How To Install Symantec Enterprise Vault 8.0 For Exchange 2007 on Windows 2008

Prerequisites

Operating system components

Install Windows with the following options and components:

  • Microsoft Message Queuing (MSMQ) services.
  • Additional DNS alias for the Arc Server
  • NET Framework 2.0.
  • Internet Information Services (IIS) 6.0 or later.
  • IIS Hotfix – http://support.microsoft.com/kb/949516 Before running Windows Update
  • MSXML.

Pre Required Programs

  • SQL Server Software.
  • Microsoft Office Outlook 2003.

Pre-installation tasks for Enterprise Vault server

  • Creating the Vault Service account
  • Creating a SQL login
  • Creating Enterprise Vault DNS aliases
  • Turning off or reconfiguring Windows Firewall in Windows Server 2008 or opening port 135 for DCOM component.

Additional requirements for Exchange Server archiving

  • Assigning permissions on Microsoft Exchange Server
  • Assigning the permissions at Organization or Administrative Group level
  • Assigning permission for managed folder synchronization in Exchange Server 2007
  • Create an Outlook profile on the Enterprise Vault server computer
  • Connecting to Exchange Server 2007
  • Prerequisites for Outlook Add-Ins
  • Prerequisites for OWA

Deploying Prerequisites

Operating system components

Installing MSMQ

Enterprise Vault tasks use MSMQ to communicate with the Storage service. If you want to install Enterprise Vault services on more than one computer in the network, you must configure MSMQ on each computer.

To install MSMQ on Windows Server 2008

  • Start Server Manager.
  • Click Features in the left pane.
  • Click Add Features in the right pane.
  • When the Add Features wizard starts, click Message Queuing, and then click next.
Note: The only MSMQ feature that Enterprise Vault requires is Message Queuing Server.
  • Click Install.
  • Follow the remaining instructions in the wizard.
  • Remove /3GB switch in boot.ini if you have.
  • Modify following registry key(if doesn’t exist, add it manually):

HKEY_LOCAL_MACHINESystemCurrentControlSetControlSession ManagerMemory ManagementPoolUsageMaximum = 60

HKEY_LOCAL_MACHINESoftwareMicrosoftMSMQParametersKernelMemThreshold (DWORD) = 95 (0x5F)

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory ManagementPagedPoolSize (DWORD) = 0xFFFFFFFF

  • Restart the machine to release the paged pool.

Installing Internet Information Services (IIS)

You need to install IIS 6.0 or later on each Enterprise Vault server. In IIS, you can configure the level of isolation for particular Web applications. For shopping baskets in the Enterprise Vault Web access application to be created correctly, the application needs to run under the predefined Local System account. The configuration wizard will automatically set the correct isolation and account settings. You do not need to configure this. If you have IIS 6.0 or later installed, the configuration wizard will create a new Application Pool "EnterpriseVaultAppPool" for the Web access application and assign the Local System account to that pool. Enterprise Vault prerequisites for IIS on Windows Server 2008 In Windows Server 2008, if you use the Add Roles Wizard to install IIS, you will get The default installation, which has a minimum set of role services.

Enterprise Vault requires the following IIS-related roles services as a minimum:

Web Server Common HTTP

Features Static Content

Default Document

Directory Browsing

HTTP Errors

HTTP Redirection

Application

Development ASP.NET

.NET Extensibility

ASP

ISAPI Extensions

ISAPI Filters

Health and

Diagnostics HTTP Logging

Logging Tools

Request Monitor

Tracing

Security Basic Authentication

Windows Authentication

Request Filtering

IP and Domain Restrictions

Performance Static Content Compression (recommended for performance but not mandatory)

Management Tools IIS Management Console

IIS Management Scripts and Tools

Management Service

IIS 6 Management IIS 6 Metabase Compatibility

Compatibility IIS 6 WMI Compatibility

IIS 6 Scripting Tools

IIS 6 Management Console

MSXML

All Enterprise Vault server computers require MSXML. This is installed automatically with Internet Explorer 6.0 and later.

Windows Power Shell

Windows Power Shell is a Windows command-line shell that is designed for system Administrators. Power Shell includes native binary commands called cmdlets. Some Enterprise Vault administration tasks are managed using additional cmdlets that are provided in a Power Shell snap-in. To use these Enterprise Vault cmdlets, you must install Power Shell.

