Email Archiving Administrator Guide

Email Archiving Administrator Guide

RESTRICTION ON USE, PUBLICATION, OR DISCLOSURE OF PROPRIETARY INFORMATION Copyright 2012 McAfee, Inc. This document contains information that is proprietary and confidential to McAfee. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise) without prior written permission from McAfee. All copies of this document are the sole property of McAfee and must be returned promptly upon request. McAfee McAfee, Inc. 9781 South Meridian Blvd., Suite 400 Englewood, CO 80112 USA 1.877.695.6442 Web Site support.mcafeesaas.com 6.13.0 rev A 2

Contents Preface...................................................................................... 6 About this guide........................................................................... 6 Audience.......................................................................... 6 Conventions........................................................................ 6 What's in this guide................................................................. 7 Finding product documentation............................................................... 7 Email Archiving............................................................................. 8 Managing the Email Archive............................................................... 9 Email Archiving tabs........................................................................ 9 Setup Information and Resources............................................................ 10 Creating and Managing Mail Sources................................................... 11 Set Up Mail Source Connectivity............................................................. 11 Configure Mail Source Alerts................................................................ 14 Upgrade or Replace a Mail Server............................................................ 16 Archiving Historical Messages........................................................... 17 Set Up Your Mail Server for Archiving Historical Messages........................................ 18 Set Up a Historical Mail Source.............................................................. 19 Archive Messages from Multiple Historical Mail Sources........................................... 19 Archive Historical Messages that include Different Format Types................................... 20 Searching the Archive.................................................................... 21 Search Rules and Guidelines................................................................ 21 Archived Messages tab..................................................................... 25 Results panel...................................................................... 26 Message Expiration and Legal Hold Summary.................................................. 28 Using Simple Search...................................................................... 30 Find Emails Using Simple Search............................................................. 30 Using Advanced Search.................................................................. 32 Find Emails Using Advanced Search.......................................................... 32 Rules for Special Characters in a Header Search................................................ 34 3

Contents Using Archive ID Search................................................................. 35 Find Emails Using Archive ID Search.......................................................... 35 Viewing an Archived Email............................................................... 36 View a Message........................................................................... 36 Saving Searches for Reuse............................................................... 37 Save a Search............................................................................ 37 Run a Saved Search....................................................................... 37 Purging messages........................................................................ 39 Purge messages.......................................................................... 39 Archive Compliance Officer role details........................................................ 40 Exporting Messages...................................................................... 41 Zip file guidelines......................................................................... 41 Viewing.eml files......................................................................... 41 Export Messages.......................................................................... 42 Managing Legal Hold..................................................................... 44 How Legal Hold works..................................................................... 44 Enable Legal Hold......................................................................... 44 Disable Legal Hold........................................................................ 45 Generating Reports....................................................................... 46 Run a Report............................................................................. 46 Filter a Report............................................................................ 47 View Report Details........................................................................ 47 Download a Report........................................................................ 47 Download the Archive Add-in........................................................... 49 Troubleshooting........................................................................... 50 Troubleshooting connectivity errors........................................................... 50 Common Error Messages................................................................... 53 Issues with Exchange Server Journal Mailbox................................................... 55 Issues with Historical Mail Sources........................................................... 56 A known limitation in Exchange 2003 affects Historical Data...................................... 56 Frequently asked questions............................................................. 58 Glossary.................................................................................... 62 Active Mail Source......................................................................... 62 Archive.................................................................................. 62 Archive Compliance Officer.................................................................. 62 Archive Retention Length................................................................... 62 4

Contents Archived Messages........................................................................ 62 Associated Messages...................................................................... 62 Authentication............................................................................ 62 Connection Security....................................................................... 63 Connectivity.............................................................................. 63 Historical Data Storage..................................................................... 63 Historical Limit............................................................................ 63 Historical Messages........................................................................ 63 Ingest................................................................................... 63 Journal Mailbox........................................................................... 63 Journal Queue............................................................................ 63 Legal Hold............................................................................... 63 Mailbox Username......................................................................... 64 Mail Source.............................................................................. 64 Message Format.......................................................................... 64 Messages................................................................................ 64 Msgs.................................................................................... 64 Nickname................................................................................ 64 Poll..................................................................................... 64 Port.................................................................................... 64 Protocol................................................................................. 64 Purge................................................................................... 65 Queue.................................................................................. 65 Quiet Period.............................................................................. 65 Retention................................................................................ 65 Server Name............................................................................. 65 Status................................................................................... 65 Unassociated Messages.................................................................... 65 5

Preface This guide provides the information you need to configure, use, and maintain your McAfee product. About this guide Finding product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Preface Audience Conventions What's in this guide Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who configure and manage specific features of a service, including: Customer Administrators Archiving Compliance Officers About this guide Conventions This guide uses the following typographical conventions and icons. Book title Title of a book, chapter, or topic. Code examples and screen text. Code and Screen text 6

Preface Finding product documentation User inteface Hypertext blue File paths and urls NOTE: CAUTION: Words in the user interface including options, menus, buttons, and dialog boxes. A live link to a topic or to a website. The path of a folder or a hyperlink. Additional information, suggestions and recommendations. Valuable advice to protect your computer system, software installation, network, business, or data. About this guide What's in this guide This guide is organized to help you find the information you need. It's divided into chapters that group relevant infomation together by feature and associated tasks, so you can go directly to the topic you need to successfully accomplish your goals. About this guide Finding product documentation McAfee provides the information you need during each phase of product implementation, from setup to using and troubleshooting. After a product is released, information about the release is added to the McAfee SaaS Email and Web Security Support site. Task 1 Go to the McAfee SaaS Email and Web Security Support page at http://support.mcafeesaas.com 2 Under Knowledge Base, click Reference Materials. 3 Under Reference Materials, scroll down to access the information that you need: Service Enhancements and Release Notes Training Materials Service Reference Guides Preface 7

Email Archiving Email Archiving is a cloud-based service that automatically archives your email to a secure centralized location. Additionally, Email Archiving allows you to search your archived email so you can quickly locate and retrieve your messages when you need them. Figure 1: Email Archiving architecture 8

Managing the Email Archive Customer Administrators are responsible for setting up users, configuring mail servers, and managing mail sources in the Control Console. Email Archiving tabs Setup Information and Resources Email Archiving tabs The Email Archiving tab includes subtabs for all of the functionality related to archiving and viewing email messages. Table 1: Email Archiving Tabs Tab Overview Archived Messages Reports Setup Description Click to get an overview of the current status of Email Archiving including Mail Source Activity and the Email Archiving Summary. Click to search the email archive as well as view and export messages. Click to view audit reports on all customer administrator activities. Click to manage mail sources as well enable or disable legal hold. Managing the Email Archive 9

Managing the Email Archive Setup Information and Resources Setup Information and Resources Customer administrators should consult all of the relevant documentation before performing tasks in Email Archiving. Table 2: Setup Documents Checklist Document Purpose Email Archiving Service Activation Guide Account Management Administrator Guide Email Archiving Quick Setup Guide for Microsoft Exchange Server Provides an overview of the setup and activation process. Also includes customer-specific access and connectivity information. Describes the tasks needed to setup users and configure the Control Console as prerequisites to setting up Email Archiving. Review the following information: Managing Domains Managing Users and Other Administrators Provides important information on configuring your email servers in preparation to setting up mail connectivity in Email Archiving. Select the appropriate guide for your server: Exchange Server 2000 Exchange Server 2003 Exchange Server 2007 Exchange Server 2010 Managing the Email Archive 10

