OWA with Exchange 2007/2010 and Enterprise Vault Troubleshooting Guide - What to gather for Support Cases?

Problem

This article is intended to expedite the time it takes to resolve an OWA (Outlook Web Access/Outlook Web App) issue that you may have with Enterprise Vault when you cannot resolve the issue yourself. These instructions should apply to most OWA issues but will apply specifically to:

• No Enterprise Vault Buttons.
• Unable to open archived items via OWA, internally and/or externally
• Unable to access Archive Explorer or Search internally and/or externally.

Solution

Please answer or gather the following for the Veritas Technical Support Engineer (TSE):

Be prepared to have a list of all names and IP addresses for all Mailbox, Client Access Servers and Enterprise Vault Servers as you may need it.

Questions

1. Have you searched the Enterprise Vault for Microsoft Exchange support page? The issue may already be documented and a solution provided.
2. Have you run and reviewed the results from the Enterprise Vault OWA Resource Tool (EVORT) to check the configuration? If not, please read 000005845 - Enterprise Vault OWA Resource Tool (EVORT) for details.
3. Does the problem appear to be on the inside or outside of the network?
4. Does is affect all OWA users or only specific users?
   • Are the affected users all at the same location, for example users in a satellite office? If you are unsure, please check this as it may be vital information.
   • If specific users are affected, please log into a MS Outlook client as a few of these users into a MS Outlook Client and gather a client trace. This will help to identify the Enterprise Vault policies applied to the affected user. The article TECH38096 - How to perform a client trace for Enterprise Vault (EV) within Outlook describes how to a trace.
      
5. Has OWA and Enterprise Vault ever worked? Has there been a recent change that may have caused the issue (for example, an upgrade of Enterprise Vault or  a new firewall installation)?
6. Is there is any network load balancing (NLB) configured on the Client Access Server? Any clustering used on the Enterprise Vault Servers? Be prepared to provide details including:
   • Is a hardware NLB device  in use or Windows NLB configured and what is the IP address of of the NLB?
   • What clustering solution is in place (Microsoft or Veritas) and what is the virtual IP address of the virtual Enterprise Vault Server?
      

Steps to take:

If the issue occurs internally or externally follow the steps below. If it occurs on both sides, perform these steps internally for now.

1. Navigate to the following installation directory on all client access servers:  \Program Files\Microsoft\Exchange Server\ClientAccess\Owa\
   This will be on the drive to which you installed Exchange.

2. Open the Web.Config file with a text editor.  
    
3. Change the following value from  <add key="EnterpriseVault_LogEnabled" value="false"/>
   to <add key="EnterpriseVault_LogEnabled" value="true"/> 
   Note: This is a temporary setting. Remember to set the value back to false once the issue is resolved.

Replicate the issue at this point by following the steps below in the exact order given

1. Gather the log file generated on whichever Exchange 2010 Client Access Servers (CAS Server) that may have processed the request. If NLB is used then this could be on any of the CAS servers, unless you were able to target one specifically.
    
   For Example https://10.0.0.200/OWA with 10.0.0.200 being a specific CAS server.
   
   The logs will be located in the folder identified by the <add key="EnterpriseVault_LogFolder" value="folder"/> in the W eb.Config file where the "value" is the folder path. ZIP this log file and forward it to the TSE or let the TSE know that no log file exists.
    

2. Gather the IIS logs from the Client Access Server and Enterprise Vault Server, ZIP them and send them to the TSE.

   • For Windows 2008  (IIS 7) and above the default log location is %SystemDrive%\inetpub\logs\LogFiles.

   • For Windows 2003 (IIS 6) the default location is %windir%\System32\LogFiles. 

3. Note the username of the account used to reproduce the failure and supply this to the TSE

4. Copy the Web.Config file from each CAS Server and ZIP them, and send them to the TSE.

If the issue only occurs externally:

1. Identify the make and model of the network firewall. 
2. Check to ensure that the necessary ports for HTTPS/SSL communications are open.
3. Examine the firewall logs for any access denials during the time you were reproducing the issue.
4. Check for any CAS proxying in your environment. If you find any, try to supply as much information as possible about which CAS Server is the request proxying through? 

Applies To

This article applies to the following versions

• Exchange 2007/2010 Client Access Servers (any supported service pack)
• Enterprise Vault 9 or above
• Windows 2003 and Windows 2008  (any supported service pack)