To run Power Shell and load the Enterprise Vault snap-in, click Start > Programs

> Enterprise Vault > Enterprise Vault Management Shell.

The Enterprise Vault Power Shell snap-in is 32-bit and you must run it with the 32-bit version of Power Shell even on 64-bit servers. The Enterprise Vault Management Shell shortcut runs the 32-bit version of Power Shell automatically. However, if you run Enterprise Vault cmdlets directly from external scripts such as backup scripts, you must ensure that you call the 32-bit version of Power Shell.

To install Power Shell on Windows Server 2008

  • Start Server Manager.
  • Click Features in the left pane.
  • Click Add Features in the right pane.
  • When the Add Features wizard starts, click Power Shell, and then click Next.
  • Click Install.
  • Follow the remaining instructions in the wizard.

SQL server software

Enterprise Vault supports both SQL Server 2000 and 2005. Both Windows Authentication mode and with Mixed Mode Authentication are supported.

The SQL installation must be case-insensitive, as case-sensitive SQL installations are not supported. Note that if both Enterprise Vault and SQL Server are installed on the same Windows Server 2008 it required SQL Server 2005 SP2 or later.

Microsoft Data Access Components (MDAC)

To enable access to the SQL databases, MDAC 2.6 or later must be installed on Enterprise Vault servers. A suitable version is installed automatically on Windows Server 2008 (which changes the name of MDAC to Windows Data Access Component or Windows DAC).

Pre-installation tasks for Enterprise Vault server

Creating the Vault Service account

The Vault Service account is used by Enterprise Vault processes to access the Windows server operating system. The account is shared by all the Enterprise Vault computers in the Enterprise Vault directory. If you are managing multiple Enterprise Vault sites, you can use the same Vault Service account for more than one Enterprise Vault site. The Vault Service account must be a domain-based Windows security account that belongs to the local Administrators group on all computers in the Enterprise Vault directory. The account password must not be blank. We recommend that you do not make this account a Domain Administrator. It is better to assign required permissions explicitly. This section describes the basic permissions that you need to set for this account. Different types of archiving require additional permissions for the Vault Service account. For details of these, see the section on the type of archiving that you are implementing. If possible, create the account so that it is in the same domain as the Enterprise Vault computers. If it is necessary for the Vault Service account and the Enterprise Vault computers to be in different domains, create the account so that it is in a domain that is trusted by the Enterprise Vault computers domain. Ensure that the Microsoft Message Queue security has been set up to grant the Administrators group access to the Enterprise Vault queues. At the time the configuration wizard runs, the Vault Service account must have access to administrative shares on the SQL Server computer. One way to enable this is to make the Vault Service account a local administrator on the SQL Server computer. After the Configuration wizard has been run you can remove this access, if required during configuration, you are asked to provide the name and password of the Vault Service account. Enterprise Vault automatically grants the account the following advanced user rights:

  • Log On As a Service
  • Act As Part Of The Operating System
  • Debug programs
  • Replace a process-level token

Note that it may take some time for the Vault Service account to be registered in the Active Directory for the computer that is going to run Enterprise Vault. The account cannot be used until the registration is complete. You are recommended to be logged in to the Vault Service account when you install Enterprise Vault. You must be logged in to the Vault Service account when you run the Enterprise Vault configuration wizard.

To create the Vault Service account

  • On the domain controller, click Start > Programs > Administrative Tools > Active Directory Users and Computers.
  • In the left-hand pane of Active Directory Users and Computers, double-click the Domain container.
  • Double-click the Users container.
  • On the Action menu, click New and then User. The New Object-User screen is displayed.
  • Complete the New Object – User screen and click next. The next screen asks for password details.
  • Enter a password and confirm it. You must set a password; the Vault Service account password cannot be blank.
  • Select Password never expires, check box.
  • Leave the remaining check boxes clear:
  • User must change password at logon
  • User cannot change password
  • Account is disabled
  • Click Next to move to the mailbox server screen.
  • Complete the details and click Next to move to the summary screen.
  • Click Finish to create the new user.

To add the new Vault Service account to the local Administrators group

  • Log on to the Enterprise Vault computer as Administrator.
  • In Control Panel, open Administrative Tools and start the Computer Management console.
  • Expand System Tools and then Local Users and Groups.
  • Select Groups, and then double-click the Administrators group in the right-hand pane.
  • Use Add to add the Vault Service account to this group.
  • Click OK.
  • Repeat these steps on each computer which will have Enterprise Vault installed.