Creating and Managing Mail Sources Adding and maintaining mail sources allows Email Archiving to retrieve email from your email servers and store those messages in the archive. In Email Archiving, a Mail Source corresponds to a journal mailbox on an email server. The journaling feature in Microsoft Exchange records a copy, or journal, of all sent and received email messages processed by the Exchange server. Journaling ensures that blind carbon copy (BCC) and distribution list recipients are captured and archived. The Exchange Server sends this copied email to a dedicated mailbox called the journal recipient mailbox, which also resides on the Exchange server. The service then retrieves the email from this journal recipient mailbox and archives it. Each Exchange database can have its own journal mailbox. You may have more than one journal mailbox on a single server, and you may have multiple servers in your environment. Once activated, Email Archiving polls each mail source every 15 minutes to check for available messages. New messages are then pulled into redundant, offsite archives. Managing mail sources involves creating and maintaining mail sources for both active and historical sources. Set Up Mail Source Connectivity Configure Mail Source Alerts Upgrade or Replace a Mail Server Set Up Mail Source Connectivity In order to enable communication between Email Archiving and your mail server, you need to add a mail source and set its connection options. Mail sources are required for both active journal mailboxes as well as historical messages. Before you begin Follow these guidelines: You must login as a Customer Administrator or higher (Partner Admin, Support Admin, or Global Admin). Ensure that you have configured the mailbox on your mail server correctly. Task For option definitions, click Help in the interface. 1 Select Email Archiving > Setup > Mail Sources. 11

Creating and Managing Mail Sources Set Up Mail Source Connectivity 2 Click New. If this is your first Mail Source, an alert message appears: Be sure that you have provisioned all end user accounts in the Account Management section of the Control Console before activating a new mail source. Click the Cancel button if you have not completed this activity. Do one of the following: Click Cancel to exit the setup and go to Account Management to provision your end users. Click OK to continue. The New Mail Source window appears. 3 Configure the Connection options. These options allow Email Archiving to communicate with the mail server. a Enter the Nickname you will use to identify this mail source. 12

Creating and Managing Mail Sources Set Up Mail Source Connectivity b Select the Message Format. c Enter the Server Name. d Select the Protocol. e f Select the Connection Security. Enter the Port. g Enter the Mailbox Username. h Enter the Password. 4 Select whether the mail source will be used for Historical messages: NOTE: Additional storage for historical messages is required to select this option. a Select Historical. The following alert message appears: The Message Format setting for a historical mail source should set to 'Generic' unless your historical data was generated by Exchange Envelope Journaling. If this is the case, change the format setting to match the version of Exchange that generated the data. b Click OK. The Message Format has been reset to "Generic." c Update the Message Format field, if necessary. For example, if the messages were journaled on an Exchange 2000 server, select "Exchange 2000 - Envelope Journal." 5 Select whether to activate the new mail source: a Select Active. Notice that the Save button is now inactive. 6 Select whether the mail source will use a quiet period. The quiet period should be at least 30 minutes but not longer than 10 hours. a Select Quiet Period. The following alert message appears: Use of the Quiet Period feature should be minimized so that Email Archiving has enough time to import all available messages. Systems with heavy email volume or resource constraints should not utilize a quiet period to avoid journal queues. b Click OK. c Select the Server Timezone. d Select the Start Time. e Select the End Time. 7 Test the connection to the mail server, if necessary: a Click Test Connectivity. If you receive an error, you will need to verify that the server information you entered is correct, and that the server is online and ready to transfer email. 13

Creating and Managing Mail Sources Configure Mail Source Alerts The Save button is now active. 8 Save the mail source: To save an inactive mail source requires that you complete at minimum the Server Name, Port, and Mailbox Username fields. To save an active mail source, you must complete all fields, select Active, and click Test Connectivity with a successful result. a Verify your selections. b Click Save. The New Mail Source window closes. The Mail source is now configured to transfer email messages from your mail server to the archive. Creating and Managing Mail Sources Configure Mail Source Alerts Setting up mail source alerts allows you to automatically receive notifications when there are problems with your mail source's connectivity, authentication, ingest, or journal queue. Before you begin You must complete and save all required Mail Source settings on the Connection tab before configuring alerts. Task For option definitions, click Help in the interface. 1 Open a mail source and click the Alerts tab. 14

Creating and Managing Mail Sources Configure Mail Source Alerts 2 Select the Enable Alerts for this Mail Source checkbox. 3 Add recipients to the email list. By default you add up to 10 recipients. For each: a Enter an address in the Send Email Alerts to field. b Click Add. 4 Enter a value for the Journal Queue Threshold. This sets the minimum number of messages that must be in the journal queue before an alert message is sent. 5 Select an option to Resend Persistent Alerts periodically. 6 Select a value to determine the number of Successive Failures Required for Alert. 7 Click Send Test Alert to verify your recipient list. 8 Click Save. Creating and Managing Mail Sources 15

Creating and Managing Mail Sources Upgrade or Replace a Mail Server Upgrade or Replace a Mail Server Upgrade the version of Exchange on your mail server or replace an existing mail server while ensuring that all mail properly archived. You will need to be able to perform tasks on both your mail server as well as modify mail sources in the Control Console. Task 1 Remove all ability to send mail to or from your server. 2 Monitor the journal mailbox until all mail has been picked up and removed by Email Archiving. 3 Open the Control Console and deselect the Active setting in each mail source that currently points to the old server. This will prevent Email Archiving from trying to import email from your journal mailboxes during the upgrade. 4 Perform your upgrade and make sure no email can be delivered to or from your server until journaling has been enabled. 5 Allow email to flow to your server once your upgrade is complete and journaling is enabled. 6 Open the Control Console and edit your mail sources so that they use the correct address and mail format of the new server. 7 Activate, test, and save each mail source. a Select Active. b Click Test Connectivity to verify that Email Archiving can connect to the server. c Click Save. 8 Monitor your journal mailboxes to ensure that mail is being imported properly. Expect your mail source to be polled for new messages within approximately 15 minutes after it has been activated. Creating and Managing Mail Sources 16

Archiving Historical Messages The mail source process can also used for historical data storage. There are, however, important differences between the two processes. Historical message storage can be used for: Email messages that were saved prior to activating Email Archiving. Email messages that were saved outside of the Exchange journaling process. Email messages that were saved in.pst files. Email messages that still reside on the exchange server. What Makes Historical Data Storage Different? Historical messages are archived indefinitely while standard emails are stored based on the retention period. Individual messages can be up to 25 MB in size. The total number of historical messages in the archive is limited to the storage space you purchased in your Service Agreement. The Historical Archiving Process When the historical mail source is active, the system ingests all of the messages that have been moved into the historical mailbox on the mail server. As each message is moved into the archive, it is also deleted from the mailbox. This process continues until the mailbox is empty, or the historical storage is full. Email Archiving automatically deactivates the historical mail source when the historical data storage limit is reached. If this happens, it may be necessary to purchase more storage and reactivate the historical mail source. Monitoring Historical Archiving Email Archiving uses the Mail Source alerts feature to automatically notify you when it is finished or when you've used up your available storage space. To receive notifications on the status of your historical storage space, you should be sure to enable alerts. Additionally, you can do the following: Check the historical mailbox on the mail server to see if messages are still waiting to be archived. View the Overview tab and look to see if the mail source is currently active. View the Overview tab and check the value of the Historical Data Storage Usage field. 17

Archiving Historical Messages Set Up Your Mail Server for Archiving Historical Messages Creating Multiple Historical Mail Sources Email Archiving limits you to one historical mail source at any given time. Additionally, once a mail source has been set up for historical messages, it cannot be changed or deselected. As a result, you must first delete the existing historical mail source in order to create a new one. In situations where you need to archive mail from multiple sources, you should import messages from each mail server one at a time. This is accomplished by adding a new historical mail source, importing all of the messages, deleting the mail source, and then doing the same for each server in series. Set Up Your Mail Server for Archiving Historical Messages Set Up a Historical Mail Source Archive Messages from Multiple Historical Mail Sources Archive Historical Messages that include Different Format Types Set Up Your Mail Server for Archiving Historical Messages Create a designated historical mailbox on your mail server as a prerequisite for archiving historical messages. Before you begin Follow these guidelines: All historical messages must have the same format. NOTE: If you have a mix of envelope-journaled and non-journaled messages, you may encounter archiving problems or unexpected search results within Email Archiving. The historical mailbox on the server should not be a journal mailbox. The historical mailbox should not belong to an active user since all of their messages will be deleted after they are archived Do not forward or send messages to the historical mailbox. Forwarding or sending messages changes the sender/recipient information, as well as other metadata about the messages. To retain a copy of historical messages in addition to the archived version, you must also copy those messages to a location outside of the historical message mailbox. Task 1 Create a mailbox for historical email on your mail server. 2 Copy any messages that you want to archive into the historical mailbox. These messages can come from either user mailboxes or user.pst files. Once you have copied all of your messages, you are ready to log into Email Archiving and create a new historical mail source. 18

