shortcuts. If the corresponding items are not in the offline archive the client adds them to its download list. Items that will be archived from the mailbox fairly soon. These items are copied into the offline archive so that they will already be there when the items become shortcuts in the user's mailbox. These items have already been downloaded by the user as part of the Outlook synchronize, so the copy takes place on the users computer with no further download required.
When the Exchange mailbox items are archived and change to shortcuts, the next Outlook synchronize would delete the corresponding items from the local computer. Because the Enterprise Vault client has already taken copies, the items are available in the offline archive. When the user opens a shortcut in an offline folder, the Enterprise Vault client automatically opens the copy that is in the offline archive. If the item is not in the offline archive, the user is given the option of downloading it
Offline archives for offline users Offline archive with Archive Explorer
195
immediately, or later. If the user chooses later, then item is added to the download list with a high priority.
At some time, a download is started to update the offline archive. This is something that can be done at a time to suit the user, such as immediately after the normal Outlook synchronize. The download to the offline archive can be automatic or can be started by the user. If they want, users can change the order in which items are downloaded. They can also select individual items from the download list and download just those. The remaining items on the list will be downloaded when the user next does a full update of the offline archive.
Copies into the offline archive items that will soon be archived in the online archive. The copy takes place on the users computer with no further download required. Obtains a list of all items that need to be downloaded in order to bring the offline archive up to date and downloads them. The download to the offline archive can be automatic or can be started by the user.
If they want, users can change the order in which items are downloaded. They can also select individual items from the download list and download just those. The remaining items on the list will be downloaded when the user next does a full update of the offline archive. If a user has Outlook 2003 running in Exchange Cached Mode, items can be downloaded automatically at any time while there is a connection to Exchange Server. In order to do this, the user must have selected Download items automatically when online in Offline Vault Options.
196
suitable value of the desktop setting OVEnabled. If you leave the setting as it is, users can create their own offline archives. Note the following:
Users who do not have access to Archive Explorer always have shortcuts created in their mailboxes, regardless of any other setting. Users who do have Archive Explorer do not rely on shortcuts for offline access, so are not forced to have shortcuts created in their mailboxes. If users do not have access to Archive Explorer then they have no means of searching the offline archive. Such users must rely on Enterprise Vault shortcuts in order to access the offline archive. In this case, be careful not to have settings that automatically delete shortcuts too soon. Check your shortcut deletion settings, which are on the Shortcut Deletion tab of the Exchange Mailbox Policy Properties. When a user enables an offline archive, the offline archive is initially empty. The client scans the offline folders, copying some items into the offline archive and building a list of items to download. This can take some time if the user has a large OST file. If the scan is interrupted because the user exits from Outlook, the Enterprise Vault client continues the scan when Outlook is restarted. Because an offline archive is stored in a personal folder for each user, there is no problem with setting up offline archives for different people on the same computer.
Customizing clients
You can use the Offline Vault settings on the Advanced tab of the Exchange Mailbox Policy Properties dialog box to control the appearance and behavior of the Enterprise Vault client when an offline archive has been enabled. You can control the following:
The amount of feedback that the Enterprise Vault client gives to the user Which buttons and menu options are shown The behavior when archiving from synchronized mailbox folders The behavior when archiving from synchronized public folders Whether users can search items in their offline archive using Windows Desktop Search
Chapter
22
About archiving from public folders Vault store and partition Creating a public folder archive Adding a Public Folder task Public folder policy settings Adding public folder archiving targets Applying archiving settings to public folders Scheduling the Public Folder task Removing Public Folder targets
Add the Exchange Server computer to your organization, create a vault store, and add a Task Controller service. You created these when setting up archiving from mailboxes. Create a public folder archive, if required. Create new retention categories, if required.
198
Review the public folder policy settings. Add an Exchange Public Folder task. Add Public Folder Archiving Targets. Schedule the Exchange Public Folder task.
In order to set up Public Folder archiving, you must be logged in as an account that has appropriate Exchange Server permissions. The Vault Service account has the correct permissions. Alternatively, set up the account you want to use so that it has the correct permissions. See Assigning permissions on Microsoft Exchange Server on page 60.
1 2
In the left pane of the Administration Console, expand the Archives container. Right-click Public Folder and then, on the shortcut menu, click New > Archive. The New Public Folder Archive wizard starts.
Work through the wizard. You will need to provide the following information:
The Enterprise Vault Indexing service computer The indexing level to use for any items stored in this archive
199
1 2 3 4
In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the computer to which you want to add the Public Folder task. Right-click Tasks and then, on the shortcut menu, click New > Public Folder Task. The New Public Folder Task wizard starts.
Work through the wizard. You need to provide the following information:
The Exchange Server hosting the public folders. The name for the task. The Enterprise Vault system mailbox to use when connecting to Exchange Server. This can be the same system mailbox used by the Exchange Mailbox task.
General tab Archiving Rules tab Archiving Actions tab Shortcuts tab
200
Message Classes tab Advanced tab Targets tab Shortcut Deletion tab
General tab
Table 22-1 describes the settings on this tab, which you can use to override the indexing level for the target public folders. Table 22-1 Setting
Name and Description Indexing level
Default value
2 weeks
Large items
Whether to archive larger items Not set. before smaller items and, if so, the minimum size of the items that are given priority. Archiving is based on the period of time since an item was modified. The time period is six months. Setting is locked.
201
Archive messages Archive an item only if it has an with attachments attachment, assuming all other only archiving criteria are met. Note that this is not the same as archiving attachments only. See the Administrators Guide for more information.
Create shortcut to After it has been archived, the item in the public folder is replaced archived item after with a shortcut. archiving Setting is locked, which forces users to use policy setting.
Shortcuts tab
Table 22-4 describes the settings on this tab, which you can use to control the size and behavior of Enterprise Vault shortcuts. Table 22-4 Setting
Include recipient information in shortcut
Default value
Shortcuts include recipient information.
202
How much of the message body to None store in shortcuts. Regardless of the setting value, the full message, with attachments, are still stored in the archive. None. None of the message text is stored in the shortcut. Use message body. Shortcuts contain all of the message body text, but no attachments. Customize. Select the amount of text and links that you want included in shortcuts.
Whether double-clicking a Show contents. shortcut displays the contents of the original item or the properties of the shortcut.
The ShortcutText.txt file is required if you configure customized shortcuts. You can also use this file to process standard shortcuts for untitled attachments. See Using customized shortcuts on page 171.
Advanced tab
The settings on this tab let you control aspects of public folder archiving, such as how to process items that the task fails to archive. For details of these settings, see the Administrators Guide.
Targets tab
This tab displays the archiving target public folders that will use this policy.
Setting up archiving from public folders Adding public folder archiving targets
203
Deletes shortcuts that are older than the age you specify on this page. Deletes orphaned shortcuts. These are shortcuts to items that have been deleted, typically by a user, from an archive.
Shortcut Deletion takes place according to the schedule that you define on the Shortcut Deletion tab of the Exchange Public Folder task. Table 22-5 Setting Shortcut Deletion settings Description Default value
Not selected
Delete shortcuts in Setting this makes Enterprise folders Vault delete shortcuts that are older than the age you specify. This does not affect the corresponding archived items. Users can still search for the archived items. For example, you could choose to delete all shortcuts older than 12 months, but retain archived items for several years. Delete orphaned shortcuts This setting makes Enterprise Vault delete shortcuts in public folders if the corresponding archived item has been deleted. If you use shortcuts that contain text from the original message, those shortcuts might be useful to users even though the archived items have been deleted. However, deleting large shortcuts will regain space in the Exchange Server store.
Not selected
204
Setting up archiving from public folders Adding public folder archiving targets
The Exchange Public Folder task processes all folders beneath each targets root path, except for folders that are processed by another Exchange Public Folder task and folders that have had their Enterprise Vault properties changed to stop the folder from being archived. You can add a public folder target with a root path that is higher up a public folder hierarchy than the root path of an existing public folder target. You cannot add one with a lower root path. If you use Outlook to view the properties of the public folder, you can copy the folder path to the clipboard and then paste it in as the root path for the target public folder. There are several ways to add public folders: manually or automatically.
Manual (standard) method. You select the public folder and the archive that is to be used for it. The same archive is used for the folder and its subfolders. Automatic method. You add an Enterprise Vault "auto-enabler" that then enables folders that are immediately beneath the folder you specify. These folders and their subfolders are all enabled for archiving. By default, a separate archive is automatically created for each folder at this level. For example, if you add an auto-enabler to \myPublic Folder, then new archives will be created for \myPublic Folder\Finance and \myPublic Folder\Property. No archive will be created for \myPublic Folder\Property\Commercial because that folder will use the same archive as its parent (\myPublic Folder\Property). Alternatively, you can select an existing archive to use. If new folders are added later, they are automatically archived too.
1 2 3 4
In the left pane of the Administration Console, expand the hierarchy until Targets is visible. Expand Targets. Expand Exchange. Expand the domain that contains the Exchange Server that hosts the folder you want to add.
Setting up archiving from public folders Adding public folder archiving targets
205
5 6 7
Expand Exchange Server. Expand the Exchange Server that has the public folder you want to add. Right-click Public Folder and, on the shortcut menu, click New and then Public Folder. The New Public Folder wizard starts.
Work through the wizard. You will need to provide the following information:
The path to the top-level public folder to be archived The Exchange Public Folder task to use The Exchange Public Folder policy to assign The retention category to use The archive to use
Automatic method
This section describes the automatic method of adding a public folder. You add an Enterprise Vault "auto-enabler" that then enables folders that are immediately beneath the folder you specify. These folders and their subfolders are all enabled for archiving. By default, a separate archive is automatically created for each folder at this level. To add a public folder auto-enabler
1 2 3 4 5 6 7
In the left pane of the Administration Console, expand the hierarchy until Targets is visible. Expand Targets. Expand Exchange. Expand the domain that contains the Exchange Server that hosts the folder you want to add. Expand Exchange Server. Expand the Exchange Server that has the public folder you want to add. Right-click Public Folder and, on the shortcut menu, click New and then Public Folder Auto-Enabler. The New Public Folder Auto-Enabler wizard starts.
Work through the wizard. You will need to provide the following information:
206
Setting up archiving from public folders Applying archiving settings to public folders
Whether to archive items in the root folder. If yes, you can specify the archive to use. The Exchange Public Folder policy to use. The Exchange Public Folder task to use. The retention category to use. The vault store to create the new archives in.
1 2
View the public folder using an Outlook client that has the Enterprise Vault User Extensions installed. Right-click the public folder and click Properties on the shortcut menu. The properties for the public folder are displayed.
Click the Enterprise Vault tab. The Enterprise Vault property page shows the folder currently has no settings.
Click Change. The Change Enterprise Vault properties dialog box is displayed.
Select the settings you want to apply. Users will be able to apply custom settings to a public folder only if the settings on the Archiving Actions page of the public folder policys properties are not locked.
207
The schedule, which is defined on the Site Schedule page of site properties. By default all archiving tasks run according to this schedule. Its own schedule, defined on the tasks Schedule property page.
1 2 3 4 5 6 7
In the left pane of the Administration Console, expand the hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the computer that is running the task that you want to modify. Click Tasks. In the right pane, double-click the task that you want to modify. Click the Schedule tab. Modify the schedule as required.
1 2 3 4
In the Administration Console, expand the contents of the scope (left) pane until the Enterprise Vault site is visible. Right-click the Enterprise Vault site and select Properties. The site properties dialog is displayed. Click the Site Schedule tab. Modify the schedule as required.
208
Chapter
23
Before you start Creating a journal vault store and partition Creating a journal archive Adding permissions to the journal archive Adding an Exchange Journaling task Reviewing the journaling policy settings Adding an Exchange Server journal mailbox as a target Starting the Journaling task What next?
210
from those used for mailbox and public folder archiving. If you have multiple journal mailboxes on an Exchange Server computer then, to gain the benefits shared storage, use the same vault store and partition for all of them. You must use the Administration Console to create a vault store for the Journaling task to use. To create a journal vault store and partition
1 2
In the left pane of the Administration Console, expand the hierarchy until Vault Stores is visible. Right-click Vault Stores and, on the shortcut menu, click New and then Vault Store. The New Vault Store wizard starts.
3 4 5
Work through the wizard. When the vault store has been created, you are given the option of creating a new Partition. Work through the New Partition wizard. To enable single-instance storage of items, ensure that Share archived items is selected on the partition properties.
1 2 3
In the left pane of the Administration Console, expand the hierarchy until Archives is visible. Expand Archives. Right-click Journal and, on the shortcut menu, click New and then Archive. The New Journal Archive wizard starts.
Work through the wizard. When prompted to select a vault store, choose the one that you just created. You will need to provide the following information:
The vault store in which to create the archive The required Indexing service The indexing level
211
A billing account
Write
Delete
1 2 3 4
In the left pane of the Administration Console, expand the hierarchy until Archives is visible. Expand Archives. Click Journal. In the right pane, double-click the archive whose permission list you want to modify. The archives properties are shown.
1 2
In the left pane of the Administration Console, expand the site hierarchy until Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container.
212
3 4
Expand the name of the computer to which you want to add an Exchange Journaling Task. Right-click Tasks and, on the shortcut menu, click New and then Exchange Journaling Task. The New Exchange Journaling Task wizard starts.
Work through the wizard. You will need to provide the following information:
The Exchange Server hosting the journal mailbox. Name for the task. Enterprise Vault system mailbox to use when connecting to Exchange Server. This can be the same system mailbox used by the Exchange Mailbox task.
1 2 3
In the left pane of the Administration Console, expand the Policies container. Expand the Exchange container and click Journaling. In the right pane, double-click Default Exchange Journaling Policy. The properties of the policy appear.
Check the settings on the Advanced tab, and change them as necessary. You can click each setting to see a description of what it controls. The settings are described in the online help in the Administration Console and in the Administrators Guide.
213
1 2 3 4 5
In the left pane of the Administration Console, expand Archiving Targets. Expand the domain that contains the Exchange Server with the journal mailbox you are adding. Expand Exchange. Expand the Exchange Server. Right-click Journal Mailbox and, on the shortcut menu, click New > Journal Mailbox. The New Journal Mailbox wizard starts.
Work through the wizard. You will need to provide the following information:
The name of the Exchange journal mailbox to archive The Exchange Journaling task to use The Exchange Journaling policy to apply The retention category to apply to archived items The archive to use
1 2 3 4 5
In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the computer that has the Exchange Journaling task you want to start. Click tasks. In the right pane, right-click the task and, on the shortcut menu, click Start. You do not normally need to start the Exchange Journaling task in this manner: by default, the task starts automatically when the Task Controller service is started.
The task runs continually, archiving items immediately from the Exchange Server journal mailbox. Items are deleted from the mailbox as they are archived and no shortcuts are created.
214
What next?
It is important that you monitor journal mailboxes to make sure that items are being archived promptly. For details of how to monitor the mailboxes, see the Administrators Guide. You can customize the Exchange Server journal mailbox so that items are archived to different archives and with different retention categories. See the Administrators Guide for details.
Chapter
24
Envelope Journaling
This chapter includes the following topics:
In the body of the envelope message there may be uncategorized recipients, in addition to the TO, CC and BCC recipients. This happens when there is no way of discovering the original category of such recipients; for example, when a message is sent over SMTP by Exchange Server 2007. Enterprise Vault classifies such recipients as Undisclosed recipients. You can search for Undisclosed recipients using the Recipient field option on the advanced page of the Enterprise Vault browser search. (The search index property, RNDN, is used for Undisclosed recipients.) Undisclosed recipients are recognized in Compliance and Discovery Accelerator searches. This chapter describes how Enterprise Vault Journaling task handles the envelope messages from Exchange Server 2000, 2003, and 2007.
216
How Enterprise Vault handles envelope messages from Exchange Server 2000 and 2003
When the Enterprise Vault Journaling task receives a journaled message from Exchange Server 2000 or 2003:
The complete list of recipients is extracted from the envelope message contents. This list is compared with recipients in the header of the attached message. Recipients found in the envelope message but not the attached message header are classed as Undisclosed Recipients. If a BCC recipient is also in the TO or CC fields and the message arrives over SMTP, then Enterprise Vault will store the recipient in the TO or CC field but not in the Undisclosed field. When messages are addressed to Alternate Recipients and BCC recipients and sent over SMTP, these recipients will be included in the body of the envelope message but not in the message header of the original message. As there is no way of discovering the original category of such recipients, Enterprise Vault will store them as Undisclosed Recipients. When a message is redirected to an Alternate Recipient (that is, forwarded to the Alternate recipient without actually being delivered to the original recipient), then the message headers will show the originally intended recipient and not the final (Alternate) recipient. Both recipients will be indexed, even though the originally intended recipient never actually received the message. This is because it is not possible to determine from the journal message that the original recipient was skipped. If an Alternate recipient also appears as an originally intended recipient (TO or CC), then the recipient will not be stored as an Undisclosed Recipient. A copy of the envelope message, complete with original message attached, will be passed to any external filters (for selective journaling or the Compliance Accelerator Journaling Connector). When the message is archived, only the original message is stored in the Journal archive, not the envelope message.
How Enterprise Vault handles envelope messages from Exchange Server 2007
When the Enterprise Vault Journaling task receives a journaled message from Exchange Server 2007:.
The list of recipients is extracted from the envelope message contents. This list is not compared with recipients in the header of the attached message.
217
Uncategorized recipients found in the envelope message body are classed as Undisclosed recipients. For example, recipients of messages that are sent over SMTP will be included in the recipient list in the envelope message body but will not be categorized. A copy of the envelope message, complete with original message attached, will be passed to any external filters (for selective journaling or the Compliance Accelerator Journaling Connector). When the message is archived, the envelope is stored in the Journal archive as a stream in the message saveset.
218
Section
Configuring OWA access to Enterprise Vault Configuring RPC over HTTP access to Enterprise Vault Configuring OWA and RPC Extensions in clustered configurations How to uninstall Enterprise Vault OWA Extensions Using Microsoft ISA Server with OWA and RPC Extensions
220
Chapter
25
Enterprise Vault functionality in OWA clients OWA configurations Which OWA Extensions to install Configuring Enterprise Vault access for OWA 2007 users Configuring Enterprise Vault access for OWA 2003 users Configuring Enterprise Vault access for OWA 2000 users Configuring a demonstration system Troubleshooting
222
Configuring OWA access to Enterprise Vault Enterprise Vault functionality in OWA clients
View items using standard OWA functionality. Reply to and forward shortcuts or original items (using standard OWA functionality). Archive items and folders using Enterprise Vault buttons or menu options. Default archiving properties can be changed. Restore items using Enterprise Vault buttons or menu options. Restore properties can be set. Delete shortcuts and/or archived items using Enterprise Vault buttons or menu options or standard OWA functionality. Archive Explorer button. Integrated search button. (No link to Browser search).
View archived public folder items. Currently this is available in OWA 2003 clients only. With OWA 2007 clients, users can view archived public folder items using archive search or Archive Explorer. Administrator can configure Enterprise Vault functionality available in Premium and Basic clients. OWA 2000
View items. Reply to and forward shortcuts (using standard OWA functionality). Delete shortcuts (using standard OWA functionality). View archived public folder items.
223
OWA configurations
The following figures give examples of some typical OWA environments in which Enterprise Vault can be deployed. The types of authentication supported by Enterprise Vault are also shown.
In this configuration Enterprise Vault OWA 2007 Extensions are installed on the same computer as Exchange Server 2007 with Client Access Service (CAS) installed. Typically, Exchange Server 2007 with Mailbox Role would be on a separate computer, but it could be co-located with the CAS server. When a user starts Archive Explorer or an archive search from the OWA client, the client will always try to connect directly to the Enterprise Vault Web Application on the Enterprise Vault server. If clients connect to the Exchange 2007 CAS server using Microsoft ISA Server, then the Enterprise Vault Web Access application must be published by the ISA Server in addition to the Exchange 2007 CAS server.
224
The Exchange 2007 CAS server connects to the Enterprise Vault server using anonymous authentication. On the Enterprise Vault server, a special user manages the anonymous connections.
225
Figure 25-2
If an OWA 2003 client accesses a mailbox on Exchange Server 2003 through the Exchange 2007 CAS server, then any Archive Explorer or archive search requests will always attempt to access the Enterprise Vault server directly (irrespective of the value of OWA setting, Client Connection, in the Exchange Mailbox Policy). In this configuration, the Enterprise Vault OWA 2003 Back-End Extensions are installed on the OWA 2003 server and Enterprise Vault OWA 2007 Extensions are installed on the Exchange 2007 CAS server. If clients connect through a Microsoft ISA Server, then you will need to publish to clients the OWA site on the Exchange 2007 CAS server and the Enterprise Vault Web Access application.
226
The OWA 2003 server and the Exchange 2007 CAS server connect to the Enterprise Vault server using anonymous authentication. On the Enterprise Vault server, a special user manages these anonymous connections.
OWA client browser sessions connect to the front-end server. Enterprise Vault OWA 2000 or 2003 Extensions are installed on all front-end and back-end Exchange Servers. If the front-end OWA server is running Exchange Server 2003 and the back-end OWA server is running Exchange Server 2000, clients will only have the Enterprise Vault functionality available with OWA 2000 Extensions. Typically, users connect to the front-end server using basic authentication. Integrated Windows Authentication (IWA) is used for the connection between Exchange Servers and anonymous authentication is used for the connection
227
between the back-end Exchange Server and the Enterprise Vault server. On the Enterprise Vault server, a special user manages the anonymous connections. An Enterprise Vault Exchange Mailbox Policy setting (Client connection) can be used to enable OWA 2003 clients to connect directly to the Enterprise Vault server when users start Archive Explorer or an archive search from their OWA client. If clients connect to the OWA 2003 front-end server through an ISA Server, and direct connections are configured for Archive Explorer and archive search, then the OWA 2003 front-end server and the Enterprise Vault Web Access application must be published to clients. If direct connections are not configured (this is the default for OWA 2003), then only the OWA 2003 front-end server needs to be published.
228
Figure 25-4
Instead, users connect to one of two Exchange Servers configured as back-end OWA 2000 or 2003 servers. This configuration can provide more security, as you can force users to use IWA authentication instead of basic authentication when connecting to the OWA servers. Anonymous authentication is used for the connection between the Exchange Server and the Enterprise Vault server and a special user is created and configured to manage the anonymous connections. As in previous configurations, an Enterprise Vault Exchange Mailbox Policy setting can be used to enable OWA 2003 clients to connect directly to the Enterprise Vault server when users start Archive Explorer or an archive search from their OWA client. If clients connect to the OWA 2003 back-end server through an ISA Server, and direct connections are configured for Archive Explorer and archive search, then the OWA 2003 back-end server and the Enterprise Vault Web Access application must be published to clients. If direct connections are not configured (this is the
229
default for OWA 2003), then only the OWA 2003 back-end server needs to be published.
230
In this configuration, Enterprise Vault OWA 2000 or 2003 Extensions must be installed and configured on both Exchange Servers in the cluster. Enterprise Vault automatically adds the necessary cluster addresses to its configuration files when you configure the OWA Extensions. There could also be a front-end OWA server, but this would not normally be included in a cluster configuration. When one OWA server in the cluster fails over to the other, connections to the Enterprise Vault servers are established automatically; users can continue to access items in their Enterprise Vault archives. Figure 25-6 Configuration after failover
231
and Exchange Server can be installed on one computer. However, installing Exchange Server 2007 on the Enterprise Vault server is not currently supported. See Configuring a demonstration system on page 253.
EV_OWA2007_Extensions_x64.msi EV_OWA2007_Extensions_x86.msi
Exchange Server 2003 or Exchange 2003 Back-end Extensions (OWA & RPC) or Exchange Exchange 2000 (with 2000 OWA Extensions (Back-end) on each back-end server using front-end servers) the Enterprise Vault installer. Exchange 2003 Front-end Extensions (OWA & RPC) or Exchange 2000 OWA Extensions (Front-end) on each front-end server using the Enterprise Vault installer. Exchange Server 2003 or Exchange 2003 Back-end Extensions (OWA & RPC) or Exchange Exchange 2000 (without 2000 OWA Extensions (Back-end) on each Exchange Server front-end servers) computer using the Enterprise Vault installer..
The Enterprise Vault Extensions for OWA 2003 servers are named "Exchange 2003 Front-end Ext. (OWA & RPC)" and "Exchange 2003 Back-end Ext. (OWA & RPC)", as they are also used to support RPC over HTTP connections to Exchange Server 2003. No Enterprise Vault extensions are required to support RPC over HTTP connections to Exchange Server 2007. Note that the Enterprise Vault buttons are not available in OWA clients when using OWA 2000, which means that you can only view archived items with these
232
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users
extensions. To be able to archive, restore and delete archived items from your OWA client and have integrated access to Archive Explorer and Search features, you need to use OWA 2003 on Exchange Server 2003.
On Enterprise Vault servers, configure the server to accept anonymous connections from Exchange 2007 CAS servers, and any OWA 2000 or 2003 back-end servers. If required, configure OWA settings in the Exchange Mailbox Policy in the Enterprise Vault Administration Console to change the Enterprise Vault functionality available in OWA clients. On Exchange 2007 CAS server computers, install the Enterprise Vault OWA 2007 Extensions. (You can install the 64-bit or 32-bit version, depending on the mode of your Exchange Server). If you have a environment that includes Exchange 2007 Mailbox Role installed on the Exchange 2007 CAS server computer and also remote Exchange 2007 Mailbox servers, then you need to perform some additional configuration. See Supporting Mailbox Role on both CAS server and remote servers on page 257. When Archive Explorer or archive search is started in an OWA 2007 client, the client will attempt to access the Enterprise Vault server directly. If you are using a firewall or ISA Server, you need to ensure that both the Exchange 2007 CAS server and Enterprise Vault server Web Access application are published to clients. For information on configuring your ISA Server for OWA access: See Using ISA Server with Enterprise Vault on page 297.
If required, there are additional settings that you can configure in the file, web.config, on the Exchange 2007 CAS server to alter the behavior of the extensions and facilitate troubleshooting. See Troubleshooting on page 254. The process for installing Enterprise Vault OWA 2007 Extensions differs considerably from the process for installing and configuring OWA 2000 and OWA 2003 Extensions. With OWA 2007 Extensions:
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users
233
You do not need to run the configuration wizard after installing the extensions. No virtual directories, such as EnterpriseVaultProxy, are required on the Exchange servers for Enterprise Vault. No form registration is required. No proxy bypass list is required. As Enterprise Vault no longer edits the OWA control files, OWA access to Enterprise Vault is more robust when Exchange Server hotfixes that affect OWA control files are applied.
Create the ExchangeServers.txt file. This contains a list of the IP addresses for all the Exchange 2007 CAS servers, and any OWA 2000 or 2003 back-end servers, that will connect to the Enterprise Vault server. Create or select a domain account to be used for anonymous connections from Exchange Servers to the Enterprise Vault server. Run the script, owauser.wsf, to configure the anonymous user. Synchronize mailboxes and restart Enterprise Vault Admin service.
1 2
Open Notepad. Type the IP address of each Exchange 2007 CAS server and OWA 2000 or 2003 back-end server that will connect to the Enterprise Vault server, one entry per line. Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.
3 4
234
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users
Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account should not belong to any administrative group. If you are upgrading your OWA Extensions and the existing anonymous user account is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.
2 3 4
Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder. Type and enter the command line:
cscript owauser.wsf /domain:domain /user:username /password:password /exch2003
(Note that you use the parameter, /exch2003, for OWA 2003 and OWA 2007). The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type
cscript owauser.wsf /?
The progress of the script execution is displayed in the command prompt window. When the configuration script finishes, you are prompted to restart the Enterprise Vault Admin service and synchronize mailboxes.
Access this computer from the network (SeNetworkLogonRight) Allow logon locally (SeInteractiveLogonRight) Log on as a batch job (SeBatchLogonRight)
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users
235
Creates (or updates) the virtual directory, EVAnon, that points to the Enterprise Vault\WebApp folder and assigns anonymous access permissions to the OWA anonymous user. Access to EVAnon is granted to the servers listed in ExchangeServers.txt. You can check this by displaying the properties of the EVAnon virtual directory, selecting the Directory Security tab and clicking Edit in the IP address and domain name restrictions section. Creates (or updates) the following two Registry values:
HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser
The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVOWAUSER.
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Install \OwaWebAppAlias
The value of this setting is the name of the virtual directory for anonymous connections, EVAnon.
1 2
Open Control Panel, select Administrative Tools and then select Services. Right-click Enterprise Vault Admin Service and select Restart. Enterprise Vault services and tasks will restart.
236
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users
To synchronize mailboxes
1 2
Click Start > Programs > Enterprise Vault Administration Console. Expand the Enterprise Vault Directory container and then your site. Expand Enterprise Vault Servers and select the required Enterprise Vault server. Expand this container. Expand Tasks. In the right hand pane, double-click the Exchange Mailbox Archiving task for the Exchange Server, to display the properties window for the task. Select the Synchronization tab. Make sure All mailboxes and Mailbox properties and permissions are selected. Click Synchronize. Click OK to close the properties window. Close the Enterprise Vault Administration Console.
3 4 5 6 7
EV_OWA2007_Extensions_x64.msi EV_OWA2007_Extensions_x86.msi
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
237
1 2 3 4 5 6 7
On the Exchange 2007 CAS Server, load CD 1 of the Enterprise Vault 2007 release. Open the Enterprise Vault 2007 folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open Enterprise Vault 2007\OWA 2007 Extensions folder. Double-click the appropriate MSI file for your Exchange Server to start the installation wizard. Follow the installation instructions. After you have installed the extensions, you do not need to perform any further configuration on the Exchange Server. Repeat the installation on each Exchange 2007 CAS Server.
If your Exchange Servers are clustered, there is additional information that you need to read before proceeding. See Supported cluster configurations on page 276. See OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters on page 279. See OWA: Enterprise Vault Extensions in an active/active Microsoft cluster on page 282. See Configuring Enterprise Vault OWA and RPC Extensions on VCS on page 287. On Enterprise Vault servers, configure the anonymous user account to handle connections from back-end Exchange Servers. On Enterprise Vault servers, customize settings in the Exchange Mailbox Policy, if required. On back-end Exchange Server 2003 computers, install the Enterprise Vault OWA 2003 Extensions. (The Exchange 2003 Back-end Ext. (OWA & RPC) component.) On back-end Exchange Server 2003 computers, run the Enterprise Vault configuration wizard for the Enterprise Vault OWA Extensions.
238
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
Use an OWA client browser session on each back-end Exchange Server to check the Enterprise Vault OWA configuration. On front-end Exchange Server 2003 computers, install the Enterprise Vault OWA Extensions. (The Exchange 2003 Front-end Ext. (OWA & RPC) component.) On front-end Exchange Server 2003 computers, run the Enterprise Vault configuration wizard for the Enterprise Vault OWA Extensions. Use an OWA client browser session on each front-end Exchange Server to check the complete Enterprise Vault OWA configuration. If clients connect through an ISA Server, you will need to configure this for Enterprise Vault access. See Using ISA Server with Enterprise Vault on page 297.
Create the ExchangeServers.txt file on the Enterprise Vault server. This holds a list of the IP addresses for all the back-end OWA servers that will connect to the Enterprise Vault server. Create or select domain account to be used for anonymous connections. Run the script, owauser.wsf, to configure the anonymous user. Restart Enterprise Vault Admin service and synchronize mailboxes.
1 2
Open Notepad. Type the IP address of each back-end OWA server (that is, the Exchange Virtual Server IP address), one entry per line. If the OWA servers are clustered, enter the Virtual Server IP addresses first and then add the cluster IP address and the IP addresses of each node.
3 4
Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
239
Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account should not belong to any group. If you are upgrading your OWA Extensions and the existing anonymous user account is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.
2 3 4
Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder. Type and enter the command line:
cscript owauser.wsf /domain:domain /user:username /password:password /exch2003
The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type
cscript owauser.wsf /?
The progress of the script execution is displayed in the command prompt window. See What owauser.wsf configures on page 234. When the configuration script finishes, you are prompted to restart the Enterprise Vault Admin service and synchronize mailboxes.
1 2
Open Control Panel, select Administrative Tools and then select Services. Right-click Enterprise Vault Admin Service and select Restart. Enterprise Vault services and tasks will restart.
240
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
To synchronize mailboxes
1 2
Click Start > Programs > Enterprise Vault Administration Console. Expand the Enterprise Vault Directory container and then your site. Expand Computers and select the required Enterprise Vault server. Expand this container. Expand Tasks. In the right hand pane, double-click the Mailbox Archiving task for the Exchange Server, to display the properties window for the task. Select the Synchronization tab. Make sure All mailboxes and Mailbox properties and permissions are selected. Click Synchronize. Click OK to close the properties window. Close the Enterprise Vault Administration Console. If required, modify OWA client settings in the Exchange Mailbox Policy. See Configuring Enterprise Vault Exchange Mailbox Policy on page 241. You can then install the OWA Extensions on back-end Exchange Server computers. See Installing OWA Extensions on a back-end Exchange Server 2003 on page 242.
3 4 5 6 7 8
Access this computer from the network (SeNetworkLogonRight) Allow logon locally (SeInteractiveLogonRight) Log on as a batch job (SeBatchLogonRight) Bypass traverse checking (SeChangeNotifyPrivilege)
Creates (or updates) the new virtual directory, EVAnon, that points to the Enterprise Vault\WebApp folder and assigns anonymous access permissions to the OWA anonymous user. Access to EVAnon is also granted to the back-end OWA servers. You can check this by displaying the properties of the EVAnon virtual directory, selecting the Directory Security tab and clicking Edit in the IP address and domain name restrictions section. Creates (or updates) the following two Registry values:
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
241
The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVOWAUSER.
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Install \OwaWebAppAlias
The value of this setting is the name of the virtual directory for anonymous connections, EVAnon.
1 2 3
In the Enterprise Vault Administration Console, expand the site. Click Policies > Exchange > Mailbox. Double-click the policy that you want to change to display the policy properties. Select the Advanced page.
242
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
4 5 6 7 8 9
In the drop-down box beside List settings from: select OWA. Double-click the Client connection setting. Select Direct in the drop-down box and click OK to close the dialog. If required, you can also modify other OWA settings to restrict the functionality available in the OWA 2003 clients. Click OK to close the properties dialog. The new values will be set when the mailboxes are synchronized. publish the Enterprise Vault Web Access application in addition to the OWA server. See Using ISA Server with Enterprise Vault on page 297.
10 If clients connect to the OWA server through an ISA Server, you will need to
1 2 3 4 5
On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the Exchange 2003 Back-end Ext. (OWA & RPC) component. See Which OWA Extensions to install on page 231. Exchange Server 2003 hotfixes may modify OWA control files. If you have installed an Exchange Server 2003 hotfix that has created an unsupported version of the OWA control files folder, or modified any files in the control files folder, a "Save file error" will be reported when you attempt to install the Enterprise Vault OWA Extensions.
On each back-end OWA 2003 server, you now need to configure the extensions.
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
243
The Exchange back-end servers require direct access to the Enterprise Vault server, and must not go via a proxy. The configuration wizard creates WinHTTP proxy bypass entries for each Exchange Server that will connect to the Enterprise Vault server. To enable the configuration wizard to add the required entries to the proxy bypass list, create the EVServers.txt file as described in this section. You must create and populate the EVServers.txt file, even if you do not use a proxy server. The steps to configure a back-end Exchange Server are as follows:
Create at least one public folder before you run the configuration wizard. As Microsoft Exchange installation automatically creates a public folder store, Enterprise Vault will attempt to register forms against public folders. Create the EVServers.txt file and add entries for the proxy bypass list. Run the OWA Extensions configuration wizard from the Start menu.
1 2
Open Notepad. Type in, one entry per line, the Vault Site alias in both fully-qualified and LanMan forms. For example:
ourvaultsitealias.domain.com ourvaultsitealias
Also type in any aliases for each Enterprise Vault server computer in the Vault Site. Enter these one per line, in fully-qualified and LanMan forms. For example:
vault1alias.domain.com vault1alias
Save the file as a Unicode file with the name EVServers.txt in the OWA folder in your Enterprise Vault installation folder (typically, C:\Program Files\Enterprise Vault\OWA). Close Notepad.
1 2
Log on to the Exchange Server computer using an account that has Exchange Full Administrator permission. Ensure the Exchange Server is running and that the Web site associated with the Exchange Server has an ExAdmin virtual directory created.
244
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
3 4
To start the configuration wizard, click Start > Programs > Enterprise Vault > Exchange Back-end Extensions Configuration > (OWA & RPC). A command prompt window opens and lists what the configuration wizard has done. The program configures the following for each Exchange virtual server it finds on the computer:
An EnterpriseVaultProxy virtual directory for each Web server on the computer. An EVOWA virtual directory for each Web server on the computer. A virtual directory called EnterpriseVaultname for each Exchange mailbox and public folder virtual directory. name is the name of the associated Exchange virtual directory. For example, if Exchange virtual directories are called Exchange and Public, virtual directories called EnterpriseVaultExchange and EnterpriseVaultPublic will be created. Execution of scripts is enabled in the settings of the Exchange mailbox and public folder virtual directories. Enterprise Vault forms are registered. Entries in the proxy bypass list from the EVServers.txt file.
When the configuration wizard has finished, you will see the following line in the command prompt window:
Press ENTER to end
From a browser, enter the URL for the back-end OWA server. Open an OWA client and check that you can view archived items. In OWA 2003 clients, you should also see the Enterprise Vault buttons. Archive Explorer and Search options should be displayed in the navigation pane. Repeat the above steps to configure the OWA Extensions on each back-end Exchange Server. You can now install the OWA Extensions on front-end Exchange Server computers.
8 9
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users
245
1 2 3 4 5
On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the Exchange 2003 Front-end Ext. (OWA & RPC) component. See Which OWA Extensions to install on page 231. Exchange Server 2003 hotfixes may modify OWA control files. If you have installed an Exchange Server 2003 hotfix that has created an unsupported version of the OWA control files folder, or modified any files in the control files folder, a "Save file error" will be reported when you attempt to install the Enterprise Vault OWA Extensions.
On each front-end OWA 2003 server, you now need to configure the extensions.
1 2 3
Log on to the Exchange Server computer using an account that has Exchange Full Administrator permission. Click Start> Programs > Enterprise Vault > Exchange Front-end Extensions Configuration > (OWA & RPC). A Command Prompt window opens and lists what the configuration wizard has done. The program configures the following for each Exchange virtual server it finds on the computer:
246
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users
Adds the names of back-end Exchange Servers to the proxy bypass list.
When the configuration wizard has finished, you will see the following line in the command prompt window:
Press ENTER to end
From a browser, enter the URL for the front-end OWA server. Open an OWA client and check that you can view archived items. In OWA 2003 clients, you should also see the Enterprise Vault buttons. Archive Explorer and Search options should be displayed in the navigation pane. Repeat the above steps to configure the OWA Extensions on each front-end Exchange Server 2003. This completes the basic configuration of your Enterprise Vault OWA environment. If required, the functionality available to OWA 2003 users can be customized by administrators using the Enterprise Vault Administration Console; select OWA 2003 settings on the Advanced tab of the appropriate Exchange Server mailbox policy. If your OWA environment includes a Microsoft ISA Server, you will also need to configure this to enable Enterprise Vault OWA users to access the archived items.
See Configuring access using OWA basic authentication on page 299. See Configuring access using OWA forms-based authentication on page 302.
If your Exchange Servers are clustered, there is additional information that you need to read before proceeding. See Supported cluster configurations on page 276.
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users
247
See OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters on page 279. See OWA: Enterprise Vault Extensions in an active/active Microsoft cluster on page 282. See Configuring Enterprise Vault OWA and RPC Extensions on VCS on page 287.
On Enterprise Vault servers, configure the anonymous user account to handle connections from back-end Exchange Servers. On each back-end Exchange Server 2000, install the Enterprise Vault OWA Extensions. On back-end Exchange Server 2000 computers, run the Enterprise Vault configuration wizard for the Enterprise Vault OWA Extensions. Use an OWA client browser session on each back-end Exchange Server to check the Enterprise Vault OWA configuration. On each front-end Exchange Server 2000, install the Enterprise Vault OWA Extensions. (On front-end OWA 2000 servers, you do not run the OWA Extensions configuration wizard.) Use an OWA client browser session on each front-end Exchange Server to check the complete Enterprise Vault OWA configuration. If clients connect through an ISA Server, you will need to configure this for Enterprise Vault access. See Using ISA Server with Enterprise Vault on page 297.
Create the ExchangeServers.txt file on the Enterprise Vault server. This holds a list of the IP addresses for all the back-end OWA servers that will connect to the Enterprise Vault server. Create or select domain account to be used for anonymous connections. Run the script, owauser.wsf, to configure the anonymous user. Restart the Enterprise Vault Admin service and synchronize mailboxes.
248
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users
1 2
Open Notepad. Type the IP address of each back-end OWA server (that is, the Exchange Virtual Server IP address), one entry per line. If the OWA servers are clustered, enter the Virtual Server IP addresses first and then add the cluster IP address and the IP addresses of each node.
3 4
Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.
Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. If you are upgrading your OWA Extensions and the existing anonymous user account is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.
2 3 4
Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder. Enter the following command line:
cscript owauser.wsf /domain:domain /user:username /password:password /exch2000
The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type
cscript owauser.wsf /?
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users
249
The progress of the script execution is displayed in the command prompt window. See What owauser.wsf configures on page 249. When the configuration script finishes, you are prompted to synchronize mailboxes and restart the Enterprise Vault Admin service. See Restarting the Admin service and synchronizing mailboxes on page 250.
Now you can install the OWA Extensions on each back-end Exchange Server computers. See Installing OWA Extensions on a back-end Exchange Server 2000 on page 250.
Access this computer from the network (SeNetworkLogonRight) Allow logon locally (SeInteractiveLogonRight) Log on as a batch job (SeBatchLogonRight) Bypass traverse checking (SeChangeNotifyPrivilege)
Updates the IIS settings for the OWARDR.asp file in the EnterpriseVault virtual directory, so that requests for OWARDR.asp are run under the context of the OWA anonymous user. Access to OWARDR.asp is only granted to the back-end OWA servers. You can check this by displaying the properties of the OWARDR.asp file, selecting the File Security tab and clicking Edit in the "IP address and domain name restrictions" section. Creates (or updates) the following registry value:
HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser
The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVOWAUSER.
250
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users
1 2
Open Control Panel, select Administrative Tools and then select Services. Right-click Enterprise Vault Admin Service and select Restart. Enterprise Vault services and tasks will restart.
To synchronize mailboxes
1 2
Click Start > Programs > Enterprise Vault Administration Console. Expand the Enterprise Vault Directory container and then your site. Expand Computers and select the required Enterprise Vault server. Expand this container. Expand Tasks. In the right hand pane, double-click the Mailbox Archiving task for the Exchange Server, to display the properties window for the task. Select the Synchronization tab. Make sure All mailboxes and Mailbox properties and permissions are selected. Click Synchronize. Click OK to close the properties window. Close the Enterprise Vault Administration Console.
3 4 5 6 7
1 2 3 4 5 6
On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the correct OWA Extensions component for this Exchange Server. On each back-end OWA 2000 server, you now need to configure the extensions.