Creating a SQL login

The Vault Service account must have a SQL login account, with Database Creators permission, for the SQL Server

To create a SQL login account in SQL 2005

  • Start SQL Server Management Studio.
  • In the tree, select Security>Logins.
  • Right-click Logins and select New Login.
  • Either type in the Vault Service account as domainusername or click Search and search for the account. In the search dialog, ensure that the correct domain is entered in the Locations box.
  • Select Windows authentication.
  • In the tree, click Server roles.
  • Select the checkbox beside DBcreator.
  • Click OK.
  • You can check that the Vault Service account has the required permissions as follows:
  • In the tree, select Security>Server Roles.
  • In the right-hand pane, double-click the DBcreator role.
  • The Vault Service account should be displayed in the membership list.

Creating Enterprise Vault DNS aliases

It is good practice to create a DNS alias for each Enterprise Vault server computer. You are asked to enter the unqualified alias, for example evserver1, when you run the Enterprise Vault Configuration wizard. When you configure Enterprise Vault on the first computer in a site, Enterprise Vault automatically creates a vault site alias using the DNS alias entered for that computer. The vault site alias is used by the Enterprise Vault software to refer to the Enterprise Vault site. The DNS alias must not contain special characters; as defined in RFC-1034, only the following characters are permitted: [a-z], [A-Z], [0-9] hyphen (-) and period (.). The last character must not be either hyphen (-) and period (.). Using an unqualified DNS alias allows future flexibility if you change the computer that is running the Enterprise Vault services.

Turning off or reconfiguring Windows Firewall in Windows Server 2008

In Windows Server 2008, Windows Firewall is enabled by default. This prevents Distributed COM (DCOM) from working and therefore, because Enterprise Vault requires DCOM, you must either turn off Windows Firewall or configure it appropriately. For guidelines on how to use DCOM with firewalls, see the following article:

http://msdn2.microsoft.com/en-us/library/ms809327.aspx

Additional requirements for Exchange Server archiving

Assigning permissions on Microsoft Exchange Server

The Vault Service account needs to be able to access mailboxes on the Exchange Servers that Enterprise Vault is to archive. You need to grant permissions explicitly on each Exchange Server, as described in this section. If you later add another Exchange Server, you need to repeat the procedure on the new server to enable mailbox access for the Vault Service account. You must have Exchange administration permissions to do the following tasks.

On Microsoft Exchange Server 2007:

  • On Exchange Server 2007 with Mailbox Role installed, run adsiedit.msc to configure the permissions for the Vault Service account in Active Directory; adsiedit.msc is included in Windows support tools.
  • Expand the tree as follows:

Configuration[yourdomain]/CN=Configuration,[yourdomain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchangeorganization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)/CN=Servers.

  • For each server object representing an Exchange Server 2007 with Mailbox Role installed, do the following:
  • Right-click the object and select Properties.
  • Click the Security tab.
  • Add the Vault Service account and grant this account Full Control.
  • Click Apply.
  • Click Advanced
  • For the permission entry for the Vault Service account:

Select the permission entry and click edit…. Change Apply onto to this object and all child objects.

  • Click OK.
  • Click OK to close the Advanced Security Settings window.
  • Click OK and close the Properties window.
  • You must also grant the Vault Service account Send As permission on the Enterprise Vault system mailbox object (and all child objects).
  • In adsiedit.msc click Domain [your domain].
  • Locate the mailbox that you created for the Enterprise Vault system mailbox. This is usually under CN=Users.
  • Right-click the object and select Properties.
  • Click the Security tab.
  • Add the Vault Service account and then add Send as permissions to this account.
  • Click Apply.
  • Click OK and close the Properties window.
  • Close adsiedit.msc.

Assigning the permissions at Organization or Administrative Group level

If required, you can add the permissions at the Organization or Administrative Group level in the Exchange hierarchy. This will enable the permissions to be propagated automatically to any new Exchange Servers added below the level at which the permissions are assigned.

