Mindbreeze GmbH, A-4020 Linz, 2019.
All rights reserved. All hardware and software names used are registered trade names and/or registered trademarks of the respective manufacturers.
These documents are highly confidential. No rights to our software or our professional services, or results of our professional services, or other protected rights can be based on the handing over and presentation of these documents.
Distribution, publication or duplication is not permitted.
The term ‘user‘ is used in a gender-neutral sense throughout the document.
Before installing the Microsoft Exchange Connector ensure that the Mindbreeze Server is already installed and this connector is also included in the Mindbreeze license.
Execute the following power shell commands on the Microsoft Exchange server:
Get-Mailbox | Add-MailboxPermission -user <domain>\<user>
Or per mailbox database:
Get-MailboxDatabase -identity “Mailbox 1” |Add-ADPermission -user <domain>\<user> –accessrights GenericALL
The crawling user can read the mailbox of other users but he cannot send emails on behalf of these users. The crawling user should have read permission on user objects in AD in order to read the msexchmailboxsecuritydescriptor attribute containing mailbox permissions during crawling ACLs.
For better crawling performance its recommended to overwrite the default Throttling Policies (EWSFindCountLimit = 1000 , EWSMaxConcurrency =10) according to current infrastructure. Therefor a new Throttling Policy should be defined for service user.
New-ThrottlingPolicy -Name serviceUserPolicy -EWSFindCountLimit 1000
Set-Mailbox <domain>\<serviceuser> -ThrottlingPolicy serviceUserPolicy
Click on the “Indices” tab and then on the “Add new index” symbol to create a new index.
Enter the index path, e.g. “/data/indices/exchange/2”. Change the Display Name of the Index Service and the related Filter Service if necessary.
Add a new data source with the symbol “Add new custom source” at the bottom right.
A CachingLdapPrincipalResoution can be selected as the caching principal resolution service. It is then used to terminate a user's AD group membership when searching.
This information is important for the configuration of the connection with the Microsoft Exchange Server:
Hits of emails, attachments and calendars can be downloaded via the context menu.
To open a hit through Outlook Web Access, the “Outlook Web Access URL” must be configured and the option “Use Outlook Web Access” must be checked.
If the “Use Outlook Web Access Open as Default Action” option is selected, this action will be performed as a standard context action for every search result, i.e. the link of the hit opens Outlook Web Access.
To index only the objects within a given time interval, select the corresponding time unit from "Past Time Unit" options and enter the number of these time units in the "Number of Past Time Units" field. This time interval will shift after every delta run. During this process, new objects are indexed and older ones are deleted from the index.
To restrict the user search to the relevant primary user mailbox and public folders, select "Restrict to Primary Mailbox and Public Folder". This does not return hits from shared mailboxes and the shared folders of other users.
For Microsoft Exchange 2003 and 2007, it is necessary to re-index the Microsoft Exchange data source (if indices have already been created with a version prior to 2015 Spring Release). Delta indexing is not sufficient.
In this section, you can define settings that influence resource utilization on the Microsoft Exchange Server as well as on the Mindbreeze enterprise search server. The following parameters can be set:
The “dump requests/responses” field allows advanced debugging and logs queries and responses to the configured dump directory. With the preconfigured "On Error" option, log files are automatically created whenever an error occurs. With "Never" no dumps are generated and with "Always" they are generated for each request.
The “Dump Directory” field specifies a directory in which the dumps are stored. If no dump directory is configured, the dump feature is not available.
Note: Do not activate "Always" permanently in production mode.
If the installation is made on a Microsoft Windows Server, the Kerberos authentication of the current Mindbreeze Service user can also be used for the Microsoft Exchange Crawler. In this case the Service user must be authorized to access the Microsoft Exchange Web Services.
For installations under Linux, you can use the managementcenter to generate the keytab.
IMPORTANT: The keytab must contain the key of the abovementioned user. The keytab for the Client Service cannot be used here.
Generally speaking, problems with the indexing of Exchange data sources can be found first and foremost in the corresponding log files in the Mindbreeze log folder.
In the Mindbreeze base log folder there is a corresponding subfolder for the configured Exchange crawler which may, for example, be named as follows:
This contains a date subfolder for each crawl run with two log files:
If no credentials are configured in the Network tab under LDAP Settings , the crawler user credentials are used to connect to the LDAP server. The following message is logged in the log file if the credentials are wrong:
com.mindbreeze.enterprisesearch.ldapclient.LDAPQuery INTERNALWARNING: Unable to connect to ldap server <x> Invalid Credentials (49)
The crawler does not receive documents from Exchange and does not create a file list in the log file mindbreeze-dispatcher.csv.
Many error messages of the following type can be found in the log file log-mescrawler_launchedservice.log:
com.mindbreeze.enterprisesearch.connectors.exchange.ewsclient.callables.SOAPCallable WARNING: Call find folders of mailbox <x> - SOAP call: ERROR ErrorItemNotFound The specified object was not found in the store.
Problem description and solution:
Due to authorization problems, it is not possible for the service user to query folders from Exchange. See the section "Required authorizations for the crawling user" above.
In addition, you can send the following POST query to EWS via curl to check the authorization:
curl -X POST https://mail.mycompany.com/ews/exchange.asmx -v -H 'cache-control: no-cache' --ntlm -negotiate -u cr'<?xml version="1.0" encoding="utf-8"?>-type: text/xml' -d '
<t:RequestServerVersion Version="Exchange2010" />
<t:FieldURI FieldURI="folder:DisplayName" />