Archiving Historical Messages Set Up a Historical Mail Source Archiving Historical Messages Set Up a Historical Mail Source Configure a mail source to archive your historical messages. Before you begin Ensure that you have configured the mailbox on your mail server correctly for archiving historical messages. Follow these guidelines when creating an historical mail source: Only one historical mail source can be configured at a time. Historical messages that have previously been journaled with envelope journaling should use the Message Format type corresponding to the version of Exchange that journaled the messages. Otherwise select Generic. Always select Historical. Task For option definitions, click Help in the interface. 1 Select Email Archiving > Setup > Mail Sources and click New. The New Mail Source window appears. 2 Select the Message Format as "Generic" unless you know the specific Envelope Journal version. 3 Enter the Server Name of the mail server where the historical mailbox resides. 4 Complete the Protocol, Connection Security, and Port fields as appropriate. 5 Enter the username and password in the Mailbox Username and Password fields to allow Email Archiving to access the historical mailbox. 6 Select Historical. 7 Select Active. 8 Click Test Connectivity and Save. Archiving Historical Messages Archive Messages from Multiple Historical Mail Sources Follow this strategy for archiving historical messages from more than one mail server. Before you begin Review the information for managing mail servers and setting up mail sources. 19

Archiving Historical Messages Archive Historical Messages that include Different Format Types Although you can only have one historical mail source at a time, it is still possible to archive mail from multiple historical mailboxes on your servers. Task 1 Create a historical mail source for the first historical mailbox and archive messages from that mailbox. 2 Delete the historical mail source from Email Archiving. 3 Create a new historical mail source for the next historical mailbox and archive messages from that mailbox. 4 Delete the historical mail source and repeat as necessary. Archiving Historical Messages Archive Historical Messages that include Different Format Types Follow this strategy for archiving historical messages with different message formats. Before you begin Review the information for managing mail servers and setting up mail sources. When archiving historical messages, all of the messages should be of the same type. If messages of different types are mixed together, they need to be separated before they are archived. Additionally, because you can only have one historical mail source at a time, you will need to follow the strategy for working with multiple historical mail sources. Task 1 Create a separate historical mailbox on your mail servers for each message format type. 2 Organize your messages into each of the corresponding historical mailboxes on your mail servers. 3 Create a mail source in Email Archiving that points to the first of the historical mailboxes. 4 Set the Message Format type to the appropriate format. 5 Activate the mail source and archive all of the messages in the associated mailbox. 6 Delete the mail source. 7 Repeat for each of the remaining message formats. Archiving Historical Messages 20

Searching the Archive Creating a search allows you to find, view, and export email messages that are currently being stored in the archive. To create a search, type what you know about the message (or messages) into the criteria fields and click Search. Search Rules and Guidelines Archived Messages tab Message Expiration and Legal Hold Summary Search Rules and Guidelines An understanding of the way search works in Email Archiving will improve your ability to search for and find the email messages you need. Basic Search Rules Complete at least one search field to begin a new search. The more fields you complete, the more specific your search, and therefore the more limited the number of results. Search fields are not case-sensitive. A search for "Control Console" is the same as "control console". Select your search terms carefully. Use words or phrases that are unique to the messages you want to find. Additional Rules for Complex Searches Most special characters (including +-&!><) are interpreted as plain text when used within a word or phrase. Search supports trailing * and? wild cards searches. A * search looks for one or more characters. A? looks for a single character. Email addresses can be searched using the entire address, just the domain, or any part of the address. Use Phrase, Any Word, or All Word searches to determine how you want to search with multiple terms. Guidelines for Special Characters Special characters cannot be searched by themselves. 21

Searching the Archive Search Rules and Guidelines Some special characters are allowed and can be interpreted as plain text when included as part of an alphanumeric string. Table 3: Special Characters Interpreted as Plain Text Special Character Name + - &! ) ( { } [ ] ^ " ~ : Plus Sign Dash Ampersand Bar Exclamation Right Parenthesis Left Parenthesis Left Curly Brace Right Curly Brace Left Bracket Right Bracket Caret Quotation Marks Tilde Colon Wild Card Searches Archive search supports two types wildcards, asterisk (*) and question mark(?), when placed within a string or at the end of a string. A wildcard character cannot be placed at the beginning of a text string. It is best to avoid placing a wildcard too early in a search term, or with too few characters. For example, a search using horse* will return better and faster results than h* or h*s. Wildcards cannot be used in a Phrase search. Asterisk (*) Wild Card Examples The asterisk (*) searches for one or more characters. Table 4: Asterisk (*) Wild Card Examples Search Term Returns.. greg* gre* gr*n *gre greg, gregg, gregory, gregorian greg, gregg, gregory, gregorian grey, green, greenhouse grin, green, grain, groan Is not permitted 22

Searching the Archive Search Rules and Guidelines Question Mark (?) Wild Card Examples The question mark (?) searches for a single character. Table 5: Question Mark (?) Wild Card Examples Search Term Returns... greg? gre? gr?n gr??n?gre greg, gregg greg, grey grin green, grain, groan Is not permitted Email Addresses Email addresses can be searched using the entire address, just the domain, or any part of the address. Search email addresses in the From and Recipient fields. You search for a full email address or part of an address. You can search parts of an address that: Are separated by special characters. Switch between upper and lowercase. Switch between alphabetic and numeric characters. Email addresses should not include spaces. Full names with spaces are treated as two separate search terms. Email Address Search Examples Table 6: Email Address Search Examples Search Term Returns... greg Greg Brown <greg@company.com> Gregory Smith <greg.smith@other.com> Greg Smith <gsmith@test.com> Greg Jones <greg99@test.com> GregJones <gj99@special.com> Joe Smith <greg111@special.com> Joe Jones <joe.jones@greg.com> greg smith Greg Brown <greg@company.com> Gregory Smith <greg@other.com> Greg Smith <gsmith@test.com> Greg Jones <greg99@test.com> GregJones <gj99@special.com> Joe Smith <greg111@special.com> Joe Jones <joe.jones@greg.com> Joe Smith <jsmith99@test.com> John Smith <jsmith@company.com> FredS <fred_smith@other.com> 23

Searching the Archive Search Rules and Guidelines Search Term Returns... Joe Brown <j.brown@smith.com> company.com Greg Brown <greg@company.com> John Smith <jsmith@company.com> Joe Jones <joe@test.company.com> @company.com Greg Brown <greg@company.com> John Smith <jsmith@company.com> greg@company.com Greg Brown <greg@company.com> gr* GregJones <gj99@special.com> Gram Carter <gc@test.com> Joe Smith <greg111@special.com> Bob Grey <grey333@company.com> Joe Jones <joe.jones@greg.com> Monk Williams <mwilliams@gregorian.com> Searching with Phrase, Any word, or All words Archive search allows you to searching for specific words or phrases in an email. To help with this you can apply rules to some text fields to filter your results. When entering multiple search terms into a text field you can have them treated as an exact phrase, individual terms, or a group of terms. Phrase search finds emails that contain the exact phrase in the exact word order. Any word search finds emails that contain one or more words regardless of order. All words search finds emails that contain all words in any order. NOTE: You cannot use wild cards in a phrase search. Examples of Phrase, Any word, and All words Searching on the terms "phoenix memo" returns different result sets based on how you apply the rules. Table 7: Phrase, Any word, or All words search for "phoenix memo" Rule Returns text... But not... Phrase tuesday phoenix memo phoenix transportation memo phoenix memo feedback denver memo memo for phoenix transportation memo denver transportation Any word tuesday phoenix memo denver transportation phoenix memo feedback phoenix transportation memo denver memo memo for phoenix 24

