How to configure Enterprise Vault (EV) integration with Outlook Anywhere using Internet Security and Acceleration (ISA) Server 2006

Article: 100018731
Last Published: 2021-08-04
Ratings: 0 0
Product(s): Enterprise Vault

Problem

Note: This document assumes that Outlook Anywhere has already been published through ISA 2006.

Configuring Enterprise Vault integration with Outlook Anywhere and ISA 2006 requires the Enterprise Vault web application be published through ISA.  It also requires setting appropriate policy settings in Enterprise Vault. 

Solution

Configure ISA server to publish the EV web application:

1. Create a new website publishing rule using the New Web Publishing Rule Wizard. Make the rule name Enterprise Vault. Click Next.

2. Set the rule action to Allow and click Next.

3. Select the "Publish a single web site or load balancer" option and click Next.

4. If Enterprise Vault is configured to use HTTPS for its Web Access components, choose "Use SSL to connect to the published web server or web server farm." Otherwise, choose "Use non-secured connections to connect to the published web server or server farm." (The latter is the default and more common configuration.) Click Next (Figure 1).

Figure 1
 

5. In the "Internal site name" field, type the Enterprise Vault server name that internal clients use to access Enterprise Vault and click Next. (Figure 2)

Figure 2
 

6. In the Path (optional) field, type EnterpriseVault/* and click Next. (Figure 3)

Figure 3
 

7. In the "Accept requests for:" field, choose This domain name (type below). For the public name, type in the external host name that outside users use to access Outlook Anywhere and click Next.  (Figure 4)

Figure 4
 

8. On the next screen, select the web listener used for Outlook Anywhere.

9. For the authentication delegation screen, choose NTLM authentication and click Next. (Figure 5)

Figure 5
 

10. Leave the default setting for the user sets screen. The default should be "All Authenticated Users". Click Next and then Finish.
 
OWA Publishing Rule
 
1. Create an OWA publishing rule using the Firewall Policy, "Exchange Web Client Access publishing Rule."
 
2. Write down all the settings for OWA because they will be needed to re-create the OWA publishing rule using a regular, "Web Site Publishing Rule."  Create the regular OWA publishing rule.
 
Below will list the two publishing rules:
 
 

 
3. Open the Exchange OWA publishing rule and go to the Link Translation tab and select " Apply link translation to this rule." Click the Configure button to Continue.
 
 

 
4. The following Link Translation Mappings will need to be created:
 
 
Replace With
https://server_name https://webmail.server_name.domain.com
https://server_name.domain.com https://webmail.server_name.domain.com
https://server_name https://webmail.server_name.domain.com
https://server_name.domain.com https://webmail.server_name.domain.com

Note that the https://webmail.server_name.domain.com entries should be the published external address.



 

How does this work?
 
User A connects to OWA using webmail.domain.com. User A will attempt to access Enterprise Vault. Because User A is connected to OWA, they should use the webmail.domain.com name. ISA will create a link translation rule so when the user tries to access the Enterprise Vault rule, they will use the webmail.domain.com name instead. But because ISA has the Enterprise Vault publishing rule, ISA knows how to proxy those requests to Enterprise Vault. The reason we created the Public Name as webmail.domain.com for the Enterprise Vault rule is because this rule uses the listener for Exchange which contains a certificate that does not include the certificate that contains the server_name.domain.com name. It does contain the webmail.domain.com name though.
 


Configure the Enterprise Vault policy:

1. Open the Vault Admin Console and navigate to Policies -> Exchange -> Mailbox and open the mailbox policy that applies to the Outlook Anywhere users.

2. Go into the Advanced tab and choose "Outlook" from the "List settings from" drop down box.

3. Set RPC over HTTP connection to "Use proxy".

4. Set RPC over HTTP proxy URL to the external host name that users use to access Outlook Anywhere followed by /EnterpriseVault. (Figure 6)

Figure 6
 

5. Once the policy settings are set, synchronize all mailboxes.

Note:  The "view the original item" link embedded in customized (universal) shortcuts may not work because the link will contain the Enterprise Vault server's internal name.  Double-clicking on the shortcut will retrieve the item.
 
 

 

Was this content helpful?