Hi!
I have a question about how things should work...
Environment: exchange 2013 CU8, EV 11.0.1 CHF1/outlook 2013 SP1 (32bit).
The VSA’s requirements in Exchange
- The VSA requires full access to all mailboxes and public folders
This has been done by running the provided script from the installation package.
Now in Exchange it shows that the VSA account has full access rights to my test account.
In EV (yes the synchronization has been run, not a new environment) permission tab in my test accounts archives permission shows no other accounts but the test account and permission browser too - is this how it should be? Or should the VSA account be shown there as well??
I tried to open archived message through owa 2013 - it said that the operation failed and in EV servers event log has event: 3424
The User Domain\VSA' attempted to restore an item into mailbox 'Test User'. The request has failed because the user does not have full mailbox access or administrator rights to this mailbox.
I asked the exchange admin to check that it indeed showed the full access right and the inheriting had not been disabled etc. Everything looked as it should from the exchange point of view.
The exchange admin then using management shell removed the VSA full access permissions and put them back. I synchronized the archive permissions and now it shows the VSA account both as inherited rights in the permission tab of the archive properties and in the permission browser view.
Also now opening an archived item in owa 2013 works fine!
So I ask how should those permissions be? Should the VSA have visible inherited permissions on the EV side as well and the provided permission script just doesn't do things correctly or what's the problem? All I know that now that the VSA has them now the owa part works too...
Sani B