Searching the Archive Archived Messages tab Rule Returns text... transportation memo But not... All words tuesday phoenix memo denver memo phoenix memo feedback denver transportation phoenix transportation memo memo for phoenix transportation memo Searching the Archive Archived Messages tab The Archived Messages tab allows you to search for and view messages in the archive. Subtabs Table 8: Subtab definitions Subtab Saved Searches tab named search tab (unsaved search) tab Definition Click to view, manage, and execute your previously saved searches. Click to view the Criteria and Results of a saved search. These tabs displays when you open a saved search. Click (x) to close the tab. Click to create a new search. This tab is selected by default. Select the Saved Searches tab and click New to open additional tabs. Click (x) to close the tab. Panels 25

Searching the Archive Archived Messages tab Table 9: Panel definitions Panel Criteria Results Description Displays the criteria options for searching the archive, including: Simple Search Advanced Search Archive ID Search Click the title bar or the (+) to use each of the options. Displays the list of emails returned by the current search. Searching the Archive Results panel Results panel The Results panel displays the email messages returned in a search, and provides you with the option to view and export the messages you select. Results toolbar The results toolbar allows you to export, purge and preview messages. Table 10: Results toolbar option definitions Option Export Definition Click the pull-down and select an option to export email messages in a zip file. The displayed number indicates the number of messages you have selected. Export All Download all of messages in the search results. Export Selected Download the messages you have selected from the search results. 26

Searching the Archive Archived Messages tab Option Purge Definition Click the pull-down and select an option to purge email messages from the archive. The Purge pull-down is inactive when Legal Hold is enabled. Purge All Purge all of the messages in the search results. Purge Selected Purge the messages you have selected from the search results. NOTE: You must be an Archive Compliance Officer to purge messages. Preview Click the pull-down and select an option to view or hide the selected email message in a separate panel. Bottom Displays the preview panel at the bottom of the results panel. Right Displays the preview panel to the right of the results panel. Hide Closes the preview panel. Results grid The grid displays each email and provides high level information about its content and status. Table 11: Results panel option definitions Option Attachments (Paperclip icon) Message Expiration (Alert icon) From To Subject Date Size Definition Displays a paper clip and a number when the message has one or more attachments. Displays an alert icon when there is something you should know about the message's retention status. Mouse over the icon for additional information. The email address of the sender. The email addresses of the email recipients. The address determines the sort order. A search match can be located in the To:, Cc:, and Bcc: fields. Bcc recipients are not listed in the message header. The email subject line. The date and time the message was sent. When date information is missing, the system displays the date and time that the message was archived instead. The total message size, including attachments, in KB or MB. 27

Searching the Archive Message Expiration and Legal Hold Summary Message Expiration Alert Icons Each of the alert icons describes the expiration and legal hold status of each message. Table 12: Message Expiration alert icons Icon Type Within 90 days of expiration Description The message is within 90 days of its expiration date and Legal hold is disabled. The icon also displays the number of days remaining before the message expires. Mousing over displays... The expiration date. Past Expiration Legal Hold The message is past its expiration date and will be deleted during the next purge cycle. The message has not yet expired and legal hold is enabled. The expiration date. Legal Hold is enabled. Legal Hold and Past Expiration [Blank] The message is past its expiration date and on legal hold. The message will remain on legal hold indefinitely. The message is not within 90 days of its expiration and legal hold is disabled. Legal Hold is enabled. The date on which it will expire. Archived Messages tab Message Expiration and Legal Hold Summary The rules that determine email retention and legal hold status apply to the expiration messages you will see for each email in the archive. Understanding Message Expiration Icons The Message Expiration icons can help you understand several things about the status of your messages: Whether or not Legal Hold is currently enabled. Which messages are past their expiration dates. Which active messages are within 90 days of expiration. 28

Searching the Archive Message Expiration and Legal Hold Summary Message Expiration in the Results grid The results grid displays an icon and when you mouse-over the icon it also displays additional information. Table 13: Message Expiration icon and text in results grid Time to Expiration Legal Hold Disabled Legal Hold Enabled >90 Days (No icon) Expires on date Yellow Pause icon Legal Hold < or = 90 days Yellow icon with # of days to expiration Expires on date Yellow Pause icon Legal hold enabled Past Expiration Red X icon Expired on date Red pause icon Legal hold enabled Message Expiration in the Detail view The message detail view displays label text to the right of the expiration date. Table 14: Message Expiration labels in the message detail view Time to Expiration Legal Hold Disabled Legal Hold Enabled >90 Days < or = 90 days Past Expiration (No Label) x days to expiration Past Expiration Legal Hold enabled Legal Hold enabled Legal Hold enabled Past Expiration Searching the Archive 29

Using Simple Search The simple search options allow users to quickly search for email messages in the archive. You can search based on one or more criteria, including the sender of the email, the recipient of the email, when the message was sent, and words or phrases that were included in the email message. Find Emails Using Simple Search Find Emails Using Simple Search Use the search form to find emails based on an email address, a date range, or text. Follow these guidelines: Complete one field to find messages that match a single value. Complete multiple fields to find messages that match all of the values. Combine additional fields with a Message Text search to filter the results in a Phrase, Any word, or All words search. You cannot use wildcards when selecting Phrase. Task For option definitions, click Help in the interface. 1 Select Email Archiving > Archived Messages. Search is displayed by default. 2 Complete one or more of the following fields: From Recipient Date Range Message Text 3 Click Search. Emails that match your search criteria are displayed in the Results panel. 30

Using Simple Search Find Emails Using Simple Search Search Examples The following examples compare the results of two similar searches, one using Phrase and the other using Any word in a Message Text search. Table 15: Search Example Criteria Returns... Not... Recipient: joe@domain.com Mail sent to Joe between July and October, 2009 that Date Range: 7/1/2009 contain the phrase phoenix to 11/1/2009 memo. Mail sent to Joe in June, 2009 that contain the phrase phoenix memo. Mail sent to Joe in August 2009 that contain the phrase memo for phoenix. Message Text with Mail sent to Steve between July and Phrase : phoenix memo October, 2009 that contain the phrase phoenix memo. Recipient: joe@domain.com Date Range: 7/1/2009 to 11/1/2009 Mail sent to Joe between July and October, 2009 that Mail sent to Joe in June, 2009 that contain the words phoenix or memo, contain the words phoenix including: phoenix memo, trip to or memo, including: phoenix, denver memo. Message Text with Any phoenix memo Mail sent to Steve between July and word : phoenix memo trip to phoenix October, 2009 that contain the words phoenix or memo, including: denver memo phoenix memo, trip to phoenix, denver memo. Recipient: joe@domain.com Date Range: 7/1/2009 to 11/1/2009 Message Text with All words : phoenix memo Mail sent to Joe between July and October, 2009 that Mail sent to Joe in June, 2009 that contain both the words phoenix or contain the words phoenix memo in the subject line, including: or memo, in the subject phoenix memo and memo to phoenix line, including: office. phoenix memo Mail sent to Joe between July and memo to phoenix office October, 2009 that contain just one of the words phoenix or memo in the memo regarding phoenix software subject line, including: phoenix convention, trip to phoenix, denver memo. Mail sent to Steve between July and October, 2009 that contain both words in the subject line, including phoenix memo, memo to phoenix office, and memo regarding phoenix software. Mail sent to Joe between July and October, 2009 that contain the word phoenix in the subject line and memo in the message body. Using Simple Search 31

