This occurs when the 'IP Address and Domain Restriction' setting is written to a local web.config file in the physical directory of the webapp (c:\Program Files(x86)\Enterprise Vault\WebApp\), which is shared between the 'EVAnon' and 'EnterpriseVault' virtual directories. Most commonly this occurs during troubleshooting of 403 errors with the OWA extensions, when an administrator adds a new IP Address to the exceptions list manually in IIS Manager, rather than using the ExchangeServers.txt list and the Owauser.wsf script.

Setting the 'Enterprise Vault' virtual directory back to 'Revert To Parent' should resolve the errant IP Address(es):

To add a new IP Address to the 'Allow' list of the 'EVAnon' virtual directory, add the IP Address to the 'ExchangeServer.txt' file and re-run the 'EVOWAUser.wsf' script.

Applies To

This problem affects Enterprise Vault installations running on IIS 7.0 and above.

1. Both virtual directories are set to Allow:
   • EnterpriseVault is accessible and EVAnon is accessible (for OWA retrievals) but less secure than designed.
2. Both virtual directories are set to Deny:
   • EVAnon is accessible (for OWA retrievals) and secure, but EnterpriseVault is inaccessible, causing many EV functions to fail.