To assign the permissions at Organization or Administrative Group level:

To assign permissions at Exchange Organization level, expand the tree in adsiedit.msc as follows:

Configuration[yourdomain]/CN=Configuration,[yourdomain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchangeorganization]

To assign permissions at Administrative Group level, expand the tree as follows:

Configuration[yourdomain]/CN=Configuration,[yourdomain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchangeorganization]/CN=Administrative Groups/CN=Exchange AdministrativeGroup(FYDIBOHF23SPDLT)

  • Right-click the object and select Properties.
  • Click the Security tab.
  • Add the Vault Service account and grant this account Full Control.
  • Click Apply.
  • Click Advanced.
  • For the permission entry for the Vault Service account:
  • Select the permission entry and click edit….
  • Change Apply onto to this object and all child objects.
  • Click OK to exit the Edit window.
  • Click OK to close the Advanced Security Settings window.
  • Click OK and close the Properties window.
  • Close adsiedit.msc.

Assigning permission for managed folder synchronization in Exchange Server 2007

The Exchange Provisioning task performs synchronization of managed content settings in Exchange managed folders from Exchange Server 2007 to Enterprise Vault. To enable the task to synchronize settings, the Exchange View-Only Administrator role must be assigned to the Vault Service account. For information about archiving from Exchange managed folders, see the Administrator’s Guide. To assign the Exchange View-Only Administrator role to the Vault Service account:

  • Open the Exchange Management Console.
  • If necessary, expand the tree so that Organization Configuration is visible.
  • Right-click Organization Configuration and select Add Exchange Administrator.
  • On the Add Exchange Administrator page, select the name of the Vault Service account.
  • Select Exchange View-Only Administrator role.
  • Click Add.
  • On the Completion page, click Finish.

Connecting to Exchange Server 2007

If the target server is Exchange Server 2007, it must have a Public Folder store created to enable connections from versions of Outlook earlier than Outlook 2007. If you selected the option to support older clients when you installed Exchange Server 2007, a Public Folder store will have been created automatically. If a Public Folder store does not exist on the target Exchange Server 2007, you must create one manually to enable Outlook 2003 on the Enterprise Vault server to connect to the Exchange Server.

To create a Public Folder store manually:

  • On the Exchange Server, open the Exchange Management Shell.
  • Type the following command:

new-publicfolderdatabase -Name "Public Folders" -StorageGroup "First Storage Group" -EdbFilePath "C:ProgramFilesMicrosoftExchangeServerMailboxFirst Storage GroupPublicFolders.edb"

  • Type the following command to mount the Public Folder database:

mount-database -Identity "Public Folders"

  • You may need to create an Offline Address Book with Public Folder integration enabled if you are using clients prior to Outlook 2007.

Prerequisites for Outlook Add-Ins

Enterprise Vault Outlook Add-Ins provides Enterprise Vault user functionality to Outlook users. From within Outlook, users can archive items manually, and view, copy and delete archived items. Outlook users can also start Archive Explorer and Enterprise Vault Search, within Outlook, to access and manage items stored in archives.

The following Enterprise Vault Add-Ins is available:

  • Outlook Add-In
  • HTTP-only Outlook Add-In

Before users can send items to an archive from within their Outlook client, one of the Outlook Add-Ins must be installed on their computers. Install the Outlook Add-In on user computers after you have configured the Enterprise Vault server. For any of the Add-Ins, user computers must have the following:

  • Operating system – Windows XP (with Service Pack 2 or later) or Windows Vista (with Service Pack 1 or later). (Currently only 32-bit versions of these operating systems are supported).
  • Internet Explorer 6.0 or later, with Java Scripting enabled. This must be installed, even if it is not used.
  • TCP/IP protocol.
  • Mail client – Outlook 2003 or Outlook 2007. Install Internet Explorer before you install the mail client.
  • If you plan to enable vault cache, Background Intelligent Transfer Service (BITS) 2.0 or later must be installed and enabled on users’ computers. This service is used by Microsoft Windows Update and is included in Windows XP Service Pack 2 and Windows Vista. If necessary, it can be downloaded from the Microsoft website.
  • If you plan to enable vault cache, and have disabled the expansion of PST files on users’ computers by setting the registry entry, PstDisableGrow, then you need to request and install the following Outlook hotfix from Microsoft.
  • For Outlook 2003:

http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=953671&kbln=en-us

  • For Outlook 2007:

http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=953925&kbln=en-us

You will also need to configure the registry setting, PSTDisableGrowAllowAuthenticodeOverrides on users’ computers, as described in the chapter on vault cache in the Setting up Exchange Server Archiving manual.

