This document is part two of four Technical Articles that discuss the requirements, process and troubleshooting of EV and OWA 2007 Integration:

Once the Enterprise Vault Extensions are installed on each Client Access Server (CAS) Role, the extensions allow for the following:

1. Access to archived items through OWA

2. Access to EV Features to Archive, Retrieve, Restore or Delete Archived Items.

3. Access to EV Web Applications (Search Archive and Archive Explorer)

User Observations

After installing the EV OWA extensions on each of the CAS Roles additional tools become available for EV within the OWA session.

Notes:
   a. These options are only available to users that are enabled for archival through EV.
   b. These options may be disabled and removed through the EV Mailbox Archiving Policy (EV 2007) or Desktop Policy (EV 8.0)

After the installation of the EV OWA extensions, EV archived items (ie. Shortcuts) will be displayed in the OWA session.  This is due to modification made to the web.config and smallicons.xml, which control how OWA renders the EV item message classes (Ex. IPM.Note.EnterpriseVault.Shortcut, IPM.Note.EnterpriseVault.PendingArchive, etc).

Note: See Technical Article 313867 under Related Documents for further details.

Details on the availability of EV Toolbar Options

When a user is enabled for archival, EV will create a hidden message in the mailbox which contains all policy settings applied to the mailbox.  When an archive enabled user opens an OWA session, the EV Extensions installed on the CAS Role make additional WebDAV calls between the CAS Role(s) and Mailbox Role(s) to open the mailbox. Once opened through the WebDAV request, the EV hidden message will be located in order to identify if the user is enabled for archival, how to communicate with EV and how to display the EV tools, based on the assigned EV Policy. Once the EV hidden message is read from the user's mailbox, the EV Extensions will use Exchange Web Services (EWS) to convert the hidden message to be read.

There may be numerous reasons as to why the EV Toolbar options are not displayed in OWA after installing the EV Extensions.  This is commonly caused by an Exception when making a call to the Exchange and/or EWS Virtual Directories (VD) on the CAS Role.  Below provides details as to how, and in what order, the EV OWA extensions check the mailbox to determine if the user is enabled for archival.

Note: Loading the EV toolbar options do not involve the Enterprise Vault Server and is strictly handled between the CAS role and Mailbox Role Exchange Servers.  
 
Below shows a basic process flow of how EV accesses the mailbox and attempts to locate the hidden message. (Figure 1)

Loading the EV Toolbar options rely on the following WebDAV and EWS calls that are made through the CAS Role:

   [WebDAVRequest::Send] Request url: http://Localhost/Exchange/Username@domain.com

   [MailboxBase::MailboxBase] Connecting to Exchange Web Services using: https://localhost/ews/exchange.asmx

Figure 1
 

Notes:
   a. To identify the exact paths that are used, enable EV OWA Diagnostics per Technical Article 301813 or 304386 under Related Documents.
   b. If Diagnostic logging has been enabled and no logs are generated, confirm that the OWA requests to the CAS Server are not being proxied to another CAS Role prior to accessing the Mailbox Role.  This can be confirmed in the OWA Session -> Options -> About.

      Proxy Host Address: https://<IPAddressofCurrentCAS>/owa
        - Example: https://ExternalCASServer/owa
      Proxy servername: <FQDN of proxied destination CAS>  
        - Example: InternalCASServer.domain.com
      Client Access server name: <FQDN of proxied destination CAS>
        - Example: InternalCASServer.domain.com
      Mailbox Server Name: <FQDN of Mailbox Role Server>
        - Example: Mailbox1.domain.com

  c. If the request is being proxied, it is required to have the EV OWA extensions installed on every CAS role in the proxy 'path'.
  d. If the request is being proxied, review the Technical Article 300407 regarding setting constrained delegation.
  e. To generate a log, it is necessary to close the current OWA session and open a new session.
     (See Technical Article 301813 for additional details on enabling logging)
  f. It is unnecessary to recycle Exchange Services or IIS on the Exchange Server for these changes to take effect.
  g. To turn off logging, change the "EnterpriseVault_LogEnabled" value from True to False

When these calls are successful, the EV Toolbar options will be loaded and the following will be observed through the OWA Diagnostic log:

[EVContext::LoadHiddenSettings] Retrieved hidden message from web services

When one of these calls fail, the EV Toolbar options will not be loaded and the following will be observed through the OWA Diagnostic log:

[EVContext::LoadHiddenSettings] Using default settings
[EVContext::ResetHiddenSettings] Resetting hidden settings to defaults
[EVContext::LogHiddenSettings] Mailbox Settings loaded at: Monday, January 01, 0001, 12:00:00 AM
[EVContext::LogHiddenSettings]     Enabled for archiving: Never Enabled

Notes:
   a. In a properly configured Exchange 2007 environment, standard OWA 2007 access utilizes the OWA VD only.  Access to the Exchange VD is still supported for legacy WebDAV (Exchange 2000/2003) compatibility. If an Exception occurs during access to the Exchange VD, the error will be reproducible by opening the link directly, outside of OWA. (See Technical Article 321015 under Related Documents)
   b. When the CAS Roles and Mailbox Roles are located on separate servers, by default the Exchange VD may not exist on the Mailbox Role.  For Legacy WebDAV requests, the Exchange VD is required on the Mailbox Role for EV Integration.
   c. If the Mailbox Role is configured in a Clustered environment, the Exchange VD must be available on each physical node in case of fail over.
   d. For assistance in having this prerequisite configured on the Mailbox Role(s), it is necessary to contact Microsoft for assistance.
   e. For further assistance on known errors and troubleshooting these errors with EV Toolbar availability, see Technical Article 321015.

Details on accessing Archive and Restore options

Once the EV Toolbar options are loaded within OWA, it is possible to Archive, Retrieve or Restore archived items.  These processes require access to the EVAnon VD on the Enterprise Vault Server from the CAS Role.

Depending on the request, the following files must be accessed from the CAS Role:

Archive
Http://InternalEVServer.domain.com/EVAnon/getarchivesettings.asp

Retrieval
Http://InternalEVServer.domain.com/EVAnon/restoreo2k.asp

Note: Retrieving items through OWA occur when double-clicking an archived item.

Restore
Http://InternalEVServer.domain.com/EVAnon/clientaction.asp

This process requests the item to be permanently restored to the mailbox to a Restored Location or to the Original Location.

Note: This does not remove the original item from the Archive.

Since each of this processes rely on the EVAnon VD and Anonymous Account, if a problem exists with the VD or Anonymous Account, all of these options will fail.

Note: For further details on how OWA accesses the EV server for Archival, Retrieval and Restore requests, see Technical Article 339806 under Related Documents.

Details on accessing Search Archive and Archive Explorer options

By Default for OWA 2007, Search Archive and Archive Explorer are configured to access the EV Server directly from the Client, not from the CAS Role and through the EnterpriseVault VD, not the EVAnon VD.

Search Archive
Http://InternalEVServer.domain.com/EnterpriseVault/searcho2k.asp

Archive Explorer
Http://InternalEVServer.domain.com/EnterpriseVault/archiveexplorerUI.asp

Prior to EV 2007 SP4, the requirement to allow access to these web application functions externally was to publish the Internal EV Servername externally or perform custom configurations on a Firewall or Internet Security and Acceleration (ISA) Server to route the external request to the internal server name of the EV Server.  After EV 2007 SP4, the option to utilize a custom External Web Application URL was added.  This option allows the ability to provide EV a Custom External URL that will route via a firewall to the Internal Servername.  Below shows the general principle of the configuration:

Internal Servername : IntEVServer.domain.com
Custom External URL : http://Externalname.domain.com/EnterpriseVault

1. Confirm the Custom External URL works as designed:
   a. From an external system, open a supported browser and enter the following:

     http://Externalname.domain.com/EnterpriseVault/Search.asp

   b. If the routing of the External address is successful, a prompt for credentials will occur and the user will access the EV Browse Search.

2. Set the External URL within the policy
   a. Open the associated Mailbox Archiving Policy (EV 2007 SP4 or greater) or Desktop Policy (EV 8.0)
   b. Under the Advanced Tab => List settings from : OWA locate the option "External WebApp URL"
   c. Specify the External Web Application URL (Ex. http://Externalname.domain.com/EnterpriseVault)

3. Enable the CAS Role to use the External Web Application URL
   Add the following line in the web.config on the CAS Role:

   <add key="EnterpriseVault_UseExternalWebAppUrl" value="true"/>

Note: Above represents a simple example of the setup of the External Web Application URL configuration.  For more details and instructions on more complicated configurations of the External Web Application URL, see Technical Article 308450 under Related Documents.