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users
251
Create at least one public folder before you run the configuration wizard. As Microsoft Exchange installation automatically creates a public folder store, Enterprise Vault will attempt to register forms against public folders. Create the EVServers.txt file and add entries for the proxy bypass list. Run the OWA Extensions configuration wizard from the Start menu.
1 2
Open Notepad. Type in, one entry per line, the Vault Site alias in both fully-qualified and LanMan forms. For example:
ourvaultsitealias.domain.com ourvaultsitealias
Also type in any aliases for each Enterprise Vault server computer in the Vault Site. Enter these one per line, in fully-qualified and LanMan forms. For example:
vault1alias.domain.com vault1alias
Save the file as a Unicode file with the name EVServers.txt in the OWA folder in your Enterprise Vault installation folder (typically, C:\Program Files\Enterprise Vault\OWA). Close Notepad.
252
Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users
1 2 3 4
Log on to the Exchange Server computer using an account that has Exchange Full Administrator permission. Ensure the Exchange Server is running and that the Web site associated with the Exchange Server has an ExAdmin virtual directory created. To start the configuration wizard, click Start > Programs > Enterprise Vault > Exchange OWA Extensions Configuration. A command prompt window opens and lists what the configuration wizard has done. The program configures the following for each Exchange virtual server it finds on the computer:
An EVOWA virtual directory for each Web server on the computer. A virtual directory called EnterpriseVaultname for each Exchange mailbox and public folder virtual directory. name is the name of the associated Exchange virtual directory. For example, if Exchange virtual directories are called Exchange and Public, virtual directories called EnterpriseVaultExchange and EnterpriseVaultPublic will be created. Execution of scripts is enabled in the settings of the Exchange mailbox and public folder virtual directories. Enterprise Vault forms are registered. Entries in the proxy bypass list from the EVServers.txt file.
When the configuration wizard has finished, you will see the following line in the command prompt window:
Press ENTER to end
Now check the configuration on each back-end OWA server. From a browser, enter the URL for the back-end OWA server. Open an OWA client and check that you can view archived items.
253
8 9
Repeat the above steps to configure the OWA Extensions on each back-end Exchange Server. You can now install the OWA Extensions on each front-end Exchange Server 2000 computer.
1 2 3 4 5
On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the correct OWA Extensions component for this Exchange Server. You do not need to configure front-end OWA 2000 Extensions.
6 7
From a browser, enter the URL for the front-end OWA server. Open an OWA client and check that you can view archived items. Repeat the above steps to configure the OWA Extensions for each front-end Exchange Server 2000. This completes the basic configuration of your Enterprise Vault OWA environment. If your OWA environment includes a Microsoft ISA Server server, then you will also need to configure this to enable Enterprise Vault OWA users to access the archived items. The following sections describe how to configure the ISA Server for Basic or Forms-Based authentication:
See Configuring access using OWA basic authentication on page 299. See Using ISA Server with Enterprise Vault on page 297.
254
Figure 25-7
In this example, you would install and configure the Enterprise Vault OWA Extensions for a back-end Exchange Server. To set up an OWA 2003 demonstration systems
Configure the back-end server. See Installing OWA Extensions on a back-end Exchange Server 2003 on page 242. See Configuring a back-end Exchange Server 2003 on page 242.
From a browser, first try connecting to the back-end Exchange Server and check that you can view archived items. In this configuration, the Anonymous account is not required on the Enterprise Vault server.
Troubleshooting
This section offers advice on troubleshooting Enterprise Vault OWA Extensions.
Check the log file for any errors. You can initiate logging for all OWA 2007 sessions, or sessions for specific mailboxes, by adding settings to the following configuration file on the Exchange 2007 CAS server:
255
Table 25-3 lists the settings that you can add to this file. These should be added to the AppSettings section of the file using the following format:
<add key="setting" value="value"/>
Note that entries in this file are case sensitive. For example:
<add key="EnterpriseVault_LogEnabled" value="true"/> <add key="EnterpriseVault_LogMailboxes" value="J.Doe@example.com;P.Coe@example.com"/>
EnterpriseVault_LogFolder
EnterpriseVault_LogEnabled
false
256
Notes
Use this setting to restrict logging to specific mailboxes. The value is a semicolon delimited list of the primary SMTP addresses for the mailboxes to log. EnterpriseVault_LogEnabled must be set to true. If logging is enabled and this is not set, then all mailboxes are logged. A log file is created for each OWA session for each mailbox; the file name contains the SMTP address of the mailbox and the date: EVOwaLog_SMTPaddr_date.txt
EnterpriseVault_LogMailboxes
EnterpriseVault_WebDAVRequestProtocol https
The protocol used by Exchange 2007 CAS server when connecting to Exchange 2007 Mailbox servers. See Supporting Mailbox Role on both CAS server and remote servers
EnterpriseVault_WebDAVRequestHost localhost
For authenticating HTTPS requests to Mailbox servers, this identifies the Exchange 2007 CAS server where the certificate has been installed. See Supporting Mailbox Role on both CAS server and remote servers
EnterpriseVault_WebDAVRequestVirtualDirectory exchange
The virtual directory used by WebDav for redirecting requests to Mailbox servers.
257
Edit the web.config file (Exchange installation folder\ClientAccess\Owa\Web.Config), and delete the value, localhost, in the entry, EnterpriseVault_WebDAVRequestHost. Install a certificate on each of the remote Exchange 2007 Mailbox servers.
If you want the Exchange 2007 CAS server to connect to remote Exchange 2007 Mailbox servers using HTTP, then do the following:
Edit the web.config file (Exchange installation folder\ClientAccess\Owa\Web.Config), and edit the entry, EnterpriseVault_WebDAVRequestHost; delete the value, localhost:
<add key="EnterpriseVault_WebDAVRequestHost" value=""/>
You do not need to install certificates on remote Exchange 2007 Mailbox servers.
258
Registration failed
The following error may be generated when configuring the front-end or back-end OWA 2003 Extensions:
registration failed, error: -2147217895 Object or data matching the name, range, or selection criteria was not found within the scope of this operation.
You need to create at least one public folder before you run the configuration wizard. As Microsoft Exchange installation automatically creates a public folder store, Enterprise Vault will attempt to register forms against public folders. If no public folders exist, the error will be displayed.
This error occurs when the Simple Mail Transfer Protocol (SMTP) domain name of the Microsoft Exchange 2003 Mailbox Store System mailbox is different than that of the Microsoft Exchange 2003 server domain name. For instructions on how to fix this, see the Enterprise Vault TechNote: http://entsupport.symantec.com/docs/280615
This will occur if WinHTTP has not been configured correctly using Proxycfg. See the following articles for more information:
259
PRB: "Access Denied" Error Message When Using ServerXMLHTTP to Access an Authenticated Site (http://support.microsoft.com/?kbid=291008) You may need to run the Proxycfg tool for ServerXMLHTTP to work (http://support.microsoft.com/?kbid=289481) PRB: Error Message on MSXML3 Setup - "Error Creating Process msiexec.exe" (http://support.microsoft.com/?kbid=289792) Frequently asked questions about ServerXMLHTTP (http://support.microsoft.com/?kbid=290761)
Clear client browser cache. Enterprise Vault forms are registered on the back-end OWA server. You can use Exchange Explorer in the Exchange Server SDK Development Tools to check form registrations. If the forms are not registered, rerun the Enterprise Vault OWA Extensions configuration wizard.
EVOWA Virtual Directory set to use the Exchange Application Pool.
Any Exchange Server 2003 hotfixes applied are supported by Enterprise Vault. See Which OWA Extensions to install on page 231. Enterprise Vault OWA configuration edits the OWA control files on the Exchange Server. If you have installed an Exchange Server 2003 hotfix, this may have modified OWA control files or changed the version of the control file folder.
260
1 2 3 4 5 6
Double-click the appropriate Exchange Server mailbox policy to display its properties. Click the Advanced tab. Next to List settings from, select OWA 2003. In the list, click OWA 5.5 Open Shortcut and then click Modify. Select Shortcut and click OK. Synchronize the mailboxes, using the Synchronize tab in the properties of the Exchange Server mailbox task.
Chapter
26
About configuring RPC over HTTP access Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
262
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault
To enable Outlook 2003 or Outlook 2007 users to access Enterprise Vault archives using RPC over HTTP, Enterprise Vault Outlook Add-Ins (any type) must be installed on each client desktop computer. With RPC over HTTP enabled, users can perform the following actions:
View archived items Archive items manually Restore archived items Delete archived items Search archives using Integrated search. (Browser search link is not available). Use Archive Explorer Use Offline Vault Perform client-side PST migrations
When using RPC over HTTP, the Enterprise Vault Outlook Add-Ins will automatically behave like the Enterprise Vault HTTP-only Outlook Add-Ins; that is, the end user will not have access to the Enterprise Vault Properties page on folders, and will not be able to select a different archive or retention category when archiving items manually. When using RPC over HTTP with Exchange Server 2007, clients will always attempt to connect directly to the Enterprise Vault server. With Exchange Server 2003, Archive Explorer and archive search requests can access the Enterprise Vault server using direct connections or the RPC Proxy server (the default). You can configure direct connections using the advanced Outlook setting in the Exchange Mailbox Policy, RPC over HTTP Connection. If RPC over HTTP users access the Exchange Servers through an ISA Server, you will also need to configure the ISA Server to publish to clients the Enterprise Vault Web Access application URL (for direct connections) and the Exchange 2007 CAS servers or RPC proxy servers (Exchange Server 2003). See Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault on page 305.
Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault
RPC over HTTP access for Exchange Server 2007 is called Outlook Anywhere. Configuring access to Enterprise Vault requires the following steps.
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault
263
Check that prerequisite tasks for setting up RPC over HTTP on Exchange Servers and client computers are completed. See Prerequisite tasks. On the Enterprise Vault server, enable RPC over HTTP in the Exchange Mailbox Policy. See Configuring Enterprise Vault Exchange Mailbox policies.
Prerequisite tasks
The instructions for configuring RPC over HTTP access to Enterprise Vault assume that you have already completed the following tasks:
On your Exchange 2007 CAS server computers, set up RPC over HTTP (Outlook Anywhere) as described in the Microsoft documentation. See http://technet.microsoft.com/en-us/library/bb123889.aspx. On desktop computers, enable Outlook for RPC over HTTP (Outlook Anywhere) as described in the Microsoft documentation. Seehttp://office.microsoft.com/en-gb/outlook/HP101024441033.aspx. Configure your Enterprise Vault server to archive Exchange Server mailboxes. Installed Enterprise Vault Add-Ins (any type) on the desktop computers.
1 2 3 4 5
In the left pane of the Administration Console, expand the hierarchy until Policies is visible. Expand Policies. Expand Exchange. Click Mailbox. In the right-hand pane, double-click the name of the policy you want to edit. The policys properties are displayed.
6 7 8
Click the Advanced tab. Next to List settings from, select Outlook. Edit the following settings as required.
264
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Double-click a setting to edit it, or click it once to select it and then click Modify.
RPC over HTTP connection. Set this to Direct to enable Exchange Server 2007 RPC over HTTP connections to Enterprise Vault. This must be set to Direct, even if clients connect through an ISA Server. On the ISA Server, you must publish both the Exchange 2007 CAS server and the Enterprise Vault Web Access application URL to clients. RPC over HTTP restrictions controls the functionality available in the Enterprise Vault Add-Ins when using RPC over HTTP. Select one of the following values for this setting:
None Disable User Extensions Disable Offline Vault only Disable PST Import only All Enterprise Vault client functionality is available. RPC over HTTP working is not enabled in the Enterprise Vault Add-Ins. This is the default value. Offline Vault is disabled.
Client-side PST migration is disabled. Note that currently you cannot client-side PST migration to migrate PST files that reside on mapped network drives when using an RPC client, even if this setting is enabled. Offline Vault and client-side PST migration are disabled.
RPC over HTTP Proxy URL is applicable to Exchange Server 2003 only.
Any settings that you modify are applied to users' mailboxes during the next synchronization run of the Exchange Mailbox Archiving task. If you want to apply the changes before the next synchronization, run Synchronize, which is on the Synchronization tab of the Exchange Mailbox Archiving tasks properties.
Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Installing and configuring the Enterprise Vault RPC Extensions for Exchange Server 2003 requires the following steps.
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
265
If the RPC target Exchange Servers are in a clustered environment, ensure that you are familiar with the additional configuration requirements before you install and configure the Enterprise Vault extensions. See About configuring OWA and RPC Extensions in clustered configurations on page 275. Check that prerequisite tasks on IIS and Exchange Servers are completed. Prerequisite tasks Install the appropriate Enterprise Vault RPC Extensions component on each RPC proxy (front-end Exchange Server 2003) and each RPC target server (back-end Exchange Server 2003). See Installing RPC Extensions on Exchange Server 2003 on page 266. On each RPC proxy, configure the extensions by running the configuration wizard from the Start menu: Enterprise Vault > Exchange Front-end Extensions Configuration > (OWA & RPC). See Configuring an RPC proxy server (front-end Exchange Server 2003) on page 267. On each RPC target Exchange Server, create the EVServers.txt file, and then configure the extensions by running the configuration wizard from the Start menu: Enterprise Vault > Exchange Back-end Extensions Configuration > (RPC only). See Configuring an RPC target server (back-end Exchange Server 2003) on page 267. On the Enterprise Vault server, create the ExchangeServers.txt file, and an account to be used for anonymous connections, and then run the script, owauser.wsf, to configure the anonymous user account. See Configuring Enterprise Vault servers for RPC over HTTP on page 269. On the Enterprise Vault server, configure RPC over HTTP settings in the Exchange Mailbox Policy to enable and customize RPC over HTTP functionality in Outlook Add-Ins. See Configuring RPC over HTTP in Enterprise Vault Exchange Mailbox Policy on page 272.
Prerequisite tasks
The instructions for configuring RPC over HTTP access to Enterprise Vault assume that you have already completed the following tasks:
Install the RPC over HTTP Windows component on your RPC proxy Exchange Servers. For detailed instructions, see the Microsoft article, http://support.microsoft.com/default.aspx?scid=kb;en-us;833401.
266
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
On the RPC proxy server, ensure that the RPC over HTTP settings in the properties pages are set as shown below. On the RPC target server, ensure that the RPC over HTTP settings in the properties pages are set as shown below.
Obtain and install a valid certificate on the RPC proxy server. Configure SSL on the RPC proxy server. Ensure that the operating system on client computers supports RPC over HTTP connections. All client computers that run Outlook 2003 must have either Windows Server 2003, Microsoft Windows XP SP2, or Microsoft Windows XP SP1 with the update described in the Microsoft Knowledge Base article, http://support.microsoft.com/?kbid=331320. On desktop computers, create an Outlook profile to use RPC over HTTP. See the Microsoft article, http://office.microsoft.com/en-ca/assistance/ha011402731033.aspx Configure your Enterprise Vault server to archive Exchange Server mailboxes or public folders or both. Install Enterprise Vault Add-Ins (any type) on the desktop computers.
1 2 3 4 5
Load the Enterprise Vault CD-ROM into the CD-ROM drive of your Exchange Server. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. On RPC proxy servers, select the Exchange 2003 Front-end Ext. (OWA & RPC) component. On RPC target servers, select the Exchange 2003 Back-end Ext. (OWA & RPC) component.
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
267
6 7
Follow the installation instructions. Now configure the extensions on each RPC proxy server.
1 2 3
Log on to the RPC proxy Exchange Server computer using an account that has Exchange Full Administrator permissions. Click Start > Programs > Enterprise Vault > Exchange Front-end Extensions Configuration > (OWA & RPC). A command prompt window opens and lists what the configuration wizard has done. The configuration wizard sets up the following for each Exchange virtual server it finds on the computer:
An EnterpriseVaultProxy virtual directory for each Web server on the computer. Adds the names of target RPC target Exchange Servers to the proxy bypass list.
Create an EVServers.txt file. Run the extensions configuration wizard. See Configuring the Enterprise Vault Extensions on the RPC target server on page 268.
268
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
1 2
Open Notepad. Type the Enterprise Vault site alias in both fully-qualified and LanMan forms, one entry per line. For example:
ourvaultsitealias.domain.com ourvaultsitealias
Also type in the machine name and any aliases for each Enterprise Vault server computer in the Enterprise Vault site. Enter these one per line, in fully-qualified and LanMan forms. For example:
vault1alias.domain.com vault1alias
Save the file as a Unicode file with the name EVServers.txt in the OWA folder in your Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault\OWA). Close Notepad. Configure the Enterprise Vault Extensions on the RPC target server.
4 5
1 2 3
Log on to the Exchange Server computer using an account that has Exchange Full Administrator permissions. Ensure the Exchange Server is running and that the Web site associated with the Exchange Server has an ExAdmin virtual directory created. To configure RPC over HTTP only (not OWA), click Start > Programs > Enterprise Vault > Exchange Back-end Extensions Configuration > (RPC Only) A command prompt window opens and lists what the configuration wizard has done.
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
269
If you run the RPC only configuration wizard, then the following is configured for each Exchange virtual server found on the computer:
An EnterpriseVaultProxy virtual directory for each Web server on the computer. Proxy bypass list.
(If the OWA and RPC configuration wizard is run, then additional virtual directories are created.)
Create the ExchangeServers.txt file. This file contains the IP addresses of all the RPC target Exchange Servers that will connect to the Enterprise Vault server. ExchangeServers.txt file Create and configure an account to be used for anonymous connections. Configuring an anonymous user account for RPC over HTTP Using the Enterprise Vault Administration Console, enable RPC over HTTP in Enterprise Vault mailbox policies. Configuring RPC over HTTP in Enterprise Vault Exchange Mailbox Policy
ExchangeServers.txt file
First, you need to create the ExchangeServers.txt file on the Enterprise Vault server. This holds a list of the IP addresses for all the RPC target Exchange Servers that will connect to the Enterprise Vault server.
270
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
1 2
Open Notepad. Type the IP address of each RPC target Exchange Server (that is, the Exchange virtual server IP address), one entry per line. If the RPC target Exchange Servers are clustered, enter the Virtual Server IP addresses first and then add the cluster IP address and the IP addresses of each node.
3 4
Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.
Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account must not belong to any administrative group. If you have an existing anonymous user account, and it is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.
2 3
Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder.
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
271
The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type:
cscript owauser.wsf /?
The progress of the script execution is displayed in the command prompt window. The owauser.wsf script sets up the following on the Enterprise Vault server:
Creates (or updates) the virtual directory, EVAnon, that points to the Enterprise Vault\WebApp folder and gives access permissions to the anonymous user. Access to EVAnon is also granted to the RPC target servers. You can check this by displaying the properties of the EVAnon virtual directory, selecting the Directory Security tab and clicking Edit in the IP address and domain name restrictions section. Creates (or updates) the following two Registry values:
HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser
272
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVANONUSER.
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Install \OwaWebAppAlias
The value of this setting is the name of the virtual directory for anonymous connections, EVAnon.
To complete the configuration, you need to restart the Enterprise Vault Admin service and synchronize the mailboxes of RPC users.
If required, you can now customize RPC over HTTP settings in the Enterprise Vault Exchange Mailbox Policy.
1 2 3 4 5
In the left pane of the Administration Console, expand the hierarchy until Policies is visible. Expand Policies. Expand Exchange. Click Mailbox. In the right-hand pane, double-click the name of the policy you want to edit. The policys properties are displayed.
6 7 8
Click the Advanced tab. Next to List settings from, select Outlook. Edit the following settings as required. Double-click a setting to edit it, or click it once to select it and then click Modify.
RPC over HTTP restrictions. By default RPC over HTTP access is disabled (Disable User Extensions). Configure the functionality required in Outlook by selecting one of the other values:
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
273
None Disable User Extensions Disable Offline Vault only Disable PST Import only
All Enterprise Vault client functionality is available. RPC over HTTP working is not enabled in the Enterprise Vault Add-Ins. This is the default value. Offline Vault is disabled.
Client-side PST migration is disabled. Note that currently you cannot client-side PST migration to migrate PST files that reside on mapped network drives when using an RPC client, even if this setting is enabled. Offline Vault and client-side PST migration are disabled.
RPC over HTTP connection enables you to configure clients to connect directly to the Enterprise Vault server for Archive Explorer and archive search requests. This can be set even if you have an ISA Server configured; in this situation you must publish the Enterprise VaultWeb Access URL to clients on the ISA Server. RPC over HTTP Proxy URL enables you to specify an alternative URL for the Enterprise Vault Web server that clients can contact when Outlook is configured to use RPC over HTTP. By default, clients connect to the virtual directory, EnterpriseVaultProxy, on the RPC proxy server. If you change the name of this virtual directory, then you can use this setting to specify the alternative URL. For example, if you change the virtual directory name to EVProxy, then you would use the RPC over HTTP Proxy URL setting to specify the URL:
HTTP://Web_server/EVProxy
The settings are applied to users' mailboxes during the next synchronization run of the Exchange Mailbox task. If you want to apply the changes before the next synchronization, run Synchronize, which is on the Synchronization tab of the Exchange Mailbox tasks properties. over HTTP.
10 Remember that Outlook 2003 users will require a profile enabled for RPC
274
Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Chapter
27
About configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters OWA: Enterprise Vault Extensions in an active/active Microsoft cluster RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters RPC over HTTP: Configuring Enterprise Vault Extensions in an active/active Microsoft cluster Configuring Enterprise Vault OWA and RPC Extensions on VCS
276
Configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations
This section provides additional information on installing the Enterprise Vault OWA and RPC 2000 and 2003 Extensions on clustered back-end Exchange Servers. We recommend that you read the information given here before installing and configuring the extensions on the individual Exchange Servers. As the Enterprise Vault OWA 2007 Extensions are installed on Exchange 2007 CAS servers, which typically use load balancing, not clustering, the information in this section does not apply to Enterprise Vault OWA 2007 Extensions.
Shared Disk
NODEB (passive)
There is one Exchange Virtual Server, called EVS1, which can run on either node. As it is currently running on NODEA, this is the active node. If a problem occurs on this node, EVS1 will failover to NODEB, which then becomes the active node. Mailbox and public folder information stores and registered forms are held on the shared disks. The configuration information for the Exchange Virtual Server is held in Active Directory. In a basic active/passive configuration, there is one standby node for each active node. N+1 clusters are similar to active/passive configurations in that there is a standby (passive) node to which applications on an active node can failover. However, in an N+1 configuration, the passive node is standby for multiple active nodes. In Figure 27-2, NODEC is the standby node for NODEA and NODEB.
Configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations
277
Figure 27-2
N+1 configuration
Shared Disk
NODEC (passive)
Shared Disk
The Exchange Virtual Server, EVS1, can run on either NODEA or NODEC. The Exchange Virtual Server, EVS2, can run on either NODEB or NODEC. Figure 27-3 illustrates an alternative N+1 configuration, in which any of the nodes can act as standby for either of the Exchange Virtual Servers.
278
Configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations
Figure 27-3
NODEB
NODEC
Each of the Exchange Virtual Servers, EVS1 and EVS2, can run on NODEA, NODEB or NODEC. Figure 27-4 illustrates an active/active configuration.
Configuring OWA and RPC Extensions in clustered configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters
279
Figure 27-4
Active/active configuration
NODEA EVS1 (active)
Note that Microsoft does not recommend active/active configurations. In these configurations there are no passive standby nodes; if the Exchange Virtual Server, EVS1, fails over, then both Exchange Virtual Servers will be running on NODEB, which could cause performance issues. When configuring Enterprise Vault OWA and RPC Extensions for clustered environments, the extensions must be installed and configured on each node on which the Exchange Virtual Server can run. Additional information on installing the extensions in active/passive and active/active clustered environments is given in the following sections.
280
Configuring OWA and RPC Extensions in clustered configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters
See Configuring Enterprise Vault access for OWA 2003 users on page 237. See Configuring Enterprise Vault access for OWA 2000 users on page 246. Figure 27-5 shows the location of the various virtual directories and configuration data used by the Enterprise Vault OWA 2003 and OWA 2000 Extensions. Figure 27-5 Detail of OWA 2003 and OWA 2000 Extensions configuration
Domain Controller Virtual directories in configuration for EVS1 in Active Directory: Exchange Public EnterpriseVaultExchange EnterpriseVaultPublic Enterprise Vault server Configuration includes: EVAnon virtual directory ExchangeServers.txt (with IP addresses for Node A, Node B, EVS1)
Microsoft Cluster
Shared disks
On both Node A and Node B: Microsoft Exchange Server binaries Enterprise Vault OWA Extensions Proxy bypass list IIS Virtual directories (configured in IIS): EVOWA EnterpriseVaultProxy (OWA 2003 only)
Configuring OWA and RPC Extensions in clustered configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters
281
Register forms for the OWA Extensions against the Exchange Virtual Server mailbox and public information stores. Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:
EnterpriseVaultExchange EnterpriseVaultPublic
Create the following IIS virtual directories on the active node computer:
Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.
If you examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, after the configuration wizard has run, you will see the lines detailing the mailbox and public folder forms registration.
Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:
EnterpriseVaultExchange EnterpriseVaultPublic
Create the following IIS virtual directories on the passive node computer:
Populate the Proxy bypass list on the passive node computer from the file, Enterprise Vault\OWA\EVServers.txt.
282
Configuring OWA and RPC Extensions in clustered configurations OWA: Enterprise Vault Extensions in an active/active Microsoft cluster
Note that forms registration is only performed when you run the Enterprise Vault OWA configuration wizard on the active node. If you examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, after the configuration wizard has run on the passive node, you will not see any forms registration lines.
that will contact the Enterprise Vault server. When configuring this file for clustered Exchange Virtual Server configurations, the file must include all the IP addresses of the Exchange Virtual Servers that will access the Enterprise Vault server, and all the IP addresses of the physical computers (nodes) on which the Exchange Virtual Servers can run.
Register the Enterprise Vault OWA forms against the mailbox and public stores in the Exchange Virtual Server.
Configuring OWA and RPC Extensions in clustered configurations OWA: Enterprise Vault Extensions in an active/active Microsoft cluster
283
Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:
EnterpriseVaultExchange EnterpriseVaultPublic
Create the following IIS virtual directories on the active node computer:
Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.
If you examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, after the configuration wizard has run, you will see the lines detailing the mailbox and public folder forms registration. When you then run the Enterprise Vault OWA configuration wizard on the other active node, it performs the following tasks for the Virtual Exchange Server associated with that node:
Registers the Enterprise Vault OWA forms against the mailbox and public stores in the Exchange Virtual Server. Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:
EnterpriseVaultExchange EnterpriseVaultPublic
Create the following IIS virtual directories on the active node computer:
Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.
When you install and configure the OWA Extensions on the second active node in the cluster, warning messages in the log file will indicate that the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories already exist. As these virtual directories were created when you configured the OWA Extensions on the first node, you can ignore these warning messages.
284
Configuring OWA and RPC Extensions in clustered configurations RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters
RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters
Enterprise Vault RPC Extensions are supported on clustered RPC target Exchange Virtual Servers (Exchange Server 2003). In active/passive Exchange Virtual Server cluster configurations, you must install the Exchange 2003 Back-end Extensions (OWA & RPC) on both active and passive nodes; you can install them on either an active or passive node first. See About configuring RPC over HTTP access on page 261. Figure 27-6 shows the location of the various virtual directories and configuration data used by the extensions.
Configuring OWA and RPC Extensions in clustered configurations RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters
285
Figure 27-6
Microsoft cluster
Node A (active)
Node B (passive)
Shared Disks
Information stores and registered forms On both Node A and Node B: Microsoft Exchange Server binaries Enterprise Vault OWA & RPC Extensions Proxy bypass list IIS Virtual directories (configured in IIS): EVOWA EnterpriseVaultProxy
Create the following IIS virtual directories on the active node computer:
EntepriseVaultProxy EVOWA
286
Configuring OWA and RPC Extensions in clustered configurations RPC over HTTP: Configuring Enterprise Vault Extensions in an active/active Microsoft cluster
Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.
Create the following IIS virtual directories on the passive node computer:
EnterpriseVaultProxy EVOWA
Populate the Proxy bypass list on the passive node computer from the file, Enterprise Vault\OWA\EVServers.txt.
Servers that will contact the Enterprise Vault server. When configuring this file for clustered Exchange Virtual Server configurations, the file must include all the IP addresses of the Exchange Virtual Servers that will access the Enterprise Vault server, and all the IP addresses of the physical computers (nodes) on which the Exchange Virtual Servers can run.
RPC over HTTP: Configuring Enterprise Vault Extensions in an active/active Microsoft cluster
Although Enterprise Vault RPC Extensions are supported in active/active clustered Exchange Virtual Server configurations, such configurations are not recommended by Microsoft and should be avoided, wherever possible. In an active/active configuration, it does not matter which node you install the Enterprise Vault Extensions on first.
Configuring OWA and RPC Extensions in clustered configurations Configuring Enterprise Vault OWA and RPC Extensions on VCS
287
Running the Enterprise Vault RPC configuration wizard on the first active node will perform the following tasks:
Create the following IIS virtual directories on the active node computer:
EnterpriseVaultProxy EVOWA
Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.
Examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, for any errors. When you then run the Enterprise Vault RPC configuration wizard on the other active node, it performs the following tasks for the Virtual Exchange Server associated with that node:
Create the following IIS virtual directories on the active node computer:
EnterpriseVaultProxy EVOWA
Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.
288
Configuring OWA and RPC Extensions in clustered configurations Configuring Enterprise Vault OWA and RPC Extensions on VCS
To install and configure the Enterprise Vault OWA and RPC Extensions
1 2
Install the appropriate Enterprise Vault OWA and RPC Extensions on all nodes that could host the Exchange Virtual Server. Run the appropriate Enterprise Vault configuration wizard for the extensions on each Exchange Virtual Server node, while it is the active node. This means that you must run the configuration wizard on the active node, fail over the Exchange Virtual Server to the passive node, and then run the configuration wizard on that node. Repeat this process for all nodes that could host the Exchange Virtual Server.
On the Enterprise Vault server, the ExchangeServers.txt file must include all the IP addresses of the Exchange Virtual Servers that will access the Enterprise Vault server, and all the IP addresses of the physical computers (nodes) on which the Exchange Virtual Servers can run.
Chapter
28
Uninstalling OWA 2007 Extensions Uninstalling OWA 2000 and 2003 Extensions
290
How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions
Run the Enterprise Vault OWA Extensions scripts, using the /remove switch, on front-end and back-end OWA 2003 Servers to remove virtual directories, forms registration and Proxy Bypass list configuration. See OWA 2003: Removing OWA virtual directories, forms registration and Proxy Bypass List on page 290. On front-end and back-end OWA 2003 Servers, restore the original OWA control files. See OWA 2003: Restoring OWA control files on page 292. On front-end and back-end OWA 2003 Servers, complete the removal of the Enterprise Vault OWA Extensions using Add/Remove Programs in the Control Panel, and then manually remove configuration and log files. See OWA 2003: Completing the removal of the OWA Extensions on page 293.
Run the Enterprise Vault OWA Extensions scripts, using the /remove switch, on back-end OWA 2000 Servers to remove virtual directories, forms registration and Proxy Bypass list configuration. See OWA 2000: Removing OWA virtual directories, forms registration and Proxy Bypass List on page 293. On front-end OWA 2000 Servers, the OWA Extensions are installed but not configured, so you run the removal script on back-end OWA 2000 Servers only. On front-end and back-end OWA 2000 Servers, complete the removal of the Enterprise Vault OWA Extensions using Add/Remove Programs in the Control Panel and then manually remove configuration and log files. See OWA 2000: Completing the removal of the OWA Extensions on page 295.
OWA 2003: Removing OWA virtual directories, forms registration and Proxy Bypass List
To remove the virtual directories, form registrations, and Proxy Bypass List that are created by the Enterprise Vault OWA Extensions configuration wizard, you need to run some Enterprise Vault scripts from the command line.
How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions
291
To remove the virtual directories and form registrations on front-end OWA 2003 servers
1 2
Open a Command Prompt window. Enter the following command on a single line:
C:\Program Files\Enterprise Vault\OWA>cscript FrontEnd2003Setup.wsf /remove
This deletes the virtual directory, EnterpriseVaultProxy, and the Proxy Bypass List. To remove the virtual directories, form registrations, and Proxy Bypass List on back-end OWA 2003 servers
1 2
Open a Command Prompt window. Enter on a single line the appropriate command for the server:
C:\Program Files\Enterprise Vault\OWA>cscript Backend2003Setup.wsf /remove
In an active/passive OWA 2003 cluster, run this command on the active node first, and then run it on the passive node. This deletes all the Enterprise Vault OWA virtual directories (EnterpriseVaultProxy, EnterpriseVaultPublic, EnterpriseVaultExchange, EVOWA), forms registrations, and Proxy Bypass List.
1 2 3
On the domain controller, open Exchange System Manager and select the required Exchange Server. Expand Protocols, HTTP folders. Select the name of the required Exchange Virtual Server. EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories should not be listed in the right-hand pane.
292
How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions
To ensure that the EnterpriseVaultProxy virtual directory has been removed from the front-end OWA 2003 Server
1 2
On the front-end OWA Server, open IIS Manager. Expand the required Web site and check that the EnterpriseVaultProxy virtual directory has been removed.
To ensure that EntepriseVaultProxy and EVOWA virtual directories have been removed from the back-end OWA 2003 Server
1 2
On the back-end OWA Server, open IIS Manager. Check that the EntepriseVaultProxy and EVOWA virtual directories have been removed. In a cluster environment, after running the removal script on the passive node, you may still see the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories in IIS. These will be removed when the Exchange Server synchronizes IIS and Active Directory configuration data.
To check that the Proxy Bypass List has been cleared, do the following on the front-end and back-end OWA 2003 Servers
1 2
The Enterprise Vault OWA entries should not be displayed. If these were the only entries, then nothing will be displayed.
On front-end and back-end OWA 2003 Servers only, copy the OWA control files from the folder C:\Program Files\Exchsrvr\exchweb\6.5.nnnn.n\Controls-originals to their original location:
C:\Program Files\Exchsrvr\exchweb\6.5.nnnn.n\Controls
You can then remove manually the Enterprise Vault controls folder:
C:\Program Files\Exchsrvr\exchweb\6.5.nnnn.n \Controls-originals copied by Enterprise Vault
How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions
293
When all the Enterprise Vault virtual directories, form registrations and Proxy Bypass List have been removed, select and remove the Enterprise Vault OWA Extensions in Add/Remove Programs in the Control Panel on front-end and back-end OWA 2003 Servers. You can then remove manually the following files on front-end servers:
C:\Program Files\Enterprise Vault\OWA\EVfrontend.ini C:\Program Files\Enterprise Vault\OWA\ Frontend2003setup.wsf.log
You can also remove manually the following files on back-end servers:
C:\Program Files\Enterprise Vault\OWA\ EVbackend.ini C:\Program Files\Enterprise Vault\OWA\Backend2003setup.wsf.log C:\Program Files\Enterprise Vault\OWA\EVservers.txt
OWA 2000: Removing OWA virtual directories, forms registration and Proxy Bypass List
To remove the virtual directories, form registrations and Proxy Bypass List that are created by the Enterprise Vault OWA Extensions configuration wizard, you need to run the following Enterprise Vault scripts from the command line. On back-end OWA 2000 Servers, run the following command. In an active/passive OWA 2000 cluster, run this command on the active node first, and then run it on the passive node.
294
How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions
To remove the OWA virtual directories, form registrations and Proxy Bypass List
1 2
Open a Command Prompt window. Enter on a single line the appropriate command for the server:
C:\Program Files\Enterprise Vault\OWA>cscript Backend2000Setup.wsf /remove
This deletes all the Enterprise Vault OWA virtual directories (EnterpriseVaultPublic, EnterpriseVaultExchange, EVOWA), forms registrations and Proxy Bypass List. As the OWA Extensions are installed but not configured on front-end OWA 2000 Servers, you do not need to run a removal script on these servers.
1 2 3
On the domain controller, open Exchange System Manager and select the required Exchange Server. Expand Protocols, HTTP folders. Select the name of the required Exchange Virtual Server. EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories should not be listed in the right-hand pane. In a cluster environment, after running the removal script on the passive node, you may still see the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories in IIS. These will be removed when the Exchange Server synchronizes IIS and Active Directory configuration data.
To ensure that EVOWA virtual directory has been removed from the back-end OWA 2000 Server
1 2
On the back-end OWA Server, open IIS Manager. Check that EVOWA virtual directory has been removed. In a cluster environment, after running the removal script on the passive node, you may still see the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories in IIS. These will be removed when the Exchange Server synchronizes IIS and Active Directory configuration data.
How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions
295
To check that the Proxy Bypass List has been cleared, do the following on back-end OWA 2000 Servers
1 2 3
Ensure that the proxycfg utility is on the C drive. Open a command prompt window. Enter the command:
C:\Proxycfg
The Enterprise Vault OWA entries should not be displayed. If these were the only entries, then nothing will be displayed.
When all the Enterprise Vault virtual directories, form registrations and Proxy Bypass List have been removed, select and remove the Enterprise Vault OWA Extensions in Add/Remove Programs in the Control Panel on front-end and back-end OWA 2000 Servers. On front-end servers this will remove the following folder and its contents:
C:\Program Files\Enterprise Vault\OWA
On back-end servers, you can then remove manually the following files:
C:\Program Files\Enterprise Vault\OWA\EVbackend.ini C:\Program Files\Enterprise Vault\OWA\ Backend2000setup.wsf.log C:\Program Files\Enterprise Vault\OWA\EVservers.txt
296
How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions
Chapter
29
Using ISA Server with Enterprise Vault Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Configuring ISA Server 2006 to provide OWA 2007 access to Enterprise Vault. Configuring ISA Server 2004 to provide OWA 2003 access to Enterprise Vault. Configuring ISA Server 2006 to provide Exchange Server 2007 RPC over HTTP (Outlook Anywhere) access to Enterprise Vault.
298
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault
Configuring ISA Server 2004 to provide Exchange Server 2003 RPC over HTTP access to Enterprise Vault.
Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault
Microsoft ISA Server 2006 can be used to secure access to OWA 2007 servers by using Web publishing rules to make Exchange 2007 OWA Web site available on the Internet. Figure 29-1 shows how ISA Server 2006 can provide access to Enterprise Vault. In addition to publishing the OWA 2007 Web site, you also need to publish to clients the Enterprise Vault Web Access application. This is because Archive Explorer and archive search client requests attempt to connect to the Enterprise Vault server directly. Figure 29-1 Access to Enterprise Vault using ISA Server 2006
See the following articles for detailed instructions on how to configure ISA Server 2006: http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx#client http://www.isaserver.org/tutorials/Using-2006-ISA-Firewall-RC-Publish-OWA-Sites-Part1.html
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
299
http://www.isaserver.org/tutorials/Using-2006-ISA-Firewall-RC-Publish-OWA-Sites-Part2.html
Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
Microsoft ISA Server 2004 can be used to secure access to OWA 2003 servers by using Web publishing rules (reverse proxy), to make front-end servers available on the Internet. Figure 29-2 shows how ISA Server 2004 can provide access to Enterprise Vault. Figure 29-2 Access to Enterprise Vault using ISA Server 2004
See Configuring access using OWA basic authentication on page 299. See Configuring access using OWA forms-based authentication on page 302.
300
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
Prerequisites
Install and configure the Enterprise Vault OWA 2003 Extensions. See Configuring Enterprise Vault access for OWA 2003 users on page 237. Ensure that a suitable Certification Authority (CA) certificate has been installed on the front-end OWA server, and imported onto the ISA Server 2004.
Configuration steps
Perform the steps described in this section to configure access for OWA basic authentication users. To enable OWA basic access to archived items
1 2 3 4 5
Logon to the ISA Server 2004 computer as a local administrator with permissions to configure the ISA Server. Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click the Firewall Policy node. In the right-hand task pane, click the Tasks tab and then click Publish a Mail Server. On the Welcome to the New Mail Server Publishing Rule Wizard page, enter a name for the rule in the Mail Server Publishing Rule name box. For example, OWA Basic (External to Internal). Click Next. On the Select Access Type page, select Web client access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync. Click Next. On the Select Services page, select Outlook Web Access and click Next. On the Bridging Mode page, select Secure connection to clients and mail server, and click Next. On the Specify the Web Mail Server page, enter the name of the front-end OWA server (as identified to the internal network) in the Web mail server box. Alternatively, you can enter the common name of the CA certificate on the front-end OWA server. This is the Issued to name in the certificate. Click Next.
6 7 8 9
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
301
10 On the Public Name Details page, enter the name that external users will use
to access the OWA site in the Public name box. This must match what is specified in the external DNS entry. Alternatively, select Accept requests for any domain name in the drop-down box. Click Next.
11 On the Select Web Listener page, click New to create a new Web listener.
(This step assumes that no Web listener exists yet.)
12 On the Welcome to the New Web Listener Wizard page, enter a name for the
listener in the Web listener name box. For example, External443. Click Next.
13 On the IP Addresses page, select the External check box. Click Next. 14 On the Port Specification page, clear the Enable HTTP check box, and then
perform the following steps in the order listed:
Select Enable SSL. Click Select. In the Select Certificate dialog box, click the Web site certificate (front-end OWA server), and click OK. Click Next on the Port Specification page.
15 Click Finish on the Completing the New Web Listener Wizard page. 16 Click Edit on the Select Web Listener page, and then perform the following
steps in the order listed:
Select the Preferences tab. In the Web Listener dialog box, click Authentication. In the Authentication dialog box, clear the Integrated check box. Click OK in the prompt dialog. Select the Basic check box. Click Yes in the dialog box informing you that you should use SSL. Click OK in the Authentication dialog box.
17 Click Apply and then click OK in the Web Listener dialog box. 18 Click Next on the Select Web Listener page. 19 On the User Sets page, accept the default setting, All Users, and click Next. 20 Click Finish on the Completing the New Mail Server Publishing Rule Wizard
page.
21 Right-click the newly created rule in the main Firewall Policy pane of the
Microsoft Internet Security and Acceleration Server 2004 management console, and click Properties.
302
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
22 In the Properties dialog box, click the Paths tab, and then perform the
following steps in the order listed:.
Click Add. In the Path mapping dialog box, enter the value /EnterpriseVaultProxy/* in the box Specify the folder on the Web site that you want to publish. (If you want to publish the entire Web site, leave this box blank.) Select Same as published folder. Click OK.
23 Click Apply and then click OK in the Properties dialog box. 24 Click Apply to save the changes and update the firewall policy. 25 Click OK in the Apply New Configuration dialog box.