  • If you plan to enable the Windows Desktop Search plug-in, then Windows Desktop Search 3.x or later must be installed on the target desktop computers. The Windows Desktop Search plug-in requires Outlook 2007 or Outlook 2003 and Enterprise Vault 7.0 or later, Outlook Add-In or HTTP-only Outlook Add-In installed on the desktop computers. You can download Windows Desktop Search from the following address: http://www.microsoft.com/windows/desktopsearch/downloads/default.mspx

Prerequisites for OWA

You can configure OWA access to Enterprise Vault after you have set up your Enterprise Vault server for Exchange Server archiving. The instructions for configuring OWA access to Enterprise Vault assume that you have already configured OWA on Exchange Servers.

To provide OWA 2007 access, install the Enterprise Vault OWA 2007 Extensions on Exchange Server 2007 with Client Access Server (CAS) role installed. The following are additional requirements for accessing Enterprise Vault from

OWA clients:

  • If you are running Enterprise Vault on Windows Server 2008, then the following Role Services must be installed for the Web Server (IIS):
  • IIS Management Scripts and Tools
  • IIS 6 Management Compatibility
  • IP and Domain Restrictions

In addition, the option IPv4 Address and Domain Restrictions in Feature Delegation must be set to Read/Write. To find this option, open Internet

Information Services (IIS) Manager and click the server object in the navigation pane. Open Feature Delegation and IPv4 Address and Domain Restrictions is included in the listed options.

  • When using the Enterprise VaultOWA2007 Extensions, if the mailboxes being accessed are located on a server which is separate from the CAS computer, and users are authenticated to OWA using Integrated Windows Authentication (IWA), then it is necessary to configure constrained delegation. Configuring constrained delegation requires a domain functional level of Windows Server 2003 or later. For more information about domain functional levels, see "Domain and forest functionality" in the Help and Support Center for Windows Server 2003. Instructions on how to set up constrained delegation are given in the manual Setting up Exchange Server Archiving.
  • MSXML is required on Exchange OWA servers (with the exception of front-end OWA 2000 servers). This is installed automatically with Internet Explorer 6.0 and later. If you are using an earlier version of Internet Explorer, you may need to install MSXML. This is available from a link in the folder, Links to related software, on the Enterprise Vault media.
  • On user desktops, Internet Explorer 6.0 or later is required to support the full functionality available OWA 2007 clients.

Installing Symantec Enterprise Vault

Installing and running deployment scanner

  • Go to Installation MediaSymantec Enterprise Vault 8.0 SP1Deployment Scanner
  • Double click the Deployment Scanner Installation and Fallow Installation instructions

  • When the Deployment Scanner tool Opens click next

  • Enter the Exchange Server FQDN click add and then click next

  • Click next

  • View the result Page and make sure that they are no error, in case of an error fallow Deployment Scanner Tool Instructions.

Installing Symantec Enterprise Vault Role

  • Go to Installation MediaSymantec Enterprise Vault 8.0 SP1Server and duble click setup.exe, when the wizard starts fallow installation instructions.
  • Click browse and select the License File You get from Symantec.
  • After the services will restarts you will prompt to restart the server press yes.

Configuring Symantec enterprise vault with configuration wizard

  • Click start -> Programs -> enterprise vault -> enterprise vault configuration wizard and Fallow Installation instructions.
  • Enter the User account we created for the enterprise vault
  • Enter the additional alias we created before.
  • Click Finish

Congratulation you have a new EV Server installed and now all you have to do is

About these ads

About Zahir Hussain Shah

Systems Infrastructure Consultant, Systems Solution Architect, Senior Systems Engineer. Certifications: MCSE, MCTIP Entperprise Administrat

Posted on 18/08/2010, in Windows Server 2008 R2. Bookmark the permalink. 5 Comments.

  1. I take pleasure in, lead to I found exactly what I was having a look for.
    You have ended my four day lengthy hunt! God Bless you man.
    Have a great day. Bye

  2. I read this post completely regarding the comparison of newest and preceding technologies, it’s amazing article.

  3. Pretty section of content. I just stumbled upon your weblog and
    in accession capital to assert that I get in fact
    enjoyed account your blog posts. Any way I will be subscribing to your
    augment and even I achievement you access consistently rapidly.

  4. Thank you for sharing your thoughts. I really appreciate your efforts and I will be waiting for your next post thank you once again.

  1. Pingback: In the memories of Year 2010 « Zahir Hussain Shah's

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 362 other followers

%d bloggers like this: