This document is part one of four Technical Articles that discuss the requirements, process and troubleshooting of EV and OWA 2007 Integration:

In order to enable EV functions within OWA 2007, the EV OWA 2007 Extensions must be installed on each Exchange 2007 Server with a Client Access Server (CAS) Role within the environment, the Exchange Virtual Directory (VD) must be present on the CAS Role and Mailbox Role, Internet Information Services (IIS) Services must be running and anonymous access must be configured on the EV Server:

Note: See Technical Article 277782 in Related Documents for links to the Install and Configuration Guides (EV 2007) and Setting up Exchange Server Archiving (EV 8.0)

Additional Configuration for CAS Roles installed on Windows 2008:

For Exchange 2007 on Windows 2003, IIS 6.0 installs all required components.  For Exchange 2007 on Windows 2008, IIS 7.0 requires that the individual core components are installed for legacy WebDAV access to the Exchange VD on both the CAS and Mailbox Role.  These are the same requirements necessary for mixed mode functionality between Exchange 2003 and Exchange 2007.

Examples of Server Manager Commands for the individual requirements:

ServerManagerCmd -i Web-Server  
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression

Notes:
  a. See Microsoft Articles under Acknowledgements for additional details on IIS 7.0 requirements and Server Manager commands.
  b. It is required for EV to be able to access the Exchange Virtual Directory and EWS Virtual Directory. (See Technical Article 339805 under Related Documents for details)
  c. For further assistance in configuring Exchange 2007 and IIS 7.0 in preparation for EV Integration for OWA, please contact Microsoft.

Related Microsoft documentation:

http://technet.microsoft.com/en-us/library/bb691354.aspx
How to Install Exchange 2007 SP1 Prerequisites on Windows Server 2008 or Windows Vista

http://technet.microsoft.com/en-us/library/cc748918.aspx
Overview of Server Manager Commands

Installation of EV components:

Installation of the EV OWA Extensions is performed by running "Symantec Enterprise Vault OWA 2007 Extensions x64.msi" (Default location on Install Media = \OWA Extensions\OWA 2007 Extensions) on each CAS Role.

Note: In the Install Media, there are two files, "Symantec Enterprise Vault OWA 2007 Extensions x64.msi" and "Symantec Enterprise Vault OWA 2007 Extensions x86.msi". The x86 version is not intended to be installed on a production CAS Role, which is required to be in a 64-bit environment.

Once successfully installed, below are the Footprints created on the CAS Role.

EV Footprints on CAS Role

1. Web.config modifications
   a. Open \Program Files\Microsoft\Exchange Server\ClientAccess\Owa\web.config
   b. Locate the following values:

<!-- OWA HTTP Modules -->
<httpModules>
<add type="Microsoft.Exchange.Clients.Owa.Core.OwaModule, Microsoft.Exchange.Clients.Owa" name="OwaModule"/>
<add type="Symantec.EnterpriseVault.Owa.EVOwaModule, Symantec.EnterpriseVault.Owa" name="EVOwaModule"/>
</httpModules>

<!-- OWA HTTP Handlers -->
<httpHandlers>
<add verb="POST,GET" path="ev.owa" type="Microsoft.Exchange.Clients.Owa.Core.OwaEventHandlerFactory, Microsoft.Exchange.Clients.Owa"/>
<add verb="GET,HEAD" path="attachment.ashx" type="Microsoft.Exchange.Clients.Owa.Core.AttachmentHandler, Microsoft.Exchange.Clients.Owa"/>
</httpHandlers>

 -->
 <add key="EnterpriseVault_WebDAVRequestHost" value="localhost"/>
 <add key="EnterpriseVault_ResourceVersion" value="v8.0.3.1845"/>

 Notes:
   a. Prior to modification, a backup copy is made named "web.config.backup by EV.<number>"
   b. In order to change settings for how EV works with OWA 2007, additional settings may be added or modify within this section.(See Technical Article 304386 under Related Documents for details)

2. Smallicons.xml modifications.
   a. Open \Program Files\Microsoft\Exchange Server\ClientAccess\Owa\smallicons.xml
   b. Locate the following values:

<Mapping ItemClass="IPM.Note.EnterpriseVault.Shortcut" SmallIcon="../../../EnterpriseVault/v8.0.3.1845/images/vaultshortcut.gif" />
<Mapping ItemClass="IPM.Note.EnterpriseVault.PendingArchive.ArchiveMe" SmallIcon="../../../EnterpriseVault/v8.0.3.1845/images/vaultpending.gif" />
<Mapping ItemClass="IPM.Note.EnterpriseVault.PendingArchive" SmallIcon="../../../EnterpriseVault/v8.0.3.1845/images/vaultpending.gif" />
<Mapping ItemClass="IPM.Note.EnterpriseVault.Shortcut.RestoreMe" SmallIcon="../../../EnterpriseVault/v8.0.3.1845/images/vaultrestpending.gif" />
<Mapping ItemClass="IPM.Note.EnterpriseVault.Shortcut.DeleteMe" SmallIcon="../../../EnterpriseVault/v8.0.3.1845/images/vaultdelpending.gif" />
<Mapping ItemClass="IPM.Schedule.Meeting.Request.EnterpriseVault.PendingArchive.ArchiveMe" SmallIcon="mtgreq.gif" />
<Mapping ItemClass="IPM.Schedule.Meeting.Request.EnterpriseVault.PendingArchive" SmallIcon="mtgreq.gif" />
<Mapping ItemClass="IPM.Contact.EnterpriseVault.PendingArchive.ArchiveMe" SmallIcon="contact.gif" />
<Mapping ItemClass="IPM.Contact.EnterpriseVault.PendingArchive" SmallIcon="contact.gif" />

 Notes:
   a. Prior to modification, a backup copy is made named "smallicons.xml.backup by EV.<number>"
   b. The smallicons.xml replaces OWA 2003 web form registration.