Install ISA Server 2004 Service Pack 2. Request the Microsoft hotfix, KB924410, from Microsoft Product Support Services. To apply this hotfix, you need to run a script to add URLs to an exclusion list. Add the following URL using the script:
ViewMessage.asp;
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
303
Configuration steps
After you have installed and configured on ISA Server 2004 the prerequisite software and settings, perform the steps described in this section to configure access for OWA forms-based authentication users. To enable OWA FBA access to archived items
1 2 3 4 5
Logon to the ISA Server 2004 computer as a local administrator with permissions to configure the ISA Server. Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click the Firewall Policy node. In the right-hand task pane, click the Tasks tab and then click Publish a Mail Server. On the Welcome to the New Mail Server Publishing Rule Wizard page, enter a name for the rule in the Mail Server Publishing Rule name box. For example, OWA FBA (External to Internal). Click Next. On the Select Access Type page, select Web client access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync. Click Next. On the Select Services page, select Outlook Web Access and click Next. On the Bridging Mode page, select Secure connection to clients and mail server, and click Next. On the Specify the Web Mail Server page, enter the name of the front-end OWA server (as identified to the internal network) in the Web mail server box. Alternatively, you can enter the common name of the CA certificate on the front-end OWA server. This is the Issued to name in the certificate. Click Next.
6 7 8 9
10 On the Public Name Details page, enter the name that external users will use
to access the OWA site in the Public name box. This must match what is specified in the external DNS entry. Alternatively, select Accept requests for any domain name in the drop-down box. Click Next.
11 On the Select Web Listener page, click New to create a new Web listener.
(This step assumes that no Web listener exists yet.)
304
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
12 On the Welcome to the New Web Listener Wizard page, enter a name for the
listener in the Web listener name box. For example, External443. Click Next.
13 On the IP Addresses page, select the External check box. Click Next. 14 On the Port Specification page, clear the Enable HTTP check box, and then
perform the following steps in the order listed:
Select Enable SSL. Click Select. In the Select Certificate dialog box, click the Web site certificate (front-end OWA server), and click OK. Click Next on the Port Specification page.
15 Click Finish on the Completing the New Web Listener Wizard page. 16 Click Edit on the Select Web Listener page, and then perform the following
steps in the order listed:
Select the Preferences tab. In the Web Listener dialog box, click Authentication. In the Authentication dialog box, clear the Integrated check box. Click OK in the prompt dialog. Select the OWA Forms-Based check box. Click Yes in the dialog box informing you that you should use SSL. Click OK in the Authentication dialog box.
17 Click Apply and then click OK in the Web Listener dialog box. 18 Click Next on the Select Web Listener page. 19 On the User Sets page, accept the default setting, All Users, and click Next. 20 Click Finish on the Completing the New Mail Server Publishing Rule Wizard
page.
21 Right-click the newly created rule in the main Firewall Policy pane of the
Microsoft Internet Security and Acceleration Server 2004 management console, and click Properties.
22 In the Properties dialog box, click the Paths tab, and then perform the
following steps in the order listed:
On the Paths tab, click the Add button. In the Path mapping dialog box, enter the value /EnterpriseVaultProxy/* in the box Specify the folder on the Web site that you want to publish. (If you want to publish the entire Web site, leave this box blank.)
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault
305
23 Click Apply and then click OK in the Properties dialog box. 24 Click Apply to save the changes and update the firewall policy. 25 Click OK in the Apply New Configuration dialog box.
Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault
Microsoft ISA Server 2006 can be used to secure RPC over HTTP access to Exchange 2007 Servers by using Web publishing rules to make the RPC Web site available on the Internet. To configure the ISA 2006, you need to perform the following tasks:
Configure an RPC firewall policy that publishes the \rpc virtual directory on your Exchange 2007 CAS server through ISA Server 2006. Configure on your ISA Server 2006 an Enterprise Vault firewall policy that publishes the \EnterpriseVault virtual directory on your Enterprise Vault server.
The following Microsoft article provides detailed instructions on how to configure ISA Server 2006 for Exchange Server 2007 RPC over HTTP connections: http://support.microsoft.com/kb/884506
Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Microsoft ISA Server 2004 can be used to secure access to RPC Exchange Servers by using Web publishing rules (reverse proxy), to make RPC proxy servers available on the Internet. To configure the ISA 2004, you need to perform the following tasks:
Configure an RPC firewall policy that publishes the \rpc virtual directory on your RPC proxy server through ISA Server 2004. See Configuring an RPC firewall policy on page 306. Configure an Enterprise Vault firewall policy that publishes the \EnterpriseVaultProxy virtual directory on your RPC proxy server through ISA Server 2004.
306
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault
1 2 3 4 5
On the Firewall Policy page in the ISA Server Management console, right-click the RPC over HTTP rule that you have created and select Properties. Click the Bridging tab. Ensure that Redirect requests to SSL port : 443 is selected. Click Apply and the OK. Click Apply, to save the changes and update the firewall policy. Click OK in the Apply new configuration dialog.
1 2 3
In the ISA Server Management console, expand the server name and click the Firewall Policy node. In the task pane, click the Tasks tab and then click Publish a Web Server. On the Welcome to the New Web Publishing Rule Wizard page, enter a name for the rule in the Web Publishing Rule name text box. For example, EnterpriseVaultProxy. Click Next. On the Select Rule Type page, select Allow as the action to take when rule conditions are met. Click Next.
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault
307
5 6 7 8
On the Define Website to Publish page, enter the computer name or IP address of the RPC proxy Exchange Server. Select Forward the original host header instead of the actual one. Enter /EnterpriseVaultProxy/* in the Path box. Click Next. On the Public Name Details page, enter the name that external users will use to access the RPC Web site in the Public name box. This must match what is specified in the external DNS entry. Alternatively, select Any domain name in the Accept requests for box and click Next. On the Select Web Listener page, in the Web listener box, select the listener that you created earlier, when you configured the RPC firewall policy. Click Next.
10 On the User Sets page, accept the default value, All Users, and click Next. 11 On the Completing the New Mail Server Publishing Rule Wizard page, click
Finish.
12 Click Apply to save the changes and update the firewall policy. 13 In the Apply New Configuration dialog box, click OK.
308
Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Section
Setting up Domino mailbox archiving Setting up Vault Cache Setting up Domino Journaling archiving
310
Chapter
30
About Domino mailbox archiving Preparation for Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault Installing Enterprise Vault extensions for Lotus Notes and DWA clients Editing automatic messages Enabling mailboxes for archiving
312
Figure 30-1
Archiving an item
mail files Enterprise Vault Enterprise Vault Domino Gateway Domino Server Lotus Notes
Store Enterprise Vault Server Enterprise Vault Admin and Directory Services
Figure 30-2 illustrates the process when viewing or restoring an archived item.
313
Figure 30-2
mail files Enterprise Vault Enterprise Vault Domino Gateway Domino Server Lotus Notes Restore
Partition
Enterprise Vault Extension Manager, which is installed by Enterprise Vault on the Enterprise Vault Domino Gateway provides the main functionality of the Enterprise Vault Domino Gateway. This is a server side extension that processes
314
requests from Lotus Notes and DWA clients before passing them on to Enterprise Vault. In order for the extension manager to have unrestricted access to Enterprise Vault data, the Domino server must run under the Vault Service account.
Checked that software prerequisites are satisfied. See Prerequisite software for Enterprise Vault Domino Gateway on page 72. Installed and configured Domino server on the Enterprise Vault Domino Gateway computer. See Pre-installation tasks for Domino mailbox archiving on page 73. Installed Enterprise Vault and run the configuration wizard. See Installing Enterprise Vault on page 111.
Enterprise Vault installs the following mail template and database files in the Domino data directory:
The Enterprise Vault configuration wizard edits the notes.ini file in the Domino program directory. This file should then contain the following entries:
ExtMgr_Addins=EvDominoEM.dll ServerTasks= ... ,EVDominoHouseKeeping
315
Now start the Domino server on the Enterprise Vault Domino Gateway. If the Enterprise Vault Directory Service is running, the following lines are displayed in the console during start-up:
Symantec Enterprise Vault Extension Manager: SERVER ... EV Housekeeping: Initialization complete. Symantec Enterprise Vault Extension Manager: HTTP
1 2 3 4 5 6
Log on to the Enterprise Vault Domino Gateway computer using the Vault Service account. Start the Enterprise Vault Administration Console. Expand the tree and right-click the Directory container. Select Properties. In the Properties window, select the Domino Web Application Account tab. In the Account box, select the Domino Web Application account.
316
7 8
Enter and confirm the password for the account. Click OK. The EnterpriseVaultDomino virtual directory is created and Anonymous access is granted automatically to the account specified.
On a computer that is not a domain controller, open Local Security Policy in Administrative Tools. On a domain controller, open Domain Controller Security Policy. Click Local Policies > User Rights Assignment. The following permissions should be set: Access this computer from the network (SeNetworkLogonRight). Bypass traverse checking (SeChangeNotifyPrivilege). Log on as a batch job (SeBatchLogonRight). Allow log on locally (SeInteractiveLogonRight).
2 3
The following registry value is also created containing the anonymous account; this ensures that only this user can obtain a list of archives accessible by a Domino User:
HKEY_CURRENT_USER\Software\KVS\Enterprise Vault\AnonymousUser
HKEY_CURRENT_USER is the Vault Service account. The value of this setting is the full name, including the Windows domain, of the anonymous user, for example, mydomain\DomAnonUser.
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
317
Check that the list of Domino forms available is correct for the items that you want to archive from mailboxes. Add the target Domino domain. Add the Domino servers hosting the mailboxes to be archived. Optionally, Domino Provisioning and Mailbox tasks can be added when you add the first target Domino server in the Administration Console. Configure Domino mailbox policies, to define how Enterprise Vault archives target Domino server mailboxes. Configure Domino desktop policies, to control the Enterprise Vault functionality available in the Lotus Notes client. Check the Enterprise Vault site settings. Create provisioning groups for the target mailboxes.
1 2 3 4 5
Start Enterprise Vault Administration Console. Expand the tree and right-click the Directory container. Select Properties. In the Properties window, select the Domino Forms tab. Ensure the list includes all the required forms for the types of documents to be archived. If necessary, use Add to add forms to the list.
318
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
1 2
In the left pane of the Administration Console, expand the Targets container. Right-click Domino and, on the shortcut menu, click New and then Domino Domain. The New Domino Domain wizard starts.
Work through the wizard. You will be asked for the following information:
The name and password for the ID file that will be used to access Domino domain. This will typically be the ID of the Domino archiving user that you created. The fully-distinguished name of any Domino server in the domain that you are adding.
The Domino domain is then added to the Enterprise Vault directory and displayed in the tree. You can now add the Domino mail servers that you want Enterprise Vault to archive.
1 2 3 4
In the left pane of the Administration Console, expand the Targets container. Expand Domino. Expand the Domino domain to which you want to add a server. Right-click the Domino server container and on the shortcut menu, click New and then Domino Server. The New Domino Server wizard starts.
Work through the wizard. This wizard enables you to select the following:
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
319
The Domino Server that you want to archive. In the wizard, the drop-down box under Select the Domino server from which you want to archive lists all the Domino servers in the domain. Cluster options. If the server you are adding is in a Domino cluster, you can choose to add all servers in the cluster to the Enterprise Vault Site. Additionally, you can set the server you are adding to be the preferred server. The archiving task uses the preferred server when archiving from mailboxes, when possible. A mailbox that is on a different server must be replicated to this preferred server in order for the archiving task to be able to archive using this server. If a mailbox is not replicated to this preferred server, the task archives from the server that hosts the mailbox. The Enterprise Vault tasks that you want created. If preferred, you can add these after adding the Domino mail server. There can be only one Domino Mailbox task on an Enterprise Vault server. There must be one (and only one) Domino Provisioning task for each Domino domain. If the tasks are to be created on a different Enterprise Vault server in the site, you will need the name of the Enterprise Vault server. The ID and password to be used to access the Domino mail server, if this is different from the ID used to access the domain. Typically, this will be the ID of the Domino archiving user that you created. See User ID for Domino mailbox archiving on page 76.
1 2 3
Expand your Enterprise Vault site. Click Policies > Domino > Mailbox. Right-click Default Domino Mailbox Policy in the right pane and select Properties. You can modify the properties of this policy, as required, and also create new policies.
320
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
1 2 3 4
In the Administration Console, expand your Enterprise Vault site and then click Policies > Domino > Mailbox. Right-click the Mailbox container and select New > Policy to launch the new policy wizard. The new policy is displayed in the right pane. To adjust the policy properties, right-click the policy and select Properties.
General tab
Table 30-1 lists the settings on the General tab. These settings provide a name and description for the policy. Table 30-1 Setting
Name Description
Default value
None. None.
Default value
2 weeks
Large items
Whether to archive larger items Not selected. before smaller items and, if so, the minimum size of the items that are given priority.
Archiving strategy Strategy for archiving the Items that have not been modified remaining items. This is based on for 6 months are archived. the period of time since an item was modified.
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
321
Domino mailbox policy Archiving Rules tab settings (continued) Description Default value
Not selected.
Archive messages Archive an item only if it has an with attachments attachment, assuming all other only archiving criteria are met. Note that this is not the same as archiving attachments only. Archive encrypted Archive messages that are messages encrypted. Note that Enterprise Vault cannot index encrypted messages. This means that it cannot display the body of an archived encrypted message, and users will not be able to find or view the body text when performing browser searches. However, users can view an encrypted message that is retrieved or restored from its shortcut, as normal.
Not selected.
Default value
Selected.
Create shortcut to After it has been archived, the archived item after item in the mailbox is replaced archiving with a shortcut. Archive unread items
Selected.
Archive mailbox items even if they Not selected. have not yet been read.
322
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
Default value
Shortcuts include recipient information.
Shortcut body
How much of the message body to None. store in shortcuts. Regardless of the setting value, the full message, with attachments, are still stored in the archive. None. None of the message text is stored in the shortcut. Use message body. Shortcuts contain all of the message body text, but no attachments. Customize. Select the amount of text and links that you want included in shortcuts. See Using customized shortcuts on page 323.
Whether double-clicking a Show contents. shortcut displays the contents of the original item or the properties of the shortcut.
The file LotusShortcutText.txt is required if you configure customized shortcuts. You can also use this file to process standard shortcuts for untitled attachments. See Using customized shortcuts on page 323.
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
323
Forms tab
The list shows the types of items that will be archived when the policy is applied. Select or clear Domino forms check boxes, as required. If you need to edit the list of available forms, go to the Domino Forms tab of the Directory properties.
Advanced tab
Table 30-4 briefly describes the settings on the Advanced tab. These settings enable you to change advanced archiving behavior. Information about each advanced setting is given in the Administrators Guide. Table 30-5 Setting
List settings from
Archiving General. Settings that control archiving behavior. For example, you can configure the archiving task to strip attachments from calendar and todo items before archiving.
Information about each setting is given in the Administrators Guide. Reset All This returns all the settings in the list to their default values. There is a confirmation prompt that asks if you are sure you want to reset all the values. Enables you to change the value for the selected setting. You can also double-click the setting to modify it. A brief description of what each setting controls.
Modify
Description
Targets tab
Later, when you create provisioning groups to add mailboxes as archiving targets, you will assign the required Domino mailbox policy to each group. The associated provisioning groups will then be displayed in the Targets page of the policy.
324
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
From and Subject information. Recipient information: To, CC, BCC. A banner containing a link to the complete archived item. No text from the message body. No list of attachments or links to attachments
You can change the settings so that shortcuts contain just as much information as you require. Note that the changes you make apply to shortcuts that are generated in the future, not to shortcuts that have already been created. Details of custom shortcut content are held in the file, LotusShortcutText.txt, in the Enterprise Vault folder (typically C:\Program Files\Enterprise Vault). On a new installation, an English version of this file is placed in the Enterprise Vault folder. Language versions of the file are available in the language folders under Enterprise Vault\Languages\ShortcutText. To define custom shortcut content
1 2
Locate the required language version of the LotusShortcutText.txt file (under Enterprise Vault\Languages\ShortcutText). Open LotusShortcutText.txt with Windows Notepad. and make any required changes to the file. See Layout of LotusShortcutText.txt on page 325.
3 4 5 6
Save the file as a Unicode file. Copy the file to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault). Copy the file to the Enterprise Vault program folder on all other Enterprise Vault servers in the Enterprise Vault Site. If Domino Mailbox tasks are already created and running, you will need to restart them to pick up the changes.
1 2
Start the Administration Console and go to the Shortcut Content tab in the Lotus Domino Mailbox Policy properties. In the box beside Content of shortcut body, select Customize and then specify which options you want. Click Help on the tab for more information.
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
325
Layout of LotusShortcutText.txt
LotusShortcutText.txt is laid out using the standard Windows .ini file format: [Section] Item1="value1" Item2="value2"
You can change any of the values in the file. Remember to enclose each value in quotes. The sections in LotusShortcutText.txt are as follows:
[Archived text] The entries in this section are displayed in the banner at the top of the shortcut. The entry used for the shortcut is the one that matches the archived items Domino form or form alias. Values in this section all have a space before the final quote. This separates the text from the link text. [Link] The entry in this section specifies the text in the banner that is a link to the archived item.
[Attachment table] The Title entry in this section specifies the text immediately before the list of attachments.
1 2 3 4
In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the sever to which you want to add the Domino Provisioning task. Right-click Tasks and, on the shortcut menu, click New and then Domino Provisioning Task. The New Domino Provisioning Task wizard starts.
326
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
1 2 3 4
In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the sever to which you want to add the Domino Mailbox task. Right-click Tasks and, on the shortcut menu, click New and then Domino Mailbox Task. The New Domino Mailbox Task wizard starts.
1 2 3
In the Administration Console, right-click your Enterprise Vault Site. On the shortcut menu, click Properties. Site properties include the following settings that are applicable to archiving from Domino servers. Note that you can override some of these at a lower level. For example, you can override the Site archiving schedule for a particular task by setting the schedule in the task properties. The indexing level can also be set at policy level and the default retention category can be set at provisioning group or policy level.
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
327
General
The URL that specifies the virtual directory that handles web access application requests, for example, when users perform an archive search using integrated or browser search. A system message for users, if required.
A system message for administrators, if required. The default level of indexing. The default retention category. Whether users can delete items from their archive. If you want users to be able to delete items from their archives, you must select the check box Users can delete items from their archives. The setting Enable recovery of user deleted items enables the retention of user-deleted items so that accidentally-deleted items can be recovered. The schedule for running storage expiry to delete from archives any items that are older than the retention period assigned. If required, you can set limits on the size of archives here or in the vault store properties. The schedule for running automatic, background archiving. Performance counters for monitoring Enterprise Vault.
Archive Settings
Storage Expiry
4 5
Click Help on any of the Site properties screens for further information. Now you can create provisioning groups for the mailboxes that are to be archived.
328
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
Note: A mailbox must be added to a provisioning group, and mailboxes in the provisioning group must be configured and enabled by the Domino Provisioning task, before you can archive items from the mailboxes. If you have multiple users using the same Domino mail file, or replicas of the same mail file, then Enterprise Vault will associate the first user only with the mail file archive. Using the Enterprise Vault Administration Console, you can subsequently grant other users access to the archive. If there are a large number of mailboxes, and automatic enabling of mailboxes is not configured for the provisioning group, then there could be a delay in the mailboxes being available to Enterprise Vault for enabling. If you do not want to wait, you can force an update. To force an update, run the following commands in the Domino server console:
LOAD LOAD LOAD LOAD LOAD LOAD UPDALL UPDALL UPDALL UPDALL UPDALL UPDALL NAMES.NSF NAMES.NSF NAMES.NSF NAMES.NSF NAMES.NSF NAMES.NSF -T -T -T -T -T -T "($Users)" "($ServerConfig)" "($VIMGroups)" "($VIMPeople)" "($PeopleGroupsCorpHier)" "($Certifiers)"
1 2 3
In the left pane of the Administration Console, expand Targets. Expand the Domino domain that you added. Right-click Provisioning Group and, on the shortcut menu, click New and then Provisioning Group. The New Provisioning Group wizard starts.
Work through the wizard to add a provisioning group. You will need the following information:
The domain containing the Domino Servers that you want to archive. The Domino desktop policy to apply. The Domino mailbox policy to apply. The default retention category to apply, when archiving from the mailboxes. The wizard enables you to create a new retention category, if required.
Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault
329
The default vault store in which the mailbox archives are to be created by Enterprise Vault. If mailboxes in the provisioning group are automatically-enabled for archiving, the vault store will be used for any future mailboxes added to the provisioning group. If you do not explicitly set the vault store for the provisioning group, the default vault store setting is inherited from the Domino Server properties. The default Indexing Service that will be used for mailboxes in the provisioning group that are automatically-enabled for archiving. If you do not explicitly set the Indexing Service for the provisioning group, the default Indexing Service setting is inherited from the Domino Server properties. Whether you want the Domino Provisioning task to enable new mailboxes for archiving automatically. A new mailbox is one that is new to Enterprise Vault. When you first start using Enterprise Vault, all the mailboxes are new. With auto-enabling set, all existing mailboxes are enabled when the Domino Provisioning task next runs. All mailboxes created in the future will also be enabled and the associated archives created automatically. If auto-enabling is not selected, you use the Enable Mailbox wizard to enable the mailboxes for archiving. You can use the Disable Mailbox wizard to explicitly disable individual mailboxes. This prevents the mailbox being enabled automatically, so the mailbox is never archived unless you choose to enable it. See Enabling mailboxes for archiving on page 343.
1 2
In Administration Console tree, right-click the Provisioning Group container and select Properties. Use Move Up and Move Down buttons to rearrange the groups.
330
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
Installing Enterprise Vault extensions for Lotus Notes and DWA clients
This section describes the Enterprise Vault client functionality available for Lotus Notes and DWA users, and how to install the necessary mail file design templates to provide the functionality that you require.
Enterprise Vault extensions for Lotus Notes. If you want users to have the full Enterprise Vault client functionality available, you need to install the Enterprise Vault extensions for Lotus Notes on all the target Domino mail servers. Enterprise Vault extensions for DWA. If you want users to have the Enterprise Vault client functionality available in their DWA clients, you need to install the Enterprise Vault extensions for DWA on all the target DWA servers.
All folders and views are updated with a new column to indicate archived, and archive pending items with a special icon. If the user double clicks an archived item, the contents are retrieved (provided the associated Enterprise Vault mailbox policy is configured to retrieve the item). If an archived item has attachments, the paper clip icon is shown in all the views and folders.
The following options are added to the Tools action bar menu:
Enterprise Vault Search. This opens the integrated search application. Enterprise Vault Store. This marks the item for archiving but it is only archived at the next scheduled archiving run.
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
331
Enterprise Vault Cancel. This cancels previous store requests and removes the pending icon from the view. Enterprise Vault Restore. This restores the item back to the mail file. (This action is synchronous). Enterprise Vault Delete. This deletes the shortcut and the archived item, if permitted. (Like restore, this action is synchronous). A prompt enables users to delete just the shortcut or both the shortcut and the archived item. Enterprise Vault Help. This opens the Enterprise Vault help database. About Enterprise Vault. This shows version information and technical support information for Enterprise Vault.
Each of these options can be performed on one or multiple items. If a user attempts to reply to or forward a shortcut, the content of the archived item is included, if requested. If a user attempts to use Copy Into a Memo, Calendar Item or To Do item from a shortcut document, the archived content is copied in, not the shortcut.
332
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
For both Enterprise Vault Domino Gateways and mail servers, if language packs are installed, EVInstall.nsf will install the required changes to support them.
Sign agents to run on behalf of the invoker of the agent Create master templates. (This is not required if you choose the Full Access Administrator option.)
Be a Full Access Administrator on the Enterprise Vault Domino Gateway. Manager access to the following files:
Mail8.ntf Mail7.ntf DWA7.ntf EVAttach.ntf EV\EVDomino.nsf EVinstall.nsf If you intend to select the option to modify Domino Web Access forms files you also need Manager access to the following files:
Ability to read other databases Access to current database Access to external code
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
333
EVInstall.nsf will automatically add the LocalDomainAdmins group to the access control lists (ACLs) of the following files, with Manager access:
The following permissions set on the Security tab of the server document:
Sign agents to run on behalf of the invoker of the agent Create master templates. (This is not required if you choose the Full Access Administrator option.)
Be a Full Access Administrator on the mail server. Manager access to the following files:
Mail8.ntf Mail7.ntf Mail6.ntf DWA7.ntf iNotes6.ntf If you intend to select the option to modify Domino Web Access forms files you also need Manager access to the following files:
334
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
The following ECL permissions in order that users do not receive Execution Security Alerts when using the Enterprise Vault client:
Access to current database Access to Environment Variables Ability to Read Other Databases Ability to Modify Other Databases Access to current Database Ability to send mail
For a Domino 8 mail server or Enterprise Vault Domino Gateway, you must use a Domino 8.0 Notes client. For a Domino 7 mail server or Enterprise Vault Domino Gateway, you can use either of the following clients:
For a Domino 6.5 mail server you can use either of the following clients:
1 2 3 4 5
Sign EVInstall.nsf with the user ID that will be used to run it. Log on to Lotus Notes on the Enterprise Vault Domino Gateway with the user ID that will run the application. Open the Symantec Enterprise Vault 2007 - Domino Installer application (EVInstall.nsf). In the application page, select the Enterprise Vault Domino Gateway and target Domino mail server. Select the option to sign the database templates with the current Notes ID, and if DWA is required, select Domino Web Access Forms Files.
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
335
6 7
If you want to use vault cache, select Install Vault Cache. Click Install Symantec Enterprise Vault 2007 database design templates to start the process. The application should take several minutes to create the new Enterprise Vault templates.
When the update is complete, double-click each log line in the lower pane of the window and check that there were no errors reported.
File
evdg_mail8.ntf EVDGR8Mail
evattach.ntf
336
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
Table 30-6
EVInstall.nsf changes on a Domino 8 Enterprise Vault Domino Gateway (continued) Master Template Comments
The Domino Web Server Configuration database (domcfg.nsf) is a database that can contain customized logon forms that will be displayed when using single sign-on. This database is created on the Enterprise Vault Domino Gateway server so that a customized logon form can be displayed for searching Domino mailbox archives. Installed by the Enterprise Vault installation. This file must be signed. EVInstall.nsf has an option to perform the signing.
File
domcfg.nsf
E V \ e v d o m i n o . n s f
ev_mail8.ntf EVR8Mail
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
337
Table 30-8
EVInstall.nsf changes on a Domino 7.0.x Enterprise Vault Domino Gateway Master Template Comments
This is the mail template for Enterprise Vault Domino Gateway servers running Domino 7.0.x. It is a new database template; mail7.ntf still exists and any previous customizations to mail7.ntf are applied to evdg_mail7.ntf. The master template name of the evdg_mail7.ntf is EVDGR7Mail.
File
evdg_mail7.ntf EVDGR7Mail
evdg_dwa7.ntf EVDGdwa7
This is the DWA mail template for Enterprise Vault Domino Gateway servers running Domino 7.0.x. It is a new database template; dwa7.ntf still exists and any previous customizations to dwa7.ntf are applied to evdg_dwa7.ntf. The master template name of the evdg_dwa7.ntf is EVDGdwa7, and EVDGdwa7 inherits its design from EVDGR7Mail (evdg_mail7.ntf).
forms7.nsf
This is the DWA forms database that is used by Domino 7.0 servers. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database. This database is added by the Enterprise Vault installation and is then signed by EVInstall.nsf. It is used to display archived attachments in a separate window when the user clicks a link in a shortcut. The Domino Web Server Configuration database (domcfg.nsf) is a database that can contain customized logon forms that will be displayed when using single sign-on. This database is created on the Enterprise Vault Domino Gateway server so that a customized logon form can be displayed for searching Domino mailbox archives. Installed by the Enterprise Vault installation. Optionally, this file can be signed by EVInstall.nsf.
evattach.ntf
domcfg.nsf
E V \ e v d o m i n o . n s f
338
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
ev_mail7.ntf EVR7Mail
ev_dwa7.ntf EVdwa7
This is the DWA mail template for Domino 7.0.x servers. It is a new database template; dwa7.ntf still exists and any previous customizations to dwa7.ntf are applied to ev_dwa7.ntf. The master template name of the ev_dwa7.ntf is EVdwa7, and EVdwa7 inherits its design from EVR7Mail (ev_mail7.ntf).
ev_inotes6.ntf EViNotes6
This is the iNotes mail template for Domino 6.5.x servers. It is a new database template; inotes6.ntf still exists and any previous customizations to inotes6.ntf are applied to ev_inotes6.ntf. The master template name of the ev_inotes6.ntf is EViNotes6.
forms7.nsf
This is the DWA forms database that is used by Domino 7.0 servers. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database.
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
339
ev_mail6.ntf EVR6Mail
ev_inotes6.ntf EViNotes6
This is the iNotes mail template for Domino 6.5.x servers. It is a new database template; inotes6.ntf still exists and any previous customizations to inotes6.ntf are applied to ev_inotes6.ntf. The master template name of the ev_inotes6.ntf is EViNotes6, and EViNotes6 inherits its design from EVR6Mail (ev_mail6.ntf).
forms6.nsf
This is the iNotes forms database for Domino servers running 6.5.x. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database.
On the Enterprise Vault Domino Gateway and the Domino mail server where the database design templates were created, run the Designer task to update the Enterprise Vault design templates with design elements inherited from their corresponding master templates. To do this, type, in the server console, the command that is appropriate to your system, as follows:
On a Domino 8.0.x Enterprise Vault Domino Gateway: no action required. On a Domino 8.0.x mail server: no action required. On a Domino 7.0 Enterprise Vault Domino Gateway:
load design -f EVDG_DWA7.ntf
340
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
This will update the Enterprise Vault design templates with changes from the inherited design templates.
2 3
If you had previously customized the templates, confirm that the templates still exist and function properly in the Enterprise Vault mail templates. The Symantec Enterprise Vault 2007 - Domino Installer (EVInstall.nsf) creates new database templates that need to deployed to all Domino mail servers.
On Domino 8.0.x Lotus Notes and DWA users should be using the EV_Mail8.ntf. On Domino 7.x Lotus Notes users should be using the EV_Mail7.ntf, and DWA users should be using EV_DWA7.ntf. On Domino 6.5.x, Lotus Notes users should be using EV_Mail6.ntf, and iNotes users should be using ev_iNotes6.ntf.
To update a small number of mail files, you can click File, then Database, and then Replace Design in the Administration client. To update a large number of mail files, stop the mail router and then use the Convert Domino server task. Because the Convert server task is resource intensive, you are recommended to run it out of peak hours. For a large mail server it may take some hours to convert all mail files.
To stop the mail router, type the following command in the Domino server console:
tell router quit
The simplest use of Convert is when the same mail file template is applied to all users. In the following example command, EVR7mail is applied to all users:
Load convert mail\*.nsf * ev_mail7.ntf
Take care when using the asterisk for the existingtemplatename argument, because you can inadvertently convert users to the wrong template. To examine the full syntax of the Convert task, type the following at the Domino server console:
Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients
341
load convert -?
Note: To upgrade existing user-created folders in each mail file with the Enterprise Vault Lotus Notes extensions you use the -s and -u parameters of the Convert utility or choose 'Actions' and the 'Upgrade Folder Design' from within the mail file. The following steps facilitate setting up subsequent new users. These changes ensure that the generic Domino archiving user automatically can access the new mail file and that the mail file is using the correct mail template:
In the Access Control List for the Enterprise Vault Mail Template, add the generic Domino archiving user with Editor access, and 'Delete documents' and 'Create shared folders/views' permissions. When typing in the user, enclose the name in square brackets. This ensures that the user is automatically added to the ACL of any mail file that is created from the template. To ensure that administrators use the correct mail template when registering new users, change the default mail template in the administration preferences. To change the default mail template, do the following:
From the Domino Administrator client select File, then Preferences, then Administration Preferences. Click the Registration tab, and then click Mail Options. Change the mail file template to the appropriate Enterprise Vault mail template and click OK twice to save the preferences.
342
user ID password. The user must have an Internet password in order to log on to the integrated search. There is a link to the browser search in the integrated search page. Alternatively, users can start the browser search in a browser by entering the following URL:
HTTP://Domino_Gateway_servername/EnterpriseVaultDomino
In Domino mailbox archiving, this search can only be used to search Domino mailbox archives. In the browser search log on page, the user must enter their Lotus Notes user name (common name or full hierarchical name), their Internet password, and the Domino domain to search. With integrated search a user can only search Domino mailbox archives in the same Domino domain. With browser search, users can search Domino mailbox archives in any Domino domain.
where lang indicates the language used. The Welcome message is in a file called EVMessages.nsf.
343
1 2 3 4 5
Decide which language version of EVMessages.nsf you want to use and locate the file. Using a computer that has Lotus Notes installed, double-click the file EVMessages.nsf in Windows Explorer to edit the message. Review the text and make any changes that you require. Save the file. Copy EVMessages.nsf to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault) on every Enterprise Vault server in the site.
344
You can configure the Domino Provisioning task to generate reports when the task is run in both report or normal mode. The reports are created in the folder Enterprise Vault\Reports\Domino Provisioning. In the task properties, check that the reporting level is as you require. Full reporting will list the following:
Each mailbox that is processed The provisioning group The mailbox policy assigned The username associated with the mailbox The action taken Details of any errors
Summary statistics about the task run are included at the end of the report. To start the Task Controller service and Domino Provisioning task
1 2 3 4 5
In the left pane of the Administration Console, expand the Enterprise Vault Servers container. Expand the computer to which you added the Task Controller service and then click Services. In the right pane, right-click Enterprise Vault Task Controller Service and, on the shortcut menu, click Start. In the left pane, click Tasks and ensure that the Domino Provisioning task has started. The task will run automatically at the times that you have scheduled. You can also force a provisioning run by using the Run Now option, which is available on the Schedule properties page and on the menu when you right-click the task. After the task has run, check the Domino Provisioning report.
1 2 3 4
In the left pane of the Administration Console, expand Enterprise Vault Servers, and then your Enterprise Vault server. Click Tasks. In the right-hand pane, right-click the Domino Provisioning task and select Properties. Check that the reporting level is as you require.
345
5 6 7 8
In the right-hand pane, right-click the Domino Provisioning task and select Run now. Select whether you want the task to run in report or normal mode. The task will then start processing the mailboxes in the provisioning groups. After the task has run, check the Domino Provisioning report. If you selected the option for mailboxes to be enabled for archiving automatically, they will also be enabled by the Domino Provisioning task during the run. If you did not select the option to enable new mailboxes automatically, you must enable them manually.
In the Administration Console, click Enable Mailbox on the Tools menu or click the Enable Mailboxes for Archiving icon on the toolbar. The Enable Mailbox wizard starts.
2 3
Follow the instructions, and click Help on any of the wizard screens for further information. If mailboxes to be enabled are not listed as expected, check the Domino Provisioning report to ensure that they have been processed by the Domino Provisioning task.
346
Chapter
31
About vault cache Enabling users for vault cache Disabling vault cache Desktop policy advanced settings
It provides instant access to archived items, even when the user is not connected to the corporate network. It is in addition to, not instead of, the normal, online archive. It is useful to mobile users who use laptop computers. Such users are familiar with replicating their mail. It may be useful in normal offices if you need to conserve bandwidth or improve performance because the retrieval of an archived item takes place on the local computer.
When an offline user starts Notes, the Enterprise Vault client extensions scan the user's mail, looking for the following:
Items that will be archived from the mailbox fairly soon. These items are copied into the vault cache so that they will already be there when the items become shortcuts in the user's mailbox. These items have already been downloaded
348
as part of mail replication, so the copy takes place on the users computer with no further download required.
Enterprise Vault shortcuts. If the corresponding items are not in the offline archive they are automatically added to the download list.
When a user double-clicks a shortcut in the local replica mail database, Notes displays the item that is in the vault cache. When the user double-clicks a shortcut in the online mail database, Notes displays the item that is in the vault cache, if possible. If the item is not available, Notes retrieves the item from the online archive. Users can also perform a full-text search of items that are in the vault cache. Such users must have full-text searching enabled for their offline mail replica databases.
Before you start this procedure, you must have modified the mail template databases using the Install Vault Cache option in EVInstall.nsf. See Installing the extensions on page 334.
2 3 4
Open the properties of the Domino mailbox policy and click the Advanced tab. In the List settings from list, click Vault Cache. Double-click Users are enabled for Vault Cache and then select On or Silent and click OK. Select On if you want to allow users to enable vault cache themselves. Select Silent if you want vault cache to be enabled automatically.
5 6
Modify the other vault cache settings on the Advanced tab of the Domino mailbox policy, as required. Synchronize the mailboxes. You can run the Domino Provisioning Task to synchronize the mailboxes. You can do either of the following:
Use Synchronize Individual Mailboxes, which is on the Synchronization tab of the provisioning task's properties. This method requires you to select the mailboxes you want to synchronize. Use Run Now, which is on the Schedule tab of the provisioning task's properties. Run Now processes all mailboxes in the Domino domain, but
349
may take longer because the mailboxes that are associated with other policies may also be processed. The vault cache will be available to users when they create or update their local replica-based mail.
1 2 3 4 5 6 7 8
In the Administration Console, double-click the Domino mailbox policy to display its properties. Click the Advanced tab. Next to List settings from, select Vault Cache. In the list, double-click Users are enabled for Vault Cache. Select Off and then click OK. Click OK to close the policy properties. Run the provisioning task to apply the new policy settings. Replicate the local mail replica databases with the mail databases on the server.
1 2 3
Open the local mail replica database. Click Tools and then About Enterprise Vault. Check that vault cache is disabled.
350
Supported values
An integer that specifies the maximum size in megabytes. Use 0 to disable this setting.
Pause interval
Description Specifies the number of minutes to wait before Enterprise Vault starts searching for the items that need to be added to the vault cache.
Supported values
Supported values
An integer that specifies the maximum percentage of the available disk space that the vault cache is allowed to occupy. Default is 10.
Supported values
351
Supported values
352
Chapter
32
Preparation for Domino Journaling archiving Adding a Domino domain Adding a Domino server How to assign a vault store Creating a Domino Journal archive Adding permissions to the journal archive Creating a Domino Journal policy Creating a Domino Journaling task Adding a Domino Journaling location How to configure clients
Checked that software prerequisites are satisfied Configured the Domino journal databases as required by Enterprise Vault Prepared a Lotus Notes ID file with suitable access to the Domino domain, server and journaling location
354
1 2
In the left pane of the Administration Console, expand the Archiving Targets container. Right-click Domino and, on the shortcut menu, click New and then Domino Domain. The New Domino Domain wizard starts.
1 2 3
In the left pane of the Administration Console, expand the Archiving Targets container. Expand Domino. Right-click the Domino domain to which you want to add a server and on the shortcut menu, click New and then Domino Server. The New Domino Server wizard starts.
355
The name of the SQL Server. The location for the vault store database files.
The safety copy setting is ignored for journaling; Enterprise Vault deletes the safety copy immediately when journaling. The name you specify for the new vault store must contain any of only the following characters:
When the vault store has been created, the wizard then takes you through creating a partition. You can view and customize the properties of vault stores, partitions and archives by right-clicking the object container in the Administration Console tree and selecting Properties. For information on the properties of each object, see the Administration Console online help.
1 2 3
In the left pane of the Administration Console, expand the Site hierarchy until the Archives container is visible. Expand the Archives container. Right-click Domino Journal and, on the shortcut menu, click New and then Archive. The New Domino Journal Archive wizard starts.
356
Read: users can view and retrieve items from the archive. Those who need to search items archived from the journal mailbox, such as auditors, must have at least read access to the archive. Write: this is ignored for Domino Journal archives. Delete: users can delete items from the archive. Note that, even though you grant the delete permission here, a user cannot delete from the archive unless you also select Users can delete items from their archives on the General tab of Site Properties.
1 2 3 4
In the left pane of the Administration Console, expand the hierarchy until Archives is visible. Expand Archives. Click Domino Journal. In the right pane, double-click the archive whose permission list you want to modify. The archives properties are shown.
1 2 3
In the left pane of the Administration Console, expand the Site hierarchy until the Policies container is visible. Expand the Policies container. Right-click Domino Journaling and, on the shortcut menu, click New and then Policy. The New Domino Journaling Policy wizard starts.
357
1 2 3 4
In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the sever to which you want to add the Domino Journaling task. Right-click Tasks and, on the shortcut menu, click New and then Domino Journaling Task. The New Domino Journaling Task wizard starts.
1 2 3 4
In the left pane of the Administration Console, expand the Archiving Targets container. Expand Domino. Expand the Domino domain that contains the server to which you want to add a location. Expand the Domino server to which you want to add a location and, on the shortcut menu, click New and then Domino Journaling Location. The New Domino Journaling Location wizard starts.
358
Table 32-1
Download format
As a .HTML file that is then opened by the Web browser on the client computer. As a Enterprise Vault saveset (.DVS file) that is then unpacked by the client to create a temporary .PST file containing the item.
WebApp.ini setting
HTMLNotDVS=1
Outlook and the Enterprise None required. Vault User Extensions must be present on the user's computer. If this prerequisite software is not present the Browser Search View Whole Item option in the search results produces an error message. It is not possible to hide the option.
As an EML file that the client Outlook Express or Outlook MsgNotDVS=1 can open immediately must be present on the user's without creating a temporary computer. PST file.
Section
Setting up File System Archiving (FSA) Using FSA with clustered resources
360
Chapter
33
Preparing to configure FSA Steps to configure FSA for a new file server Adding a File System Archiving task Adding file servers Adding a volume Adding folders and archive points Managing archive points Scheduling Using Run Now Tips on archiving policy rules Version pruning Client access for FSA Retention folders File Blocking configuration Configuring FSA Reporting FSA Agent uninstallation
362
What next?
Checked that the prerequisites for your planned system are satisfied. See About the Enterprise Vault prerequisite software and settings on page 37. See About the prerequisites for FSA on page 87. Installed and configured your core Enterprise Vault services. Prepared the target NTFS and NetApp file servers. See Preparing file servers on page 89. Preparing EMC Celerra file servers is described in this chapter, as it requires information about your Enterprise Vault server configuration.
Add a File System Archiving task. Add the file server to the File Server container under Targets in the Administration Console. Install the FSA Agent on target NTFS file servers. Check the settings in the Default FSA Volume Policy. You can edit the settings or create a new volume policy, as required. Add an archiving target volume below the file server container, and apply the volume policy. If you want to override the volume policy for individual folders, create a folder policy or modify the settings in the Default FSA Folder Policy. Add archiving target folders and archive points as required.
Setting up File System Archiving (FSA) Adding a File System Archiving task
363
Schedule the File System Archiving task so that it archives the new file server at the required times. Configure FSA Reporting, if required.
1 2 3 4
In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand the required server container. Right-click the Tasks container, and select New > File System Archiving Task. The new task wizard starts. Change the default name for the task, if required.
The new task will be displayed in the right-hand pane. Double-click the task object to display the properties of this task.
Replace archived files with placeholder shortcuts Implement File Blocking Use FSA Reporting
If you do not install the FSA Agent from the New File Server wizard, you can install it at a later date using the Install FSA Agent wizard. See Installing the FSA Agent on NTFS file servers on page 364.
364
1 2 3 4
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click New and then File Server. The New File Server wizard starts. Work through the wizard to finish adding the file server. You will need to provide the following information:
The fully-qualified DNS name of the file server you are adding. You can browse to select the server. Additionally, if you choose to install the FSA Agent, the wizard asks for the password to the Vault Service account.
When you have added the file server, you can start adding the volumes that you want File System Archiving to process.
