Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Metalogix Archive Manager for Files 8.2 - ArchiveWeb Manual

Export Tasks IIS Settings Suggestions

Export tasks such as "Export to ZIP" or "Export to PST" can be very resource consuming and can cause some issues, especially time-outs. To minimize these problems, try configuring the following settings:

 

Process Model - Idle Time-Out

Modify the Idle Time-Out setting for AWAppPool7, FilePAMAppPool and/or EPAMAppPool4 application pools in the IIS.

For example: Go to IIS -> Server Name -> Application Pools -> AWAppPool7 and click Advanced settings. Set the value to zero.

 

ExpTasks1

 

Web Sites - Session Time-Out

Export task can run several minutes or hours. During execution a session time-out can occur. This will cause the failure of the task operation.

To prevent this from happening, modify the Time-out setting for ArchiveWeb, ExchangePAMWS and/or FilePAMWebService web sites in the IIS to large enough number.

For example: Go to IIS -> Server Name -> Sites -> Default Web Site -> ArchiveWeb click on Session State

ExpTasks2

 

Please note: for ArchiveWeb web application – make sure the “sessionState” setting in web.config is synchronized with IIS’ cookie time-out. Application session time-out will expire when the IIS’ cookie time-out value is reached therefore for correct ArchiveWeb functionality the “sessionState” in web.config should be set to same or lower value.

 

Troubleshooting

This section offers solutions to most common problems users can encounter in relation to new ArchiveWeb.

IIS Error 403 Forbidden

When this error occurs after installing/updating the ArchiveWeb application it is necessary to execute the following commands from the command line to re-register the .NET Framework:

c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe –iru

c:\WINDOWS\Microsoft.NET\Framewrok\v4.0.30319\iisreset

 

 

 

 

List of default ArchiveWeb permissions

The table below lists default user’s ArchiveWeb permissions. They are managed under Roles and Permissions.


Role

Default value

Exchange

Set "Legal Hold" flag

Denied

Exchange

Show "Legal hold" flag

Denied

Exchange

Show lost data

Allowed

Exchange

Compare mailbox with archive

Allowed

Exchange

Apply tags

Allowed

Exchange

Add comments to mails

Denied

Exchange

Show comments

Denied

Exchange

Delete item

Denied

Exchange

Restore items

Denied

Exchange

Show own mailbox

Allowed

Exchange

Show shared mailbox

Allowed

Exchange

Show public folders

Allowed

 

 

 

File

Set "Legal Hold" flag

Denied

File

Show "Legal hold" flag

Denied

File

Apply tags

Allowed

File

Compare file system with archive

Denied

File

Find files without shortcut

Denied

File

Add comments to files

Denied

File

Show comments

Denied

File

Delete files

Denied

File

Restore files

Denied

File

Show file server

Allowed

 

 

 

Journaling

Access journal

Denied

 

 

 

Search

Search mails

Allowed

Search

Search files

Allowed

Search

Save search result to database

Allowed

Search

Export to mailbox

Denied

Search

Export to PST

Denied

Search

Export to ZIP

Denied

Search

Delete saved result

Allowed

 

 

 

Statistics

Mails - Show statistics

Denied

Statistics

Files - Show statistics

Denied

Statistics

Export statistics

Allowed

 

 

 

Management

Extend retention time

Denied

Management

Configure Files servers

Denied

Management

File management

Denied

Management

Manage scheduler

Denied

Management

Search servers management

Allowed

Management

Logon in ArchiveWeb

Allowed

 

 

 

Auditing

Show auditing logs

Denied

Auditing

Export auditing logs

Denied

Auditing

Apply tags

Denied

Auditing

Access all mailboxes

Denied

Auditing

Export results to ZIP

Denied

Auditing

Auditor access

Denied

 

 

 

Retention

Approve retention change requests

Denied

Retention

Create retention change request

Denied

 

Multi-factor Authentication

ArchiveWeb now supports multi-factor authentication (MFA) for O365 user accounts. Setting up MFA is a two-step process:

1.Create a new application in the Azure portal.

2.Configure ArchiveWeb with the Archive Manager configuration tool.


Create a new application in the Azure portal

ArchiveWeb requires a specific Azure site to be created that is used to return an authentication token back to the ArchiveWeb after a user is authenticated via Microsoft portal.