3. Enterprise Vault custom files
   a. Open \Program Files\Microsoft\Exchange Server\ClientAccess\Owa\Enterprise Vault\<EVversion>
   b. The <EVversion> folder will match the "EnterpriseVault_ResourceVersion" value identified in the web.config file.

4. Enterprise Vault installed location
   a. This path may be verified via the registry on the CAS Role:

HKEY_LOCAL_MACHINE

\SOFTWARE

 \Wow6432Node

  \KVS

   \Enterprise Vault

    \Install

Value: Installpath

   
Notes:
   a. By Default, the Installpath will be C:\Program Files\Enterprise Vault\OWA 2007.
   b. If any of the above components are not present, uninstall Symantec Enterprise Vault OWA 2007 Extensions x64 and reinstall.
   c. If web.config or smallicons.xml are not modified, see Technical Article 313867 under Related Documents for details

The Anonymous Account and EVAnon Virtual Directory (VD)

The Anonymous Account and EVAnon VD are configured on the EV Server and designed to allow access to archived items from the CAS Role(s) to EV Server where the associated Exchange Mailbox Archiving Task resides.

1.  Anonymous Account

The Anonymous Account is a standard Active Directory (AD) user within the same domain as the EV Server.  This account is only used for EV OWA integration and must only be a member of the Domain Users group without restrictive group policy rules.  Confirm that this account is not disabled in AD and the password and account are both set to Never Expire.

Note: This account does not require a mailbox.

2.  EVAnon VD

The EVAnon VD is attached to the \Program Files\Enterprise Vault\Webapp folder and is designed exclusively to accept Archive, Retrieval, Delete and Restore requests from OWA and process these requests back to the Mailbox through the OWA session.  All other requests to the EVAnon VD not originating from the EV OWA extensions will return a 500 IIS error.

   Creation of EVAnon
   
   a. Under the \Program Files\Enterprise Vault directory, create a new text file named "Exchangeservers.txt"
   b. Open the Exchangeservers.txt and populate this with the IP Addresses of each CAS Role Server, on separate lines.

   Notes:
       i. If the CAS Roles have multiple IP Addresses, all of the addresses are required.
       ii.  If there is a CAS Load Balancer (LB) , the LB IP Address(es) are required.

   c. Save the Exchangeservers.txt in ANSI format.
   d. Create the EVAnon VD by running the following script under a command prompt, within the \Program Files\Enterprise Vault\ Directory:

   cscript owauser.wsf /domain:<ShortDomainName> /user:<AnonymousAccount> /password:<AnonymousAcctPW> /exch2007

   <ShortDomainName> = Domain name of Anonymous Account in Short format (Ex. "Domain" not "Domain.com")
   <AnonymousAccount> = Anonymous Account Name created in Step 1.
   <AnonymousAcctPW> = Anonymous Account password.

   Notes:
       i. Do not include the <> or quotes in the cscript.
       ii. Run the cscript logged in as the Vault Service Account (VSA), which is a Local Administrator.
       iii. If EV is installed on Windows 2008 Server, it is recommended to open cmd.exe by Right-clicking - Run as Administrator.
       iv. The OWAUser.wsf must be run on every EV Server which is performing Exchange Mailbox Archiving.

      OWAUser.wsf Footprints

   The OWAUser.wsf creates the following on the EV Server:

   a. Registry

Anonymous Account

OWA Web Application Alias (by Default this will be EVAnon)

       HKLM\Software\KVS\Enterprisevault\Install\OwaWebAppAlias

   b. IIS (Internet Information Services)

   EVAnon VD
   - The EVAnon VD will have the following settings:
     
     Directory Security :
         Authentication and access control - Anonymous only
         IP Address and domain name restrictions - Denied Access
   
   Note: The EVAnon VD will be set to Denied Access by default and each of the IP Addresses from Exchangeservers.txt will be configured as exceptions.

   Once the OWAUser.wsf script is run and the EVAnon VD is created, it is required to restart the Enterprise Vault Admin Service and Synchronize all mailboxes.  Restarting Services allow EV to be aware of the recent registry changes and Synchronizing all Mailboxes will apply these changes to the mailbox hidden messages.

Additional Requirements for EV installed on Windows 2008:
In Windows 2008, IIS 7 may be installed without specific roles, which are required to be installed on the EV server for EVAnon VD access:

1. "IIS Management Scripts and Tools" IIS role service.

2. "IPv4 Address and Domain Restrictions" IIS role service
 i. This role must also be set to Read/Write

3. "IIS 6 Management Compatibility" IIS role service

Other IIS 7 role services may be required to be installed and/or configured.  See the results to running the OWAUser.wsf script for details:

Example:

WScript version: 5.7
Configuring for Exchange 2003/2007
Running as: Domain\EVServiceAccount
User name: EVAnon
User domain: P@ssw0rd
Assigned user right: SeNetworkLogonRight
Assigned user right: SeInteractiveLogonRight
Assigned user right: SeBatchLogonRight
Assigned user right: SeChangeNotifyPrivilege
"ERROR: Failed to update IP address restrictions. Check that the 'IIS 6 Management
Compatibility' IIS role service is installed"

Note: For further details, see Technical Articles 318209 and 338088 on errors when running the OWAUser.wsf script on Windows 2008.