Enterprise Vault File Placeholder Service Enterprise Vault File Blocking Service Enterprise Vault File Collector Service
You must install the FSA Agent on an NTFS file server if you want to do any of the following on the file server:
Replace archived files with placeholder shortcuts Implement File Blocking Use FSA Reporting
You do not need to install the FSA Agent on NetApp file servers or Celerra devices. On these machines, Enterprise Vault uses an FSA Agent on the Enterprise Vault server. You can install the FSA Agent from the Administration Console. You will need to know the username and password of the Vault Service account. The Vault Service account must have administrator permissions on the remote server. Note: The FSA Agent requires Microsoft .NET Framework v 2.0 as a prerequisite on the file server.
365
1 2 3 4 5
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container. Right-click the server on which you want to install the FSA Agent and, on the shortcut menu, click Install FSA Agent. The Install FSA Agent wizard starts. Work through the wizard. If the FSA Reporting database has been configured, the wizard asks you if you want to enable data collection for FSA Reporting. If you enable data collection, the wizard gives you the option to configure a non-default data collection schedule for the file server. You can perform all these tasks later, if you wish. See Configuring FSA Reporting on page 392.
Note: Before installing any antivirus product on a file server on which you have installed the FSA Agent, you are recommended to stop the File Placeholder Service. After completing the installation of the antivirus product, you must restart the File Placeholder Service.
1 2 3 4
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click New and then File Server. The New File Server wizard starts. Work through the wizard to finish adding the file server. Do not select the option to install the FSA Agent. You will be prompted for the fully-qualified DNS name of the file server you are adding. You can browse to select the server. When you have added the file server, you can start adding the volumes that you want File System Archiving to process.
366
1 2
Log on to the Celerra Control Station. Add an account for Enterprise Vault to use for authentication on the Celerra device. The syntax is as follows:
server_user server_x -add -md5 -passwd DataMover_user_name
where: server_x is the name of the Data Mover DataMover_user_name is the name of the account that you want Enterprise Vault to use for authentication. This user is a Data Mover user, not a domain user.
Enable the file system for Celerra FileMover using this command syntax:
fs_dhsm -modify fs_name -state enabled
367
Configure the HTTP server on the Data Mover to accept Celerra FileMover API connections using this command syntax:
server_http server_x -append dhsm -users DataMover_user_name -hosts ip_address_policy_engine
where: server_x is the DNS name of the Celerra device. DataMover_user_name is the name of the Data Mover account that you want Enterprise Vault to use for authentication. ip_address_policy_engine is the IP address of the computer that runs the FSA task that will process the Celerra device.
Configure the HTTP connection to use for recall requests, using this command syntax:
fs_dhsm -connection fs_name -create -type http -secondary ev_url -user user -password user_password -cgi n
where: fs_name is the name of the Celerra file system. ev_url is the URL of the Web Access application. The Celerra is case-sensitive, so this URL must use the correct case. user is an account that will have access to all archives from which files will be restored. user_password is the password to the account.
Example configuration
The following example configures a Celerra to use placeholder shortcuts.
$ server_user server_2 -add -md5 -passwd celerraaccessaccount@demo.local $ fs_dhsm -modify fsa_fs -state enabled $ server_http server_2 -append dhsm -users archiveaccessaccount@demo.local -hosts 192.168.1.1 $ fs_dhsm -connection fsa_fs -create -type http -secondary http://EVServer.demo.local/EnterpriseVault -user vaultadmin@demo.local -password p4ssw0rd -cgi n
where:
368
The Celerra will use the account ArchiveAccessAccount to authenticate to Enterprise Vault. The Celerra file system name is fsa_fs. The server name is server_2. The IP address of the FSA task computer is 192.168.1.1. The URL of the Enterprise Vault Web Application is http://EVServer.demo.local/EnterpriseVault. The password for the archive access account is p4ssw0rd.
The fully-qualified DNS name of the file server you are adding. You can browse to select the server. Whether to use placeholder shortcuts. If you do choose placeholder shortcuts you must provide the details of an account on the Celerra Data Mover that has the Celerra dhsm permission.
1 2 3 4
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click New and then File Server. The New File Server wizard starts. Work through the wizard to finish adding the file server:
On the first screen, click Next. On the second screen, enter the DNS name of the Celerra device. Do not select the option to install the FSA Agent. Click Next. On the third screen, choose whether to use placeholder shortcuts. If you choose to user placeholder shortcuts, enter the details of the account you configured on the Celerra that has permission to use the dhsm feature. You can change the account details later, if required, by editing the properties of the Celerra. Click Next to continue. On the summary screen, click Next to add the Celerra device.
369
When you have added the file server, you can start adding the volumes that you want File System Archiving to process.
Adding a volume
This section describes how to add a volume so that it can be processed by File System Archiving.
What name and description to use for the new policy. Whether to enable quotas and, if so, what quotas to use. Which retention category to apply. Whether to leave shortcuts (Placeholder shortcuts or Internet links) to archived files. If you decide to leave Placeholder shortcuts you must install an FSA Agent on each NTFS file server to which this policy will be applied. Which archiving rules to apply as part of the policy.
1 2 3 4 5
In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container. Right-click Volume and then, on the shortcut menu, click New and then Policy. Work through the New Policy wizard.
1 2 3
In the Administration Console, right-click the policy that you want to copy and then, on the shortcut menu, click Copy Policy. Enter a new name and description for the policy. Click OK to save the copy.
370
4 5
Double-click the new copy to display its properties. Edit the properties of the copy as required.
Adding a volume
Use the New Volume wizard to add a volume to a file server. The New Volume wizard asks you the following:
Which volume to add. Which vault store to use for files archived from this volume. Which File System Archiving task to use to process this volume. Which volume policy to apply when archiving from this volume.
If FSA Reporting is configured, the wizard also allows you choose whether to enable FSA Reporting for this volume. Before adding the first volume on a Celerra device, ensure you have specified a cache location. See Adding the first Celerra volume on page 370. To add a volume
1 2 3 4 5 6 7 8
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container to show the file servers that have been added. Right-click the file server from which you want to add a volume and then, on the shortcut menu, click New and then Volume. Work through the wizard to finish adding the volume. In the Administration Console, right-click the new policy you have added and, on the shortcut menu, click Properties. Review the volume policy properties and modify them as required. Click OK to close the volume policy properties.
Setting up File System Archiving (FSA) Adding folders and archive points
371
Before you add the first volume on a Celerra device you must specify a folder that is local to the Enterprise Vault server that can be used for caching temporary files. Note: Once you have specified a cache location you cannot change it later. To specify a cache location
1 2 3 4 5 6
In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Right-click the server that will archive from the Celerra and, on the shortcut menu, click Properties. Click the Cache tab. Under Cache Location, enter an existing path on the server that can be used to cache files retrieved from the Celerra. Add the Celerra volume. See Adding a volume on page 370.
1 2 3
In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container.
372
Setting up File System Archiving (FSA) Adding folders and archive points
4 5
Right-click Folder and then, on the shortcut menu, click New and then Policy. Work through the New Policy wizard.
1 2 3 4 5
In the Administration Console, right-click the policy that you want to copy and then, on the shortcut menu, click Copy Policy. Enter a new name and description for the policy. Click OK to save the copy. Double-click the new copy to display its properties. Edit the properties of the copy as required.
The relative path on the volume of the folder that you are adding. Note that it is possible to add a folder and place archive points on all subfolders of that folder. If you have many folders to enable this may be easier than running the wizard many times. The name of the policy to use when archiving from the new folder or its subfolders. Note: Retention Folder policies are special policies that allow you to add a predefined folder hierarchy to folders in the target volume. There is separate documentation for adding folder targets that use retention folder policies. See Retention folders on page 382. Whether to archive from the selected folder. Whether to archive from subfolders of the selected folder. How many archive points to create. You can create any of the following:
373
An archive point for each subfolder of the selected folder. A new archive will be created for each existing subfolder. Archive points for subfolders of the existing folder and for new subfolders when they are created. The existing folder is referred to as an auto-enabling folder. The archive points for subfolders are created when the archiving task runs in normal mode. This can be useful when you have a folder containing users subfolders and want to create an archive point for each users subfolder. When you add subfolders for new users, archive points are automatically created. If you choose this option, make sure that there is no archive point on any of the parent folders, or on the volume. No archive point. This enables you to use the same archive as for higher-level folders but to choose a different archiving policy for the selected folder.
1 2 3 4 5
In the Administration Console, expand the Enterprise Vault site until the File Servers container is visible. Expand the File Servers container to show the file servers that have been added. Expand the file server that has the folder you want to add. Right-click the volume that has the folder you want to add and then, on the shortcut menu, click New and then Folder. Work through the wizard to finish adding the folder. If a file is not matched by the rules in a folder policy then, by default, Enterprise Vault applies the rules in the volume policy and tries to find a match there. If you want to force Enterprise Vault not to do this, edit the folder properties in the Administration Console and select Ignore volume rules for this folder.
You must have added the volume. You must have created a suitable archive point.
You create archive points to control which folders can be archived. Enterprise Vault then creates a new archive for each archive point that it finds. Beneath an
374
archive point you can apply folder policies to control which folders are actually archived. Where possible, Enterprise Vault uses hidden file streams to indicate archive points. The stream archive points are used on Windows 2000 and Windows 2003 NTFS volumes. If the file system does not support streams, Enterprise Vault uses hidden XML files to mark archive points. These file archive points are required on the following:
When the Enterprise Vault archive server runs, it creates a new archive for the folder with the same name as the archive point folder. The site defaults are used to supply the other attributes of the archive, but you can override the defaults. The easiest way to manage archive points is to use the Administration Console. Additionally, there is a command-line tool, ArchivePoints. For information on how to use ArchivePoints to create, delete, list, show contents, and update archive points, see ArchivePoints in the Utilities manual. It is not possible to use the Administration Console to create an archive point at the root of a volume. If you do need to create an archive point at the volume root you must use the ArchivePoints command-line program.
1 2 3 4
In the Administration Console, expand Targets. Expand File Server. Expand the file server that hosts the volume you want to manage. Right-click the volume you want to manage and, on the shortcut menu, click Archive Points.
375
Expand the Archive Points listing. Archive points are shown as follows:
Folder with archive point
Auto-enabling folder
6 7 8
To edit an archive point, click the archive point to select it and then click Edit. To delete an archive point, click the archive point to select it and then click Remove. To remove archive points that have been added by an auto-enabling folder, perform the following steps in the order listed:
Click the auto-enabling folder to select it and then click Edit. Select Do not create archive points for immediate subfolders. Select Delete existing archive points from immediate subfolders. Click OK.
Scheduling
This section comprises the following topics:
Schedule File System Archiving Scheduling expiry Scheduling deletion from Celerra Scheduling permissions synchronization
1 2
In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers.
376
3 4 5 6 7
Expand the Enterprise Vault server that runs the task you want to modify. Click Tasks. Right-click the name of the File System Archiving task you want to modify and, on the shortcut menu, click Properties. Click the Schedule tab. Define the schedule that you require and then click OK.
Scheduling expiry
When an item's retention period expires, File System Archiving can automatically delete it. File System Archiving does this according to the schedule that you define with the Administration Console, on the Storage Expiry tab of the Site Properties dialog box. File System Archiving does not delete archived items when either of the following conditions applies:
On the "Storage Expiry" tab of the Site Properties dialog box, the schedule is set to "Never" or you have checked "Run in report mode". On the "Advanced" tab of the Archive Properties dialog box, "Delete expired items from this archive automatically" is unchecked.
Delete archived file when placeholder is deleted Delete archived file when placeholder is recalled
The deletion takes place once or twice each day, according to the schedule you define. Note: The deletion mechanism requires that the Celerra device has FileMover logging enabled. You can check that the logging is enabled from the EMC Celerra tab in the properties of each Celerra volume. To schedule deletion from Celerra
1 2
In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers.
377
3 4 5 6 7 8
Expand the Enterprise Vault server that runs the File System Archiving task to archive from the Celerra device. Click Tasks. Right-click the File System Archiving task and, on the shortcut menu, click Properties. Click the Celerra tab. Set the AM and PM deletion times that you require. Click OK.
1 2 3 4 5 6 7
In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers. Expand the Enterprise Vault server that runs the task you want to view or modify. Click Tasks. Right-click the name of the File System Archiving task you want to view or modify and, on the shortcut menu, click Properties. Click the Synchronization tab. Set the schedule you require and then click OK.
378
Run Now reports only on files that are beneath archive points. When archiving by quota, the number of files actually archived may not match the number shown in the report. This is because the order in which the files are processed during a report mode run is unlikely to be the same as the order during the normal run. File System Archiving archives only sufficient eligible files to meet the quota settings, so there may be more, or fewer, files actually archived than shown in the report.
1 2 3 4 5
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container. Right-click the volume that you want to process and then, on the shortcut menu, click Run Now. In the Run Now dialog box, select the mode you want to use.
Normal mode: The volume is processed normally; files that match the archiving criteria are archived. The file name is:
EV_FILESYSTEM_ARCHIVE_REPORT_task_[run now volumename [_more volume names]]_yyyymddhhmmss.TXT
379
Report mode: Nothing is archived, but Enterprise Vault generates a report that shows you what would be archived if you processed the volume in normal mode. The file name is:
EV_FILESYSTEM_[ARCHIVE]_REPORT_task_[run now volumename [_more volume names]]_yyyymddhhmmss.TXT
The report goes into a file in the Reports subfolder of the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault\Reports). The fields within the file are tab-separated, so the contents can easily be read into a spreadsheet program for analysis.
Click OK.
If the file servers volumes are archived by different tasks, you need to run each of those tasks in order to archive all the volumes. As an alternative, you can process individual volumes. See Processing a volume immediately on page 378. Run Now reports only on files that are beneath archive points. When archiving by quota, the number of files actually archived may not match the number shown in the report. This is because the order in which the files are processed during a report mode run is unlikely to be the same as the order during the normal run.
380
File System Archiving archives only sufficient eligible files to meet the quota settings, so there may be more, or fewer, files actually archived than shown in the report. To run a task immediately
1 2 3 4 5 6
In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the Enterprise Vault server that hosts the task you want to run. Click the Tasks container. In the list, right-click the File System Archiving task you want to run and, on the shortcut menu, click Run Now. In the Run Now dialog box, select the mode to use. The options are as follows:
Normal mode: The file server is processed normally; files that match the archiving criteria are archived. Report mode: Nothing is archived, but Enterprise Vault generates a report that shows you what would be archived if you processed the server in normal mode. The report also includes volumes and folders for which archiving has been disabled. The report goes into a file in the Reports subfolder of the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault\Reports). The file is:
EV_FILESYSTEM_REPORT_servername_yyyymmddhhmmss.TXT
where yyyymmddhhmmss is the date and time that the report was generated. The fields within the file are tab-separated, so the contents can easily be read into a spreadsheet program for analysis.
Remember that a rule is applied to a file when all the criteria match. You may find that some files that you expect to be matched by a rule are not matched because, for example, the attributes are not matched exactly.
381
Try not to apply too many rules in a policy. This makes it easier to apply the same policy to multiple volumes or folders. Also, by keeping it simple, you are less likely to get results you do not expect. You can use File Groups to simplify rule creation. A file group enables you to specify several different file types to that are to be treated together for the purposes of file archiving. For example, you could create a file group called "Web Pages" and within it have the file types *.htm, *.html, and *.gif. Within a File System Archiving policy you could then define a rule that applied to "Web Pages". File Groups are in the "File Groups" Administration Console container, under the "File" policies container. When you have set up File System Archiving for a volume or folder, perform an archive run in Report Mode and then check the report to make sure that the rules are matching the files you expect.
Version pruning
By using FSA version pruning, you can control the number of versions of files that are stored in Enterprise Vault archives. Each time a file is recalled and modified, subsequent archiving means that another version of the file is stored in the archive. Pruning is the process of deleting the earlier versions of archived files, until the required number of versions remains. How to configure Version Pruning is described in the Administrators Guide.
If shortcuts are created in the items original location, users can access an archived item simply by double-clicking the shortcut on the file server. If shortcuts are not created, users can access the archived items in the archives using Enterprise Vault archive search or Archive Explorer from a stand-alone browser session. When Archive Explorer is launched from within Outlook, it does not display FSA archives. To browse these archives, users need to start Archive Explorer in a separate browser session, using a URL in the form:
http://EV_IIS_server/EnterpriseVault/archiveexplorerui.asp
382
Retention folders
The Retention Folder feature enables you to create single folders or a hierarchy of folders automatically on file servers, to be managed by Enterprise Vault and archived according to assigned policies. For example, you may want to create a hierarchy of retention folders in every users home folder. Items placed in the retention folders are archived by Enterprise Vault according to the policy assigned to each folder. Different folders in a retention folder hierarchy can have different policies assigned. You define the archives to use for the retention folders by specifying where archive points are to be created. If a user deletes any folders in the retention folder hierarchy, Enterprise Vault recreates the folders during the next run of the FSA archiving task in Normal mode. For full details of configuring and managing retention folders, see the Administrator's Guide.
Monitor and enforce disk usage policies in real time. Prevent unwanted files from being saved on monitored server volumes.
File Blocking is provided as a component of the FSA Agent. When you add a new file server the wizard gives you the option to include File Blocking. If you have an existing file server, you can add the FSA Agent by right-clicking the file server and selecting "Install FSA Agent". See Adding file servers on page 363. You configure File Blocking within a volume policy and then apply that policy to disk volumes. It is possible for the volumes also to be processed by a File System Archiving task, but there is no requirement to do this. You configure File Blocking for a volume by applying a volume policy in which you have defined File Blocking rules. The rules control the file types that are allowed on the volume, which folders to monitor, and the actions to take when a policy violation occurs. For example, the action could be to allow the file to be created but for a warning message to be sent to the user and the event to be logged. In summary, you must do the following to configure File Blocking:
383
If you are adding File Blocking for a NetApp device, you must already have installed File Blocking on a Windows file server target that is able to run File Blocking service on behalf of the NetApp device. It is possible for a Windows file server to perform File Blocking for more than one NetApp device, but for best performance you are recommended to have one Windows file server per NetApp device. See Adding file servers on page 363. Define local quarantine locations. Each file server must have a quarantine location that is used when you choose to move blocked files to quarantine. In the case of NetApp devices, the quarantine location must be on the Windows file server that is running the File Blocking service for the NetApp device. See Creating a local quarantine location on page 383. (Optional) Configure a central quarantine location. When this is defined, it is used in preference to the local quarantine locations on each file server. If the central location is not available, the local quarantine locations are used. See Creating a central quarantine location on page 384. Specify how Enterprise Vault is to send mail when a File Blocking rule requires a mail notification. See Specifying the mail delivery mechanism on page 385. Create a suitable volume policy and apply it as required. Optionally, specify for each file server, a list of users whose files are exempt from File Blocking. See Ensuring specific users are never blocked on page 391.
It is possible for you to configure File Blocking so that blocked files are automatically moved to a quarantine folder.
384
Decide on a suitable quarantine location on the file server. Note: The Vault Service account must have write access to the location.
Note: Do not select a location to which a File Blocking rule will be applied.
2 3 4 5 6
Expand the Administration Console tree until the Targets container is visible. Expand the Targets container. Expand the File Server container. Right-click the server on which you want to set the quarantine location and, on the shortcut menu, click Properties. On the File Blocking tab, enter the path to the folder you want to use for quarantine. Click the browse button if you want to select the location from a list. Click OK.
Decide which server will host the quarantine location and on a suitable quarantine location on that server. Note: The Vault Service account must have write access to the location.
Note: Do not select a location to which a File Blocking rule will be applied.
Expand the Administration Console tree until the Targets container is visible.
385
3 4 5
Expand Targets. Right-click the File Server container and, on the shortcut menu, click Properties. On the File Blocking tab, select Enable centralized quarantine and then enter the path to the folder you want to use for quarantine. Click the browse button if you want to select the location from a list. Click OK.
1 2 3 4 5
Expand the Administration Console tree until the Targets container is visible. Expand Targets. Right-click the File Server container and, on the shortcut menu, click Properties. Click the Mail tab, Select your preferred delivery mechanism: either SMTP mail or Exchange Server mail:
SMTP mail. Enter the name of the SMTP mail server and the name you want to be used for the sender of the notifications. Exchange Server mail. Enter the name of the Exchange Server and the name of the mailbox that you want to use to send mail.
Click OK.
1 2 3
In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container.
386
4 5 6 7
Right-click Volume and then, on the shortcut menu, click New and then Policy. On the first screen of the New Policy wizard, click Next. On the second screen of the wizard enter a name for the new policy and, optionally, a description. Click Next. On the third screen of the wizard you create the File Blocking rules that you want to apply in the new policy. Click New. The File Blocking Rule properties appear. Complete the details on each tab to define the File Blocking rule, then click OK. The New Policy wizard shows the new rule that you have created. The rule is selected, so it will be enabled when this policy is applied. If you want to disable the rule, clear the checkbox next to the rule.
If you want to create more rules to be applied by this policy, click New.
10 When you have created the required rules, click Next to continue. 11 Work through the remainder of the wizard.
You can create and modify the rules later, if required, by editing the properties of the volume policy. To add File Blocking to an existing policy
1 2 3 4 5 6 7 8 9
In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container. Click the Volume container. In the list of policies, right-click the policy you want to modify and, on the shortcut menu, click Properties. Click the File Blocking Rules tab. This tab enables you to create the File Blocking rules that you want to apply in this policy. Click New. The File Blocking Rule properties appear. Complete the details on each tab to define the File Blocking rule, then click OK. The File Blocking Rules tab shows the new rule that you have created. The rule is selected, so it will be enabled when this policy is applied. If you want to disable the rule, clear the checkbox next to the rule.
10 If you want to create more rules to be applied by this policy, click New.
387
The folders to monitor. The file types to monitor. Whether to scan inside compressed files. What action to take when a file is found that breaks a rule.
Default Value
None.
Description
None.
A list of the defined file groups. You List of groups already select the file groups that you want to defined. No group is selected. monitor. You can then block or allow individual file types within those groups. If necessary, you can define more file groups: in the Administration Console, under Policies, right-click the File Groups container and, on the shortcut menu, click New and then File Group.
388
Default Value
None.
Allowed files
None.
File Blocking rule: File Blocking Options tab Description Default Value
Whether to block or allow a file that File is blocked. breaks the rule. You could, for example, allow the file to be created but send an appropriate notification to an administrator. Whether to scan inside files to determine Content is not checked. their types. This would catch, for example, a .MP3 file that had been renamed to .TXT Whether to scan the contents of files Compressed files are not within compressed files such as ZIP files. scanned. Selecting this option may have some impact on performance. Whether to move files that break the rule Files are not quarantined. to a central quarantine folder. If the central quarantine location is not available, a local quarantine folder is used. The Vault Service account must have write access to the central and local quarantine folders.
Quarantine file
389
Default Value
No notification.
Enables automatic notifications by email. No notification. Enables you to run a command when a No notification. rule is broken. For example you could specify a NET SEND command or a batch file to run. The command runs under the local System account.
Enables logging to the Enterprise Vault No notification. event log. Enables you to configure the notification message and select the delivery method. See Notification tabs on page 389.
Notification tabs
The Notification tabs enable you to define the delivery and content of the message you want to be sent when the rule is broken. The tabs that are available depend on the notification methods you selected. Table 33-5 Tab name
Message
Messenger
A specific member of the Administrators group The user who broke the File Blocking rule. An SNMP trap. This sends the computer name, the file name, the user name, and the message that is defined on the Message tab.
390
Enables you to specify the mail header information to be used when a mail notification is sent. This enables you to define commands to be run automatically when a File Blocking rule is broken. Do not specify a command that requires interaction with the desktop. For example, you could specify a batch file to run or a NET SEND command. You can enter multiple commands, one per line.
Custom Command
Notification variables
Table 33-6 lists the variable names that you can use to make Enterprise Vault insert variable information into notification messages. The variables are replaced with the details that are current at the time the message is sent. Table 33-6 Variable
[USER]
[USER NO DOMAIN]
[DOMAIN] [FILE SPEC] [FILE NAME] [POLICY NAME] [OBJECT NAME] [OWNER NO DOMAIN]
[OWNER]
391
The folders that are to be monitored by No monitored folders. File Blocking. You can choose to monitor the whole volume or to monitor specific folders and their subfolders.
Ignored folders
A list of folders that are not to be monitored by File Blocking. If you have chosen to monitor specific folders, this list enables to you to specify exceptions to that list.
No ignored folders.
1 2
Expand the Administration Console tree until the Targets container is visible. Expand Targets.
392
3 4 5 6 7 8
Expand File Server. Right-click the server on which you want the user to be exempt from File Blocking and, on the shortcut menu, click Properties. On the File Blocking tab, next to Exemptions, click Add. The Add Windows Users and Groups dialog appears. Select the user you want to add to the exemptions list and click Add. Click OK to to close Add Windows Users and Groups. Click OK to close File Server Properties.
The number of archived files for each file server, and the space used and saved as a result of archiving. You can also view the hundred largest files in a volume. Active and archived space usage by different file groups, per server and per archive point. Numbers of unaccessed or duplicated files, and the space they are occupying. Used and free space on the drives of each file server.
Many of the reports can provide either an overall view for all file servers with FSA Reporting configured, or a detailed view for a named file server. The reports include recommendations for improving your file lifecycle management policy. Note that in order to access FSA Reporting's reports, the Enterprise Vault Reporting component must be installed and configured on a machine with the required prerequisites. See About requirements for Enterprise Vault Reporting on page 53. In order to use FSA Reporting you must also do the following:
Configure an FSA Reporting database and set up default data collection schedules. Install the FSA Agent on NTFS servers from which you want to gather data. (The FSA Agent is not required on NetApp file servers or Celerra devices.) Configure individual file servers to specify whether data is to be collected, and to specify a non-default collection schedule.
393
For information on managing, viewing and interpreting the FSA Reports once you have configured FSA Reporting, see the Administrator's Guide.
Configuring the FSA Reporting database and setting the default data collection schedule
Before you can use FSA Reporting you must set up the FSA Reporting database, which holds the data for the FSA reports. You do this using the FSA Reporting Configuration wizard, which also enables you to set a default data collection schedule. To configure the FSA Reporting database and set the default data collection schedule
1 2 3 4
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click Configure FSA Reporting. The FSA Reporting Configuration wizard starts. Work through the wizard. You will need to provide the following information:
The SQL server to use for the FSA Reporting database, and the locations to use on that server for the database and transaction log files. The default data collection frequency and start times. Whether to extend data collection to include data from physical drives.
Note that you cannot rerun the FSA Reporting Configuration wizard once it has been completed. To reconfigure which SQL Server to use for the FSA Reporting database, to change the default data collection schedule, and to enable or disable FSA Reporting for all file servers in the site, you can use the Properties dialog of the 'File Server' container under Targets. See Reconfiguring and disabling or enabling FSA Reporting globally on page 393.
394
1 2 3 4 5
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click Properties. To change the details of the SQL Server to use for the FSA Reporting database, click the Reporting Database tab, and enter the new details. To enable or disable FSA Reporting globally, change the default data collection schedule, or enable or disable data collection from physical drives, click the Reporting Data Collection tab, and change the required information. Click OK to save your changes and close the Properties dialog.
1 2 3 4 5 6
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container to show the file servers that have been added. Right-click the file server you wish to configure and, on the shortcut menu, click Properties. Click the Reporting Data Collection tab. Select the Enable data collection for FSA Reporting check box.
395
To define a non-default schedule for data collection, clear the Use default schedule for FSA Reporting data collection check box and supply the required data collection schedule. To extend data collection to the file server's physical drives, select Collect data from all physical drives as well. Click OK to save your changes and close the Properties dialog.
8 9
Note that you can also enable or disable FSA Reporting at a volume level. See Enabling or disabling FSA Reporting for a volume on page 395.
1 2 3 4 5 6 7
In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container to show the file servers that have been added. Expand he file server whose volume you wish to configure to show the volumes that have been added. Right-click the volume you wish to configure and, on the shortcut menu, click Properties. On the General tab, select or clear the Enable FSA Reporting check box. Click OK to save your changes and close the Properties dialog.
396
What next?
File System Archiving configuration is complete. You can use the Administration Console to add file servers to the list of servers that are processed by File System Archiving, create new volume policies, add new volumes on the new file server, and create archive points as needed to control which folders are archived.
Chapter
34
About FSA clustering Supported cluster software and cluster types Preparation for FSA services in a cluster Configuring the FSA resource for high availability Removing the FSA resource from all cluster groups Troubleshooting
398
Using FSA with clustered resources Supported cluster software and cluster types
Figure 34-1
Shared disk
Windows 2000 Advanced Server or Datacenter Server Windows Server 2003 Enterprise Edition, SP1 Windows Server 2003 R2
Active/passive cluster. To support high availability, the shared cluster resources are made available on one node of the cluster at a time. If a failure on the active cluster node occurs, the shared resources fail over to the passive node and users may continue to connect to the cluster without interruption. Active/active cluster. To support load balancing and high availability, the cluster resources are split among two or more nodes. Each node in the cluster
Using FSA with clustered resources Preparation for FSA services in a cluster
399
is the preferred owner of different resources. In the event of a failure of either cluster node, the shared resources on that node fail over to the remaining cluster nodes.
Install the FSA services on each node to which the cluster group can failover. You can use the Vault Administration Console to do this. If the Vault Administration Console and the target file servers are in separate domains, set up a domain trust relationship. Ensure that the cluster group to which you want to add the FSA services resource also has a shared disk resource (sometimes referred to as a physical disk resource or Mount/MountV resource). Only VERITAS or Microsoft Cluster Server groups for which you have configured a shared disk resource are available for selection when you run the FSA Cluster Configuration wizard.
Right-click "My Network Places", and then click "Properties". On the "Advanced" menu, click "Advanced Settings". On the "Adapters and Bindings" tab, ensure that the "Public" network is the top entry in the "Connections" list.
If Symantec Product Authentication Services are not available in the cluster, then you need to add users with administrative privileges, such as the Vault Service account, to the VCS user list.
400
Using FSA with clustered resources Preparation for FSA services in a cluster
Launch command prompt on any of the VCS cluster nodes, and type the command:
hauser hauser is a VCS command line utility used to add and authenticate users in
When prompted for the account password, enter the Vault Service account password. Use the following command line to verify that the Vault Service account has been added to the VCS user list as an administrator:
C:\>hauser display Vault_Service_account
Restart the FSA Cluster Configuration wizard from the Enterprise Vault Administration Console.
Using FSA with clustered resources Configuring the FSA resource for high availability
401
1 2 3 4
In the left pane of the Vault Administration Console, right-click a clustered file server and then click FSA Cluster Configuration. When the welcome page of the FSA Cluster Configuration wizard appears, click Next. Select Add, remove, or reconfigure the FSA resource for groups that have shared disks, and then click Next. Select the cluster groups that are to include the FSA resource. If you check Services HA for a selected group, and there is a problem with the node on which the FSA services are running, then the FSA services and all the other resources in the group automatically failover to another, working node in the cluster. In effect, by checking Services HA, you make the failure of the FSA services on one node a sufficient reason to move all the resources to another node.
5 6
Click Next, and then wait for the FSA Cluster Configuration wizard to apply your requested settings to the cluster group. When the wizard displays a summary of the changes that it has made to the cluster group, click Finish.
1 2 3 4 5
In the left pane of the Vault Administration Console, right-click a clustered file server and then click FSA Cluster Configuration. When the welcome page of the FSA Cluster Configuration wizard appears, click Next. Select Remove the FSA resource from all groups, and then click Next. Click Yes to confirm that you want to remove the FSA resource from the cluster groups. Click Finish.
402
Troubleshooting
This section gives advice on action you can take if you encounter problems when configuring FSA clustering.
Note that this error message is not specific to this situation. It may also be displayed for other cluster related issues. If the VERITAS Secure Authentication Service is not available, then you need to add the Vault Service account to the VCS user list. See How to configure FSA on VCS when SPAS is not available on page 400.
Verify that you have installed and configured the FSA services on each node to which the cluster group can failover. Ensure that the ClusSvc service (for Microsoft Cluster Server) or Had service (for VERITAS Cluster Server) is configured and running on the file server. Check the log files. The FSA Cluster Configuration wizard stores details of the changes that it has made in the file FSACluster.log, which is located in the \Utilities\FSA Cluster subfolder of the Enterprise Vault program folder (typically C:\Program Files\Enterprise Vault). The wizard creates additional log files on the individual cluster nodes when you configure a group for FSA services high availability. These log files are called FSA-MSCSType.log or FSA-VCSType.log, depending on whether you are using Microsoft Server Clusters or VERITAS Cluster Server, and they are stored in the FSA Agent installation folder. The following registry value determines the level of logging:
403
HKEY_LOCAL_MACHINE\Software\KVS\Enterprise Vault\FSA\LogLevel
LogLevel can have a value in the range 0 through 5, where 0 or 1 records critical messages only, whereas 5 records debug and diagnostic messages.
404
Section
Configuring SharePoint archiving Installing SharePoint archiving Web Parts User access to archived SharePoint documents
406
Chapter
35
About SharePoint Server archiving Configuring access to the SharePoint Server Configuring SharePoint archiving in the Administration Console Running the SharePoint archiving task What Next?
Microsoft Windows SharePoint Services 3.0 (WSS 3.0) Microsoft Office SharePoint Server 2007 (MOSS 2007) Microsoft Windows SharePoint Services 2.0 (WSS) Microsoft SharePoint Portal Server 2003 (SPS 2003)
At scheduled times, Enterprise Vault automatically copies documents from the SharePoint server and stores them in Enterprise Vault SharePoint archives. Archived documents can be left on the SharePoint server or deleted, as required. Shortcuts can also be created on the SharePoint server. Deleting the original documents and creating shortcuts are configured using the SharePoint policy.
408
If versioning is enabled for a document library, you can configure the number of versions of a document that are to be left on the SharePoint server after archiving. The archived version history link enables users to restore an older version of a document to the SharePoint Server. If you are archiving from WSS 3.0 or MOSS 2007 servers, you can also archive drafts of documents. Note that shortcuts will not be created in document libraries that have document publishing enabled; that is, if the document library is configured for minor versions, or if document approval is required in the document library. Archive Search and Archive Explorer Web Parts enable users to search or browse for archived documents in the SharePoint archives that they have permission to access. A single Enterprise Vault SharePoint archiving task can archive documents from multiple SharePoint servers. For example, Figure 35-1 shows an Enterprise Vault server archiving documents from a Windows SharePoint services server and a SharePoint Portal Server 2003. Figure 35-1 An example SharePoint archiving configuration
On the Enterprise Vault server, you configure the target SharePoint sites, archiving tasks and archiving policies using the Enterprise Vault Administration Console.
409
Set up your SharePoint Servers and created the SharePoint site collections and sites that you want to archive. To be able to configure Enterprise Vault you will need to know the URLs of the target SharePoint virtual servers or Web applications for archiving. Installed and configured Enterprise Vault SharePoint components on the SharePoint server. See SharePoint Server requirements on page 94. Installed and configured your Enterprise Vault server. See Installing Enterprise Vault on page 111.
1 2 3 4 5 6
Log on to the Enterprise Vault server computer using the Vault Service account. Open Internet Explorer and click Tools, Internet Options. Click the Security tab on the Internet Options window. Select Local intranet and click Sites. Click Advanced in the Local intranet dialog box. Add the URL of each SharePoint virtual server that you want to archive:
http://sharepoint_server_name
7 8 9
Click OK twice to return to the Internet Options window. Click Custom Level. Scroll down to the User Authentication section, and select Automatic logon only in Intranet zone.
410
A SharePoint archiving task. See Creating a SharePoint task on page 410. One or more SharePoint archiving policies. See Creating a SharePoint archiving policy on page 412. If required, a new vault store to use for the SharePoint archives. See Vault store assignment on page 414. SharePoint Targets. See Adding a SharePoint URL as an archiving target on page 415.
In the explorer pane of the Enterprise Vault Administration Console, navigate to the Enterprise Vault computer that is to host the new SharePoint task. Click the computer name to display Services and Tasks. Right-click Tasks and select New, SharePoint Task. This will start the New SharePoint Task wizard. Work through the windows. You will be prompted to give the task a name and description.
2 3
Description
The Enterprise Vault site to which this task belongs.
411
Description
The computer on which this task is created. The name of the task. Select this check box to run in report mode. This mode lists the documents that meet the archiving criteria, without actually archiving any documents. The startup type for this task. You can add a note for this task. This note is visible to other Enterprise Vault administrators, who have access to this task. If selected, this task will use the schedule configured for the Enterprise Vault site. Open site properties to view the site schedule. Select "Never" to stop the scheduled running of the task, or "Selected times", to start the task running at the times and days that you select on this page. This enables you to change the units used in the schedule grid below. You can select or clear times in the grid, as required. Help on how to use the grid is given in the online help.
Schedule
Run
Interval
Schedule grid
Log On
Select the account that By default, the Vault Service account is selected. You this task will run under can select a different account, if required. The account used must have full access to target site collections and their content. When archiving from SharePoint 3.0 sites, the account must have Site Collection Administrator privileges on the target SharePoint site collections. Generate report files for archive run The "Reports" tab enables you to configure report generation. If you want reports generated each time the archiving task runs, select this check box. Reports are created in the "Reports" folder (typically C:\Program Files\Enterprise Vault\Reports). You can select the amount of detail you want included in reports for this task.
Reports
412
Description
You can also select the number of reports for this task that you want kept in the "Reports" folder. This tab lists the sites to be archived on the SharePoint server. Targets are assigned to tasks when you create archiving target objects. See Creating archiving target site collections on page 416. A SharePoint task can service several targets. Alternatively, you can create multiple SharePoint archiving tasks and assign targets to each task, as required.
Targets
Targets
1 2 3
In the Enterprise Vault Administration Console tree, expand the Enterprise Vault site and then click Policies. Under Policies, click SharePoint. To create a new policy, right-click in the right hand pane and select New, Policy (alternatively, right-click SharePoint under Policies in the tree). The New SharePoint Policy wizard starts. In the first window, give the policy a name and description. In the next window, select the action you want Enterprise Vault to take after archiving:
4 5
Leave document in SharePoint means that the document will not be deleted from SharePoint once it is archived; users will be able to access all versions of the document both on the server and in the archive. Delete document from SharePoint once archived means that an archived document is deleted from SharePoint and only available in the archive. Prune to n versions of the document enables you to set the number of versions (n) of an archived document that you want left in SharePoint after archiving. Earlier versions will be available in the archive only.
413
6 7 8 9
In the next window you can configure age-based archiving, and whether to leave shortcuts to archived documents on the SharePoint Server . In the next window you create one or more rules to select the documents that you want to process with this policy. Click New to display the Rule window. Enter a Name and Description for this rule. In the Rule type section, select the action to be taken with files that match the rule. This can be one of Archive, Do not archive or Delete.
10 In the Filter files using the filename section specify the selection criteria.
The first box lets you include or exclude the files specified in the second box. In the second box enter the files you want to target. You can include wildcards in the filenames. For example:
* on its own means all files. *.doc means all files with the extension .doc.
11 In addition to selection by filename, you can select files by size using the
Filter files using file size options.
12 When you click OK, the rule is added to the list of rules. One or more rules
can be applied when selecting files to process with this policy. Click New to add further rules or Edit to change the highlighted rule. During processing, the rules are applied in order from the top of the list. The first rule that matches will be applied, so you need to ensure that the required default action is last. Use Move Up and Move Down to re-order rules. To disable a rule, clear the check box for that rule. Click Next.
13 When Enterprise Vault archives documents from SharePoint, the copy stored
in the archive is given the same permissions as the folder that contained the original document. This means that users with read access to the folder in SharePoint will be able to access archived copies of any documents in the folder. When archiving from SharePoint 3.0 targets, you can configure whether or not Enterprise Vault is to archive documents with permissions that differ from those of other documents in the folder. When archiving from SharePoint 2.0 targets, any settings on this page are ignored and all documents in the folder are archived with the same permissions as the folder. Click Next.
414
14 When archiving from SharePoint 3.0 targets, you can configure Enterprise
Vault to archive drafts of documents. When archiving drafts, you can specify that drafts of a document will only be archived if users who have access to the SharePoint document also have access to drafts of that document. If you select the option to archive drafts but do not select Only archive drafts if they can be viewed by users with read access to the document, then drafts of all documents archived from the target site are archived. This means that anyone with read access to the original document in SharePoint will also be able to view archived drafts of the document in Enterprise Vault, even if they do not have access to drafts in SharePoint. When archiving from SharePoint 2.0 targets, any settings on this page are ignored.
15 The final screen shows a summary of what the policy will do. 16 Click Finish and then Close.
To view or edit the properties of an existing policy, right-click it and select Properties. To copy an existing policy and give it a different name, right-click the policy and select Copy Policy.
415
You can view and customize the properties of vault stores, partitions and archives by right-clicking the object in the Administration Console and selecting "Properties". For information on the properties for each object, see the Administration Console online help.
A SharePoint 2.0 virtual server or SharePoint 3.0 Web application object contains the URL of the SharePoint virtual server or Web application to be archived. Site collection objects are associated with existing top-level sites on the SharePoint server. Site objects are associated with existing subsites on the SharePoint server.
Note that, before you can configure the archiving target objects in Enterprise Vault, the SharePoint virtual server or Web application and site collections must exist in SharePoint and the Enterprise Vault components must be installed and configured on the SharePoint server. Internet Explorer security settings must also be set up as described in Creating a SharePoint task. To add a SharePoint target object
1 2 3
Under Targets, right-click the SharePoint container and select New, SharePoint target. This starts a wizard. Click Next on the first screen. Enter the URL for the virtual server or Web application. Click Next.
416
If you want Enterprise Vault to archive automatically all sites on this target, select the Auto-enable Site Collections check box. The wizard will then take you through screens that enable you to select the task, policy, vault store and retention category to be used for all sites on this SharePoint target. If auto-enable archiving is on, site collection objects will be added automatically under the SharePoint target object the first time the archiving task runs, and a new archive will be created automatically for each of these site collections. Subsites will also be archived using the default settings for the target site collection object, but target subsite objects will not be displayed in the Administration Console. Documents in subsites will be stored in the archive for the top-level site collection. If you do not want Enterprise Vault to archive some top-level sites, or you want to assign a different policy, retention category or task, clear the Auto-enable Site Collections check box. The wizard will then go directly to the final summary screen. You will need to create target site collection objects manually for any site collections that you do want archived. See Creating archiving target site collections on page 416.
Before the SharePoint target object is created, a summary of the object details is displayed. If they are correct, click Finish and then Close to exit the wizard.
Right-click the SharePoint target object in the Administration Console tree and select Properties.
Clearing the Archive this SharePoint target check box on the SharePoint target properties page.
417
Figure 35-1 illustrates the relationship between virtual servers (or Web applications) and sites on the SharePoint targets (on the left) and associated archiving target objects in the Enterprise Vault Administration Console (on the right). In the example shown, Site Collection C is not being archived, so only Site Collection D on SharePoint Virtual Server B has a target site collection object in Enterprise Vault. In this example, automatic archiving of site collections is not enabled on the SharePoint target B object.
418
Figure 35-2
SharePoint Server
Archiving Targets
Enterprise Vault Server
Site Collection C
Site Collection D
If you only want to archive some site collections, clear the Auto-enable Site Collections check box on the SharePoint target object and create the required target site collection objects manually.
419
1 2 3
Under Targets, SharePoint, right-click the SharePoint target object and select New, SharePoint Site Collection. This starts a New SharePoint Site Collection wizard. Click Next on the first screen. Enter the URL for the top level site in the site collection, for example:
http://sharepoint/sites/marketing
Note that the default site collection in SharePoint may have the same URL as the virtual server or Web application.
4 5
Select the required scope of archiving for this site collection; the top level Web site only, the subsites only, or both. Click Next. Highlight the vault store to be used for the SharePoint archives. A separate archive will be created automatically in the vault store for each top-level site. Click Next. Select the policy and archiving task to be used to archive the site collection. Click Next. Select the retention category to be applied to any files that are archived. You can use New to create a new retention category, if required. Click Next. The next screen shows a summary of the details for archiving the site collection. If this is correct, click Finish. A prompt confirms that the object has been created. Click Close.
6 7 8 9
420
Note that an archiving task can be assigned to a SharePoint 2.0 virtual server, SharePoint 3.0 Web application or top-level site, but not to a subsite. To create archiving target objects for subsites
1 2 3
Under Targets, SharePoint, expand the SharePoint target object and find the target site collection object for the subsite you want to archive. Right-click the site collection object and select New, SharePoint Site. This starts a New SharePoint Site wizard. Click Next on the first screen. The full path of the top-level site will be displayed below the box. Enter in the box the relative path for the subsite. For example, if the top-level site path is
http://sharepoint/sites/marketing
4 5 6 7 8 9
Select the required scope of archiving for this site; this site only, the subsites only, or both. Click Next. Select the policy to be used to archive the site and subsites. Click Next. Select the retention category to be applied to any files that are archived. You can use New to create a new retention category, if required. Click Next. The next screen shows a summary of the archiving settings for the site. If this is correct, click Finish. A prompt confirms that the object has been created. Click Close. Target site objects for subsites are displayed in the right hand pane of the Administration Console when you click the site collection object in the tree. They are not shown in the tree.
421
See Scheduling archive runs on page 421. To archive immediately all target sites serviced by a SharePoint task
In the Enterprise Vault Administration Console tree, navigate to the Enterprise Vault computer that hosts the SharePoint task. Click the computer name to display Services and Tasks. Click Tasks to display the SharePoint task in the right hand pane. Right-click the SharePoint task and select Run Now. You then select how the task is to run. In report mode, nothing is actually archived, but a report is generated showing what documents are ready to be archived. In normal mode, the documents will actually be archived and a report may or may not be generated, depending on the task report properties. You can view the report in the Reports folder (typically C:\Program Files\Enterprise Vault\Reports).
2 3 4
Click OK to start the archive run. A prompt tells you that the task has started. Click OK to dismiss the prompt.
1 2 3 4
In the Enterprise Vault Administration Console tree, expand the Targets container and under this, the SharePoint container. Expand the SharePoint target object to display the site collection objects. To archive all sites in a site collection, right-click the site collection object and select Run Now. Select report or normal mode for the task and click OK to start the archive run.
First check that the site schedule is suitable. In the Administration Console tree, right-click the Enterprise Vault site container and select Properties. Click the Site Schedule tab to see the default schedule set for all archiving tasks.
In the Administration Console tree, expand the Enterprise Vault Servers container under the Enterprise Vault site and then expand the Enterprise Vault server that is configured to archive the SharePoint server.
422
3 4 5 6 7
Click Tasks in the tree. In the right hand pane, right-click the required SharePoint task. (SharePoint will be displayed in the Type column), and select Properties. Select the Schedule tab. Select the Use site setting check box. Click OK.
In the Administration Console tree, expand the Enterprise Vault Servers container under the Enterprise Vault site and then expand the Enterprise Vault server that is configured to archive the SharePoint server. Click Tasks in the tree. In the right hand pane, right-click the required SharePoint task. (SharePoint will be displayed in the Type column), and select Properties. Select the Schedule tab. Clear the Use site setting check box. Set the required schedule for this task. Click OK.
2 3 4 5 6 7
What Next?
If required, you can now install the Web Parts on SharePoint Servers for archived versions link, Enterprise Vault Search and Archive Explorer. See the next chapter for details.
Chapter
36
Installing Archive Search Web Part Adding Web Parts and version history link to site pages Enterprise Vault access on "all-in-one" systems What next?
424
Installing SharePoint archiving Web Parts Installing Archive Search Web Part
If the language selected for your SharePoint installation is not English, then you need to copy the appropriate language version of the Web Part package to the folder containing Stsadm.exe before you install the Web Part. (When the Enterprise Vault SharePoint components were installed, an English version of the Web Part was placed in this folder.) Copy the Web Part package, EV_SharepointWebPartsCab.cab, from the appropriate language folder under C:\Program Files\Enterprise Vault\Languages\Windows SharePoint Services Web Parts to the folder containing the Stsadm.exe tool. This is typically C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN for WSS 2.0 and SPS 2003, and C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN for WSS 3.0 and MOSS 2007.
Installing SharePoint archiving Web Parts Installing Archive Search Web Part
425
Use the cd command to go to the directory containing the Stsadm.exe tool and the Web Part CAB file. For example:
cd "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN"
To install the Web Part on every virtual server on a SharePoint server, enter the following command (on one line):
stsadm.exe -o addwppack -globalinstall -force -filename "EV_SharepointWebPartsCab.cab"
To install the Web Part on a particular virtual server, enter the command line:
stsadm.exe -o addwppack -globalinstall -url virtual_server_url -force -filename "EV_SharepointWebPartsCab.cab"
virtual_server_url is the URL of the SharePoint Web application or virtual server on which to install the Web Parts. If you specify the URL of a single Web application or virtual server and the -globalinstall parameter, the Web Part will only appear in the Web Part Gallery of the virtual server that you specified. However, the assembly will be installed in the global assembly cache (GAC). You should see the following installation message displayed:
EV_sharepointwebpartscab.cab: Deploying to http://sharepoint_server_name Operation completed successfully
If an error occurs due to an obvious mistake, such as a typing error, rerun the above command; ensure that the -force switch is included in the command line. This forces the files to be installed over any existing files.
426
Installing SharePoint archiving Web Parts Installing Archive Search Web Part
1 2 3 4 5
On the Web Server computer, open Internet Information Services (IIS). Open the properties dialog for the SharePoint Web site and set the IP Address to All Unassigned. Leave the TCP Port as configured. Click Advanced and then Add. In the TCP Port box, type in the required TCP Port. In the Host Header value box, type in a value that corresponds with the value in the DNS record for this SharePoint virtual server or Web application; this would be sharepoint in the given example. Leave the IP Address as All unassigned. Click OK.
In case users connect using the cluster IP address instead of the DNS name, it is advisable to repeat from step 4 and add a host header with the IP address as the host header value; 172.1 5.10.200 in the given example.
Installing SharePoint archiving Web Parts Installing Archive Search Web Part
427
If the language selected for your SharePoint installation is not English, then you need to copy the appropriate language version of the Web Part package to the folder containing Stsadm.exe before you install the Web Part. (When the Enterprise Vault SharePoint components are installed, an English version of the Web Part is placed in this folder.) Copy the Web Part package, EV_SharepointWebPartsCab.cab, from the appropriate language folder under C:\Program Files\Enterprise Vault\Languages\Windows SharePoint Services Web Parts to the folder containing the Stsadm.exe tool. This is typically, C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN for WSS 2.0 and SPS 2003, and C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN for WSS 3.0 and MOSS 2007.
2 3
Open a Command Prompt window. Use the cd command to go to the directory containing the Stsadm.exe tool and the Web Part CAB file. For example:
cd "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN"
where sharepoint is the DNS record for the SharePoint virtual server or Web application.
After installing the Web Part on each Web Server, you can validate the installation as follows:
On any of the Web Servers, open a Command Prompt window, go to the directory containing the Stsadm.exe tool and run the following command:
stsadm.exe -o enumwppacks -farm
428
Installing SharePoint archiving Web Parts Adding Web Parts and version history link to site pages
Archive Search Web Part Archived version history link Archive Explorer Web Part
1 2 3 4 5
In Internet Explorer, open the home page for the SharePoint site where you want to add the Archive Search Web Part. On the Site Actions menu , click Edit Page. In the Web Part zone in which you want to add the Web Part, click Add a Web Part. In the Add Web Parts dialog box, select the check box for the Archive Search Web Part (located in the Miscellaneous section). Click Add. The Archive Search Web Part will now be displayed on the page. Irrespective of the language of the Web Part package that you installed, text in the Web Part will be displayed in the language of the site.
1 2 3
In Internet Explorer, open the home page for the SharePoint site where you want to add the Archive Search Web Part. Click Modify Shared Page in the top right of the page, and select Add Web Parts, Browse. Click Virtual Server Gallery. The Archive Search Web Part should be listed in the Web Part List. Note that the name of this Web Part will be in the language of the Web Part package that you installed. Drag the Archive Search Web Part to where you want it placed on the page.
Installing SharePoint archiving Web Parts Adding Web Parts and version history link to site pages
429
5 6
Close the Add Web Parts panel. The Archive Search Web Part will now be displayed on the page. Irrespective of the language of the Web Part package that you installed, text in the Web Part will be displayed in the language of the site.
where spcomputername is the name of your SharePoint server computer. This displays the page Enterprise Vault Archived Version History Administration.
Click Install the archived version history link. If you later wanted to remove the link, go to this Web page and click Remove the archived version history link.
3 4
A progress window is displayed briefly while the link is being installed. A confirmation message is displayed when installation is complete. The archived version history link does not appear on the version history page for a document until the library containing the document is archived.
1 2
Navigate to the required site on your SharePoint Server. On SharePoint 2007, click Create on the Site Actions menu. On SharePoint 2003, click Create in the top toolbar.
430
Installing SharePoint archiving Web Parts Adding Web Parts and version history link to site pages
On SharePoint 2007, click Web Part Page. On SharePoint 2003, Web Part Page is in the Web Pages section.
4 5 6
In the form that is displayed, enter a name for the Web Part; for example, Archive Explorer. Select Full Page and Vertical layout options. Click Create. The new Web Part Page is then displayed.
On SharePoint 2007, in the Web Part zone, click Add a Web Part. On SharePoint 2003, in the top right-hand corner of the new Web Part page, click Modify My Page, if you are using Personal View, or Modify Shared Page, if you are using Shared View.
On SharePoint 2007, in the Add Web Parts dialog box, click Advanced Web Part gallery and options. On SharePoint 2003, click Add Web Parts from the menu.
On SharePoint 2007, click Browse. On the drop-down menu click Import. On SharePoint 2003, click Import.
Specify the path to the required language version of the Archive Explorer Web Part file, Archive Explorer.dwp. This will be in the appropriate language folder under C:\Program Files\Enterprise Vault\Languages\Windows SharePoint Services Web Parts. Click Upload. After uploading the Web part, the page will be refreshed and the Enterprise Vault Archive Explorer Web Part will be listed under Uploaded Web Part.
Drag the icon next to the Web Part to the Full Page zone on the Web Part page. An error is displayed, because you need to set the Enterprise Vault server name.
7 8
Click the arrow beside the Web Part and click Modify Shared Web Part. Change the link property to
http://EV_IIS_computer/EnterpriseVault/ArchiveExplorerui.asp
where EV_IIS_computer is the name of the computer running the Enterprise Vault Web Access application.
Installing SharePoint archiving Web Parts Enterprise Vault access on "all-in-one" systems
431
Click OK.
1 2 3 4 5
Click Start, Administrative Tools, SharePoint 3.0 Central Administration. Select Application Management in the left navigation menu. Select Define managed paths under Web Application Management. Select the Web application that the Enterprise Vault Web application is installed on; this will typically be the default Web application. In Add a new path, enter enterprisevault in the Path box, and click Check URL. The Enterprise Vault Web application page should be displayed. If it is not displayed, check that you have entered the correct URL. Select Explicit inclusion and click OK.
To exclude the Enterprise Vault URL as a managed path (on SharePoint 2003)
1 2
Click Start, Administrative Tools, SharePoint Central Administration. If you are configuring a SharePoint Portal Server, scroll to the section Portal Site and Virtual Server Configuration and select Configure virtual server settings from the Virtual Server List page. If you are configuring Windows SharePoint services, in the Virtual Server Configuration section, select Configure virtual server settings.
From the Virtual Server List, select the name of the virtual server that the Enterprise Vault SharePoint components are installed on; this will typically be Default Web Site. Select Define managed paths under Virtual Server Management. In Add a new path, enter enterprisevault in the Path box and click Check URL. The Enterprise Vault Web application page should be displayed. If it is not displayed, check that you have entered the correct URL. Select Excluded Path and click OK.
4 5
432
What next?
Now find out how to use the Web Parts to access archived documents. See the next chapter for details.
Chapter
37
Using the "Show archived versions for this document" link on the versions history page. From this page users can access versions of a document that are in the archive and also replace the current version of a document on the SharePoint server with a version in the archive. See The version history page on page 434. Using the Archive Search Web Part. The Archive Search Web Part enables users to search for archived documents in the archives. From the search results page, users can view documents and copy archived documents or document versions to the SharePoint server. See Using the Archive Search Web Part on page 434. Using the Archive Explorer Web Part. The Archive Explorer Web Part enables users to browse and search SharePoint archives that they have permission to access. Archived documents can be viewed but not restored using Archive Explorer. See About the Archive Explorer Web Part on page 437. Note: When Archive Explorer is launched from within Outlook, it does not display SharePoint archives.
434
User access to archived SharePoint documents Viewing and restoring archived documents
In sites and document libraries, users will only be able to see documents that they have permission to access. To use Archive Search or Archive Explorer Web Parts, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer.
"View" enables you to open the archived document or save it on your computer. "Restore" enables you to restore the document to SharePoint as the latest version.
To display only the versions on SharePoint, click "Hide archived versions for this document".
User access to archived SharePoint documents Viewing and restoring archived documents
435
1 2
In the first box, select the scope for your search: This Site or Site Collection. In the second box, enter words to search for in the document name, subject or content, and then press the Go button. For example, entering the following would return documents with any of the words press, updated or v5 in the name, subject or content:
press updated v5
The wildcard character * can be used to denote one or more characters at the end of a word. At least three characters must precede the wildcard character. For example, new* would find an archived document called December newsletter.doc and a document with the word newer in the content. Note that to be able to search for phrases in the document content, indexing must be set to Full on the archive. To see the indexing level, right-click the site collection archive in the Enterprise Vault Administration Console, select Properties and then click the Advanced tab on the properties window.
3 4
The results of the search will be displayed on the Archive Search Results page. Use the links on the left of the Archive Search Results page to group or sort the results by Author, Date, and so on. When you sort the results, an arrow will indicate the sort order; click the link a second time to reverse the order. The Actions section links enable you to hide or display the preview information for each item (Show Less/Show More), display just the group titles or the items in the groups (Collapse Groups/Expand Groups) and create a complex search filter or a simple search (Advanced Search/Simple Search). The links toggle between these actions, so when you select Show Less, for example, the link changes to Show More.
436
User access to archived SharePoint documents Viewing and restoring archived documents
"Contains" means that in matching documents the selected property must contain the word or phrase as entered in the next box. "Is exactly" means that in matching documents the selected property must contain exactly the word or phrase as entered in the next box. For example, if the author of a document is John Peter Doe:
Searching for "Author Contains John Peter" will result in a match. Searching for "Author Contains John Doe" or "Doe John" will not result in a match. Searching for "Author Is exactly John Peter Doe" will result in a match. Searching for "Author Is exactly John Peter" will not result in a match.
If you specify two properties, you can manage the way they are applied using the "And/Or" operator options. If three properties are specified, the second and third always use the "And" operator. If you enter values for properties and select a "Modified/Created" date range, the search will look for documents that satisfy both the property criteria and the date criteria.
"Manage Scope" enables you to add sites to the "Search scope" drop-down box. For example, you may want to include a site that has been deleted, as there may still be archived documents from this site. "Manage Properties" enables you to add custom properties to the "Search by properties" drop-down box. Custom properties can be defined for document libraries. Enterprise Vault stores these additional properties when it archives documents.
1 2 3 4 5 6
Click Manage Scope. Click Add a Site. Enter the Site name and the URL for the required site. Click OK. The site is displayed on the Custom Sites page. Click Back to return to the main search page. When you click the arrow beside the Search scope drop-down box. The new site is now available in the list.
User access to archived SharePoint documents Viewing and restoring archived documents
437
1 2 3 4 5 6
Click Manage Properties. Click Add a Property. Enter the Property name of the required custom property. Click OK. The site is displayed on the Custom Properties page. Click Back to return to the main search page. When you click the arrow beside the property box under Search by properties, the new property is now available in the list.
1 2
Click the Restore link below the required document. The Document Restored page is displayed, showing the name and location of the restored copy. The restored copy is a new file with the name of the original document and a suffix (n), for example:
my document(1).doc
If you restore the original document again from the Archive Search Results page, another new document would be created with the name, my document(2).doc. Restoring a document from the Archive Search Results page does not replace the latest version in the document library. On the version history page for the new document, clicking Show archived versions for this document will display archived versions of the restored document, my document(1).doc in our example, and archived versions of the original document, my document.doc in our example.
438
User access to archived SharePoint documents Viewing and restoring archived documents
The archives are displayed in a tree structure. All documents in a site collection are stored in the same archive. In the Archive Explorer tree, subsites and document libraries are displayed as child objects of the site collection archive. Expand the required archive in the tree on the left. When you click the document library object in the tree, the documents archived from that library will be displayed on the right. For more information on how to use Archive Explorer, see the online help on the Archive Explorer pages.
1 2 3 4
On each client computer, open Internet Explorer. Go to Tools, Internet Options and click the Security tab. Click Trusted sites and then Sites. Enter the URL for the SharePoint server and click Add. For example:
http://my_sharepoint_server
Enter the Enterprise Vault Web Access application URL and click Add. For example:
http://myEnterpriseVaultServer
6 7 8
Click OK to close the Trusted Sites window. If a pop-up blocker is being used, configure it so that it does not block the Web Access application URL. Close Internet Explorer.
Section
440
Chapter
38
About SMTP archiving Installing the SMTP archiving components Create the holding area Set up the SMTP archiving configuration file Set up File System Archiving Running SMTP archiving How SMTP archiving selects the holding area folder to use
442
Figure 38-1
SMTP architecture
SMTP messages are sent to a third-party SMTP messaging server. This server relays messages to their destination and also sends a blind copy to a Microsoft SMTP Server for archiving by Enterprise Vault SMTP archiving. You can configure SMTP archiving to handle messages for multiple domains, if needed. SMTP archiving processes the messages and stores them as EML files in folders in a holding area. Enterprise Vault File System Archiving (FSA) then retrieves the EML files from the holding area and stores them in archives. See the Introduction and Planning manual for a fuller introduction to the Enterprise Vault SMTP archiving solution.
443
Ensure that the prerequisites are satisfied for the Enterprise Vault server, File System Archiving and SMTP archiving. See Enterprise Vault Deployment Scanner on page 38. See About the prerequisites for FSA on page 87. See About the prerequisites for SMTP archiving on page 99. Install and configure the Microsoft SMTP virtual server. The gateway mail server should relay the message on to its destination, and send a blind copy (BCC) to the Microsoft SMTP Server that will be used for Enterprise Vault SMTP archiving. See Microsoft SMTP Server requirements on page 99. Install and configure the Enterprise Vault SMTP components on the Microsoft SMTP Server computer. See Installing the SMTP archiving components on page 443. Create the required domain root folders for the holding area. This is where the SMTP archiving process puts the EML message files for File System Archiving to archive. See Create the holding area on page 444. On the Microsoft SMTP Server computer, create a suitable SMTP archiving configuration file. See Set up the SMTP archiving configuration file on page 445. On the Enterprise Vault server, configure File System Archiving to archive from the domain root folders. See Set up File System Archiving on page 448.
1 2 3 4
On the Microsoft SMTP Server computer, log on as a user with local administrator privileges. Put the Enterprise Vault CD-ROM in the drive. Open the Enterprise Vault folder, and then open the Server folder. Double-click Setup.exe to start the installation.
444
In the component selection window, select the SMTP Archiving components check box. This installs the SMTP archiving process (EvSmtpArchiveConfig.exe) and a skeleton configuration file (EvSmtpArchiveConfig.exe.config) in the Enterprise Vault installation folder. This folder is typically C:\Program Files\Enterprise Vault. Follow the on-screen instructions to complete the installation.
When you start the SMTP archiving process, you can specify an account with write access to the share. This account will be granted the right "log on as a batch process" on the local system. See Running SMTP archiving on page 449. If you do not specify an account, the default behavior is to use the account used by IIS.
Note that using a network location for the holding area may affect performance. The disk space required for the holding area will depend on the size of the messages and the speed at which Enterprise Vault archives the files. To set up the holding area for the EML files, you need to create a root folder for each message recipient domain that will be archived. Both the account used by SMTP archiving to write to the holding area and the account under which File System Archiving runs (typically, the Vault Service account), must also have read and write access to the holding area folders. SMTP archiving automatically creates the following subfolder structure under the domain root folder that you create:
DomainRoot\MailboxName\Year\Month\Day\Hour
The configuration file associates the DomainRoot folder name with the actual domain in messages.
MailboxName corresponds to the recipient name in the message address.
The archives created by File System Archiving depend on where the archive points are located in the holding area folder structure. In the SMTP archiving configuration file you can configure SMTP archiving to create archive points
445
automatically, or you can create them manually. If they are created automatically, a separate archive is created for each mailbox.
The Microsoft SMTP virtual server to which SMTP archiving binds. The recipient address domains that SMTP archiving is to process and the associated path to the domain root folder in the holding area, where SMTP archiving is to put the EML files. The level of indexing to be applied.
The configuration file must be located in the Enterprise Vault installation folder, typically C:\Program Files\Enterprise Vault. A skeleton configuration file, EvSmtpArchiveConfig.exe.config, is installed when you install the SMTP archiving components. The file is in INI format, with several sections containing key=value entries:
[SectionName] key=value key=value ... [SectionName] key=value key=value ...
Edit the skeleton configuration file, or create a new one, using a plain text editor such as Notepad, and save it as a Unicode file. Section and attribute names are not case-sensitive. White space and blank lines are ignored. Comment lines must have a semi-colon in the first non-white space. You can specify local drives or UNC hidden or regular shares in the configuration file, but for security and performance reasons, we recommend that you use local paths where possible. Table 38-1 lists the possible entries in the SMTP archiving configuration file. Table 38-1 Section
Server
Entry
446
Description
Specifies the name of the virtual server to which SMTP archiving binds. This is the name assigned to the server in IIS Manager, where the default server has the name "Default SMTP Virtual Server". In general, these names are not unique, but the name of the server to use for SMTP archiving must be unique. Determines when the SMTP archiving process is started in relation to other processes registered against the server. The default is 32767 (the lowest priority), as no other processes are started after SMTP archiving. Identifies a folder in which to save messages for unrecognized domains (those not specified in this file). If you do not specify this folder, messages for unrecognized domains are lost. Specifies the number of retry attempts for a message that was not saved because the disk was full. The default value is -1, which means that there is no upper limit. Specifies the indexing level to set for archive points on auto-enabled mailbox folders. This value is effective for any domains for which an indexing level is not explicitly. SiteDefault takes the value from the Enterprise Vault Site Settings. The default is Full. You can specify multiple domain sections in the file.
Priority=n
Optional
NonDeliveryFolder=folderpath
Optional
DiskFullRetryLimit=n
Optional
Optional
Domain
Name=domainname
Yes
Specifies the name of the SMTP domain. Messages addressed to this domain are sent for archiving by SMTP archiving. Specifies the path to the domain folder in the holding area. SMTP archiving automatically creates a folder structure under this folder. See Create the holding area on page 444.
Path=folderpath
Yes
447
In general, SMTP archiving cannot handle messages with recipient addresses that contain any of these characters. NonDeliveryFolder=folderpath Optional Specifies where to save messages in the following situations: Message could not be saved in the mailbox subfolder, because of a folder access error (such as disk full or access denied). The mailbox subfolder does not exist and AutoEnableMbxFolders is not set to True.
Optional
Specifies the indexing level to set for archive points on auto-enabled mailbox folders for the domain. SiteDefault takes the value from the Enterprise Vault Site Settings. The default is Full.
448
[Server] Name=Default SMTP Virtual Server NonDeliveryFolder=d:\EvMailRoot\ServerNonDelivery DiskFullRetryLimit=15 DefaultIndexingLevel=SiteDefault [Domain] Name=Domain1.Vault.Local Path=D:\EvMailRoot\Domain1 NonDeliveryFolder=d:\EvMailRoot\Domain1\MailboxNonDelivery [Domain] Name=Domain2.Vault.Local Path=D:\EvMailRoot\Domain2 AutoEnableMbxFolders=True NonDeliveryFolder=d:\EvMailRoot\Domain2\MailboxNonDelivery IndexingLevel=Brief
The holding area folders are on a local drive (D) on the SMTP archiving computer. The indexing level set in the Enterprise Vault Site Properties will be used for Domain1, but Brief indexing will be used for Domain2. For Domain2 auto-enabling is set to True, which means that SMTP archiving will create the mailbox folders for this domain in the holding area, and create an archive point for each mailbox folder. For Domain1 mailbox folder creation is not auto-enabled, which means that the administrator must create the mailbox folders and suitable archive points.
Ensure that Enterprise Vault is installed and configured on the Enterprise Vault server. Add the file server that holds the SMTP archiving domain root folder to the list of servers that are processed by File System Archiving. Create a volume policy to apply retention categories and rules to all the archived items. We recommend that you do not replace the items with placeholder shortcuts, and therefore you do not need to install the File Placeholder service on the SMTP archiving file server.
449
You can manage any archive points that SMTP archiving automatically creates in the same way as regular archive points. We recommend that one archive is used for each recipient. This is the default if you configure SMTP archiving to create archive points automatically. When setting an index level for the archives, choose "Full" if you want to be able to search for phrases in the message content. If no value is set for "DefaultIndexingLevel" in the configuration file, SMTP archiving sets the indexing level to "Full" for archive points on auto-enabled mailbox folders. Note that custom SMTP headers (X-headers) are not indexed (with the exception of "x-KVS-MessageType", which is used by Compliance Accelerator to enable searches on Instant, Bloomberg and Exchange messages).
1 2 3
Log on to the SMTP archiving computer using the account configured for the SMTP archiving process (typically the Vault Service account). Open a Command Prompt window and change to the Enterprise Vault installation folder. Enter the following command:
EvSmtpArchiveConfig config_file
where config_file is the name of the required configuration file. The default file is EvSmtpArchiveConfig.exe.config. You can register one SMTP archiving process per virtual server instance. If you run the above command multiple times against the same virtual server, the previous settings are overwritten.
450
Setting up SMTP archiving How SMTP archiving selects the holding area folder to use
You are prompted to specify an account to be used for writing to the holding area. You can use this option to specify an account with write permissions to the holding area if it is on a network share. To use the IIS account (LocalSystem by default), press return without entering an account. To specify an account, enter the domain and username in the form domain_name\username. This account will be granted the right "log on as a batch process" on the holding area system. When you specify an account, it will be used until you stop and unregister the SMTP archiving process (EvSmtpArchiveConfig.exe), or run the process again.
A message is sent to the Enterprise Vault event log when the SMTP archiving process starts.
1 2 3
Log on to the SMTP archiving computer using the account configured for the SMTP archiving process (typically the Vault Service account). Open a Command Prompt window and change to the Enterprise Vault installation folder. Unregister the SMTP archiving process by entering the following command:
EvSmtpArchiveConfig config_file /U
where config_file is the name of the configuration file. The default file is EvSmtpArchiveConfig.exe.config.
A message is sent to the Enterprise Vault event log when the SMTP archiving process stops.
Setting up SMTP archiving How SMTP archiving selects the holding area folder to use
451
If it does not exist, the message is sent to the ServerNonDelivery folder. If this folder does not exist, an error is written to the event log and the message discarded. Under the appropriate domain folder, it checks for a mailbox folder for the recipient name. If this is found, the message is stored as an EML file in that folder. If the folder does not exist, and auto-enabling is on, a new folder is created for the recipient name. If the folder does not exist, and auto-enabling is off, the message is sent to the MailboxNonDelivery folder. If this folder does not exist, an error is written to the event log and the message discarded.
Figure 38-2 gives an example of the holding area folders that could exist for the configuration described in the example configuration file.
452
Setting up SMTP archiving How SMTP archiving selects the holding area folder to use
Figure 38-2
If SMTP archiving encounters a Disk Full error for at least one of the folders, it waits for 60 seconds and then tries to store the message again. You can set a limit on the number of times that SMTP archiving retries by specifying the DiskFullRetryLimit value in the configuration file. See Set up the SMTP archiving configuration file on page 445.
Setting up SMTP archiving How SMTP archiving selects the holding area folder to use
453
If SMTP archiving encounters an error, messages are sent to the Enterprise Vault event log. Critical messages are also sent to the Windows Application log and to Microsoft Operations Manager (MOM), if configured.
454
Setting up SMTP archiving How SMTP archiving selects the holding area folder to use
Section
456
Chapter
39
Introduction to filtering
This chapter includes the following topics:
About filtering Selective Journaling Group Journaling Setting up custom filtering Setting up custom properties Journal Filters with Envelope Journaling
About filtering
Read this chapter to find out:
The different filtering options available with Enterprise Vault A summary of the steps required to configure filtering
Filtering provides more granular control over how Enterprise Vault archiving tasks process items during an archiving run. Note: Set up and test filtering on a development server before implementing it on your production servers. Enterprise Vault provides the following filtering features:
Selective journaling. This feature provides simple filtering of Exchange Server journaled messages. You set up a filter for the Exchange Journaling task that selects, by address, the messages to archive. Other messages are deleted.
458
Group journaling. This feature enables the Exchange Journaling task to mark selected messages, in order to reduce the scope of subsequent searches. This can be particularly useful where there is a high volume of journaled email and you want to be able to identify messages sent between particular groups of users. Custom filtering. This feature provides more sophisticated filtering for Exchange Server user and journal mailbox archiving, public folder archiving and Domino server journal archiving. You create rules that select messages by matching one or more attributes, such as email addresses, subject text, message direction or the value of certain message properties. The rules also include instructions on how selected messages are to be processed. This can include assigning a particular retention category, storing in a specified archive, deleting attachments of a specified type or size and deleting or marking the message. The following functionality is not yet available when filtering Domino server messages:
Messages cannot be selected based on the value of custom message properties Message attachments cannot be removed Selected messages can only be archived or marked and not archived; they cannot be deleted
Custom properties. This feature is an extension of custom filtering. It enables you to configure Enterprise Vault to index additional properties on messages selected by the custom filters. These properties may be standard properties that a default Enterprise Vault system does not index or they may be properties added to messages by a proprietary, third party application. Custom properties also introduces the concept of "content categories" for grouping the settings that are to be applied to messages that match a rule. These settings can include the retention category to assign, the archive to use and the additional properties to index.
Selective Journaling
For detailed setup instructions, see Configuring selective journaling. To set up Selective Journaling
1 2
Set up Exchange Server Journal archiving. Create a rules file called SelectiveJournal_config.dat and place it in your Enterprise Vault directory (normally C:\Program Files\Enterprise Vault).
459
This file defines the attributes to match when selecting messages to archive. You can filter on any of the following:
Distinguished Name Exact SMTP mail address Character string in the address (starts with, ends with, or contains)
3 4 5
Configure the required registry setting to call the filter SelectiveJournal.SJFilter. If required, set additional registry key to force a hard delete of items that are not archived. Restart the Exchange Journaling task.
Group Journaling
For detailed setup instructions, see Configuring group journaling. To set up Group Journaling
1 2
Set up Exchange Server Journal archiving. Create a rules file called SJGroupFilter.dat and place it in your Enterprise Vault directory (normally C:\Program Files\Enterprise Vault). This file defines the distribution lists that contain the addresses to match, the retention category to assign and a sample rate, if required. Create the retention category to be assigned to matched messages. Create the distribution lists and populate them with the required user addresses. Configure the required registry setting to call the filter SelectiveJournal.SJGroupFilter. Restart the Enterprise Vault Journaling task.
3 4 5 6
460
Enable custom filtering by configuring the required registry settings for each type of archiving that you want to filter. Custom filtering can be applied to the following types of archiving:
Exchange Server user mailbox archiving Exchange Server journal mailbox archiving Exchange Server public folder archiving Domino server journal archiving
Configure the required filter rules and actions in XML ruleset files in the Custom Filter Rules folder. You can have one default set of rules applied to all types of archiving enabled for filtering, or separate rules for different archiving locations, such as Exchange Server public folders, particular user or journal mailboxes or Domino server journal locations. In addition, for Exchange Server user mailbox archiving, you can set different filtering actions for specific users by creating a separate ruleset file for each of the the targeted users. All other users would have the default ruleset file applied. A ruleset file can include one or more rules. Each rule includes a set of one or more message attribute filters for evaluating items and an action to be applied to items that match the message attribute filters.
When the required XML files have been set up, restart the archiving tasks that have custom filtering applied.
461
1 2
Enable custom filtering by configuring the required registry settings for each type of archiving that you want to filter. Define the required custom properties and content categories in an XML file called custom properties.xml in the Custom Filter Rules folder in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). This file contains the following information:
The content categories available. A content category is a group of settings that are to be applied to an archived item. This can include a list of the additional properties that are to be indexed by Enterprise Vault. The custom properties available. This is where the additional properties are defined for Enterprise Vault. The presentation fields available. These define how external applications, such as the Enterprise Vault browser search, can access content categories and custom properties.
To configure Enterprise Vault to index specific custom properties on all messages, without performing any filtering, create a custom properties.xml file but no ruleset file. The custom properties.xml file must include definitions of the custom properties and a default content category. The default content category will be applied to all messages and defines which properties Enterprise Vault is to index. To configure Enterprise Vault to filter messages and only assign content categories to specific messages that match filter rules, you create both a custom properties.xml file and also suitable ruleset files. The custom properties and content categories are defined in custom properties.xml and the filtering rules and actions are defined in the ruleset files.
When the required XML files have been created, restart the archiving tasks that have custom filtering applied. The presence of ruleset files and content categories (in custom properties.xml) enables you to control whether Enterprise Vault implements custom property indexing or custom filtering or both. See Control of default settings on page 515.
462
Chapter
40
Configuring filtering
This chapter includes the following topics:
About configuring filtering Configuring selective journaling Configuring group journaling Configuring custom filtering
How to configure selective journaling How to configure group journaling How to configure custom filtering
Custom filtering can be extended to use custom properties. See About configuring custom properties on page 513. Note: It is important that you test your filtering configuration on a development server, using realistic data, before implementing it on your production servers.
464
All the normal, site-defined Enterprise Vault filtering rules are obeyed first; if an item is not eligible for default archiving then the external filter is not called (in the case of journaling, all items are eligible for archiving, so the external filter will always be called). If you enable selective journaling on an Enterprise Vault server, it will be enabled for all Exchange Journaling tasks that are hosted on that computer. To set up selective journaling, do the following on each computer that hosts an Enterprise Vault Exchange Journaling task
1 2 3 4 5
Set up Exchange Journal archiving. Create a filtering rules file. The same filtering rules file will be used by all Exchange Journaling tasks that are hosted on the computer. Add the selective journaling registry settings for the Exchange Journaling task. Restart the Exchange Journaling task.
1 2
Log on to the Exchange Journaling task computer as the Vault Service account. Use Notepad to create a file called SelectiveJournal_config.dat in the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault). In the file, specify the rules that you want the filter to use to select journaled messages for archiving. See Selective journaling filter rules on page 464.
Table 40-1 describes the keywords and values that you can enter in the file.
465
Description
Archive all items that have been sent to addresses that contain the specified text.
distlist
Archive all items that have been sent to anyone who is on the specified distribution list.
ends
Archive all items that have been A text string. For example: sent to addresses that end with the ends:example.com specified text. The string can be part of an SMTP address. Archive all items that have been The SMTP email address of the recipient. For example: sent to the specified email address. smith@example.com Archive all items that have been The Distinguished Name of the recipient user account or sent to the specified recipient. The distribution list. For example: recipient can be a user account or a recip:/o=acme/ou=developer/cn=recipients/cn=smithj distribution list. Archive all items that have been A text string. For example: sent to addresses that start with the starts:john specified text. The string can be part of an SMTP address.
exact
recip
starts
If you want to ensure that you archive all email to an internal email recipient, specify both the Distinguished Name and SMTP address of the recipient mailbox, for example,
recip:/o=symantec/ou=first administrative group/cn=recipients/cn=John Doe exact:john_doe@example.com
Alternatively, specify a distribution list that the recipient is a member of. For example,
distlist:/o=symantec/ou=first administrative group/cn=recipients/cn=ArchiveList exact:archivelist@example.com
466
1 2
Log on to the Journaling task computer as the Vault Service account. Run regedit and navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling
Add the External Filtering key under Enterprise Vault, and the Journaling key under External Filtering, if they do not exist.
In Journaling, create a new STRING value with the name 1 and set its value to SelectiveJournal.SJFilter. By default, items that are not archived are sent to the Deleted Items folder in the journal mailbox. If you want items to be deleted immediately, without going to the Deleted Items folder, add the DWORD , HardDeleteItems, to the following location and give it a value of 1:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \Agents \SelectiveJournal
To enable your changes, stop and restart all Journaling tasks on the server. You need to do this whenever you make a change to the rules file or if you modify the registry values.
467
1 2
Log on to the Journaling task computer as the Vault Service account. Run regedit and navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \Agents
Create a new DWORD value with the name ActionForInvalidDL and set its value to one of the following:
0 (Default) If a distribution list is invalid, continue to process the remainder of the recipient list. If a distribution list is invalid, stop processing the recipient list. If a distribution list is invalid, treat this as a match and archive message. If a distribution list is invalid, leave the message in the journaling mailbox and log an error event in the Event Log.
1 2 3
1 2
Set up Exchange Server Journal archiving. Create a rules file. This file specifies the addresses to match, the retention category to assign and the sample size. The same rules file will be used by all Exchange Journaling tasks that are hosted on the computer.
468
If it does not exist, create the retention category to be assigned to matched messages. See the Administrators Guide for instructions on how to do this.
4 5 6
In Exchange Server, ensure that the distribution lists exist and are populated with the required users. On the Enterprise Vault Exchange Journaling task computer, add the group journaling registry settings. Restart all Exchange Journaling tasks on the computer and test your configuration.
1 2 3
Log on to the Exchange Journaling task computer as the Vault Service account. Use Notepad to create a file called SJGroupFilter.dat in the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault). In the file, specify the rules that you want the filter to use to select journaled messages for archiving. See Group journaling filter rules on page 468.
Table 40-2 shows the keywords and values that you can enter in the file. Table 40-2 Keyword
retcat
Description
The retention category to assign to Retention category name. For example: matching messages. The file must retcat:Flagged contain a retention category line and the retention category must exist
469
Description
The percentage sample rate of Integer (without % sign). For example: matching messages to be archived. If sample:25 this line is missing, the sample rate defaults to 100% Used to define the groups of user Distinguished Name of the distribution list. For example: addresses to be matched. The rules file userset:/o=acme/ou=research/cn=recipients/cn=groupa must contain two userset lines; one for each group. Each line defines a distribution list containing the addresses of group members. The specified distribution lists must not be empty
userset
Using the following example rules file, 25% of the messages sent by members of one distribution list to members of the other distribution list will be assigned the retention category, Flagged.
userset:/o=acme/ou=research/cn=recipients/cn=groupa userset:/o=acme/ou=research/cn=recipients/cn=groupb retcat:Flagged sample:25
1 2
Log on to the Journaling task computer as the Vault Service account. Run regedit and navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling
Add the External Filtering and Journaling keys, if they do not exist.
470
3 4
Create a new STRING value called 1 and set its value to SelectiveJournal.SJGroupFilter. Restart all Enterprise Vault Exchange Journaling tasks on the computer.
1 2
Send a message from a user in one of the specified distribution lists to a user in the other distribution list. Wait for Enterprise Vault to archive it and then search for it using the Retention Category field on the Advanced page of the Enterprise Vault browser search. (For the Advanced page, the URL should end with Search.asp?Advanced.) The message should have the group journaling retention category assigned.
Now repeat the test only in reverse; send a message from a user in the second distribution list to a user in the first distribution list. Again, the message should have the group journaling retention category assigned.
Next, send a message from a user in the first distribution list to someone who is not in the second distribution list. The message should be archived with the retention category specified in the default Exchange journal mailbox policy.
Send a message from a user in the second distribution list to someone not in the first distribution list. Again, the message should be archived with the retention category specified in the default Exchange journal mailbox policy.
471
recipients to be sent to a separate archive, or you may want messages sent within the company to be given a special retention category of "Internal". You can set up default filters that apply to all archiving tasks that are enabled for custom filtering. In addition, you can create separate custom filters for Exchange Server public folder archiving, specific mailboxes (user or journal mailboxes) and specific Domino journaling locations. If custom properties have been added to items, you may want these properties indexed for selected items. How to extend custom filtering to use the custom properties feature is described in About configuring custom properties. To implement custom filtering
Enable custom filtering for the required archiving tasks by configuring registry settings.
See Registry settings for Exchange Server journal filtering on page 473. See Configuring registry settings for Exchange Server user mailbox filtering on page 474. See Configuring registry settings for Exchange Server public folder filtering on page 476.
472
See Configuring registry settings for Domino server journal filtering on page 477.
Create filter rules and actions. These are held in one or more XML ruleset files, which must be placed in the folder, Enterprise Vault\Custom Filter Rules. Restart the archiving tasks that have custom filtering enabled. If custom filtering is enabled for Exchange Server archiving tasks, the following message is sent to the Enterprise Vault event log when the archiving tasks start:
EventID = 45329 Description = External Filter 'EnterpriseVault.CustomFilter' initialising...
The following message is sent to the Enterprise Vault event log when the Exchange Server archiving tasks stop:
EventID = 45330 Description = External Filter 'EnterpriseVault.CustomFilter' stopped.
If custom filtering is enabled for Domino server archiving tasks, the following message is sent to the Enterprise Vault event log when the archiving tasks start:
EventID = 41086 Description = External Filter 'KVS.EnterpriseVault.LotusDomino.CustomFilter' initialising...
The following message is sent to the Enterprise Vault event log when the Domino server archiving tasks stop:
EventID = 41087 Description = External Filter 'KVS.EnterpriseVault.LotusDomino.CustomFilter' stopped.
473
Similarly, the XML ruleset files must be copied to all computers that host archiving tasks that are enabled for custom filtering. If you change the registry settings or XML files, remember to propagate the changes to each of the other computers.
1 2 3
On the computer that hosts the Enterprise Vault Exchange Journaling task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling
If the External Filtering key does not exist, create it by performing the following steps in the order listed:
Right-click Enterprise Vault and select New > Key. Name the key External Filtering.
Right-click External Filtering and select New > Key Name the key Journaling.