Using Advanced Search The advanced search options allow Customer Administrators to define search criteria for a wider range of archived message elements than the simple search allows. As a result, you can be more precise in your searches. Using these options you can search messages by the following Message header Subject line Message body Attachment body In addition, you can search message metadata for information including: Names of attachments Message sizes Find Emails Using Advanced Search Rules for Special Characters in a Header Search Find Emails Using Advanced Search Use the advanced search options to create more complex searches and refine your search terms. Follow these guidelines: Apply Phrase, Any word, and All words to specify the matching rules for each of the content fields: Header, Subject, Body, Attachment Content. Apply All or Any to set the rules for all four fields in a content search. Combining All with a Phrase search is the most restrictive. Combining Any with Any word is the least restrictive. Wildcards cannot be used in a Phrase search. Task For option definitions, click Help in the interface. 1 Select Email Archiving > Archived Messages. 2 Select Advanced Search in the Criteria panel. 3 Complete any of the following fields to search by email address or date: From 32

Using Advanced Search Find Emails Using Advanced Search Recipient Date Range 4 Complete any of the message fields including Header, Subject, Body, or Attachment content to search for message content. a Select All or Any to restrict the search terms relative to each other. b Enter your search words in each field, as necessary. c Select Phrase, Any word, or All words to refine each of your search criteria. 5 Enter an Attachment Name to find messages with a specific file attachment. 6 Select the Message Size (KB) option and type the size value or size range in KB. 7 Click Search. Emails that match your search criteria are displayed in the Results panel. Advanced Search Examples The following examples compare the results of four similar searches, using All and Any, and Phrase and Any word in a content search. These examples demonstrate how different combinations create more or less restrictive searches. Table 16: Search Example Criteria Match: All Subject with Phrase : phoenix memo Body with Phrase : sales totals Match: All Subject with Any word : phoenix memo Body with Phrase : sales totals Match: Any Subject with Phrase : phoenix memo Body with Phrase : sales totals Match: Any Subject with Any word : phoenix memo Body with Phrase : sales totals Returns Mail that includes... phoenix memo in the subject line. and sales totals in the the body text. Any combination of phoenix and memo in the subject line: phoenix memo phoenix transportation denver memo and sales totals in the the body text. phoenix memo in the subject line. or sales totals in the the body text. Any combination of phoenix and memo in the subject line: phoenix memo phoenix transportation denver memo or sales totals in the the body text. Using Advanced Search 33

Using Advanced Search Rules for Special Characters in a Header Search Rules for Special Characters in a Header Search The email message header includes a large amount of searchable information. However, certain restrictions apply when using special characters in your search terms. Use these guidelines when searching in the Header or Message Text fields: You cannot search for a special character by itself. You can search for text that includes special characters when they are part of an alphanumeric string. When you include the period (.) and "at" sign (@) in a search term they are interpreted as white space. Most special characters are ignored if they are typed at the beginning or the end of a string. Table 17: Special Characters Special Character Name Start of String End of String ( Left Parenthesis Ignored { Left Curly Brace Ignored [ Left Bracket Ignored < Right Angle Bracket Ignored " Quotation Marks Ignored Ignored ) Right Parenthesis Ignored } Right Curly Brace Ignored ] Right Bracket Ignored : Colon Ignored > Left Angle Bracket Ignored, Comma Ignored ; Semi-colon Ignored. Period Ignored Using Advanced Search 34

Using Archive ID Search You can search for a specific message using its unique Archive ID. This kind of search is useful when you have a lot of messages with similar characteristics and the other search options are returning too many results. Email Archiving assigns each email it archives a unique Archive ID. This is the easiest way to find and retrieve a specific message. Find Emails Using Archive ID Search Find Emails Using Archive ID Search Use the Archive ID search option to find a specific email using its unique ID. Task For option definitions, click Help in the interface. 1 Select Email Archiving > Archived Messages. 2 Select Archive ID Search in the Criteria panel. 3 Enter an ID. 4 Click Search. The email that matches your search is displayed in the Results panel. Using Archive ID Search 35

Viewing an Archived Email You can open and view any email that is stored in the archive directly from the search results panel. Both the message preview and message window allow you to view the content of the message, message headers, any attachments associated with the message, and archive specific information including ID and expiration date. View a Message View a Message Open and view email messages to read content, retrieve attachments, and review header information and metadata. Before you begin You must first run a search and then sort your results to find the email you want to view. Task For option definitions, click Help in the interface. Open the message from the results panel by doing one of the following: Double-click the message to view the message in the Message window. Select an option from the Preview menu to open the message in the Message pane. If you selected Preview, the message displays in the Message pane. Otherwise the message appears in a separate window. Viewing an Archived Email 36

Saving Searches for Reuse Archive searches that you run on a regular basis can be saved for later reuse. Your search criteria is saved under the name you give it and can be used to generate new results whenever there are updates to the archive. Save a Search Run a Saved Search Save a Search Use the save option to store search criteria. Before you begin You should know how to run searches in the Criteria panel. Task For option definitions, click Help in the interface. 1 Run a search in the Archived Messages Criteria panel. 2 Click Save. The Save Search window appears. 3 Enter a name in the Search Name field. The filename must be 1-60 charcters in length. 4 Click Save. A message confirms that your search was saved. You can access your saved searches in the Saved Searches tab. Saving Searches for Reuse Run a Saved Search Use saved searches to reuse your previously stored search criteria. Before you begin You will need to have previously saved searches in the Archived Messages tab. 37

Saving Searches for Reuse Run a Saved Search Task For option definitions, click Help in the interface. 1 Select Email Archiving > Archived Messages > Saved Searches The Saved Searches tab displays the list of previously saved searches. 2 In the list, do one of the following: Double-click the name of the search you want to run. Select the checkbox of the search and then click Edit. The search criteria display in a new tab with the name of the search. 3 Review the saved search criteria and make any changes if necessary. 4 Click Search. Messages returned by the search are displayed in the Results panel. From here, you can run additional saved searches, save any changes you made, or save the search with a new name. Saving Searches for Reuse 38

Purging messages An Archive Compliance Officer can delete one or more messages from the archive, including Historical messages. This ability ensures that your company is compliant with local privacy laws. Purge messages Archive Compliance Officer role details Purge messages As an Archive Compliance Officer, you can delete messages from the archive using the Purge options in the Archived Messages search results panel. Before you begin You must be assigned the Archive Compliance Officer role by your Customer Administrator. You must disable Legal Hold. The Purge menu is inactive when Legal Hold is enabled. Limit your searches to fewer than 10,000 messages. Task For option definitions, click Help in the interface. 1 Select Email Archiving > Archived Messages. Search is displayed by default. 2 Run a search in the Criteria panel. 3 Do one of the following to select messages for deletion: To... Purge All Do this... Select Purge > Purge All to delete all of the messages in your search results. 39

Purging messages Archive Compliance Officer role details To... Purge Selected Do this... Select the checkbox for each message and click Purge > Purge Selected to delete your selected search results. A dialog box appears in your browser: The selected message(s) will be permanently, and irreversibly purged from your archive and your action will be logged. The purge process can take up to 15 minutes to complete and cannot be interrupted once initiated. By proceeding, you assume all responsibility, legal and otherwise, for your actions. Are you sure you want to proceed? 4 Click OK. Your messages are now queued for deletion and the Purge menu is temporarily inactive. The purge process takes 15 minutes to complete. After that time, the messages you selected for purge will no longer appear in the search results and the Purge menu becomes active. NOTE: A message appears notifying you that the purge process has completed. Purging messages Archive Compliance Officer role details The Archive Compliance Officer role is a specific role assigned to a user for the express purpose of purging messages from the archive. Users with this role are responsible for ensuring that their company is in compliance with local privacy laws. Follow these guidelines: Must be assigned to a user by a Customer Administrator Is the only user role that can access and use the selective purge feature Cannot manage mail sources Can access all other Customer Administrator features within Email Archiving NOTE: When using the Archive Add-In, Archive Compliance Officers are restricted to just their own email account. The same is true for Customer Administrators and all other user roles. Purging messages 40