1.Login to your Azure Portal using your administrator credentials (https://portal.azure.com). If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Azure AD tenant that you want.

2.In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations > New registration. The App registrations page appears.

3.Click New registration. The Register an Application page appears.

mfa-010

4.Provide the information on this page as described below:

a.Name - Enter a meaningful application name that will be displayed to users of the app.. For example, Archive Manager ArchiveWeb.

b.Supported account types - Select the account type you would like your application to support that best meets your company policy.

c.Redirect URI - from the application type drop down select Web. In the URI field enter the ArchiveWeb URI where the user will be redirected after multi-factor authentication (eg. http://<serverName>/ArchiveWeb or https://<serverName>/ArchiveWeb)

5.Click Register. Azure AD assigns a unique application (client) ID to your app, and the application's Overview page opens.

mfa-020

6.From the navigation menu, click Branding. Enter the URLs that your organization may use for the different branding artifacts.

7.From the navigation menu, click Authentication and verify that the Redirect URI parameters are as expected.

mfa-030

8.From the navigation menu, click Certificates & Secrets.

9.In the Client secrets section click New client secret. the Add a client secret page opens.

mfa-040

10.Enter values as described below:

a.Description - enter a meaningful description. For example, ArchiveWeb Client Secret.

b.Expires - set the expiry term that best meets your company policy.

11.Click Add. the client secret is displayed on the Certificates & Secrets page.

info

IMPORTANT: Copy and save the client secret in a safe place. It will not be available when you navigate away from this Azure blade.

12.From the navigation menu, click API Permissions. and then click Add a permission. The Request API permissions page appears.

13.From the Microsoft APIs category, scroll down to the Supported legacy APIs section and select Azure Active Directory Graph.

mfa-060

14.From the Request API permissions page for Azure Active Directory Graph that appears, select Delegated permissions.

mfa-070

15.Click Add permission.

16.From the navigation menu, click Expose an API.

17.In the Scopes defined section, click Add a scope. The Add a scope page open.

mfa-080

18.Microsoft Azure generates an Application ID URI automatically. It is a globally unique URI used to identify this web API. It is the prefix for scopes and in access tokens,and is also referred to as an identifier URI. You can keep this value or specify a unique value in the same format.

info

IMPORTANT: Copy and save this value in a safe place.

19.Click Save and continue. The

mfa-090

20.Click Add scope to complete the registration.


Configure ArchiveWeb with the Archive Manager configuration tool

1.Open the Archive Manager Configuration Tool from C:\Program Files (x86)\Common Files\PAM\PAMConfig\PamConfig.exe

2.From the sidebar, click ArchiveWeb.

3.Click the ArchiveWeb tab. The ArchiveWeb Configuration page appears.

mfa-100

4.Select the Use Multi-factor Authentication check box to enable the fields in the Multi-factor authentication Configuration window.

5.Click the Multi-factor authentication tab. The Multi-factor authentication Configuration window appears.

mfa-110

6.Enter the field values as described below:

a.Organization Name in Office365 - enter the name of your O365 organization URL. For example, democorp.onmicrosoft.com

b.Client ID - enter the Client Id that you saved from the Azure application registration steps.

c.Client Secret - enter the Client Secret that you saved from the Azure application registration steps.

7.Click Apply.

info

IMPORTANT:

Whether at least one user in an organization has MFA set, the Organization, Client ID and Client Secret should be set in Multi-factor authentication tab as a readiness exercise.

If only a few users in your organization have MFA enabled, the Use Multi-factor Authentication check box should stay unchecked. The settings in the Multi-factor authentication tab will persist when the Use Multi-factor Authentication check box is unchecked. The users who have MFA enabled will be prompted to enter the credentials (user email and password) and then they will be redirected to the Microsoft site where the user has to authenticate again. After a successful authentication by Microsoft, the user will be redirected back to ArchiveWeb.

When all users accounts in an organization have MFA enabled, the Use Multi-factor Authentication check box can be selected. This will force ArchiveWeb to use multi-factor authentication for all users that log in to ArchiveWeb. Users will be prompted to enter only the login email address and they will be redirected to the Microsoft login form to finish the login process.

Documents connexes