474
If the Journaling key does exist, any existing filters will be listed under it. Filter names will be an unbroken numbered sequence starting at 1. If the Compliance Accelerator Journaling Connector is installed (KVS.Accelerator.PlugIn.Filter), it must be the last in the sequence, so you will need to rename it before creating the new custom filtering setting. For example, if the Journaling Connector is currently named 1, rename this setting as 2 and create the new custom filtering setting with the name 1. To rename the Journaling Connector setting, do as follows:
Right-click the setting name and select Rename. Enter the new name, for example, 2.
Create a new string value for the new custom filtering setting. The name of this setting must fit into the existing number sequence. If no other journaling filters exist, set the name to 1. Give it the value EnterpriseVault.CustomFilter. If an entry called Override exists and has a non-zero value, set its value to 0. If custom filtering is implemented and a rule action has marked messages as "Do not archive", setting Override to 0 (zero) prevents the Exchange Journaling task from re-examining the messages each time it processes the journal mailbox. If you later change the rule action, you can temporarily set Override to 1 to force the Exchange Journaling task to reprocess any messages in the journal mailbox.
If it does not exist, create a DWORD value called MoveOnFilterFailure and set its value to 1. This entry controls whether the Exchange Journaling task moves messages to the folder Failed External Filter when an unhandled error occurs in the external filter. This folder is automatically created when required in the journal mailbox.
8 9
Close Regedit. After you have configured the required XML filter rules, as described in About custom filtering ruleset files, restart the Journaling tasks.
475
By creating named ruleset files, About custom filtering ruleset files, you can limit filtering to particular mailboxes. To configure the registry settings to enable custom filtering for Exchange Mailbox tasks
1 2 3
On the computer that hosts the Enterprise Vault Exchange Mailbox task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering
If the External Filtering key does not exist, create it by performing the following steps in the order listed:
Right-click Enterprise Vault and select New > Key. Name the key External Filtering.
Right-click External Filtering and select New > Key. Name the key Mailbox.
5 6
Create a new string value called 1 for the new custom filtering entry. Right-click the new entry and select Modify. Give it the value:
EnterpriseVault.CustomFilter
Create a new DWORD called Override and set its value to 0 (zero). If custom filtering is implemented and a rule action has marked messages as "Do not archive", setting Override to 0 (zero) prevents the Exchange Mailbox task from re-examining the messages each time it processes the mailbox. If you later change the rule action, you can temporarily set the Override entry to 1 to force the Exchange Mailbox task to reprocess such messages.
476
If it does not exist, create a DWORD value called MoveOnFilterFailure and set its value to 1. This entry controls whether the Exchange Mailbox task moves messages to the folder Failed External Filter when an unhandled error occurs in the external filter. This folder is automatically created when required in the user mailbox.
10 After you have configured the required XML filter rules, restart the Exchange
1 2 3
On the computer that hosts the Enterprise Vault Exchange Public Folder task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering
Right-click Enterprise Vault and select New > Key. Name the key External Filtering.
Right-click External Filtering and select New > Key. Name the key PublicFolder.
Create a new string value called 1 for the new custom filtering entry.
477
Right-click the new entry and select Modify. Give it the value:
EnterpriseVault.CustomFilter
Create a new DWORD called Override and set its value to 0 (zero). If custom filtering is implemented and a rule action has marked items as "Do not archive", setting Override to 0 (zero) prevents the Exchange Public Folder task from re-examining the items each time it processes the public folder. If you later change the rule action, you can temporarily set the Override entry to 1 to force the Exchange Public Folder task to reprocess such items.
8 9
Close Regedit. After you have configured the required XML filter rules, as described in About custom filtering ruleset files, restart the Exchange Public Folder tasks.
In this example, the target Domino server is "Server1" in the Domino organization, "Org1", and the target journaling location is the folder called Symantec in the Domino Data directory. Configuring the registry settings described in this section will enable custom filtering for all the Domino Journaling tasks hosted on the server. By creating a named ruleset file, you can limit filtering to particular journaling locations.
478
See About custom filtering ruleset files on page 479. Note: The Compliance Accelerator Journaling Connector does not currently support Domino server messages. To configure the registry settings to enable custom filtering for Domino Journaling tasks
1 2 3
On the computer that hosts the Enterprise Vault Domino Journaling task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Lotus Journaling
Right-click Enterprise Vault and select New > Key. Name the key External Filtering.
Similarly, if the Lotus Journaling key does not exist, create it as follows:
right-click External Filtering and select New > Key. Name the key Lotus Journaling.
4 5
If the Lotus Journaling key does exist, any existing filters will be listed under it. Filter names will be an unbroken numbered sequence starting at 1. Create a new string value for the new custom filtering setting. The name of this setting must fit into the existing number sequence. If no other journaling filters exist, set the name to 1. Give it the following value
KVS.EnterpriseVault.LotusDominoCustomFilter!KVS.EnterpriseVault. LotusDomino.CustomFilter
479
If an entry called Override exists and has a non-zero value, set its value to 0. If custom filtering is implemented and a rule action has marked messages as "Do not archive", setting Override to 0 (zero) prevents the Domino Journaling task from re-examining the messages each time it processes the Domino journaling location. If you later change the rule action, you can temporarily set Override to 1 to force the Domino Journaling task to reprocess any messages in the Domino journaling location.
7 8
Close Regedit. After you have configured the required XML filter rules, restart the Domino Journaling tasks.
Example Filter Rules.xml This provides examples of filter rules. ruleset schema.xdr This contains the XML schema for validating the XML
ruleset files.
Example Custom Properties.xml This provides example entries for the custom properties.xml file.
custom properties XML file. When you modify a ruleset file, you must restart the associated archiving tasks to pick up the changes. In a distributed environment, you must copy the updated file to each computer with tasks enabled for custom filtering, and then restart the associated tasks on each computer.
480
Note: It is important to set permissions on the ruleset files to prevent unauthorized editing. For increased security, you could also enable Windows file auditing on these files. A ruleset file contains one or more rules. Each rule contains the following:
A set of one or more attribute filters for evaluating messages or message attachments or both. An action to be applied to messages or attachments that match the attribute filters. Examples of actions are applying a particular retention category or storing the item in a specified archive. More than one action can be applied to matching items.
481
The mailbox owner will typically be the same as the account Display Name, but could be different if you have changed the mailbox owner name, for some reason. For example, if you want to filter John Does mailbox, and John Doe is the mailbox owner name, you would create a ruleset file called "John Doe.xml". To apply filtering to a journal mailbox with the mailbox owner name "Journal US1", you would create a ruleset file called "Journal US1.xml". Any other mailboxes that do not have a named ruleset file and are serviced by the archiving tasks which have been enabled for custom filtering, are processed using the default ruleset file, "Default Filter Rules.xml". If archiving tasks are enabled for custom filtering, but neither the default ruleset file nor named ruleset files exist, the archiving tasks will attempt to use a default content category, as defined in custom properties.xml. If none of the above exists, an error is logged and the archiving tasks stop. You can configure archiving tasks to manage missing defaults gracefully using the IGNORENODEFAULT registry setting. See Control of default settings on page 515. This registry setting is particularly useful if you want to restrict filtering to named mailboxes only. Note: If custom filtering is enabled for all Exchange Server mailbox archiving and you want to apply different rules to Exchange Server user and journal mailboxes, you could create a named ruleset file for the Exchange Server journal mailbox and configure the default ruleset file for filtering all user mailboxes. This would avoid having to create a large number of named ruleset files.
482
category is defined in custom properties.xml, items will be archived according to the settings in the default content category. See About configuring custom properties for content categories and the file custom properties.xml.) If none of the above existsPublic Folder Rules.xml, Default Filter Rules.xml or a default content categoryan error will be logged and the archiving tasks will stop, unless you have configured the IGNORENODEFAULT registry setting. You can configure archiving tasks to manage missing defaults gracefully using the IGNORENODEFAULT registry setting.
For example, if you want to filter the Domino journaling location that is shown as "Symantec/*" in the Administration Console, you would create a ruleset file called "Symantec.xml". Any other journaling locations that are serviced by the Domino archiving tasks and which have been enabled for custom filtering, are processed using the default ruleset file, Default Filter Rules.xml. If archiving tasks are enabled for custom filtering, but neither the default ruleset file nor named ruleset files exist, the archiving tasks will attempt to use a default content category, as defined in custom properties.xml. If none of the above exists, an error is logged and the archiving tasks stop. You can configure archiving tasks to manage missing defaults gracefully using the IGNORENODEFAULT registry setting. See Control of default settings on page 515. This registry setting is particularly useful if you want to restrict filtering to named mailboxes only.
483
<?xml version="1.0" encoding="UTF-8"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr"> <RULE [NAME="rule_name"] [ACTION="match_action"] [ATTACHMENT_ACTION="match_action"] [CONTENTCATEGORY="content_category"] [RETENTION="retention_category"] [ARCHIVEID="archiveid"]> <message_attribute [attribute_value_operators]> <attribute_value> [<attribute_value>] </message_attribute> [<message_attribute>... </message_attribute>] [<attachment_attributes> [attribute_value_operator]> <attachment_attribute_values> [<attachment_attribute_values>] </attachment_attributes>] [<attachment_attributes>... </attachment_attributes>] </RULE> [<RULE> ... </RULE>] </RULE_SET>
The ruleset can contain one or more rules. Naming a rule (NAME="<rule_name>") is optional. It is advisable to include it for documentation purposes and to distinguish the rule in trace output. Each rule contains one or more message attribute filters for evaluating messages. With Exchange Server filtering, a rule may also contain attachment attribute filters for evaluating attachments to messages. Attachment filtering is not currently available with Domino server filtering. You can use a combination of the following message attributes to select messages:
Author Recipients Direction Subject text Named MAPI properties (Exchange Server messages only)
484
You can use the following attachment attributes to select specific files attached to Exchange Server messages:
Matching against attribute values is case insensitive. All message attribute filters in a rule will be applied to a message, so the order of message attribute filters in a rule is not significant. A message matches a rule when it matches all the message attribute filters contained in that rule. When a message matches a rule, the action specified by ACTION= is applied to the message. With Exchange Server filtering, if the message attributes satisfy a rule, any attachments are then evaluated using attachment attributes. When an attachment matches a rule, the action specified by ATTACHMENT_ACTION= is applied to the attachment. Each rule has a message action associated with it. ACTION="<match_action>" defines the action to be applied to the message when it matches a rule. For example, an action could be to mark the item as evaluated but not archive it (ACTION="MARK_DO_NOT_ARCHIVE"). If the action is to archive the item, additional actions can be specified, such as assigning a specific retention category (RETENTION="<retention_category>") or storing the item in a particular archive (ARCHIVEID="<archive_ID>"). If no action is specified, it defaults to "ARCHIVE_ITEM". The preferred way to specify how messages that match a rule are to be archived is to assign a content category. A content category is a group of settings that are to be applied to an archived item. This can include a retention category, an archive ID and a list of the additional properties that are to be indexed by Enterprise Vault. You define content categories in the file custom properties.xml. See Content categories on page 527. If attachments to Exchange Server messages are to be evaluated, a rule must have an attachment action associated with it; ATTACHMENT_ACTION="<match_action>". If an attachment action is specified, an attachment attribute element ( <FILES> element) must also be present in the rule. This defines the file names or file size (or both) to use when matching attachments. If attachments match the specified attachment filter, the attachment action is performed. Attachments to nested messages are also processed by the filter.
485
Note: For messages (and then attachments), each rule in the ruleset file will be evaluated in the order in which they appear in the file and only the first matching rule will be executed. For this reason, it is important to put the highest priority rules first.
The schema file, ruleset schema.xdr, is shipped in the Custom Filter Rules folder . The schema must be referenced at the start of any ruleset files as follows:
<?xml version="1.0" encoding="UTF-8"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr">
If the file contains non-ANSI characters, ensure the correct encoding is set on the first line and save the file using the appropriate encoding. Note: All the XML tags and predefined values shown in upper case in this document are case sensitive and must be entered as upper case in the ruleset file. Values entered should also be treated as case sensitive.
Rule actions
The following actions can be applied to messages that match a rule filter:
ACTION="ARCHIVE_ITEM" Archive the message. This is the default action if you do not include the ACTION= clause or a message does not match any of the rules. With this action you can have additional actions: assigning a retention category (RETENTION="<retention_category>") to the item, sending the item to a specific
486
ACTION="MARK_DO_NOT_ARCHIVE" Do not archive the message; leave it in the original location. Note: Messages marked as MARK_DO_NOT_ARCHIVE remain in the original location. If you are applying filtering to the journal mailbox or Domino journaling location, this action should only be used for a small number of messages, as leaving lots of messages may affect journaling performance. If you later change the rule action, you can temporarily set the Override registry key to 1 to force the task to reprocess marked items. The Override key is described in the sections describing how to configure custom filtering registry settings for archiving tasks:
Registry settings for Exchange Server journal filtering Configuring registry settings for Exchange Server user mailbox filtering Configuring registry settings for Exchange Server public folder filtering Configuring registry settings for Domino server journal filtering
ACTION="MOVE_DELETED_ITEMS" Do not archive the message; move it to the Deleted Items folder. This action is only supported for Exchange Server filtering. This action cannot be used with public folder filtering; if this action is configured, an error will be logged and the tasks will stop. ACTION="HARD_DELETE" Do not archive the message; delete it immediately without moving it to the Deleted Items folder. This action is only supported for Exchange Server filtering, but is not recommended for Exchange Server public folder filtering. Note: If the Compliance Accelerator Journaling Connector is being used to capture a required percentage of all Exchange Server journaled messages, do not configure a custom journal filter that deletes selected messages; this will compromise the accuracy of the Compliance Accelerator monitoring policy, because any deleted messages are not available for capture by the Journaling Connector.
With Exchange Server filtering, the following actions can be applied to message attachments that match an attachment filter:
487
ATTACHMENT_ACTION="REMOVE" If a file attached to a message matches the name or size specified in the attachment attribute filter, delete it. ATTACHMENT_ACTION="REPLACE" If a file attached to a message matches the name or size specified in the attachment attribute filter, replace it with a file called Deleted Attachments.txt, which lists the attachments that have been deleted.
If the message has nested messages with attachments, the action will be applied to all nested message attachments. If the action applied to a message is "HARD_DELETE", no attempt is made to evaluate any files attached to the message. The extract below shows how a rule name, message action and attachment action might be specified in the ruleset file. In this example, any messages that satisfy the message attribute filters will be archived in the default archive. Also, any Exchange Server messages attachments that match the attachment filter will be deleted and replaced with a file called Deleted Attachments.txt:
<RULE NAME="Archive Rule 1" ACTION="ARCHIVE_ITEM" ATTACHMENT_ACTION="REPLACE"> <message attribute filters> <attachment attribute filter> </RULE>
488
The extract below shows how the option might be specified in the ruleset file. In this example, any messages that satisfy the message attribute filters will be archived and given the retention category, Legal:
<RULE NAME="Example rule2" ACTION="ARCHIVE_ITEM" RETENTION="Legal"> <message attribute filters> </RULE>
1 2
Right-click the archive in the Enterprise Vault Administration Console. Select Properties. The archive ID is displayed on the Advanced page of Properties.
489
<message_attribute> defines a message attribute to match. This can be AUTHOR, RECIPIENTS, DIRECTION or SUBJECTS. <attribute_value> defines the message attribute value(s) to match. For each attribute there may be one or more values. <attribute_value_operators> are special operator options that enable you to define how values for an attribute are to be applied. The operators INCLUDES= and ALLOWOTHERS= are particularly useful if you want to define negative and positive matches when filtering on AUTHOR, RECIPIENTS and SUBJECTS. See The INCLUDES and ALLOWOTHERS operators on page 493. Attribute value operators are not available when filtering on message DIRECTION.
You can specify the actual addresses to match as SMTP email addresses, display names or SMTP domains using the following XML elements (these are represented by the <attribute_value> lines in the ruleset file outline):
<EA>name@domain</EA> This form can be used to specify SMTP addresses. The value specified must be the complete SMTP email address; if the value specified here is only part of an address, the message will not match. Wildcard characters cannot be used. If the character & is included in an SMTP address, the character must be replaced with
&
as & is a special character in XML. For example, the SMTP address admin&finance@ourcompany.com should be specified in the XML file as:
admin&finance@ourcompany.com
<DISPN>display name</DISPN>
490
This form can be used to specify display names. As with the SMTP address, the value must be the full display name, without wildcard characters. An example display name for Exchange Server messages is
<DISPN>John Doe</DISPN>
For Domino server messages, the format of display names will depend on the Domino server configuration. To match all required messages, ensure that you include all possible variations for a display name. For example, display names could take one or more of the the following forms:
<DISPN>Kevin Smith/exampleorg@exampledomain</DISPN> <DISPN>CN=Kevin Smith/O=exampleorg@exampledomain</DISPN> <DISPN>Kevin Smith/exampleorg%dominodomain@exampledomain</DISPN>
If Organizational Units are included in display names, these must also be specified. For example,
<DISPN>CN=Kevin Smith/OU=Sales/O=exampleorg@exampledomain</DISPN>
<DOMAIN>exampledomain.com</DOMAIN> This form can be used to specify SMTP domains. The value specified can be the full domain or a subdomain. For example, if the following domain value is specified:
<DOMAIN>ourcompany.com</DOMAIN>
john.doe@hqourcompany.com
<DL>distribution list name</DL> This option is only supported for Exchange Server filtering. Use this form when you want to match messages that have been sent to any members of the specified distribution list. For example, if a rule contains the following line:
<DL>ALL SALES</DL>
491
Then messages sent to any member of the distribution list called ALL SALES will match, irrespective of whether the members name is shown as the Display Name or SMTP address on the message. See Distribution lists in attribute values on page 492. Note: Matching attribute values is case-insensitive. The following example shows how you can specify a simple rule to archive and set the retention category "Legal" on any messages sent from anyone in the domain, ourcompany.com, with legal@ourcompany.com or the Lotus Notes user, Greg Court, in the recipient list:
<RULE ... ACTION=ARCHIVE_ITEM RETENTION=legal> <AUTHOR> <DOMAIN>ourcompany.com</DOMAIN> </AUTHOR> <RECIPIENTS> <EA>legal@ourcompany.com</EA> <DISPN>Greg Court/ourorg@ourcompany.com</DISPN> </RECIPIENTS> </RULE>
The attribute value operators, INCLUDES= and ALLOWOTHERS=, enable you to define complex filters. See The INCLUDES and ALLOWOTHERS operators on page 493. Note the following:
There are situations where messages may not have an SMTP address; for example, messages imported into a mailbox from a PST file and Exchange Server addresses set up for internal messaging only. For this reason you may want to include both the display name and the email address in a rule (provided you are not using the INCLUDES="ALL" operator). Be aware that display names do not have to be unique; an external sender, for example, could have the same display name as an internal sender. If changes to your Microsoft Exchange Server Global Address List (or Global Address Catalog in Active Directory) affect users or distribution lists included in custom filters, you may have to update your custom filter rules accordingly. For example, if you are filtering on the display name of a distribution list and then change the display name, you will need to update the appropriate ruleset file entry. Changes made to the Microsoft Exchange Server Global Address List will not become effective until the next scheduled GAL update. If, for example, a users
492
address has been changed to their married name, and you have set up a filter that includes the new address as AUTHOR, there may be a delay before messages are matched.
To ensure that Bcc and Undisclosed recipients are available when filtering on the Exchange Server journal mailbox, Envelope Journaling must be enabled on your Microsoft Exchange Server. For more information on this subject, see Enterprise Vault and Exchange Server Envelope Journaling.
would match any message sent to any member of the distribution list, ALL SALES. For this matching to work, ensure that expansion of distribution lists is enabled in the Administration Console (in the "Archiving General" settings on the "Advanced" tab of the Exchange journal policy). Also, the distribution list must not be included in the "blacklisted" distribution list registry setting, BlacklistedDLs, which can be created in the following location:
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Agents
For Domino server filtering (and also Exchange Server filtering), you can specify distribution lists using the <EA>, <DISPN> and <DOMAIN> message attributes. However, only messages with the specified string will match; no attempt is made to compare message recipients with individual members in the specified distribution list. For example, the members of an Exchange Server distribution list called ALL SALES are:
In the ruleset file, the following message attribute filter is specified in a rule:
493
If a message has the display name ALL SALES in the recipient list, the message will satisfy the attribute filter above. If the message does not have the display name ALL SALES in the recipient list, it will not match the attribute filter, even if the recipient list does include the email address of a member of the distribution list.
INCLUDES="NONE" means match messages that do not include the values specified for the attribute INCLUDES="ANY" means match messages that include one or more of the values specified for the attribute INCLUDES="ALL" means match messages that include all of the values specified for the attribute
If the INCLUDES= operator is not specified, INCLUDES="ANY" is assumed. ALLOWOTHERS= can have the following values:
ALLOWOTHERS="N" means match messages that include only the values specified in the filter and no others ALLOWOTHERS="Y" means that matched messages can include attribute values other than those listed in the filter can be included
If the ALLOWOTHERS= operator is not specified, ALLOWOTHERS="Y" is assumed. In the following example, messages will match the rule if they have all three of the listed email addresses (INCLUDES="ALL"), and only these addresses (ALLOWOTHERS="N"), in the recipient list:
<RULE ... > <RECIPIENTS INCLUDES="ALL" ALLOWOTHERS="N"> <EA>john.doe@ourcompany.com</EA> <EA>ken.brookes@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> </RULE>
494
In the next example, messages will match the rule if they have any of the listed email addresses (INCLUDES="ANY") but nothing else (ALLOWOTHERS="N"):
<RULE ... > <RECIPIENTS INCLUDES="ANY" ALLOWOTHERS="N"> <EA>john.doe@ourcompany.com</EA> <EA>ken.brookes@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> </RULE>
In the next example, messages will match the rule if they do not include any of the listed email addresses in the recipient list (INCLUDES="NONE"). Matched messages can have other addresses in the recipient list (ALLOWOTHERS="Y"):
<RULE ... > <RECIPIENTS INCLUDES="NONE" ALLOWOTHERS="Y"> <EA>john.doe@ourcompany.com</EA> <EA>ken.brookes@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> </RULE>
If you want to specify both positive and negative matches within a single rule, you can have multiple message attribute entries and use INCLUDES="NONE" or INCLUDES="ALL", as appropriate. For example:
<RULE ... > <RECIPIENTS INCLUDES="NONE"> <EA>john.doe@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> <RECIPIENTS> INCLUDES="ALL"> <EA>Ken.Brookes@ourcompany.com</EA> <EA>robert.hill@ourcompany.com</EA> </RECIPIENTS> </RULE>
In the above example, messages will match if they do not include john.doe@ourcompany.com or len.scott@ourcompany.com in the recipient list:
<RECIPIENTS INCLUDES="NONE" ...</RECIPIENTS>
495
By using different combinations of INCLUDES= and ALLOWOTHERS= values, you can set fairly complex filters. Table 40-3 shows filter results for different messages when different combinations of values are set for the operators, INCLUDES= and ALLOWOTHERS=, in the following example filter:
<RULE ... ACTION="ARCHIVE_ITEM"> <RECIPIENTS INCLUDES="NONE|ANY|ALL" ALLOWOTHERS="N|Y"> <EA>Ann@example.com</EA> <EA>Bill@example.com</EA> </RECIPIENTS> </RULE>
Ann@example.com and Bill@example.com are the recipient addresses to match. Table 40-3 Operator values set Msg 1: recipient is Ann
no match
Effect of using different operator value combinations Msg 2: Msg 3: Msg 4: Msg 5: recipients are recipients are recipients are recipient is Ann & Bill Ann, Bill & Bill & Colin Colin Colin
no match no match no match match
INCLUDES="NONE" + ALLOWOTHERS="Y" INCLUDES="NONE "+ ALLOWOTHERS="N" INCLUDES="ANY "+ ALLOWOTHERS="Y" INCLUDES="ANY" + ALLOWOTHERS="N" INCLUDES="ALL" + ALLOWOTHERS="Y" INCLUDES="ALL" + ALLOWOTHERS="N"
no match
no match
no match
no match
no match
match
match
match
match
no match
match
match
no match
no match
no match
no match
match
match
no match
no match
no match
match
no match
no match
no match
In the table, the main column headings show the recipients in five different test messages. (For brevity, the recipients are called Ann, Bill, and Colin in the column headings.)
496
The first column shows different combinations of values set for the INCLUDES= and ALLOWOTHERS= operators. "no match" means that, if the operator combination shown in the left column is set, a message sent to the recipients shown in the column heading would not satisfy the filter rule and would not be archived (that is, the rule action is not applied). "match" means that, if the operator combination shown in the left column is set, a message sent to the recipients shown in the column heading would satisfy the filter rule and be archived. Figure 40-2 and Figure 40-3 illustrate what happens in two of the scenarios in Table 40-3. Figure 40-2 Msg 1 with INCLUDES="NONE" and ALLOWOTHERS="N"
497
Figure 40-3
INTERNAL="Y" means match the message if it is from an internal address to an internal address. The message must not include any external addresses in the recipient list. OUTBOUND="Y" means match the message if it is from an internal address to an external address. The message must include at least one external address in the recipient list. INBOUND="Y" means match the message if it is from an external address to an internal address. The message must include at least one internal address in the recipient list.
If the value is not specified, it defaults to "N". For any messages to match, at least one value must be set to "Y".
498
The following example rule will archive and set the retention category "Internal", on messages from one internal address to another internal address only. Note that a message from one internal address to another internal address that also has an external address in the recipient list will be treated as external:
<RULE NAME="Internal only" RETENTION="Internal" > <DIRECTION INTERNAL="Y" OUTBOUND="N" INBOUND="N"/> </RULE>
The following example rule will archive and set the retention category "External", on messages sent to or received from addresses outside the organization:
<RULE NAME="External" RETENTION="External" > <DIRECTION OUTBOUND="Y" INBOUND="Y"/> </RULE>
VaultAdmin@ourcompanyplc.com VaultAdmin@ourcompanyinc.com
where [*.] means the string can be repeated, as in john.doe@sales.emea.ourcompanyplc.com. Any other addresses are treated as external. With Exchange Server filtering, addresses from local Microsoft Exchange Servers are also regarded as internal. (These addresses include the MAPI attribute, PR_SENDER_ADDRTYPE.) For Exchange Server users, you can change the email addresses associated with a mailbox in Active Directory.
499
Alternatively, you can specify additional internal domains using the InternalSMTPDomains registry key. Use this method to define internal addresses for Domino server filtering. To add domains using the registry key, do the following on each computer with an Enterprise Vault Exchange or Domino Journaling task
2 3
Create a new String Value called InternalSMTPDomains. Modify the key and in the Value Data field enter the required domains as a semicolon delimited string. For example, setting this string to the following means that addresses such as jld@eng.uk.ourcompanyinc.com and kv@hq.ourcompany.parentcorp.com will also be treated as internal:
"ourcompanyplc.com; ourcompanyinc.com; ourcompany.parentcorp.com"
Match any message with a subject that is exactly the same as the specified string:
<SUBJ MATCH="EXACT">string</SUBJ>
Match any message with a subject that contains the specified string:
<SUBJ MATCH="CONTAINS">string</SUBJ>
Match any message with a subject that starts with the specified string:
<SUBJ MATCH="STARTS">string</SUBJ>
Match any message with a subject that ends with the specified string:
500
<SUBJ MATCH="ENDS">string</SUBJ>
Matching against attribute values is case insensitive. Wildcards cannot be used. In the following example, messages that have a subject of exactly "Welcome New Employee" or starts with "Salary Summary for" or ends with "Message Notification" will be moved to the wastebasket without being archived:
<RULE NAME="Delete" ACTION="MOVE_DELETED_ITEMS"> <SUBJECTS> <SUBJ MATCH="EXACT">Welcome New Employee</SUBJ> <SUBJ MATCH="STARTS">Salary Summary for</SUBJ> <SUBJ MATCH="ENDS">Message Notification</SUBJ> </SUBJECTS> </RULE>
The INCLUDES="NONE" operator can be used to match messages with a subject that does not include particular strings. For example, the following rule will match messages that do not have any of the specified values in the message subject:
<RULE ... > <SUBJECTS INCLUDES="NONE"> <SUBJ MATCH="EXACT">Welcome New Employee</SUBJ> <SUBJ MATCH="STARTS">Salary Summary for</SUBJ> <SUBJ MATCH="ENDS">Message Notification</SUBJ> </SUBJECTS> </RULE>
501
The value of the TAG attribute is the name by which Enterprise Vault knows the property. This is the TAG value set in the custom properties.xml file. The operator value can be "ANY", "NONE" or "ALL". Each <PROP> line defines a specific value for the property that custom filtering is to use when evaluating messages. Assuming that a third party application adds a multi-valued, named MAPI property called "Location" to messages, to identify the department and location of the sender or recipient. This named property is identified in the custom properties.xml file and given the tag name, "Loc". The following example shows a filter that would match messages that have the value "Pittsburgh" or "Finance" set for the "Location" property. Any messages that match are archived with the retention category, "Confidential".
<!--Example: Archive items that have Pittsburgh or Finance as values for the Location property --> <RULE NAME="Location rule" ACTION="ARCHIVE_ITEM" RETENTION="Confidential"> <NAMEDPROP TAG="Loc" INCLUDES="ANY"> <PROP VALUE="Pittsburgh" /> <PROP VALUE="Finance" /> </NAMEDPROP> </RULE>
Searches could be performed for messages that have specific values set for that named property. For more information on named properties, see the Microsoft article: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mapi/html/ 838aafb5-13d1-4ab9-860a-2398d885b5c7.asp
502
<RULE NAME="rule_name" ... ATTACHMENT_ACTION="<action>"> [<message_attribute>... </message_attribute>] <FILES INCLUDES="ANY|ALL|NONE"> <FILE FILENAME="<filename>" SIZE_GREATER_THAN_KB="<integer>" /> <FILE ... /> ... </FILES> <FILES INCLUDES="ANY|ALL|NONE"> <FILE ... /> ... </FILES> </RULE>
The <FILES> tag defines an attachment filter. If you specify an attachment action (ATTACHMENT_ACTION=), then you need to include at least one attachment filter (using the <FILES> tag). For an attachment to match a rule (and the attachment action applied), the attachment must satisfy all attachment filters specified in the rule. The order of attachment filters in a rule is not significant. The INCLUDES= operator enables you to define how the following attribute lines are to be applied, when evaluating each attachment. An attachment filter contains one or more <FILE> elements, that define the attributes to match. Each <FILE> element contains one or both of the following attributes:
FILENAME="<filename>" <filename> is all or part of the file name to match. Wildcards can be included in the file name. You can use this attribute to filter files with specific text strings in the name or extension, for example, "*.AVI". When selecting files using the file extension, custom filtering only evaluates the file name, it does not check the type of the file contents; If files that would normally be deleted by a filter are given a different extension, they will not be deleted by the filter. Also, files contained in compressed files, such as .ZIP files, are not evaluated.
SIZE_GREATER_THAN_KB="<integer>" This enables you to configure the filter to remove attachments over a certain size.
503
Where file name and size are specified in a <FILE> element, both must be satisfied for an attachment to match. For example, if an attachment is to match the following line, it must have an extension of .MP3 and be larger than 1 MB:
<FILE FILENAME="*.MP3" SIZE_GREATER_THAN_KB="1000" />
If you specify multiple <FILE> elements to use in evaluating attachment files, each one will be applied. For an attachment to match the rule, it must match each <FILE> element. To define how the <FILE> lines are to be applied, when evaluating each attachment, use the INCLUDES= operator:
INCLUDES="ANY" means that the attachment matches if it has the attributes specified in at least one of the <FILE> lines. This is the default action if the operator is not specified. INCLUDES="ALL" means that the attachment matches only if it has the attributes specified in all the <FILE> lines. INCLUDES="NONE" means that the attachment matches if it does not include any of the attributes specified in the <FILE> lines.
In the following example, an attachment will match the filter if all the following are true:
The file is an MP3 file larger than 2MB The file name includes the text, "enlarge", and the file is larger than 1 MB The file has the extension, MPG The file is larger than 12 MB
<FILES INCLUDES="ANY"> <FILE FILENAME="*.MP3" SIZE_GREATER_THAN_KB="2000" /> <FILE FILENAME="*enlarge*.*" SIZE_GREATER_THAN_KB="1000" /> <FILE FILENAME="*.MPG" /> <FILE SIZE_GREATER_THAN_KB="12000" /> </FILES>
The following example shows how multiple attachment filters can be used to exclude certain attachments from deletion:
<RULE NAME="Filter attachments rule" ... ATTACHMENT_ACTION="REMOVE"> [<message_attribute>... </message_attribute>] <FILES INCLUDES="NONE"> <FILE FILENAME="signature.jpg" />
504
With these attachment filters, attachments will be deleted if they do not have the filename, signature.jpg, and are larger than 5 MB.
Messages and attachments are evaluated separately. Messages are evaluated first against rules in the ruleset file, and then attachments are evaluated against any rules that contain an attachment action. If an attachment is a message, the message is evaluated using message filters in rules (with attachment action set) and then any attachments to the nested message are evaluated using attachment filters in rules. When evaluating a message, only the first rule in the ruleset file that matches the message is applied. Similarly, when evaluating attachments, only the first rule that matches is applied to the attachment. For this reason the order of rules in a ruleset file is significant. The rule action (and attachment action) are only applied to a message (or attachment) that satisfies all the filters in the rule. The default action for both messages and attachments is to archive the item. This means that messages and attachments that do not match any rules will be archived.
Figure 40-4 shows how custom filtering processes a message with attachments.
505
Figure 40-4
Processing attachments
The message illustrated has a nested message attached and that message has a file attached. The simple ruleset file has two rules that contain message filters and one rule that contains attachment filters, as follows:
The top-level message is evaluated using the first message rule, rule1. If that rule does match, then the rule ACTION is applied to the message. If the rule does not match, then rule2 is tried. (If the message ACTION is HARD_DELETE", no further evaluation is done.) As there is a rule with ATTACHMENT_ACTION, and the message has an attachment, the message attachment is evaluated using the attachment filters in rule3. Custom filters recognizes that the attachment is a message, so the message is evaluated against message filters in any rules with ATTACHMENT_ACTION set. In this example, only rule3 has ATTACHMENT_ACTION set and it does not have any message filters, so the message will not match the rule. Items that do not match filter rules are archived (the default action). The attachment to the nested message is then evaluated using the attachment filters in rule3. If the attachment matches the attachment filters then the ATTACHMENT_ACTION is applied to the attachment.
Message filters and attachment filters can be combined in a single rule to select attachments to particular messages. Figure 40-5 shows an example message to the recipient, Karen Little, that has an MP3 file attached and also a message attached (a nested message).
506
Figure 40-5
The message may also have attachments. The following example ruleset file contains a single rule to be applied to this message. The overall effect of this rule is to delete certain attachments in Exchange Server messages to recipients other than Gill Smith or John Doe. Attachments in messages to Gill Smith or John Doe are not deleted. Attachments with the following attributes will be deleted:
MP3 attachments larger than 2 MB JPG attachments larger than 1 MB MPG files larger than 5 MB
<?xml version="1.0" encoding="UTF-8"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr"> <!--Disallowed attachment rule: This rule will delete the specified attachments for all recipients except Gill Smith and John Doe.--> <RULE NAME="Disallowed attachments (except directors)" ATTACHMENT_ACTION="REMOVE" > <RECIPIENTS INCLUDES="NONE" ALLOWOTHERS="N"> <EA>Gill.Smith@example.com</EA> <EA>John.Doe@example.com</EA> </RECIPIENTS> <FILES INCLUDES="ANY"> <FILE FILENAME="*.MP3" SIZE_GREATER_THAN_KB="2000" /> <FILE FILENAME="*.JPG" SIZE_GREATER_THAN_KB="1000" /> <FILE FILENAME="*.MPG" SIZE_GREATER_THAN_KB="5000" /> </FILES> </RULE>
507
Assuming the appropriate archiving task has custom filtering enabled, the filters in this ruleset will be applied to the example message, as follows:
First apply the message attribute filter (the <RECIPIENTS> element) to the top-level message. The recipient is not Gill Smith or John Doe, so the message attribute filter matches. As the message matches the rule, it will be archived (ACTION=). Is there a rule that contains ATTACHMENT_ACTION? Yes. This means that any attachments to the message must be evaluated using <FILES> attachment filters. Does the attachment file name and file size match any of the <FILE> attribute lines in the rule? Yes, the attached file matches the first <FILE> line. This means that the attachment matches the rule, so delete the attachment, as specified in the ATTACHMENT_ACTION. Does the message have another attachment? Yes, there is an attached message. Custom filtering recognizes that the attachment is a message and evaluates the message using the message attribute filter (the <RECIPIENTS> element). As the nested message is to John Doe, the <RECIPIENTS> filter is not satisfied. The message is therefore archived together with its attachments.
508
<!--Example Rule 2: This rule will exclude any email from archiving if it is sent to someone in the Employee Benefits distribution list.--> <RULE NAME="Benefits correspondence" ACTION="MARK_DO_NOT_ARCHIVE"> <RECIPIENTS> <DISPN>HR Employee Benefits</DISPN> </RECIPIENTS> </RULE> <!--Example Rule 3: This rule will move email to the wastebasket if it comes from any of the sources listed, and is about any of the subjects listed.--> <RULE NAME="Newsletters" ACTION="MOVE_DELETED_ITEMS"> <AUTHOR INCLUDES="ANY"> <EA>icweek@ucg.com</EA> <EA>WebDirect@ACLI.com</EA> <DOMAIN>limra.com</DOMAIN> </AUTHOR> <SUBJECTS INCLUDES="ANY"> <SUBJ MATCH="STARTS">Society SmartBrief</SUBJ> <SUBJ MATCH="EXACT">TaxFacts ENews</SUBJ> </SUBJECTS> </RULE> <!--Example Rule 4: Delete mail from known junk-mail sources, (and others), if it contains certain common spam subjects--> <RULE NAME="Junk Mail" ACTION="HARD_DELETE"> <AUTHOR INCLUDES="ANY" ALLOWOTHERS="Y"> <DOMAIN>indiatimes.com</DOMAIN> <DOMAIN>websavings-usa.net</DOMAIN> </AUTHOR> <SUBJECTS INCLUDES="ANY"> <SUBJ MATCH="CONTAINS">enlargement</SUBJ> <SUBJ MATCH="CONTAINS">weight loss</SUBJ> </SUBJECTS> <SUBJECTS INCLUDES="ALL"> <SUBJ MATCH="CONTAINS">debt</SUBJ> <SUBJ MATCH="CONTAINS">consolidate</SUBJ> <SUBJ MATCH="CONTAINS">loan</SUBJ>
509
</SUBJECTS> </RULE> <!--Example 5: Take default action (ARCHIVE_ITEM) if the subject matches the composite rule: Must start with "MEMO", contain "INTERNAL" and end in "OurCompany" e.g. "MEMO : Contains information internal to OurCompany" would match, but "MEMO : do not distribute" would not match Also allocates the message to a content category "Memoranda"--> <RULE NAME="Internal Memo" CONTENTCATEGORY="Memoranda"> <SUBJECTS INCLUDES="ALL"> <SUBJ MATCH="STARTS">Memo</SUBJ> <SUBJ MATCH="CONTAINS">Internal</SUBJ> <SUBJ MATCH="ENDS">OurCompany</SUBJ> </SUBJECTS> </RULE> <!--Example 6: take default action (ARCHIVE_ITEM) on any email from management members included here Email from management will be categorised under "ManagementMail" and retained as "Important"--> <RULE NAME="Management" CONTENTCATEGORY="ManagementMail" RETENTION="Important"> <AUTHOR INCLUDES="ANY"> <EA>mike.senior@management.com</EA> <EA>jon.little@management.com</EA> <EA>jill.taylor@management.com</EA> </AUTHOR> </RULE> <!--Example 7: take default action (ARCHIVE_ITEM) if an email is addressed to any of the managers AND NO ONE ELSE The message will be archived in a special archive reserved only for this kind of email - specified by the ARCHIVEID--> <RULE NAME="Sent to Management ONLY" ARCHIVEID="16611B008A3F65749BC4118182E0021461110000evsite. ourcompany.com "> <RECIPIENTS INCLUDES="ANY" ALLOWOTHERS="N"> <EA>mike.senior@management.com</EA>
510
<EA>jon.little@management.com</EA> <EA>jill.taylor@management.com</EA> </RECIPIENTS> </RULE> <!--Example 8: do not archive mail that was sent to someone outside OurCompany--> <RULE NAME="External Recipient" ACTION="MARK_DO_NOT_ARCHIVE"> <RECIPIENTS INCLUDES="NONE"> <DOMAIN>OurCompany.com</DOMAIN> </RECIPIENTS> </RULE> <!--Example 9: Archive and give the existing Retention Category, Internal, to any email that was sent only to employees in OurCompany.--> <RULE NAME="Internal Recipient" ACTION="ARCHIVE_ITEM" RETENTION="Internal"> <DIRECTION INTERNAL="Y"/> </RULE> </RULE_SET> <!--Example 10: use a special retention category for mail addressed to any members of the specified DL This feature is not currently supported for Domino server filtering --> <RULE NAME="On the VIP list" RETENTION="VeryImportant"> <RECIPIENTS> <DL>TheVIPs</DL> </RECIPIENTS> </RULE> <!--Example 11: delete MP3 attachments before archiving - This feature is not currently supported for the Domino server filtering --> <RULE NAME="DeleteMP3s" ATTACHMENT_ACTION="REMOVE"> <FILES> <FILE FILENAME="*.MP3"/> </FILES> </RULE> <!--Example 12: match against named MAPI properties defined in Custom Properties.XML - This feature is not currently supported
511
for the Domino server filtering --> <RULE NAME="Category Match" ACTION="ARCHIVE_ITEM"> <NAMEDPROP TAG="CaseAuthor" INCLUDES="ANY"> <PROP VALUE="Engineering"/> <PROP VALUE="Support"/> </NAMEDPROP> <NAMEDPROP TAG="CaseStatus" INCLUDES="ANY"> <PROP VALUE="Open"/> <PROP VALUE="Pending"/> </NAMEDPROP> </RULE>
512
Chapter
41
About configuring custom properties Control of default settings General format of custom properties.xml Additional properties Content categories Defining how properties are presented in applications Summary of custom property elements and attributes
How to include in Enterprise Vault indexes additional properties on an item, for example, properties that have been added to messages by third-party applications. How to configure the browser search to enable users to search on these indexed properties. How to configure content categories.