Exporting Messages You can download one or more of the messages that you find in a search and view them in an email client. When you export messages, they are compressed in a zip file. Messages can be exported from either the Results panel or the Message view. Zip file guidelines Viewing.eml files Export Messages Zip file guidelines The rules that govern the zip file you download when you export messages determine the total file size, the emails included, how the email files are named, and the format of the emails. The total size of the file you download cannot be larger than 1 GB. If your result set is larger, you should refine your search criteria and limit your results. At download, the system re-runs your original search. As a result, the set of messages in the zip file may differ from your initial results due to changes in the archive. Messages are stored as.eml files. Each file name matches the message's unique Archive ID. The format of each email varies by your user role: The User role receives the original message. The Customer Administrator role receives the envelope journal as well as the original message which is included as an attachment. NOTE: A zip file utility is required for extracting the email files. Exporting Messages Viewing.eml files The email files you download from Email Archiving use the.eml file format and require a compatible email client. 41

Exporting Messages Export Messages McAfee recommends Microsoft Outlook Express or a recent version of Microsoft Outlook. Table 18: Email clients for viewing.eml files Operating System Suggested Email Clients include... Mac OS Microsoft Outlook 2011 Apple Mail Mozilla Thunderbird Windows Microsoft Outlook 2010 Microsoft Outlook 2007 with KB 956693 NOTE: For more information, go to http://support.microsoft.com/kb/956693 Microsoft Outlook Express Microsoft Windows Live Mail Mozilla Thunderbird Linux Mozilla Thunderbird Exporting Messages Export Messages You can download email messages from the archive and view them in your email client. This option is available from both the results panel (for multiple messages) and the message view (for individual messages). Before you begin You will need the following: A zip utility to extract the email messages once they are downloaded An email client that is capable of viewing.eml files Task For option definitions, click Help in the interface. 1 Run a search in the Criteria panel. 2 Do one of the following to select messages for download: Option Export All from the Results panel Definition Click Export > Export All to download all of your search results. 42

Exporting Messages Export Messages Option Export Selected from the Results panel Export from the Message view Definition Click the checkbox for each messages and click Export > Export Selected to download select search results. Double-click the message, or select the message and click Preview. Then, click Export to download the individual message. A dialog box appears in your browser. 3 Follow your browser's instructions to Open or Save the file. The file is saved on your local system. 4 Locate the file and open it using your zip utility. The zip file and contents display. 5 Extract the messages from the zip file and save them to a folder. The individual messages are now stored on your local system. From here you can now open and view messages in your email client. Exporting Messages 43

Managing Legal Hold Enabling Legal Hold for all messages in the archive prevents your messages from being deleted from the system once they have reached their expiration date. How Legal Hold works Enable Legal Hold Disable Legal Hold How Legal Hold works Placing a Legal Hold on your archive allows you to retain all of your email messages for as long as the hold is enabled. In Email Archiving, email messages are typically stored in the archive until they reach their expiration date at which point they are permanently deleted. The amount of time a message is stored before it expires is set by the archive retention length in Account Management and this time period applies to all customer messages. By selecting the Legal Hold option you can override this process and retain all of your messages, including expired messages, indefinitely. This can be particularly useful to companies or large organizations that need to ensure that they are in full compliance with regulations covering the retention of their email communications for legal purposes. Conversely, when you remove the Legal Hold the normal purge process is restored based on all of the previous expiration dates. This means that all of your expired messages, including those that expired while on Legal Hold, will be automatically deleted during the next purge process. NOTE: For more information on setting the archive retention length, see the Account Management Help. Managing Legal Hold Enable Legal Hold Activate Legal Hold to stop Email Archiving from purging expired messages. NOTE: If the purge process is currently running, enabling Legal Hold will only save those messages that have not yet expired. 44

Managing Legal Hold Disable Legal Hold Task For option definitions, click Help in the interface. 1 Click Email Archiving > Setup > Legal Hold. 2 Select Enable Legal Hold. The page displays the Legal Hold alert message. 3 Click Yes to confirm the change. Legal Hold is now active. Expired messages will be saved in the archive and not deleted as scheduled. Managing Legal Hold Disable Legal Hold Turn off Legal Hold to resume purging expired messages. CAUTION: Messages that are deleted cannot be restored. Task For option definitions, click Help in the interface. 1 Click Email Archiving > Setup > Legal Hold. 2 Deselect Enable Legal Hold. The page displays the Legal Hold alert message. 3 Click Yes to confirm the change. Legal Hold is now inactive. Expired messages will remain in the archive until the next purge. Managing Legal Hold 45

Generating Reports Reports in Email Archiving provide detailed information on specific Customer Administrator activities. The contents of a report include information for the current month as well as the 30 days prior. You can use reports to: Identify searches that might be useful but were not saved by the administrators who ran those searches. Identify, from the types of searches performed, potential problem areas in your mail service. Identify any abuse of the message search capabilities. Run a Report Filter a Report View Report Details Download a Report Run a Report Running a report provides you with detailed information on a specific Customer Administrator activity. Task For option definitions, click Help in the interface. 1 Select Email Archiving > Reports The Available Reports tab displays the list of reports. 2 Select a report by doing one of the following. Select the title of the report and click Run. Double-click the title of the report. The report displays in a new tab with the name of the report in the tab title. Generating Reports 46

Generating Reports Filter a Report Filter a Report Use the filter options to limit a report to include just the information you need. Before you begin Run a report from the Available Reports tab. Task For option definitions, click Help in the interface. 1 Complete at least one of the filter options: Email Address IP Address Date Range 2 Click Filter. The Results panel updates with the refined report content. Generating Reports View Report Details Use report details to view additional information for each entry, including the specific details of searches. Before you begin Run a report from the Available Reports tab. Task For option definitions, click Help in the interface. Select an entry in the report and click Preview. Double-click an entry in the report. The details appear in a new window. Generating Reports Download a Report You can save the results of a report to your hard drive as a.csv file. Before you begin Run a report from the Available Reports tab. 47

Generating Reports Download a Report Task For option definitions, click Help in the interface. 1 Click Download in the Results panel. A dialog box appears in your browser. 2 Follow your browser's instructions to open or save the file. The.csv file can now be opened in Microsoft Excel. Generating Reports 48

Download the Archive Add-in Visit the McAfee site to find download information and installation instructions for the Archive Add-in. Task Go to the SaaS Email Archiving Add-in for Microsoft Outlook page at http://www.mcafee.com/us/downloads/saas/archive-addin.aspx 49

Troubleshooting Common problems and recommended solutions. Troubleshooting connectivity errors Common Error Messages Issues with Exchange Server Journal Mailbox Issues with Historical Mail Sources A known limitation in Exchange 2003 affects Historical Data Troubleshooting connectivity errors Descriptions of and solutions for connectivity errors. Email Archiving could not open a socket to retrieve mail on the target mail source. This may be because the specified host cannot be located. Cause Solution An error was encountered 1 If a server name has when attempting to connect been entered, check to the mail server. The error might occur because of one that the name has of the following reasons: been entered The server name specified correctly and has in the mail source been administered configuration may be on the customer's incorrect. DNS server. The mail server might not have an open port for the 2 If an IP address has IMAP or POP3 been entered in the communication. Server Name field, The IMAP or POP3 port on check that the the mail server might be address is correct different than that entered for the mail server. on the Mail Sources window. 3 If the server name A firewall might be or IP address has blocking the Email been entered Archiving from connecting correctly, check that to the mail server's IMAP or POP3 port. the IMAP or POP3 POP3 or IMAP services might not be running on the mail server. port is enabled and open in the customer mail server. 50

Troubleshooting Troubleshooting connectivity errors Cause Solution 4 If one or more firewalls are in place, ensure that the IMAP or POP3 port is open for Email Archiving (refer to your Activation Guide for the IP address range of Email Archiving servers). 5 Check to see if the protocol and port combination specified on the Mail Sources window matches what is running on the target server. NOTE: The default port number for both POP3 and IMAP is different when SSL is selected for the connection. 6 Check to make sure the proper protocol, IMAP or POP3, is running on the mail server. 7 Contact Customer Support if the server name or IP address has been correctly identified and the IMAP or POP3 ports are correctly administered on the firewall, mail server, and Mail Sources window. Email Archiving could not complete the authentication when connecting to the mail source server. The most likely causes of this are an incorrect mailbox username or password. Cause The user authentication step failed, probably because of an incorrect mailbox username or password. Solution Check the mail server to verify the mailbox username and password are correct. 51

Troubleshooting Troubleshooting connectivity errors Email Archiving detected a protocol error. Cause Email Archiving detected a protocol error, such as an unexpected use of POP3 or IMAP. Solution Confirm that the mail server supports the protocol identified on the Mail Sources window for the specific port on the Mail Sources window. If the protocol is properly supported by the mail server for the designated port, contact Customer Support. The mail server reported an error condition or failed to respond in a timely manner. Cause The mail server reported an error condition or failed to respond in a timely manner (which is typically around 60 seconds). Solution Check an error log, for example the event log, on the mail server to see if an error occurred. Email Archiving received a 'lock busy' response from the mail server when attempting to authenticate. Cause Email Archiving received a 'lock busy' response from the mail server when attempting to authenticate. There might be a problem with your mail server. Solution 1 Try connecting again in a few minutes. 2 If you get an error again, confirm that your server is operating correctly. You might need to contact your vendor s technical support. Email Archiving encountered an error during an initial DNS lookup and could not connect. Cause Email Archiving encountered an error during an initial DNS lookup and could not connect. Solution 1 Check that the server host name is valid. 2 If the server host name is valid, contact Customer Support. The mail server is busy. Cause The mail server returned a busy indication. Solution 1 Try again in a few minutes. 2 If you get an error again, confirm that your mail server is 52

Troubleshooting Common Error Messages Cause Solution operating correctly. You might need to contact your vendor's technical support. Start Time/Stop Time: Invalid Time (A red box appears in the window which states the Incorrect time and "Invalid Start Time" Cause One or more of the times in the Quiet period do not form a proper time range or the times are not in proper military time. Solution Make sure the Start time is earlier than the Stop time. value is not a valid IP address or domain name, element: server_host, value=[] Cause The IP address or the Server Name is incorrect. Solution 1 Check that the address is correct for the mail server. 2 Contact Customer Support if the server name or IP address has been correctly identified. Internal error code 5. Internal error code 6. Internal error code 8. Internal error code 10. Internal error code 12. Contact Customer Support. Contact Customer Support. Contact Customer Support. Contact Customer Support. Contact Customer Support. Troubleshooting Common Error Messages Understand and troubleshoot common error messages. This field is required. (All the required fields encased with a red border indicating that these are required fields) Cause One or more required fields are lacking an entry. Solution Check that you have entries in the fields outlined in red. 53

Troubleshooting Common Error Messages Unable to search mail. Connection to Email Archiving server failed. If the problem persists, please contact your archiving administrator. Cause Solution The Email Archiving could 1 Try the request not retrieve data from the again in a few Email Archiving Server for one of the following minutes. reasons: 2 Contact The connection was Customer down. Support A Email Archiving Server process encountered an error. The request for data was corrupted. Unable to search mail. Message size upper range value must be numeric. Cause During a message size search, the "Between" option was chosen but only the lower value in the range was given. Solution Enter both the lower and upper values to define the search range. Invalid request (must have an id, scope and message_id) Cause When opening a message, the sign in session timed out. Solution 1 Sign in again and retrieve the message again. 2 Contact Customer Support Connection to Email Archiving server failed. If the problem persists, please contact your archiving administrator. Cause The connection to the Email Archiving Server failed to retrieve the message data for viewing. Solution 1 Try the request again in a few minutes. 2 Contact Customer Support Your session has expired, please sign in again. Cause Your browser's connection has timed out for one of a variety of potential reasons: Your network connection dropped because of inactivity. Solution Sign into the Control Console again. 54

Troubleshooting Issues with Exchange Server Journal Mailbox Cause Your computer timed out because of inactivity. Your browser timed out because of inactivity. Solution Unable to export mail. Connection to Email Archiving server failed. If the problem persists, please contact your archiving administrator. Cause Solution The Email Archiving could 1 Try the request not retrieve data from the again in a few Email Archiving Server for one of the following minutes. reasons: 2 Contact The connection was Customer down. Support. A Email Archiving Server process encountered an error. The request for data was corrupted. Unable to export mail. Attempting to export [] Mb. Max export size is 1 GB. Cause Solution The total size of all the 1 Change your messages included when search so that you tried to export messages exceeded 1 GB. fewer messages are listed before you export messages. 2 Use the Export Selected option instead of Export All so you can export fewer messages at a time. Troubleshooting Issues with Exchange Server Journal Mailbox Troubleshoot journal mailboxes. The journal mailbox is never empty. There are several reasons why your journal mailbox may never completely empty: 1 Messages arriving in the journal mailbox during an archive session will not be processed until a future archive session. 55

Troubleshooting Issues with Historical Mail Sources 2 Messages larger than 25 MB are left in the journal mailbox indefinitely because the maximum message size is 25 MB. 3 Messages that are improperly formatted cannot be archived, and are subsequently left in the journal mailbox. Improperly formatted messages can occur for various reasons, including: Journaling is not configured properly. Messages are sent directly to the journal mailbox (bypassing the journal function). Messages are copied directly to the journal mailbox. 4 The number of journaled messages is greater than the maximum number of messages that can be imported during a single archive session. 5 Large messages may be imported at night because the necessary network and server resources are typically more available at night. Troubleshooting Issues with Historical Mail Sources Troubleshoot Historical mail sources. When historical data storage is exceeded. When you exceed your Historical Data Storage Limit, the historical mail source becomes inactive. This results in the following events: The historical mail source is no longer displayed on the Overview window. The Mail Sources list window shows the historical mail source as inactive. The Mail Source configuration window for the historical mail source shows the Active checkbox as unchecked. Troubleshooting A known limitation in Exchange 2003 affects Historical Data A limitation exists in Microsoft Exchange 2003 and earlier versions that might cause some messages to remain effectively invisible to end users in SaaS Email Archiving. This issue specifically affects customers who are using SaaS Email Archiving Historical Data Hosting with historical data that originated from Exchange 2003 or earlier. In 56

Troubleshooting A known limitation in Exchange 2003 affects Historical Data these instances historical data is imported without the SMTP address information which is needed for associating email messages to user accounts. What can cause missing SMTP address data? Some historical messages do not contain SMTP address data for email recipients which can resulting in possible side-effects, including: Affected messages do not associate to end users because X.400 addresses, instead of SMTP addresses, are present in the message header. SMTP addresses are required by SaaS Email Archiving for end user association to occur. Customer Administrator or Compliance Officer role archive searches by SMTP address will not work because SMTP addresses are not present in the original message and therefore cannot be indexed. This issue does not prevent messages from being archived so affected messages can be located by other search criteria. There are two scenarios where messages might be missing SMTP address data: An internal recipient sends a message to one or more other internal recipients and the data is later exported using.pst export (using Outlook or EXMERGE). This is because exporting to.pst does not force Exchange to perform an X.400 to SMTP address translation. An internal recipient sends a message to one or more other internal recipients and the data is imported into SaaS Email Archiving using IMAP or POP, but the internal participant's Active Directory account is no longer present. As a result, the X.400 to SMTP address mapping cannot take place. These early versions of Exchange rely primarily on X.400 addressing and SMTP addressing is only used for messages that traverse the SMTP, POP, or IMAP services. Therefore, internal messages exported to.pst do not translate to SMTP addressing and messages for users that no longer exist in the Active Directory cannot be mapped to their SMTP addresses. Workaround for historical data imports If you are importing historical data into SaaS Email Archiving from Exchange 2003 or earlier, be sure that: The email is exported to SaaS Email Archiving using POP or IMAP. Make sure that there is a valid Active Directory account account containing a matching X.400 address (to what is in the historical email), and at least one valid SMTP address for each user if you want end user association or SMTP address searching. Troubleshooting 57

