Comments
9 comments
-
We could do but we wanted to imitate the default setting of Exchange. That is that administrators don't have rights to view anybodies e-mail by default.
I could imagine that you may in a compliance situation need to delegate this authority to non-administrator type users. And really that's it's main purpose.
What do you think? -
Robert,
that's a good reason. And I agree with that.
But when the UAA is being setup and the ESA admin console tries to connect, an authentication window pops up. No admin, service account or user can log on. Which user account would be the best to set up the UAA correctly?
I cannot connect the UAA service. -
Do you mean that the Admin Console asks for a login? Or that when you go to the UAA Service website you are asked for a login.
If the former. Is the UAA Service installed on a computer in the domain (it should be). If so ensure that Windows Authentication is turned on for the virtual directory.
If the latter - the admin@mydomain.com login should work.
Can you tell me a little about where the various services are installed? -
When I try to register an UAA service for the selected Exchange server an authentication is required. I cannot register the UAA even with a domain admin account.
The ESA has been installed on the Exchange Server itself (MB, HUB, CAS roles), but in a separate website. The ESA setup has created a new website without host headers but with port 8080.
But:
I just checked the the IIS settings. Windows Authentication had been enabled on the virtual directory itself, but not in the parent website. The parent website had anonymous enabled only. I've change the settings to Windows Authentication. After changing the setting in the root, the registration of the UAA was successful.
Thanks -
That's the second time we've seen that issue of windows authentication not being turned on the parent website. Was this a website you created yourself or did you let the installer create it.
If the former we'll need documentation.
If the latter we'll need to ensure we set the appropriate authentication - if we can.
Thanks -
The website has been created using the Maintenance -> Install New Service -> User Archive Access Service option.
The installer asks for an host header, but the website is being setup without the host header entry, listeining on any IP address on port 8080
The proposed new website site name shouldn't be "Default Web Site". A standard IIS setup does contain a "Default Web Site". I would recommend to propose an application specific name (e.g. "Red Gate ESA").
I've uninstalled the UAA using Add/Remove Programs and the website has been deleted from IIS correctly. After installing a new UAA in a separate website the Windows Integrated Authentication in the root is disabled. After activating the Windows Integrated authentication, the UAA service could be registered successfully. -
Can I ask which OS you were installing the UAA Service on?
We've seen this on IIS 7. -
The ESA has been installed on Windows Server 2003 R2 64bit EN with IIS6.
-
Thanks we'll raise a bug and look into it.
Add comment
Please sign in to leave a comment.
shouldn't the AdminSecurityGroup of the UAA web application be preset with the local administrators group of the server?
I would prefer, that the UAA installer asks for a dedicated administrator group name to be added to the web.config's application settings.
Cheers,
Thomas