The custom properties feature is an extension to custom filtering that enables Enterprise Vault to access and index additional message properties when archiving
514
items. Properties can be Exchange Server MAPI or Domino server properties that have been added to messages by a third-party application, as follows:
Standard MAPI properties that are not currently indexed by Enterprise Vault Custom MAPI properties Named MAPI properties Domino server message properties
Content categories are groups of settings to be applied to messages as they are archived. Settings can include a retention category to be applied, an archive to be used and particular message properties to be indexed. You can configure Enterprise Vault to apply a content category on all messages archived by particular archiving tasks. Alternatively, by using custom filtering together with custom properties, you can configure Enterprise Vault to apply a content category on selected messages only. Using named MAPI properties and custom filtering, you can also select messages to archive based on the value of specific named properties. You define custom properties and content categories in the XML file, "custom properties.xml", which must be located in the folder "Enterprise Vault\Custom Filter Rules". Additional entries in this file enable you to make the indexed properties available to the Web browser search, or other third party applications, so that users can include the custom properties in archive search criteria. An example of this file is installed in "Custom Filter Rules" with the name "Example Custom Properties.xml". An API is available to enable third-party applications to access the custom properties. If you have special filtering requirements for your archiving system, Symantec Corporation can supply the appropriate custom filters. To configure custom properties or content categories
Ensure that the custom filtering registry settings for the required archiving tasks are configured. These need to be set, even if you want to implement custom properties or content categories, without filtering. The registry settings are described in the following sections:
Registry settings for Exchange Server journal filtering Configuring registry settings for Exchange Server user mailbox filtering Configuring registry settings for Exchange Server public folder filtering
515
Create the XML file, custom properties.xml. Place this file in the folder Enterprise Vault\Custom Filter Rules. See General format of custom properties.xml on page 520. The entries in this file enable you to do the following:
Index custom properties on messages. Define required content categories. Display custom properties and content categories in Web search applications, so that users can include them in search criteria.
To configure Enterprise Vault to index specific custom properties on all messages, without performing any filtering, create a custom properties.xml file but no ruleset file. The custom properties.xml file must include definitions of the custom properties and a default content category. The default content category will be applied to all messages and defines which properties Enterprise Vault is to index. This behavior can be altered using the IGNORENODEFAULT registry setting. See Control of default settings on page 515.
If you want to index the properties on selected messages or apply content categories to selected messages, create the required filter rules and actions in XML ruleset files. These are held in one or more XML ruleset files, which must also be placed in the folder, Enterprise Vault\Custom Filter Rules. See Configuring custom filtering on page 470.
Restart the archiving tasks that have custom properties and filters enabled.
XML ruleset files in the folder, Enterprise Vault\Custom Filter Rules The XML ruleset file, Default Filter Rules.xml The XML custom properties file, custom properties.xml Content category entries in custom properties.xml
An additional configuration option, IGNORENODEFAULT registry entry, can be used to alter the archiving task behavior, if some of the configuration entities are not defined.
516
See Setting IGNORENODEFAULT registry entry on page 516. Different configurations and the resulting actions of archiving tasks for each configuration are shown in Table 41-1 and Table 41-2.
A custom properties.xml file with entries defining the custom properties to index and an associated content category. A separate, named ruleset file for each of the archiving targets requiring custom property indexing. In custom properties.xml, a default content category to use for all messages archived from other locations that are not covered by the named ruleset files.
However, if you want to restrict custom filtering and custom property indexing to the named targets, it is more efficient to omit setting the default content category in custom properties.xml and set the IGNORENODEFAULT registry entry. In this way, custom property indexing is applied only to locations explicitly defined by named ruleset files.
517
1 2 3
Log in as the Enterprise Vault Service account on the computer running the archiving tasks enabled for custom properties and filters. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling|Mailbox|PublicFolder
4 5 6 7
Right-click the required archiving key (Journaling, Mailbox or PublicFolder) and select New,Key. Name the new key EnterpriseVault.CustomFilter. Right-click EnterpriseVault.CustomFilter and create a new DWORD called IGNORENODEFAULT. Set the value to 1 to ignore missing default files or settings. This key will apply to all tasks for the selected type of archiving.
8 9
Close Regedit. Restart the associated archiving tasks. In a distributed environment, where you have archiving tasks running on more than one computer, you need to perform these steps on each computer running archiving tasks that have been enabled for custom filtering and properties.
1 2
Log in as the Enterprise Vault Service account on the computer running the archiving tasks enabled for custom properties and filters. Start Regedit.
518
4 5 6 7
Right-click the Lotus Journaling key and select New,Key. Name the new key KVS.EnterpriseVault.LotusDomino.CustomFilter. Right-click KVS.EnterpriseVault.LotusDomino.CustomFilter and create a new DWORD called IGNORENODEFAULT. Set the value to 1 to ignore missing default files or settings. This key will apply to all Domino Journaling tasks on the computer.
8 9
Close Regedit. Restart the associated archiving tasks. In a distributed environment, where you have archiving tasks running on more than one computer, you will need to perform these steps on each computer running archiving tasks that have been enabled for custom filtering and properties.
Named XML ruleset files in the folder, Enterprise Vault\Custom Filter Rules. In the example cases shown, John Doe.xml and Sam Cole.xml are named ruleset files for the mailboxes John Doe and Sam Cole respectively. Remember that named ruleset files can also be created for Exchange Server public folders, specific Exchange Server journal mailboxes, or specific Domino server journaling locations. See About custom filtering ruleset files on page 479.
519
The default ruleset file for all types of archiving, Enterprise Vault\Custom Filter Rules\Default Filter Rules.xml. The custom properties XML file, Enterprise Vault\Custom Filter Rules\custom properties.xml, with custom properties defined for indexing. Content category entries in the custom properties.xml file. The registry setting, IGNORENODEFAULT, with a value of 1. Example custom filter and custom property configurations Named ruleset file exists: John Doe.xml
No No Yes Yes Yes Yes No No No No
I G N O R E N O D E F A U L T set
1 2 3 4 5 6 7 8 9 10
Resulting action
An error is written to the event log and the archiving task stops, because custom filtering is enabled but there is no ruleset file or custom property file. Missing defaults are ignored and both mailboxes are archived according to the default Exchange mailbox policy. An error is reported for Sam Coles mailbox and the archiving task stops, because no default ruleset file or custom properties file exists.
520
Resulting action
John Does mailbox is archived according to rules in John Doe.xml and Sam Coles mailbox is archived according to the default Exchange mailbox policy. Missing defaults are ignored. John Does mailbox is archived according to rules in John Doe.xml and Sam Coles mailbox is archived according to the rules in Default Filter Rules.xml. No custom properties are indexed. Content categories cannot be used.
6 7
As for case 5. The fact that IGNORENODEFAULT is set makes no difference. An error is reported for John Does mailbox and the archiving task stops, because there is no applicable named ruleset file or default ruleset file or custom property file. John Does mailbox is archived according to rules in the default Exchange mailbox policy. Sam Coles mailbox is archived according to the rules in Sam Cole.xml. All messages are archived from John Does mailbox and custom properties indexed. Messages are archived from Sam Coles mailbox according to the rules in Sam Cole.xml. As for case 9. The fact that IGNORENODEFAULT is set makes no difference.
10
<CONTENTCATEGORIES></CONTENTCATEGORIES> This section defines available content categories. A content category is a group of settings that will be applied to an item when it is archived. This can include custom properties to index. See Content categories on page 527.
521
<CUSTOMPROPERTIES></CUSTOMPROPERTIES> This section defines the additional message properties that are to be available to Enterprise Vault. See Additional properties on page 523. <PRESENTATION></PRESENTATION> This section defines how the content categories and custom properties are displayed to users in external applications, such as the Enterprise Vault Web Access application browser search. See Defining how properties are presented in applications on page 531.
Note: The order of these sections is significant. The following outline shows the general format of the file:
<?xml version="1.0" encoding="UTF-8"?> <CUSTOMPROPERTYMETADATA xmlns:xsi="http://www.w3.org/2001/ XMLSchema-instance" xsi:noNamespaceSchemaLocation="customproperties.xsd"> <!-- 1. DEFINITION OF CONTENT CATEGORIES AVAILABLE --> <CONTENTCATEGORIES> <CONTENTCATEGORY> ... </CONTENTCATEGORY> [<CONTENTCATEGORY> ... </CONTENTCATEGORY>] </CONTENTCATEGORIES> <!-- 2. DEFINITION OF CUSTOM PROPERTIES AVAILABLE --> <CUSTOMPROPERTIES> <NAMESPACE> ... </NAMESPACE> [<NAMESPACE> ... </NAMESPACE>] </CUSTOMPROPERTIES> <!-- 3. DEFINITION OF PRESENTATION PROPERTIES AVAILABLE --> <PRESENTATION> <APPLICATION> <FIELDGROUPS> <FIELDGROUP> ... </FIELDGROUP> [<FIELDGROUP> ... </FIELDGROUP>] </FIELDGROUPS> <AVAILABLECATEGORIES> <AVAILABLECATEGORY> ... </AVAILABLECATEGORY> [<AVAILABLECATEGORY> ... </AVAILABLECATEGORY>] </AVAILABLECATEGORIES> </APPLICATION> [<APPLICATION> ... </APPLICATION>] </PRESENTATION>
522
Table 41-3 gives a summary description of all mandatory and optional elements and attributes in the file. Whenever you modify the file, you must restart the associated archiving tasks. In a distributed environment, you must copy the updated file to each computer with tasks enabled for custom properties, and then restart the associated tasks on each computer. If the browser search is being used to search for custom properties, then the Enterprise Vault Application Pool in IIS Manager must also be restarted.
The XML is validated when the associated task starts processing messages. If anything is invalid, the task stops and you must correct any errors before restarting the task. To avoid disrupting tasks because of syntactic errors, it is a good idea to validate your XML file before it is accessed by the tasks. You could use a third party tool, such as xsdvalidator:
http://apps.gotdotnet.com/xmltools/xsdvalidator/Default.aspx
Note: All the XML tags and predefined values shown in upper case in this document are case sensitive and must be entered as upper case in the file. Values entered should also be treated as case sensitive.
523
Additional properties
In the <CUSTOMPROPERTIES> section of custom properties.xml, you define the additional message properties that you want Enterprise Vault to evaluate or index. For Exchange Server messages, you define MAPI properties. You can also define additional Domino server properties.
MAPI properties
Before MAPI properties can be defined in custom properties.xml, they must be defined in the MAPI subsystem. Currently, the Enterprise Vault custom properties feature supports only STRING and DOUBLE properties. Enterprise Vault supports single or multi-valued properties. In MAPI, properties are grouped by NAMESPACE. Typically, properties accessed by a particular application are defined in the same namespace. Each namespace is identified by a GUID. Each property is defined by its STRING ID and namespace GUID. For each property that you want to include, you will need the following details from the property definition in the MAPI subsystem:
If the property is a standard MAPI property, the Identifier part (bits 16 to 31) of the hexadecimal MAPI tag. For example, if the MAPI tag for the standard property is 0x0070001E, the Enterprise Vault NAME value would be 0x0070. If the property is a custom property, the GUID of the propertys namespace. If the property is a custom property, the propertys STRING ID. If the property is a named property, the ID will be a name.
You can use third party MAPI tools, such as OutlookSpy, to view the MAPI properties associated with mailbox items. Figure 41-1 shows how MAPI properties on a message are displayed in OutlookSpy.
524
Figure 41-1
The selected property is the named property, "Keywords". This multi-valued property holds the Outlook categories assigned to the message. Details of the selected property are displayed on the right-hand side of the window. Note that the "Keywords" property is only used here as an example of a named MAPI property. You do not need to add it as a custom property, because it is already indexed in a default Enterprise Vault system. To make MAPI properties available to Enterprise Vault, you define them in the <CUSTOMPROPERTIES> section of custom properties.xml. The properties defined in this section can then be referenced in the content category and presentation sections. Here is an example showing how properties can be defined:
<!-- 2. DEFINITION OF CUSTOM PROPERTIES AVAILABLE --> <CUSTOMPROPERTIES> <NAMESPACE TYPE="MAPI" GUID="{DA6007CD-01AA-408f-B7D3-6DA958A09583}"> <PROPERTY NAME="Author1" TAG="CaseAuthor"/> <PROPERTY NAME="Status1" TAG="CaseStatus"/> </NAMESPACE> <NAMESPACE TYPE="MAPI" GUID="{EF1A0001-01AA-408f-B7D3-6DA958A09583}"> <PROPERTY NAME="Author2" TAG="Client"/> </NAMESPACE> <NAMESPACE TYPE="MAPI"> <PROPERTY NAME="0x0070" TAG="Topic"/> </PROPERTY> <PROPERTY NAME="0x1035" TAG="MsgID"/> </PROPERTY>
525
</NAMESPACE> </CUSTOMPROPERTIES>
In this example there are three NAMESPACES. The first two define custom MAPI properties, so the GUID of the NAMESPACE is required. As the properties defined in the third NAMESPACE are standard MAPI properties, no GUID is required. The value of the TYPE attribute identifies the property type; in this example, the properties are MAPI properties. Within each NAMESPACE the properties are defined in PROPERTY elements using NAME and TAG values, as follows:
If the property is a custom named MAPI property, NAME is the STRING ID defined in the MAPI subsystem. The value is case sensitive and must match exactly the value in the MAPI subsystem. If the property is a standard MAPI property, NAME is the Identifier part (bits 16 to 31) of the hexadecimal MAPI tag. TAG identifies the property within Enterprise Vault. It can contain only alphanumeric characters (A-Z, a-z, or 0-9); spaces and underscore characters are not permitted. The value assigned to the property TAG must be unique within the XML file; although you can cross refer to the property using the TAG value, the same value cannot be used to identify any other entities in the file. If you want to select messages by matching the values of specific properties, you need to create a <NAMEDPROP> filter in the appropriate XML ruleset file and specify the TAG value defined here. See MAPI named properties filters on page 500.
Domino properties
To include custom Domino message properties in Enterprise Vault indexes, you define the required properties in custom properties.xml. In the Lotus Notes client, you can view Domino properties on a message as shown in Figure 41-2.
526
Figure 41-2
1 2 3
In the Lotus Notes client, right-click the message. Select Document Properties in the menu. Select the Fields tab in the dialog that is displayed. The property names are listed in the left-hand pane. When you select a property in the left-hand pane, details of that property are displayed in the right-hand pane.
527
<CUSTOMPROPERTIES> <NAMESPACE TYPE="LOTUS"> <PROPERTY NAME="Domino_prop_name" LOTUSTYPE="Domino_data_type" TAG="EV_prop_name"/> [<PROPERTY ... />] </NAMESPACE> </CUSTOMPROPERTIES>
The TYPE="LOTUS" identifies the property as a Domino property. Within each <NAMESPACE> element, the properties are defined in <PROPERTY> elements using NAME and TAG attributes, as follows:
In NAME="Domino_prop_name", the value is the property name displayed in the Lotus Notes document properties. The value is case sensitive and must match exactly the value displayed in the Lotus Notes client. LOTUSTYPE="Domino_data_type" identifies the property data type. The following types are supported: "TEXT", "NUMBER", "TIME". Enterprise Vault indexes "NUMBER" properties as integers. TAG identifies the property within Enterprise Vault. It can contain only alphanumeric characters (A-Z a-z 0-9); spaces and underscore characters are not permitted. The value assigned to the property TAG must be unique within the XML file; although you can cross refer to the property using the TAG value, the same value cannot be used to identify any other entities in the file.
Content categories
In the <CONTENTCATEGORIES> section of custom properties.xml, you define the content categories that you want to apply to filtered messages. A content category defines a group of settings that are to be applied to an item when it is archived. The settings can include the following:
The retention category to assign to the item The destination archive A list of the additional message properties that Enterprise Vault is to index
There can be more than one content category defined in the <CONTENTCATEGORIES> element. In ruleset files, the actions associated with a rule can include assigning a particular content category to messages that satisfy the rule. The content category definition
528
in custom properties.xml provides the default settings for the content category. Some of these can be overridden for particular rules. See Assigning content categories in rules on page 529. The following example shows entries for a content category called Litigation:
<!-- 1. DEFINITION OF CONTENT CATEGORIES AVAILABLE --> <CONTENTCATEGORIES DEFAULT="Litigation"> <CONTENTCATEGORY NAME="Litigation" RETENTIONCATEGORY="Litigation" ARCHIVEID="15165263832890493848568161647.server1.local"> <INDEXEDPROPERTIES RETRIEVE="Y"> <PROPERTY TAG="CaseAuthor"/> <PROPERTY TAG="CaseStatus"/> </INDEXEDPROPERTIES> </CONTENTCATEGORY> </CONTENTCATEGORIES>
<CONTENTCATEGORIES></CONTENTCATEGORIES> defines the content category section in the file. The DEFAULT attribute specifies the content category to be used as the default. This default applies to all types of archiving enabled for custom filtering. This attribute is optional, if custom filtering is used, but mandatory if there are no ruleset files (unless the registry setting IGNORENODEFAULT is configured). If filters are configured in ruleset files and a default content category is specified, any item that does not match any rules will be archived according to the settings in the default content category. If no default content category is specified, then a content category will only be applied to an item if specified by a matching rule in a filter ruleset file. If no applicable ruleset files exist, then you must specify a default content category using the DEFAULT attribute in the <CONTENTCATEGORIES> element in custom properties.xml. The settings in the content category are then applied to all messages archived (unless the registry setting IGNORENODEFAULT is configured). The actions of archiving tasks are determined by combinations of ruleset files, custom properties, content categories and the registry setting IGNORENODEFAULT. The <CONTENTCATEGORY> element defines a particular content category. There must be at least one content category defined. The content category NAME is used to identify this content category in the presentation section of the file, rules in custom filter ruleset files and external
529
subsystems, such as the Enterprise Vault Indexing service. The name must have at least five characters, which can include alphanumeric characters only (A-Z a-z 0-9); space and underscore characters are not permitted. If the content category is included in the presentation section of the file, it will be possible to search on the content category name in order to find all items archived using this particular content category.
RETENTIONCATEGORY is optional and enables you to assign a retention category to each item archived using this content category. The retention category must already exist in Enterprise Vault. ARCHIVEID is optional and enables you to specify a destination archive for the item. The archive must exist and be enabled. To find the ID of an archive, display the archive properties in the administration console and click the "Advanced" tab. The <INDEXEDPROPERTIES> element is mandatory and groups the additional properties that Enterprise Vault is to index. The RETRIEVE attribute (optional) determines whether or not the defined properties should be returned with archive search results. By default, the properties are not displayed with search results (RETRIEVE="N"). A <PROPERTY> element is required for each additional property to be indexed. The TAG value must match the associated Enterprise Vault TAG value specified in the custom properties section. See Additional properties on page 523.
The value of "content_category_name" is the name of the required content category as specified in custom properties.xml. In the ruleset file, content categories can only be assigned when ACTION="ARCHIVE_ITEM".
530
Additional properties defined in the content category will be indexed with both rules. The second rule uses the same content category, but items that match this rule will be stored in a different archive. Note: Before you alter an existing configuration, make sure that you understand what default behavior has been configured for each type of archiving. Check the DEFAULT content category attribute in custom properties.xml and the IGNORENODEFAULT registry setting. See Control of default settings on page 515.
531
Custom properties available for displaying by the named application How properties are to be grouped and displayed in the application Content categories available to the application How each content category should be displayed in the application
Presentation information can be defined for each application that will require access to custom properties in archived items. Here is an example of a presentation section (partially completed) that shows how to define how custom properties are displayed in the Enterprise Vault browser search application:
<!-- 3. DEFINITION OF PRESENTATION PROPERTIES AVAILABLE --> <PRESENTATION> <APPLICATION NAME="search.asp" LOCALE="1033"> <FIELDGROUPS> <FIELDGROUP LABEL="Case Properties"> <FIELD TAG="CaseAuthor" LABEL="Author" CATEGORY="Litigation"> </FIELD> <FIELD TAG="CaseStatus" LABEL="Status" CATEGORY="Litigation"> </FIELD> </FIELDGROUP> <FIELDGROUP LABEL="Client Properties"> <FIELD TAG="Client" LABEL="Client Name" CATEGORY="ClientAction"> </FIELD> <FIELD TAG="Topic" LABEL="Message Topic" CATEGORY="ClientAction"> </FIELD> </FIELDGROUP>
532
</FIELDGROUPS> <AVAILABLECATEGORIES> <AVAILABLECATEGORY CONTENTCATEGORY="Litigation" LABEL="Litigation"> </AVAILABLECATEGORY> <AVAILABLECATEGORY CONTENTCATEGORY="ClientAction" LABEL="Client Action"> </AVAILABLECATEGORY> </AVAILABLECATEGORIES> </APPLICATION> <APPLICATION NAME="mysearch.asp" LOCALE="1041"> <FIELDGROUPS> <FIELDGROUP LABEL="..."> <FIELD TAG="CaseAuthor" LABEL="..." CATEGORY="Litigation"></FIELD> <FIELD TAG="CaseStatus" LABEL="..." CATEGORY="Litigation"></FIELD> </FIELDGROUP> <FIELDGROUP LABEL="..."> <FIELD TAG="Client" LABEL="..." CATEGORY="ClientAction"></FIELD> <FIELD TAG="Topic" LABEL="..." CATEGORY="ClientAction"> </FIELD> </FIELDGROUP> </FIELDGROUPS> <AVAILABLECATEGORIES> <AVAILABLECATEGORY CONTENTCATEGORY="Litigation" LABEL="..."> </AVAILABLECATEGORY> <AVAILABLECATEGORY CONTENTCATEGORY="ClientAction" LABEL="..."> </AVAILABLECATEGORY> </AVAILABLECATEGORIES> </APPLICATION> </PRESENTATION>
The example shows entries for two applications the US English (locale "1033") version of the Enterprise Vault browser search and a Japanese (locale "1041") version of a proprietary application. In this particular case, the same elements and attributes have been specified for both applications, but the LABEL values for the second application (omitted in the example) would be in Japanese. Note the following:
The properties available to each application are grouped using the <APPLICATION> element. The NAME attribute identifies the application. The value of the LOCALE attribute is defined by the calling application. The Enterprise Vault browser search uses the standard Microsoft Locale ID for the
533
language that the application will use: 1033 represents US English. The second application in the example, mysearch.asp, also uses the Microsoft Locale ID; 1041 represents Japanese. In the Web search page, custom properties are displayed in groups defined by their content category; that is, when a particular content category is selected, the custom properties with that content category are displayed. Note the following:
The <FIELDGROUPS> element is used to define all the groups of custom properties to be displayed. Each group is defined in a <FIELDGROUP> element. The LABEL attribute gives the title that will be displayed in the application for the group of properties. The value of the LABEL attribute must be unique in the application. <FIELD> elements define each property to be displayed in the group. The value of the TAG attribute identifies the property to be displayed. The value specified here must match the associated TAG value of the property in the <CUSTOMPROPERTIES> section of the file. The value of the CATEGORY attribute identifies the content category with which this property is to be associated. When the user selects this content category in the search criteria, a box for this property will be displayed. The value specified for CATEGORY must match the associated NAME for the content category in the content category section of the file. Also, CATEGORY must be one defined in the <AVAILABLECATEGORIES> element. TAG must be unique in the <FIELDGROUP> and the TAG/CATEGORY combination must be unique within the <APPLICATION> element. LABEL defines the name that you want displayed in the user interface for the custom property. <AVAILABLECATEGORIES> groups the content categories that are to be available for selection in the application. Each content category is defined using the <AVAILABLECATEGORY> element; the value of the CONTENTCATEGORY attribute must match the name of the content category specified in the content category section of the file. The LABEL attribute defines the name you want displayed for the content category in the user interface.
534
Figure 41-3 shows the Enterprise Vault browser search with the example custom properties and content categories displayed. Figure 41-3 Example presentation properties displayed in the browser search page
The "Content Category" dropdown box shows the content categories available to be used in searches. These were defined using the <AVAILABLECATEGORIES> element. You can change the content categories listed in the dropdown box, but you cannot change or hide the label, "Content Category". Selecting a content category in the box and clicking "Search" will return all items that were archived with the selected content category. The "Case Properties" and "Client Properties" sections display each group of custom properties (FIELDGROUP) associated with the selected content category. Entering a value for a custom property and clicking "Search" will search the custom property index entry of archived items. To see the additional property details in the search results, "Details" must be set to "Full". If the user selects a different content category, the custom properties available will change. As RETRIEVE="Y" was set in the definition of the "Litigation" content category, and "Details" was set to "Full" on the Search page, custom properties in search result items will be displayed at the end of the list of normal message attributes.
535
Figure 41-4
You must include the LOCALE attribute. If custom properties are to be used in the Enterprise Vault browser search, Internet Explorer security settings must allow cookies for the Enterprise Vault server site. When changes are made to the custom property configuration, you need to restart the Enterprise Vault Application Pool in IIS Manager. If the contents of the custom properties.xml file is changed, searches may return different results. For example, if an item is indexed using one content category and the properties included in the content category are changed, the custom properties returned by subsequent searches will be different. To ensure you can still search on the original properties, leave the original content category and create a new one.
Attribute
Description
Defines the content category section of the file.
536
Table 41-3
XML elements and attributes in the custom properties.xml file (continued) Mandatory
No
Element
Attribute
DEFAULT=
Description
Value is the name of the content category to be used as default. Required if custom properties in all items are to be indexed. Defines a group of settings that are to be assigned to an archived item. Value is a unique name to identify category to ruleset and presentation interface. Value is a retention category to be assigned to the archived item. retention category must exist in Enterprise Vault. Value is the ID of the archive to store the item in. Value can be found in the properties of the archive in the Enterprise Vault Administration Console. Defines a set of additional properties in the content category. Value is "Y" or "N". Indicates whether or not properties in this set should appear in the search results. Default is "N". Defines an additional property to index for items that are assigned this content category. Value is the Enterprise Vault TAG of the property. Defines the custom property section of the file. Defines a NAMESPACE that contains a group of custom properties.
CONTENTCATEGORY
Yes
NAME=
Yes
RETENTIONCATEGORY=
No
ARCHIVEID=
No
INDEXEDPROPERTIES
Yes
RETRIEVE=
No
PROPERTY
Yes
TAG=
Yes
CUSTOMPROPERTIES
Yes
NAMESPACE
Yes
537
Table 41-3
XML elements and attributes in the custom properties.xml file (continued) Mandatory
Yes
Element
Attribute
TYPE=
Description
Type of property. Value can be "MAPI " or "LOTUS". MAPI properties only. Value is identity of NAMESPACE to external applications. Defines a custom property. If the property is a custom MAPI property, value is the STRING ID defined in the MAPI subsystem. The value is case sensitive and must match exactly the value in the MAPI subsystem. If the property is a standard MAPI property, value is the Identifier part (bits 16 to 31) of the hexadecimal MAPI tag. If the property is a Domino property, value is the identity of the property as displayed in message properties in the Lotus Notes client. Value must be unique in NAMESPACE.
GUID=
Yes
PROPERTY NAME=
Yes Yes
LOTUSTYPE=
Yes
Value is the Domino property data type: "TEXT", "NUMBER" or "TIME". TAG identifies the property within Enterprise Vault. It can contain only alphanumeric characters (A-Z a-z 0-9); spaces and underscore characters are not permitted. The value must be unique within the XML file. TAG value is the property name that will be stored in the index.
TAG=
Yes
PRESENTATION
Yes
538
Table 41-3
XML elements and attributes in the custom properties.xml file (continued) Mandatory
Yes
Element
APPLICATION
Attribute
Description
Defines a group of fields for use by a named application. Value is the name of the application that will use the fields in this definition. The value depends on what the calling application requires to define the language. The Enterprise Vault browser search uses standard Microsoft Locale ID number that the application will run under. (Currently only "1033", US English, is supported for displaying custom properties in the browser search.) Define the field groups available to the application. A logical grouping of fields for the presentation interface. Value will be presented to the application for this field group. The label must be unique within the application. Defines a field that will reference a custom property. Value will be displayed on the application user interface to represent this custom property. Value is the name of a content category listed in AVAILABLECATEGORIES for the application. Value is the TAG of a custom property. The tag must be unique in the FIELDGROUP.
NAME=
Yes
LOCALE=
Yes
FIELDGROUPS
Yes
FIELDGROUP
Yes
LABEL=
No
FIELD
Yes
LABEL=
Yes
CATEGORY=
Yes
TAG=
Yes
539
Table 41-3
XML elements and attributes in the custom properties.xml file (continued) Mandatory
Yes
Element
AVAILABLECATEGORIES
Attribute
Description
Define which content categories are available to the application. Defines a content category. Value defines how the content category is to appear in the user interface. Value is the NAME of the required content category as specified in the Content Category section of the file.
AVAILABLECATEGORY LABEL=
Yes Yes
CONTENTCATEGORY=
Yes
540
Section
10
Introducing clustering with VCS Installing and configuring VERITAS Storage Foundation HA Configuring the service group Running the Enterprise Vault Configuration wizard Implementing an SFW HA-VVR disaster recovery solution Troubleshooting clustering with VCS
542
Chapter
42
Supported VCS configurations and software About the VCS GenericService agent Typical Enterprise Vault configuration in a VCS cluster Installation order
VERITAS Storage Foundation HA for Windows, version 4.3 MP1 or later Enterprise Vault Windows Server 2003
Note that Compliance Accelerator and Discovery Accelerator are not supported within a cluster. However, an unclustered Compliance Accelerator or Discovery Accelerator can reference a clustered Enterprise Vault virtual server.
544
Admin service Directory service Indexing service Shopping service Storage service Task Controller service
See the VERITAS Cluster Server Bundled Agents Reference Guide for detailed information on the GenericService agent, including the resource type definitions, attribute definitions, and sample configurations. The GenericService agent detects an application failure if a configured service is not running. When this happens, the Enterprise Vault service group is failed over to the next available system in the service groups system list, and the services are started on the new system. This ensures continuous availability for the data that Enterprise Vault is managing and archiving.
545
Figure 42-1
System 1
System 2
Here, the volumes for the Enterprise Vault services data are configured in a cluster disk group on shared storage. The Enterprise Vault virtual server is configured on the active node (System 1). If System 1 fails, System 2 becomes the active node, and the Enterprise Vault virtual server comes online on System 2.
Installation order
The order in which you install and configure the various components in a clustered environment is important, as follows:
Ensure that all prerequisite components have been installed on each of the cluster nodes Complete the installation and configuration of VERITAS Storage Foundation HA with VCS Install Enterprise Vault Server components on all the nodes in the cluster Configure disk groups and volumes Configure the Enterprise Vault service group Run the Enterprise Vault cluster configuration wizard Test that the nodes in the cluster fail over correctly
546
Chapter
43
About this chapter Installing and configuring SFW HA Managing disk groups and volumes
Install SFW HA 4.3 or later on each node that is to be a part of the cluster. There are several stages to this process:
548
Installing and configuring VERITAS Storage Foundation HA Managing disk groups and volumes
Review the product installation requirements, disk space requirements, and requirements for SFW HA. Configure the network and storage. Install SFW HA.
If you have installed SFW HA 4.3, upgrade to 4.3 MP1. For detailed instructions, see the VERITAS Storage Foundation and High Availability Solutions 4.3 Maintenance Pack (MP) 1 Release Notes. Configure the cluster by running the VCS Configuration wizard. Install Enterprise Vault on all systems in the cluster. Configure the disk group and volumes from the first node. You must create shared volumes to store the following:
3 4 5
Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas
We also recommend that you create separate volumes to store the MSMQ and registry replication data.
Mount the volumes on the system where you will configure the Enterprise Vault service group. See Managing disk groups and volumes on page 548.
Configure the Enterprise Vault service group. See About configuring the service group on page 551.
Run the Enterprise Vault Configuration wizard to create the Enterprise Vault services and resources. See About the Enterprise Vault Configuration wizard on page 557.
Installing and configuring VERITAS Storage Foundation HA Managing disk groups and volumes
549
While you set up an SFW HA environment, keep the following points in mind:
You must mount the volumes on the system where you will configure the Enterprise Vault service group. When a disk group is initially created, it is imported on the node where it is created. A disk group can be imported on one node only at a time. To move a disk group from one node to another, unmount the volumes in the group, deport the group from its current node, import it to a new node, and mount the volumes.
1 2
Start the VERITAS Enterprise Administrator. Right-click a disk name in the dynamic disk group or the dynamic disk group name in the tree view, and then click Import Dynamic Disk Group on the context menu. Follow the on-screen instructions.
To mount a volume
1 2 3 4
If you have yet to do so, open the VERITAS Enterprise Administrator and import the dynamic disk group. Right-click the volume, and then click File System > Change Drive Letter and Path. In the Drive Letter and Paths dialog box, click Add. Select one of the following options, depending on whether you want to assign a drive letter to the volume or mount it as a folder.
To assign a drive letter. Click Assign a Drive Letter, and then choose the required letter. Click Mount as an empty NTFS folder, and then click Browse to locate an empty folder on the shared disk.
Click OK.
550
Installing and configuring VERITAS Storage Foundation HA Managing disk groups and volumes
1 2 3 4 5
In the VERITAS Enterprise Administrator, right-click the volume and then click File System > Change Drive Letter and Path. In the Drive Letter and Paths dialog box, click Remove. Click OK. Right-click the disk, and then click Deport Dynamic Group. Click Yes to confirm that you want to deport the disk group.
Chapter
44
About configuring the service group Before you begin Creating a service group Modifying an existing service group Deleting a service group
IP address Computer name (Lanman resource) MSMQ Disk/storage (MountV and DiskGroup resources) Service resources
Before you can configure Enterprise Vault in a cluster, you must configure a service group to represent the Enterprise Vault server. VCS provides several ways
552
to configure a service group, including the Enterprise Vault Cluster Setup wizard, Cluster Manager (both Java Console and Web Console), and the command line. This chapter describes how to configure a service group with the Enterprise Vault Cluster Setup wizard.
Verify your DNS server settings. You must ensure that a static DNS entry maps the virtual IP address with the virtual server name. Refer to the appropriate DNS document for more information. Verify that the Command Server is running on all systems in the cluster. Verify that the VERITAS High Availability Daemon (HAD) is running on the system from where you will run the Enterprise Vault Cluster Setup wizard. Ensure that you have Cluster Administrator privileges. You must also be a Local Administrator on the node where you run the wizard. Verify that MSMQ is installed locally on each node. Mount the shared volumes that you have created to store the following:
Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas
1 2
Start the Enterprise Vault Cluster Setup Wizard. Review the information in the Welcome page, and then click Next to display the Wizard Options page.
553
3 4 5
Click Create service group, and then click Next to display the Service Group Configuration page. In the Service Group Name box, type a name for the group, such as EVGRP1. Move to the Systems in Priority Order box those systems on which you want to configure the service group. If you want to change the priority of the systems in the Systems in Priority Order box, click a system and then click the up-arrow or down-arrow button.
6 7
Click Next to validate the configuration and display the Virtual Server Configuration page. Complete the fields by following these steps in the order listed:
In the Virtual Server Name box, type the server name that you mapped to the virtual IP address when you set up the static DNS entry. In the Virtual IP address box, type the address that you mapped to the virtual server. This should be in the same subnet as the current computer, but it should not currently be in use on the network. Enter the subnet mask to which the virtual server belongs. For each system in the cluster, select the public network adapter name. The wizard lists all the TCP/IP-enabled adapters on the system, including the private network adapters if they are TCP/IP enabled. Be sure to select the adapters to assign to the public network, and not those assigned to the private network. Click Advanced to specify details for the Lanman resource. You must select the distinguished name of the organizational unit for the virtual server. By default, the Lanman resource adds the virtual server to the default container Computers. The user account for VCS Helper service must have adequate privileges on the specified container to create and update computer accounts.
In the Virtual Server Configuration page, click Next to display the MSMQ and RegRep Directory Details page. This page enables you to virtualize the MSMQ resource so that it can be accessed using its virtual name. This resource also ensures that the queue state is maintained after failover.
In the MSMQ Directory field, enter the path to the required directory.
554
In the Replication Directory field, enter the path to the registry replication directory. The replication data contains a list of the registry keys to replicate.
We recommend that you configure the MSMQ and replication directories on different volumes.
11 In the Available Volumes box, select each volume on which you have
configured the services and then click the right-arrow button to move it to the Selected Volumes box. You must select the volumes that you configured for each of the following:
Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas
12 Click Next to display the Service Group Summary page. 13 Review your configuration. If you want to modify an attribute name for any
reason, follow these steps in the order listed:
Click the resource, and then click the attribute that you want to modify. Click the Edit icon at the end of the table row. In the Edit Attribute dialog box, enter the attribute values. Click OK. Repeat the procedure for each resource and attribute.
14 Click Next to display the Completion page. 15 Click Bring the service group online, and then click Finish.
When you have finished adding the service group, check that it can fail over between nodes without error.
555
Volumes
Virtual IP
You can modify an Enterprise Vault service group in several ways, including the Enterprise Vault Cluster Setup Wizard, Cluster Manager (both Java Console and Web Console), and the command line. The following steps describe how to modify the service group with the Enterprise Vault Cluster Setup Wizard. Before you proceed, note the following:
You must run the wizard from a node on which the service group is online. You can then use the wizard to add resources to or remove them from the configuration. You must take the service group partially offline to change the resource attributes. However, the MountV and VMDg resources for the service group should be online on the node where you run the wizard and offline on all other nodes. Mount all the volumes created to store Storage service data (vault stores), registry replication information, Shopping service data, Indexing data and MSMQ data. If you want to modify the system list or volumes, the service group must be online.
1 2
Start the Enterprise Vault Cluster Setup Wizard. Review the information in the Welcome page, and then click Next to display the Wizard Options page.
556
3 4
Click Modify service group, and then click Next. Follow the instructions to modify the service group. Note that if you add a system to an online service group, any resources with local attributes may briefly have a status of UNKNOWN. After you add the new node to the group, run the Enterprise Vault Configuration Wizard on this node to configure the Enterprise Vault services for it.
1 2 3 4 5 6
Start the Enterprise Vault Cluster Setup Wizard. Review the information in the Welcome page, and then click Next to display the Wizard Options page. Click Delete service group, and then click Next. In the Service Group Summary page, click Next. When the wizard prompts you to confirm that you want to delete the service group, click Yes. Click Finish.
Chapter
45
About the Enterprise Vault Configuration wizard Before you begin Setting up an active/passive configuration Setting up an N+1 configuration
The Enterprise Vault service group exists and is online on the node from which you want to run the wizard. See About configuring the service group on page 551. You have installed VSFW HA 4.3 MP1 or later.
558
On the Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration). The first page of the wizard appears.
2 3
Click Create a new Enterprise Vault server with cluster support, and then click Next. Follow the on-screen instructions. When the wizard prompts you for the DNS alias for the vault site, enter a DNS alias that points to the virtual server name. In addition, take care to review the storage locations for the Indexing and Shopping services, when the wizard prompts you to do so.
4 5
In the Finish page, click Bring all the resources online, and then click Finish. After you have configured the server on the first node, run the wizard from each additional node that you want to configure as a failover node. Note that the path to the Enterprise Vault program folder must be the same on all nodes in the cluster. This is typically C:\Program Files\Enterprise Vault. If the path varies from one node to another, problems can occur during failover.
559
1 2 3
On the Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. Click Add this node as a failover node for an existing clustered server, and then click Next. Follow the on-screen instructions. When the wizard prompts you for the name of the service group to which you want to add the node, select the name of the service group that you chose for the first node.
In the summary page, review the information, and then click Next. The wizard informs you that it will create the Enterprise Vault service group on the new node.
5 6
In the Finish page, click Finish to exit the wizard. Check that you can bring the resources online on the failover node. You can do this with Cluster Explorer, by clicking Switch To on the context menu.
Enterprise Vault should already be configured in a non-clustered configuration, and it must not already be part of a cluster. Enterprise Vault must be configured using DNS aliases rather than fully qualified names.
560
The Enterprise Vault server must have a full set of Indexing, Shopping, Task Controller and Storage services. However, it must not contain the SharePoint Portal Server 2001 service, as this is not supported in a cluster. In a building blocks environment, an Enterprise Vault server that is hosting services must not be running in failover mode.
Run the Enterprise Vault Cluster Setup wizard to create an Enterprise Vault cluster service group and add to the group the server that you are going to configure. Ensure that the following items are all on highly-available shared storage devices.
Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas
If they are not, correct the locations in the Enterprise Vault Directory database and then move the associated data to the new locations. See Moving data to highly-available locations on page 561.
3 4 5
On the Windows Start menu, click All Programs > Enterprise Vault > Convert to Cluster. Read the introductory information, and then click Next. When the wizard prompts you to confirm that all locations are highly available shared storage devices, check the box at the bottom of the page and then click Next. If the wizard detects that there are messages in the Enterprise Vault MSMQ queues, choose whether to proceed with the conversion without migrating them to the clustered MSMQ queues. Wait until the queues have cleared and then rerun the Convert to Cluster wizard. Any messages that are still in the queues are ignored in the new cluster. To accelerate the process of clearing the queues, stop the Task Controller service and ensure that File System Archiving is not performing an archiving run.
When the wizard prompts you to choose a service group in which to create the cluster resources for each Enterprise Vault service, select the group that you created earlier.
561
8 9
Click Next to create the cluster resources, and then review the list of actions that the wizard has carried out. Click Finish to close the wizard. the site alias and computer name alias to point to the virtual server name rather than the local name.
10 Using the DNS snap-in to the Microsoft Management Console (MMC), change
11 Use VERITAS Cluster Manager to bring the resources in the cluster online.
Stop the Indexing, Shopping, Storage, and Task Controller services. Make a backup copy of the Enterprise Vault Directory database and data files. Use the Vault Administration Console or run a SQL query against the Enterprise Vault directory to move the data, as described below.
IndexRootPathEntry Move the contents of this location to a highly available location. [IndexRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM IndexRootPathEntry WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE IndexRootPathEntry SET IndexRootPath = '<THE NEW LOCATION>' WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>')
PartitionEntry [AccountName]
Move the pool entry authorization (.pea) file to a highly available location. Use the Vault Administration Console to view the properties of the EMC Centera partition and then, on the Connection tab, edit the Pool Entry Authorization File Location box to point at the new location.
562
PartitionEntry Move the contents of this location to a highly available location. [PartitionRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET PartitionRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>')
PartitionEntry/Locations Move the secondary storage files to a highly available location. [SecondaryLocation] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry INNER JOIN Locations ON PartitionEntry.SecondaryLocation = Locations.LocationIdentity WHERE (PartitionEntry.PartitionEntryId = <ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE Locations SET Location = '<NEW LOCATION>' WHERE LocationIdentity = (SELECT SecondaryLocation FROM PartitionEntry WHERE PartitionEntryId = <ID FROM LOG FILE>')
563
PartitionEntry Move the contents of this location to a highly available location. [StagingRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET StagingRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>') PSTMigratorTask 1 [MigrationDirectory]
Move the contents of the location to a highly available location. Use the Vault Administration Console to view the properties of the PST Migrator Task and update the Temporary files folder.
ShoppingServiceEntry Move the contents of this location to a highly available location. [ShoppingRootPath] Use the Vault Administration Console to edit the Shopping service location to the new highly available location. SiteEntry Move the contents of the location to a highly available location. [PSTHoldingDirectory] Use the Vault Administration Console to view the site properties and update the PST Holding Folder property to point at the new location.
The clustered Enterprise Vault servers run on two nodes, and there is a shared spare node. The two Enterprise Vault servers are configured to run on any of the three nodes in the cluster.
The following sections describe how to set up Enterprise Vault in these two configurations.