Frequently asked questions Here are answers to frequently asked questions. Control Console Access How do I access the Email Archiving Control Console Web site? Your welcome email contains all the information needed for you to access the Control Console. I am new to the company and don t have my predecessor s username and password to the Control Console. How can I gain access to the system? The Summary window displays a message count for "Unassociated Messages." What does this mean? Can unassociated messages be retroactively associated with an end user? Why does my browser connection time out? You must have the primary or technical contact listed on your company's Service Order Form create a new account or grant you access to an existing account. These individuals can also contact customer support for assistance. This count is a running tally of messages that have been archived but have not been associated with a user account. A message is unassociated if neither the sender nor any of the recipients can be matched up to user accounts in the Control Console. Therefore, only Customer Administrators can search for and view unassociated messages. To avoid unassociated messages, create all user accounts and their corresponding aliases prior to configuring a Mail Source in Email Archiving. There is no way to retroactively associate a user to his or her messages. However, an option will be made available in a future release. Your browser connection might time out for a variety of reasons: Your network connection dropped because of inactivity. Your computer timed out because of inactivity. Your browser timed out because of inactivity. When your browser connection times out, you simply need to sign back in. 58

Frequently asked questions Setup and System What is the largest email that can be archived? How often does Email Archiving move messages from my server into the archive? Currently the maximum size is 25 MB. Any message that exceeds this size may not be archived. The short answer is that your server is pulled several times an hour - as often as every few minutes. However, the main constraint to import frequency isn't how often Email Archiving is able to poll your server, but how often your server is available to be polled. During a pull attempt, Email Archiving imports every message that exists in the journal mailbox at the moment the pull attempt began. While this is occurring, more messages arrive in the journal mailbox, but they will not be imported until the next attempt. The time it takes to download available messages depends on your organization's mail volume, server load, server performance, and your available upstream bandwidth. For example, if there are only a few messages to import each time Email Archiving polls your server, you would see very frequent pull attempts, perhaps more than one attempt per minute. On the other hand, if you have very high message volume, Email Archiving constantly connects to your system, downloads email until all messages have been imported, closes down the connection, and then seconds or minutes later starts the process over again. In this case, you would see many fewer polls but nearly identical performance (that is, messages arriving into the archive in a timely manner). Can the import interval be adjusted separately for each mail source? Can only certain users be set up for Email Archiving? How do I import old emails into the email archive? What happens to Email Archiving if my mail The interval cannot be adjusted, but a Quiet Period can be defined to prevent imports during a specified window. Email Archiving imports all mail present in any journal mailbox defined as a Mail Source within Email Archiving. Therefore, you may be able to limit what users are journaled by putting them in separate Microsoft Exchange databases: one with journaling enabled and one without journaling. Microsoft Exchange 2007 premium journaling contains more detailed journaling filters. Please consult your Exchange Administrator or Microsoft for more information on taking advantage of this functionality. Export all your historical data to PST format and note the total size of the PST files. Sign a historical data hosting agreement with your sales representative. You will receive further instructions on how to proceed after your order is processed. Email Archiving will not be able to pull messages until the mail server comes out of disaster recovery mode. 59

Frequently asked questions server goes into disaster recovery? What happens if Email If the connection breaks, the message that was Archiving loses the interrupted will remain on your server until the next connection to my email import attempt. The partially imported message is server while messages discarded and is not committed to the archive. are being imported? Searching How do I view archived messages? How can I retrieve an image that was attached to a message? Sign on to the Control Console. If you have more than one service, make sure you are viewing the Email Archiving portion of the Control Console. Select Archived Messages, then select New. Enter at least one search criteria and either select Run or press the Enter key. After you have retrieved and opened the message, click on the attachment to download it. When I single-click an archived he preview pane is minimized. Click the double message in the search results headed arrow in the lower right side of the window, why don't I see the window to open the preview window or simply email message? double-click on the message to open it in a new window. How do I view Bcc recipients? You must be a Customer Administrator to view envelope metadata, which includes Bcc information. Bcc recipients can be viewed by exporting a message and viewing the journal report body, which contains an exhaustive list of all recipients. What is the maximum number of messages that are returned and displayed when performing a search? How much data can be exported at a time? As many that match the search criteria. 1 GB. An employee has left the Arbitrarily deleting messages prior to the company and I want to remove maturity of the retention period is forbidden. their account and/or old emails This intentional limitation makes the archive from the archive system. How tamper proof. is this done? What type of Exchange Email Archiving uses Envelope Journaling. This journaling is required for Email method allows archiving of P1 message headers Archiving to function properly? (envelope headers) which includes information about the recipients, CC, BCC recipients and recipients from distribution groups. 60

Frequently asked questions Data Retention What happens after the retention period expires? What's the difference between Journaled and Historical data? Does a Customer Administrator have access to a user's archived email if the user has been deleted from the company's Active Directory and the mail servers? When a message ages past its retention period, it is permanently deleted from the archive. Journaled data refers to messages that are automatically generated by the customer's mail server to a journal pickup mailbox for archiving (per the start date of the Agreement). Historical data includes messages created prior to the start date of the Agreement as well as messages that were not journaled as of the start date of the Agreement. Yes. Customer Administrators can search on, open, and export a deleted user's messages. 61

Glossary Active Mail Source A mail source that is actively ingesting messages from a mail server. Archive See Archived Messages Archive Compliance Officer A specific role assigned to a user for the express purpose of purging messages from the archive. Archive Retention Length The length of time that messages should be retained in the archive. Archived Messages The searchable online repository where your messages are stored. Associated Messages Email messages that have successfully been associated with a user. Authentication Occurs when the mail source logs into your mail server using the Mailbox Username and Password. 62

Glossary Connection Security Connection Security The encryption option used for retrieving emails from your mail server. Connectivity The ability of the mail source to communicate with your mail server. Historical Data Storage Archive space allocated specifically for historical messages. Historical Limit The maximum amount of historical data you can store in the archive. Historical Messages Historical messages include email messages that were saved outside of the normal ingest process, but now need to be stored in Email Archiving. Ingest The process of copying email from your mail server into the archive. Journal Mailbox The journal-enabled mailbox on your mail server. Journal Queue Emails on your server that are waiting to be added to the archive. Legal Hold A hold placed on the archive to retain messages past their expiration date for compliance and e-discovery purposes. 63

Glossary Mailbox Username Mailbox Username The login for the mail server used by a mail source configuration. Mail Source The journal mailbox as it is defined in Email Archiving. The mail source allows the system to communicate with your mail server for message ingest. Message Format The format of the email based on the mail server where it was originally stored. Usually a version of Exchange. Messages Email messages imported into Email Archiving. Msgs See Messages Nickname A unique name assigned to a mail source for easy identification. Poll A periodic check of the mail server by Email Archiving to identify email that is ready for ingest. Port The TCP port number of the journal mailbox on the email server. Protocol The protocol that the mail server supports. Typically IMAP. 64

Glossary Purge Purge The process for deleting select messages from the archive. Queue See Journal Queue Quiet Period Scheduled time during the day when Email Archiving should not ingest email messages from the mail server. Retention See Archive Retention Length Server Name The IP address or hostname of your mail server. Status A colored icon that describes the ability of your mail source to connect and ingest messages. Unassociated Messages Describes messages in your archive that are not associated with a user. These messages are only available to Customer Administrators. 65