564
NODEA EVSERVER1
Shared Disk
NODEC (SPARE)
NODEB (EVSERVER2)
Shared Disk
You configure the service group for EVSERVER1 to run on both NODEA and NODEC, and the service group for EVSERVER2 to run on both NODEB and NODEC. EVSERVER1 and EVSERVER2 are both virtual computer names from the service group. To set up this N+1 configuration
Mount the volumes on the system where you will configure the Enterprise Vault service group. See Managing disk groups and volumes on page 548.
On either NODEA or NODEC, run the Enterprise Vault Cluster Setup wizard and create a service group called EVSERVER1 for these two nodes.
565
3 4
On either NODEB or NODEC, run the Enterprise Vault Cluster Setup wizard and create a service group called EVSERVER2 for these two nodes. Take the actions described below on NODEA and NODEB, depending on whether you are performing a first-time installation of Enterprise Vault or upgrading an existing installation. Node
NODEA
New installation
Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER1. Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER2.
Upgrade installation
Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER1 service group.
NODEB
Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER2 service group.
On NODEC, run the Enterprise Vault Configuration wizard and choose to add this node as a failover node for an existing clustered server. Select either service group. When you bring the service groups online on NODEA and NODEB, Cluster Explorer may falsely indicate a problem with the GenericService resources (their icons in the left pane may have question marks). This is because VCS assumes that each resource is simultaneously online on two nodes. You can ignore this situation.
566
Figure 45-2
NODEB
NODEC
Mount the volumes on the system where you will configure the Enterprise Vault service group. See Managing disk groups and volumes on page 548.
2 3
With the Enterprise Vault Cluster Setup wizard, create a service group for EVSERVER1 that contains nodes NODEA, NODEB, and NODEC. With the Enterprise Vault Cluster Setup wizard, create a service group for EVSERVER2 that contains nodes NODEA, NODEB, and NODEC.
567
Take the actions described below on NODEA and NODEB, depending on whether you are performing a first-time installation of Enterprise Vault or upgrading an existing installation. Node
NODEA
New installation
Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER1. Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER2.
Upgrade installation
Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER1 service group.
NODEB
Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER2 service group.
On NODEC, run the Enterprise Vault Configuration wizard and choose to add this node as a failover node for an existing clustered server. Select either service group. Notice that the only difference in configuration between this option and option 1 is that, when you create the service groups, you must select all the nodes rather than a subset of the nodes. You can take a similar approach if you require your system to have more than one spare server (N+2, N+3, N+4, and so on). In each case, you must configure a node for each Enterprise Vault server and then add the spare nodes as failover nodes.
568
To prevent two Enterprise Vault servers from running on the same node
1 2 3
Use VERITAS Cluster Manager to log on to the cluster. Click anywhere in the Cluster Monitor panel to open Cluster Explorer. For each node in the cluster, perform the following steps in the order listed:
In the configuration tree at the left, click the node whose attributes you want to edit. In the View panel, click the Properties tab. Click Show all attributes to open the Attributes View dialog box. Find the Limits attribute. Click the Edit icon at the right of the row. In the Edit Attribute dialog box, add a key called EnterpriseVault and give it a value of 1. Click OK to close the dialog box and return to the Attributes View dialog box. Repeat for the Prerequisites attribute on each Enterprise Vault service group.
When both the Limits and Prerequisites attributes have a key called EnterpriseVault with a value of 1, two Enterprise Vault servers cannot run on the same node.
Chapter
46
About this chapter About the SFW HA-VVR disaster recovery solution
570
Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution
Figure 46-1
Primary Site
Internet
System1
System2
System1
System2
DB Log
DB Log
Original Volumes
This example has one disk group on each site for the application. Note that a VVR replicator log is needed on each site. If there are multiple disk groups, an additional replicator log is required for each one.
Set up the cluster on the primary site. Set up the cluster on the secondary site. Add the VVR components for replication. Add the Global Cluster Option (GCO) components for wide-area recovery.
Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution
571
Install SFW HA 4.3 or later on each node that is to be a part of the cluster on the primary site. There are several stages to this process:
Review the product installation requirements, disk space requirements, and requirements for SFW HA. Install Windows and configure the network settings. Install SFW HA on the primary site. Be sure to select the VVR and GCO options during the installation. Using the VVR Security Service Configuration wizard, configure the VERITAS Volume Replicator Security Service (VxSAS).
If you have installed SFW HA 4.3, upgrade to 4.3 MP1. For detailed instructions, see the VERITAS Storage Foundation and High Availability Solutions 4.3 Maintenance Pack (MP) 1 Release Notes. Configure the cluster by running the VCS Configuration wizard. Install Enterprise Vault. Configure the disk group and volumes. You must create shared volumes to store the following:
3 4 5
Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas
We also recommend that you create separate volumes to store the MSMQ and registry replication data.
Configure the VCS service group at the primary site. See About configuring the service group on page 551. See About the Enterprise Vault Configuration wizard on page 557.
572
Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution
1 2
Create a parallel environment on the secondary site. If you have installed SFW HA 4.3, upgrade to 4.3 MP1. For detailed instructions, see the VERITAS Storage Foundation and High Availability Solutions 4.3 Maintains Pack (MP) 1 Release Notes. Configure the cluster by running the VCS Configuration wizard. Install Enterprise Vault. Configure the disk groups and volumes on the secondary site. The disk group and volume setup on the secondary site must be identical to that on the primary site. The disks, disk groups, and volumes must be the same sizes, have the same names, and must be of the same type.
3 4 5
6 7
Configure the VCS service group at the secondary site, taking care to specify the same service group name that you specified on the primary site. Verify the cluster configuration, and test the failover capability.
1 2
Create a replicator log volume at each site. Set up the replicated data sets for VVR on the hosts for the primary and secondary sites. Note that the Setup Replicated Data Set wizard lets you configure replicated data sets for both sites. Create the VVR RVG service group. You must run the Volume Replicator Agent Configuration wizard from the system that contains the application service group.
Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution
573
1 2 3 4
Ensure that your environment meets the requirements for global cluster operations. Link clusters by adding a remote cluster. Convert the local service group to a global group. Perform additional global cluster administration tasks.
574
Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution
Chapter
47
VCS logging Enterprise Vault Cluster Setup wizard error messages Viewing the clustered message queues
VCS logging
VCS generates two error message logs: the engine logs and the agent logs. Log file names are appended by letters, where A indicates the first log file, B the second, C the third, and so on; for example, agent_A.txt. The agent log is located at %VCS_HOME%\log (typically c:\Program Files\VERITAS\cluster server\log). The format of agent log messages is as follows:
<Timestamp> <Mnemonic> <Severity> <Message ID> <Message Text>
where:
Timestamp
Shows the date and time when the message was logged.
Mnemonic
576
Troubleshooting clustering with VCS Enterprise Vault Cluster Setup wizard error messages
Indicates the severity of the error, which can be CRITICAL, ERROR, WARNING, NOTICE, or INFO. CRITICAL messages are the most severe, whereas INFO messages are the least severe.
Message ID
Is the unique numeric ID of the error message. The prefix V-16 denotes VCS.
Message Text
Is the message generated by VCS. For example, a typical agent log message looks like this:
2006/01/24 11:04:17 VCS ERROR V-16-10051-6026 GenericService: CLSEV1-EnterpriseVaultAdminService:monitor:Th e LanmanResName attribute has not been configured.
Access Denied. You must have Administrator Only users who are members of the local privileges to run the wizard. administrators group can run this wizard. VCS not running on the local machine. Either Verify that the VCS service has started and the service has not been started or it is in a is running on the local machine. stale state. MSMQ is not configured properly. The wizard verifies that MSMQ is installed and configured on all the nodes. The error message is shown if MSMQ is not installed on one node or the configuration is different. To resolve the problem, verify that MSMQ has been installed and configured before proceeding with the Enterprise Vault Cluster Setup wizard. The required resource type MSMQ is not installed on this system. The wizard verifies that the MSMQ resource type is installed on the system. This resource type is installed with the 4.3 MP1.
577
1 2 3
Ensure the Enterprise Vault virtual server is online on the node you want to view the queues from. Open a command prompt window and change to the Enterprise Vault installation folder, typically C:\Program Files\Enterprise Vault. Enter the following command:
ClusterCompMgmt
This launches the Computer Management snap-in with the environment variables set so that it displays the clustered message queues.
Expand Services and Applications, then expand Message Queuing. The Enterprise Vault virtual server queues are listed under Private Queues.
578
Section
11
Introducing clustering with Microsoft server clusters Preparing to cluster with Microsoft server clusters Configuring Enterprise Vault in a Microsoft server cluster Troubleshooting clustering with Microsoft server clusters
580
Chapter
48
About clustering with Microsoft server clusters Supported cluster configurations Required software and restrictions Typical Enterprise Vault configuration in a Microsoft server cluster Control of services in a clustered environment
582
Note: To cluster Enterprise Vault in a Microsoft server cluster, you need a working knowledge of Microsoft server clusters. For detailed information on Microsoft server clusters, see your Microsoft documentation.
One or more primary nodes, each normally hosting an Enterprise Vault virtual server. One or more failover nodes: standbys that can take over the job of hosting an Enterprise Vault virtual server if a primary node fails.
Enterprise Vault does not permit "active/active" cluster configurations. That is, only one Enterprise Vault virtual server can run on a clustered node at any one time. You can configure Enterprise Vault in any operation mode that adheres to this restriction, such as:
An active/passive failover pair: a primary node with a dedicated failover node. N+1 (hot standby server): two or more primary nodes share a single failover node. Only one node failure can be accommodated at any one time. N+M: an extension of the hot standby concept with N primary nodes and M failover nodes. Only M node failures can be accommodated at one time. N+M any-to-any: identical to N+M, except that there is no need to fail back to the original node after a failover. When the original node becomes available again, it can operate as a failover node.
Windows Server 2003 Enterprise Edition or Datacenter Edition. Each node must be running the same operating system. Exchange System Manager, unless you are only using Enterprise Vault for File System Archiving or SharePoint Archiving. See Installing Exchange System Manager on page 583.
A clustered Enterprise Vault server cannot contain the SharePoint Portal Server 2001 Service. However, SharePoint 2003 runs as an Enterprise Vault task and is unaffected by this restriction.
Introducing clustering with Microsoft server clusters Typical Enterprise Vault configuration in a Microsoft server cluster
583
Compliance Accelerator and Discovery Accelerator are not supported within a cluster. However, an unclustered Compliance Accelerator or Discovery Accelerator can reference a clustered Enterprise Vault virtual server.
584
Introducing clustering with Microsoft server clusters Control of services in a clustered environment
Figure 48-1
Public network
In this example:
NODEA and NODEB are the two Enterprise Vault nodes in the Microsoft server cluster. NODEA is the primary node. NODEB is the failover node. The SQL server and Microsoft Exchange may also be configured in the cluster: this does not affect Enterprise Vault. The volumes for the Enterprise Vault services data are configured on shared storage. The Enterprise Vault virtual server is configured on the primary node, NODEA. If NODEA fails, the virtual servers resources fail over to NODEB, and the virtual server comes online on NODEB.
Introducing clustering with Microsoft server clusters Control of services in a clustered environment
585
Directory Service Index Service Shopping Service Storage Service Task Controller Service
An Admin Service is already present from when Enterprise Vault was installed. The presence of this set of services is mandatory on each node, to ensure a common configuration on all nodes in the cluster. You cannot remove Enterprise Vault services in a clustered configuration. The Configuration wizard sets the Enterprise Vault services to manual startup, to enable the cluster software to start and stop them as required. Note: In a clustered configuration, you cannot start or stop services using the Administration Console or the EVService utility. If you stop a service using Windows Service Control manager, the cluster software assumes this is due to a system failure, and will restart the service or initiate a failover. To start or stop Enterprise Vault services safely, use only Cluster Administrator or the Windows command line utility cluster.exe. See Starting and stopping services on page 611.
Admin Service resource Directory Service resource Index Service resource Shopping Service resource
586
Introducing clustering with Microsoft server clusters Control of services in a clustered environment
The Configuration wizard also adds one more resource to the group: an Enterprise Vault Server Instance resource. All the other Enterprise Vault resources in the group are configured to be dependent on this resource, directly or indirectly. Its purpose is to prevent failovers to nodes already running Enterprise Vault, avoiding an active/active operation mode.
Chapter
49
Preparing to cluster Enterprise Vault Setting up the shared disks and volumes Setting up the resource groups
The number of primary nodes (each normally hosting an Enterprise Vault virtual server). The number of failover nodes. Which nodes are to be the preferred owners of each virtual server.
Ensure that your setup meets the requirements. See Required software and restrictions on page 582.
588
Preparing to cluster with Microsoft server clusters Setting up the shared disks and volumes
Set up the shared disks and volumes for the cluster. See Setting up the shared disks and volumes on page 588.
4 5
Use Cluster Administrator to create the cluster and to add the primary and failover nodes. Set up a resource group, including the prerequisite resources, for each Enterprise Vault virtual server you require. See Setting up the resource groups on page 589.
Create a static DNS host entry and an alias entry for each Enterprise Vault virtual server. For example, you might create a virtual server host entry EVSERVER1, and an alias entry EVSERVER1Alias, pointing at EVSERVER1. For information on creating DNS settings, refer to your DNS documentation.
MSMQ data Indexing Service data Storage Service data (vault store partitions) Shopping Service data PST holding folders EMC Centera staging areas
It is good practice for MSMQ data, Indexing Service data and Storage Service data to each have a separate physical disk resource. Placing them on the same drives may result in degraded performance. For example, if you are setting up two Enterprise Vault virtual servers, EVSERVER1 and EVSERVER2, you might allocate the shared storage for the cluster as follows:
Cluster Group EVServer1
Volume Q: Quorum data Volume I: MSMQ data Volume J: Index data Volume K: Vault store data Volume L: PST holding folders, Shopping service data, staging areas
Preparing to cluster with Microsoft server clusters Setting up the resource groups
589
EVServer2
Volume M: MSMQ data Volume N: Index data Volume O: Vault store data Volume P: PST holding folders, Shopping service data, staging areas
Note the following when setting up the shared disks and volumes:
You must configure the storage for different resource groups on different physical disks, since only one server can connect to a physical disk at a time. Configure shared disks and volumes such that the required nodes will be able to access to the clustered disk resources on failover. For example, in a 2+1 configuration, the failover node must have access to the quorum data volume, plus all the volumes used by both virtual servers.
Parameters
Specify the required disk volume.
Specify the IP address for the virtual server. Specify the public network. Enable NetBIOS for this address.
590
Preparing to cluster with Microsoft server clusters Setting up the resource groups
Table 49-1
Resource type
Network name
Parameters
Use the group name as the network name. We recommend that you select the "DNS Registration Must Succeed" check box. You must select the "Enable Kerberos Authentication" check box. This is required by the Message Queuing resource.
Message Queuing
The Physical Disk resource for this virtual servers MSMQ data The Network Name resource
None
1 2
Use Cluster Administrator to create and name the resource group. In the Properties of the resource group, specify the nodes that are to be the preferred owners of this resource group. List the nodes in the preferred order, according to your chosen operation mode. Add the prerequisite resources to the resource group. Add one resource of each resource type listed in the following table, except where noted. We recommend you use the following naming format for the resources: groupname-resourcetype For example, if you named a resource group EV1 and you are adding a physical disk resource, name the resource EV1-PhysicalDisk. Later, the Enterprise Vault Configuration wizard adds Enterprise Vault service resources to the resource group using this naming format. Specify the required nodes as possible owners for each resource, according to your chosen operation mode.
When you have finished setting up the resource group, check that it can fail over between nodes without error.
Chapter
50
About configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support Converting an existing Enterprise Vault installation to a cluster Modifying an existing Enterprise Vault cluster
Setting up a new Enterprise Vault installation with cluster support. Converting an existing Enterprise Vault installation to a cluster. Modifying an existing Enterprise Vault cluster to add another Enterprise Vault clustered server or failover node, or to add more shared storage.
Before proceeding, you must have performed the preparatory steps for clustering. See Preparing to cluster Enterprise Vault on page 587.
592
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
Install Enterprise Vault on all the nodes that are to run Enterprise Vault, both primary and failover, but do not run the Enterprise Vault Configuration wizard on any node at this stage. For instructions on installing Enterprise Vault, see Sections I and II of this manual. Configure the Enterprise Vault servers that are to act as clustered servers. See Configuring a new Enterprise Vault server with cluster support on page 592.
Configure Enterprise Vault on the nodes that are to act as failover nodes. See Configuring a failover node on page 596.
Create an Enterprise Vault Directory on the Enterprise Vault server. This is mandatory for the first Enterprise Vault server you configure. The Directory is a container for Enterprise Vault Sites, which define common settings for Enterprise Vault servers. Every Enterprise Vault server must belong to just one Site. The configuration process creates a new Site in the new Directory and adds the Enterprise Vault server to that Site. It also creates a Directory database on the SQL server you specify. Join an Enterprise Vault Directory on another Enterprise Vault server (typically a previously configured Enterprise Vault virtual server). You can add the Enterprise Vault server to an existing Enterprise Vault Site in the Directory,
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
593
or create a new Site in the Directory and add the Enterprise Vault server to that. To configure an Enterprise Vault server with cluster support, creating an Enterprise Vault Directory on the server
1 2
Use Cluster Administrator to ensure that a suitable resource group you prepared earlier is online on the Enterprise Vault server node. On the nodes Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. The first page of the Enterprise Vault Configuration wizard appears. Click Create a new Enterprise Vault server with Cluster support, and then click Next. The wizard lists the resource groups that are currently online on this node. Select the prepared resource group and click Next. On the next Wizard page, select Yes to choose the option to create an Enterprise Vault Directory on this computer. Then click Next. Select the language you want Enterprise Vault to use when populating the default settings in the Administration Console. Then click Next. The wizard asks for details of the Vault Service account. This is the account you created earlier as part of the preinstallation tasks for Enterprise Vault. Use the format domain_name\username, for example cluster\vaultadmin. Alternatively, use the ... button to browse for the account. Enter the password details and then click Next. The wizard then displays a couple of messages relating to the Vault Service account having been granted user rights on the computer, and the creation of the Directory Service.
3 4 5 6 7
8 9
When prompted, enter the location of the SQL Server to use for the Enterprise Vault Directory database and click Next. The wizard prompts you to enter the locations for the Enterprise Vault Directory database and transaction log. For performance reasons it is good practice to place these on separate disks. If default locations are shown, change them if they are incorrect. If you specified a SQL server on a remote computer, the paths must be valid paths on that computer, such as \\DC\C$\Program Files\Microsoft SQL Server\MSSQL\Data. Then click Next.
594
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
10 When prompted, enter the location of the SQL Server to use for the Enterprise
Vault Monitoring database. Leave Start Monitoring immediately selected to begin monitoring as soon as the configuration is complete on this Enterprise Vault server. Then click Next.
11 The wizard prompts you to enter the locations for the Enterprise Vault
Monitoring database and transaction log. For performance reasons it is good practice to place these on separate disks. If default locations are shown, change them if they are incorrect. If you specified a SQL server on a remote computer, the paths must be valid paths on that computer. Then click Next.
12 The wizard then prompts you for a name and description for the new Vault
Site.
13 For the Vault Site alias, enter the DNS alias for the Enterprise Vault resource
group you selected in step 4.
14 Click Next to continue. 15 The wizard confirms the Enterprise Vault Site and Enterprise Vault Directory
computer you have selected. It prompts you to specify the DNS Alias for the computer you are currently configuring.
16 Enter again the DNS alias for the Enterprise Vault resource group that you
selected in step 4.
17 Click Next to update the Enterprise Vault Directory. 18 The wizard lists the Enterprise Vault services that are to be added to this
computer. Click Next to add the services.
19 The wizard lists the Enterprise Vault services that it has now added, giving
you the option to check their properties. Note that in a cluster configuration you are not allowed to add or remove services. Click Next to continue.
20 The wizard displays the storage locations for the Indexing and Shopping
services. These locations default to the first disk resource in the selected resource group. If the locations are suitable, click Next. If you want to specify different storage locations, click Back and edit the properties of the service. The wizard displays a warning if you try to modify these to a local location such as C:\Shopping.
22 The final wizard page displays a list of the actions the wizard has performed,
and the results. Click Finish to exit the wizard.
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
595
To configure an Enterprise Vault server with cluster support, joining an Enterprise Vault Directory on another computer
1 2
Use Cluster Administrator to ensure that a suitable resource group you prepared earlier is online on the Enterprise Vault server node. On the nodes Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. The first page of the Enterprise Vault Configuration wizard appears. Click Create a new Enterprise Vault server with Cluster support, and then click Next. The wizard lists the resource groups that are currently online on this node. Select the prepared resource group and click Next. On the next wizard page, select No to join an Enterprise Vault Directory on another Enterprise Vault server, and specify the DNS alias for the remote Enterprise Vault server. Typically this is the DNS alias for an Enterprise Vault virtual server you previously configured into the cluster. Click Next and continue. On the next wizard page, do one of the following:
3 4 5
Select the option to create a new Vault Site in the remote Enterprise Vault Directory. Click Next and continue from step 7. Or select the option to join an existing Vault Site in the remote Enterprise Vault Directory, and select a Vault Site from the list displayed. Then click Next and continue from step 10.
7 8 9
The wizard then prompts you for a name and description for the new Vault Site. For the Vault Site alias, enter a DNS alias for the remote Enterprise Vault server you specified in step 5. Click Next to continue. computer you have selected. It prompts you to specify the DNS Alias for the computer you are currently configuring.
10 The wizard confirms the Enterprise Vault Site and Enterprise Vault Directory
11 Enter the DNS alias for the Enterprise Vault resource group you selected in
step 4.
12 Click Next to update the Enterprise Vault Directory. 13 The wizard lists the Enterprise Vault services that are to be added to this
computer. Click Next to add the services.
596
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
14 The wizard lists the Enterprise Vault services that it has now added, giving
you the option to check their properties. Note that in a cluster configuration you are not allowed to add or remove services. Click Next to continue.
15 The wizard displays the storage locations for the Indexing and Shopping
services. These locations default to the first disk resource in the selected resource group. If the locations are suitable, click Next. If you want to specify different storage locations, click Back and edit the properties of the service. The wizard displays a warning if you try to modify these to a local location such as C:\Shopping.
17 The final wizard page displays a list of the actions the wizard has performed,
and the results. Click Finish to exit the wizard.
On the nodes Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. The first page of the Enterprise Vault Configuration wizard appears. Click Configure the node as a failover node for an existing clustered server, and then click Next. The wizard prompts you for the name of the resource group for which you want to add the node as a failover node. Select any resource group that is configured to fail over to this node. The resource group must be online on one of the nodes that you have configured as an Enterprise Vault primary node, and its resources must all have the failover node as a possible owner. Select the name of the resource group, and then click Next. On the next wizard page, enter the password for the Vault Service account, and then click Next. The next wizard page lists the actions the wizard will take if you proceed. To continue click Next, then click and then click OK to confirm the actions taken. The final wizard page displays a list of the actions the wizard has performed, and the results. Click Finish to exit the wizard.
2 3
4 5 6
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
597
Configuration examples
These examples describe how to set up first-time installations of Enterprise Vault in various cluster operation modes.
Shared Disk
598
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
Create a node for the primary server (NODEA). Create a node for the failover server (NODEB). Create a resource group EVSERVER1 for the virtual server, with the preferred owners set to NODEA followed by NODEB. Add the prerequisite resources to resource group, ensuring that they have NODEA and NODEB as their possible owners. Create a DNS entry for the virtual server, and an alias EVSERVER1Alias, pointing at it.
2 3
Install Enterprise Vault on NODEA and NODEB, without running the Enterprise Vault Configuration wizard. On NODEA, run the Enterprise Vault Configuration wizard and choose to configure a new Enterprise Vault server with cluster support. Select EVSERVER1 as the resource group in which to create the Enterprise Vault service resources. Specify EVSERVER1Alias as the Vault Site alias and computer DNS alias. On NODEB, run the Enterprise Vault Configuration wizard and choose to configure a failover node for an existing clustered server. Select EVSERVER1 as the resource group for which you want to add this node as a failover node. Test the failover from NODEA to NODEB.
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
599
Figure 50-2
NODEA EVSERVER1
Shared Disk
NODEC (SPARE)
NODEB (EVSERVER2)
Shared Disk
If either NODEA or NODEB fails, the virtual Enterprise Vault server running on that node can fail over to NODEC. This is not an "any-to-any" configuration so if a node fails the resources must be moved back after the node is recovered, in order to return to high availability. To set up this 2+1 configuration
Add three nodes to the cluster (NODEA, NODEB, NODEC). Create two resource groups (EVSERVER1, EVSERVER2), and add the prerequisite resources to each group. Configure the groups and resources so that the following nodes are the preferred owners, in the order shown:
EVSERVER1 EVSERVER2 NODEA, NODEC NODEB, NODEC
600
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
Create DNS entries for the virtual servers EVSERVER1 and EVSERVER2, and provide aliases for each (EVSERVER1Alias, EVSERVER2Alias).
2 3
Install Enterprise Vault on NODEA, NODEB, and NODEC, but do not run the Enterprise Vault Configuration wizard. On NODEA, run the Enterprise Vault Configuration wizard and choose to configure a new Enterprise Vault server with cluster support. Select EVSERVER1 as the resource group in which to create the Enterprise Vault service resources. Specify EVSERVER1Alias as the Vault Site alias and computer DNS alias. On NODEB, run the Enterprise Vault Configuration wizard and choose to configure a new Enterprise Vault server with cluster support. Select EVSERVER2 as the resource group in which to create the Enterprise Vault service resources. Specify EVSERVER2Alias as the Vault Site alias and computer DNS alias On NODEC, run the Enterprise Vault Configuration wizard, and choose to configure a failover node for the existing clustered server. Select either EVSERVER1 or EVSERVER2 as the resource group for which you want to add this node as a failover node. Test the cluster to confirm that if NODEA fails, the EVSERVER1 resources fail over successfully to NODEC. Then return the EVSERVER1 resources to NODEA and confirm that if NODEB fails, the EVSERVER2 resources fail over successfully to NODEC.
Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support
601
Figure 50-3
NODEB
NODEC
You can extend the setup process for an N+M configuration with any number of primary and failover nodes, up to the total of 8 clustered nodes supported by Microsoft server clusters. To set up this 2+1 any-to-any configuration
Add three nodes to the cluster (NODEA, NODEB, NODEC). Create two resource groups (EVSERVER1, EVSERVER2), and add the prerequisite resources to each group. Configure the groups and resources so that the following nodes are the preferred owners, in the order shown:
EVSERVER1 EVSERVER2 NODEA, NODEC, NODEB NODEB, NODEC, NODEA
602
Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster
3 4 5
See 2+1 configuration without "any-to-any" on page 598. Test the cluster to confirm that if an active node fails, the virtual server fails over to the appropriate node. For example, if you have configured the preferred owners of the resource groups as suggested in step 1:
Confirm that if NODEA fails, EVSERVER1 fails over successfully to NODEC. Then bring NODEA back online as the spare node and confirm that if NODEB fails, EVSERVER2 fails over to NODEA.
Enterprise Vault should already be configured in a non-clustered configuration, and it must not already be part of a cluster. Enterprise Vault must be configured using DNS aliases rather than fully qualified node names. The Enterprise Vault server must have a full set of Indexing, Shopping, Task Controller, and Storage services. However, it must not contain the SharePoint Portal Server 2001 service, as this is not supported in a cluster.
Note that Compliance Accelerator and Discovery Accelerator are not supported within a cluster. However, an unclustered Compliance Accelerator or Discovery Accelerator can reference a clustered Enterprise Vault virtual server. You can cluster an existing Enterprise Vault installation in any of the operation modes previously described. Note that:
You can configure a combination of new and existing Enterprise Vault servers as virtual servers, if required. You must perform a new installation of Enterprise Vault on the nodes that are to act as failover nodes.
Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster
603
Prepare for clustering. See Preparing to cluster Enterprise Vault on page 587.
Install Enterprise Vault on the failover nodes and, if required, on any additional primary nodes you are adding to the existing installation. Do not run the Enterprise Vault Configuration wizard on any node at this stage. For instructions on installing Enterprise Vault, see Sections I and II of this manual. Convert your existing Enterprise Vault servers to servers with cluster support. See Converting an existing Enterprise Vault server to a server with cluster support on page 603.
If you are adding any new Enterprise Vault servers, configure the new Enterprise Vault servers as servers with cluster support. See Configuring a new Enterprise Vault server with cluster support on page 592.
Configure Enterprise Vault on the failover nodes. See Configuring a failover node on page 596.
Ensure that the following items are all on highly-available shared storage devices.
Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas
If they are not, correct the locations in the Enterprise Vault Directory database and then move the associated data to the new locations.
604
Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster
2 3
Use Cluster Administrator to ensure that a suitable resource group you prepared earlier is online on the Enterprise Vault server node. On the Windows Start menu, click All Programs > Enterprise Vault > Convert to Cluster. The first page of the Enterprise Vault Convert to Cluster wizard appears. Click Next to continue. The wizard makes a number of checks relating to the suitability of the installation for conversion to a cluster. It then displays a warning reminder that when the wizard has successfully completed you must update the DNS alias or Hosts file entry that is currently pointing at the physical node, so that it points at the virtual server name. The wizard then displays a list of the current file locations for the Enterprise Vault services and partitions. You must confirm that these locations are all on highly-available shared storage devices before continuing. Either select the check box to confirm high-availability, and click Next to continue, or click Cancel to exit from the wizard and move the required data to highly-available locations before running the wizard again. If the wizard detects that there are messages in the Enterprise Vault MSMQ queues, it displays a page indicating the name of each queue and the number of messages on it. The wizard cannot move these messages to the clustered message queues due to permissions constraints. We recommend you cancel from the wizard and leave the services running in a non-clustered environment until Enterprise Vault has cleared the message queues. You can then re-run the Convert to Cluster wizard. If you continue without doing this, the messages remain on the node-specific queues and are not processed. If you want to continue without clearing the queues, select the Continue converting configuration to a cluster check box and click Next. The wizard lists the resource groups that are currently online on this node. Select the required resource group and click Next. The wizard creates the necessary resources, updates the Enterprise Vault services to manual startup, and updates the Directory database tables to remove the local computer name from the computer entry table and the message queue names. The final wizard page displays a list of the actions the wizard has performed, and the results. Click Finish to exit the wizard. If you have not already done so, manually update the DNS alias to point at the virtual server name rather than the local node name.
7 8
Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster
605
Stop the Indexing, Shopping, Storage, and Task Controller services. Make a backup copy of the Enterprise Vault Directory database and data files. Use the Enterprise Vault Administration Console or run a SQL query against the Enterprise Vault Directory to move the data, as described below.
IndexRootPathEntry Move the contents of this location to a highly available location. [IndexRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM IndexRootPathEntry WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE IndexRootPathEntry SET IndexRootPath = '<THE NEW LOCATION>' WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>')
PartitionEntry [AccountName]
Move the pool entry authorization (.pea) file to a highly available location. Use the Enterprise Vault Administration Console to view the properties of the EMC Centera partition and then, on the Connection tab, edit the Pool Entry Authorization File Location box to point at the new location.
606
Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster
PartitionEntry Move the contents of this location to a highly available location. [PartitionRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET PartitionRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>')
PartitionEntry/Locations Move the secondary storage files to a highly available location. [SecondaryLocation] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry INNER JOIN Locations ON PartitionEntry.SecondaryLocation = Locations.LocationIdentity WHERE (PartitionEntry.PartitionEntryId = <ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE Locations SET Location = '<NEW LOCATION>' WHERE LocationIdentity = (SELECT SecondaryLocation FROM PartitionEntry WHERE PartitionEntryId = <ID FROM LOG FILE>')
Configuring Enterprise Vault in a Microsoft server cluster Modifying an existing Enterprise Vault cluster
607
PartitionEntry Move the contents of this location to a highly available location. [StagingRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET StagingRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>')
PSTMigratorTask Move the contents of the location to a highly available location. [MigrationDirectory] Use the Enterprise Vault Administration Console to view the properties of the PST Migrator Task and update the Temporary files folder. ShoppingServiceEntry Move the contents of this location to a highly available location. [ShoppingRootPath] Use the Enterprise Vault Administration Console to edit the Shopping service location to the new highly available location. SiteEntry Move the contents of the location to a highly available location. [PSTHoldingDirectory] Use the Enterprise Vault Administration Console to view the site properties and update the PST Holding Folder property to point at the new location.
Add a node to host a new Enterprise Vault virtual server or to act as a failover node. Add shared storage for a virtual server.
Adding a node
You may want to add a node to an existing Enterprise Vault cluster to host a new Enterprise Vault virtual server or to act as a failover node.
608
Configuring Enterprise Vault in a Microsoft server cluster Modifying an existing Enterprise Vault cluster
1 2 3
Share the required disk volumes on the new node. Use Cluster Administrator to add the node to the cluster. If you are adding a new Enterprise Vault virtual server, prepare a new resource group and add the prerequisite resources. See Setting up the resource groups on page 589.
4 5 6 7
Specify the new node as a possible owner of all resources in all the resource groups that are required to run on it. Add the new node at a suitable position in the preferred owners list of any resource group that is required to run on it. Install Enterprise Vault on the node. Run the Enterprise Vault Configuration wizard and choose either Create a new Enterprise Vault server with Cluster support, or Configure the node as a failover node for an existing clustered server, as required. Test the modified cluster to confirm that failovers to or from the new node work as planned.
1 2
Set up the additional shared disks and volumes, sharing the volumes on the nodes that require access to them. For the virtual server that is to use the new storage:
Add a Physical Disk resource to the resource group for each new volume. Make the Physical Disk resource dependent on the Enterprise Vault Server Instance resource. Change the Properties of the Admin Service resource to add a dependency on each new Physical Disk resource.
3 4
Specify the required nodes as possible owners for the new Physical Disk resources, according to your cluster operation mode. Test the modified cluster to confirm that the Enterprise Vault virtual server can access the new shared storage successfully before and after failover.
Chapter
51
About this chapter Event logs and the server cluster log Resource ownership and dependencies Registry replication Viewing the clustered message queues Starting and stopping services
610
Troubleshooting clustering with Microsoft server clusters Event logs and the server cluster log
Registry replication
As part of configuring the virtual server, the Configuration wizard sets up a registry checkpoint on the Admin service resource, to provide the required registry replication on the clustered nodes. If you suspect problems with registry entries related to an Enterprise Vault virtual server, view the checkpoint to confirm it is set up correctly. Enter the following command using the Windows command line utility cluster:
cluster resource EnterpriseVaultAdminService /check
where EnterpriseVaultAdminService is the name of the Admin service resource, for example EVSERVER1-EnterpriseVaultAdminService.
Troubleshooting clustering with Microsoft server clusters Viewing the clustered message queues
611
You should see listed one checkpoint for the Admin service resource: Software\KVS\Enterprise Vault.
1 2 3
Ensure the Enterprise Vault virtual server is online on the node you want to view the queues from. Open a command prompt window and change to the Enterprise Vault installation folder, typically C:\Program Files\Enterprise Vault. Enter the following command:
ClusterCompMgmt
This launches the Computer Management snap-in with the environment variables set so that it displays the clustered message queues.
Expand Services and Applications, then expand Message Queuing. The Enterprise Vault virtual server queues are listed under Private Queues.
Use Cluster Administrator to bring the associated service resource online or offline. Or use the Windows command line utility cluster. For the syntax of this command, open a command prompt window and enter:
612
Troubleshooting clustering with Microsoft server clusters Starting and stopping services
cluster /?
For more details, see, for example, the following TechNet article:
http://technet2.microsoft.com/WindowsServer/en/librar y/8da99e1e-619f-4deb-acf0-cd8d61ac2ed01033.mspx
To help prevent the starting and stopping of services by other means, Enterprise Vault behaves as follows in a clustered configuration:
The Enterprise Vault Administration Console buttons for starting and stopping services are unavailable. You cannot start or stop services using the EVService utility. However, you can continue to use EVService to control tasks. Enterprise Vault blocks attempts to start Enterprise Vault services using the Windows Service Control Manager, and logs an event message. However, Enterprise Vault cannot block the stopping of services using Windows Service Control Manager, so be careful to avoid this.
Index
Symbols
.NET Framework requirement 459
A
Active Directory Publishing the Outlook Add-Ins 184 active/passive failover configuration 544 Add-Ins distributing 182 installing on a server 179 Admin permissions 140 Administration Console Japanese fonts 138 Using 138 Advanced mailbox policy settings 163 Domino mailbox archiving 323 agent configuration modifying 555 Archive points managing 373 archiving initially suspended impact to users 180 Assigning administrator roles 140 Authorization Manager 140 AutoEnableMbxFolders 447
B
BlacklistedDLs 492
C
Celerra scheduling deletion 376 Client computer customizing security 119 Clustering Microsoft server clusters 581 VERITAS Cluster Server 543 Collection 144
computer adding new 125 configuration modifying using wizard 555 typical setup 544 Configuration Program 138 configuration wizard 124 configuration wizards Exchange Server Configuration 552 configurations active/passive failover 544 Content categories introduction 458 Custom filtering assigning archive 488 assigning retention category 487 attachment filtering 486 configuring 470 default rules 480 Domino registry settings 477 events 472 filtering attachments 501 filtering messages 488 filtering on DLs 490, 492 filtering on message direction 497 filtering on message subject 499 format of ruleset files 482 introduction 458 named ruleset files 481482 registry settings 471 rule actions 485 ruleset file example 507 ruleset file schema 479 ruleset file security 480 ruleset files 479 Custom properties introduction 458, 460 supported properties 514 Custom properties.xml introduction 461 schema 479 Customized filters 514
614
Index
D
Default domain with basic authentication 117 Deleted Attachments.txt file 487 Demonstration system 47 DiskFullRetryLimit 446, 452 DNS alias 47 Domino archiving adding a domain 318 adding a Domino mail server 318 Domino Journaling adding a domain 354 adding a location 357 adding a server 354 adding permissions to the journal archive 355 assigning a vault store 354 configuring access for Enterprise Vault 84 configuring the journaling databases 83 creating a task 356 creating a vault store 354 creating an archive 355 Database Management 83 Domino Journaling Archiving 353 set up 356 Domino journaling location 477 Domino journaling locations ruleset file name 482 Domino mailbox archiving Domino Mailbox task 326 Domino Provisioning task 325 installing client templates 330 mailbox policies 319 setting up 311
Enterprise Vault Operations Manager (continued) requirements 49 Enterprise Vault Reporting accessing 134 configuring 131 requirements 53 Enterprise Vault site creating new 125 DNS entry for 47 Enterprise Vault Web site 26 Entourage clients 66 Envelope Journaling 462 EVMessages.nsf 342 Exchange supported versions 543 Exchange agent about 544 configuring using wizard 552 supported services 544 troubleshooting 575 typical setup 544 Exchange cluster active/passive setup 544 Exchange cluster configuration Active/Passive failover 544 Exchange permissions 60 Exchange Service agent 544 Exchange service group modifying 555 External filters 459, 474
F
File servers adding 363 processing immediately 379 File System Archiving scheduling 375 scheduling expiry 376 scheduling permissions synchronization 377 Filtering Custom filtering 458 Group journaling 458 Selective journaling 457 Folders adding 372 creating a folder policy 371 Fonts in Administration Console 138
E
EnableMailboxMessage.msg 176 enabling Domino mailbox manually 345 enabling mailbox manually 178 wizard 178, 345 Enterprise Vault configuring 123, 214 installing 111, 149 web page URL 26 Enterprise Vault documentation 25 Enterprise Vault Operations Manager accessing 130 configuring 129
Index
615
FSA Reporting configuring 392 FSA Reporting database disk space requirements 35
G
Group journaling configuring 467 introduction 458 registry settings 469 rules file 468
H
HTTPS support 147
Microsoft Exchange Forms distributing 153 Microsoft server clusters 581 configuring 591 Microsoft SQL Server setting up 85 Migration 144 Monitoring database disk space requirements 35 troubleshooting 129 MSMQ setting up 47, 85 MSN Search Toolbar 65
N
NetApp Filer setting permissions on 90 New Vault Store wizard starting 414 NonDeliveryFolder for domains 446 NonDeliveryFolder for mailbox name 447
I
IMAP clients 66 INCLUDES and ALLOWOTHERS operators 493 Internal addresses Defining 499 InternalSMTPDomains 499 Internet Explorer for users 65
O
Operations Manager accessing 130 configuring 129 requirements 49 Organization Forms Library 153 Outlook 2003 Cached Exchange Mode 190 Outlook Add-Ins 181 Publishing in Active Directory 184 requirements 64 Outlook versions for users 65 OWA client support 65
J
Japanese fonts in Administration Console 138
L
License keys 107 obtaining 108 Licenses 107
M
MAC clients 66 Mail message archive limit messages 176 mailbox enabling manually 178, 345 Mailbox policies Domino mailbox archiving 319 MAPI named properties 500 MDAC version 44 Message classes 163, 202, 323 Microsoft .NET Framework 42 Microsoft Authorization Manager 140
P
permissions for Vault Service account [permissions Vault Site] 60 Permissions, to install Outlook Add-Ins 184 POP3 clients 66 Production license defined 107
R
Reporting accessing 134 configuring 131
616
Index
Reporting (continued) requirements 53 Retention Category creating new 141 None impact to users 180 Retention folders about 382 Roles assigning administrator 140 Roles-based administration 140 RPC over HTTP overview 182 Ruleset file schema 485 Ruleset files introduction 460
SMTP Archiving (continued) virtual SMTP server 446 where to install SMTP server 100 SMTP configuration file 445 SMTP holding area folders 444 SQL login for Vault Service account 46 Support contact information 24 supported services 544 supported versions 543
T
TCP/IP required on client computers 65 Temporary license defined 107 Trialware license defined 107 troubleshooting Exchange service agent 576 troubleshooting information 575
S
Safari browser support 66 Security on client computers 119 security for Web Access application [security Web] 115 Selective journaling configuring 463 introduction 457 registry settings 466 rules file 464 Server alias 48 service group modifying 555 Services configuring 127 starting during configuration 128 SharePoint archives contents 414 permissions 414 Site Settings reviewing 170, 326 SMTP Archiving command line 449 domain to folder mapping 446 format of holding area 444 holding area 444 holding folder permissions 444 MAPI messages 100 relaying 100 unrecognized domains 446
V
Vault Directory creating new 125 Vault Directory Database disk space requirements 34 Vault Directory Service and Vault Site alias [Vault Directory Service Vault Site alias] 47 Vault server alias 48 Vault Service account 60 permissions 60 requirements 44 SQL login 46 Vault Site alias configuring 127 creating 47 in a pilot system [Vault Site alias pilot system] 47 Vault Store name valid characters 355 Vault Store Database disk space requirements 34 Vault Stores Overview 143 VCS 543
Index
617
VERITAS Cluster Server 543 Volumes adding 370 creating a volume policy 369 processing immediately 378
W
Web Access application application pool 42 basic authentication 117 https support 147 setting up security 115 specifying a port 147 web page URL 26 Welcome Message editing 175, 342 location of 175, 342 Windows Desktop Search OS requirements 65 Overview 182 versions supported 65 Windows Server for users 65 wizards Enable Domino mailboxes for archiving 345 Enable Mailboxes for Archiving 178 Exchange Server Configuration 552