Configuration settings for the Email Connector for Microsoft Exchange

Edit online

You can adapt settings for problem determination, retry, and logging as well as the credentials that are used for connecting to the Microsoft Exchange server. You can also determine the directories that are used for address book lookups.

General settings

Edit the following settings, if required:
Maximum number of mailboxes to be processed in parallel
This number determines the number of threads that are used to process mailboxes in parallel. When a collector is started, it resolves the source, such as the group or SMTP address, into a list of mailboxes. For each mailbox, a request to crawl the mailbox is added to a single job queue on which the specified number of crawler threads work. The number of crawler threads is independent of the number of collectors. Any number of collectors can add entries to this job queue.

The number of mailboxes processed in parallel has an impact on performance, not the number of collectors running in parallel. The greater the number of mailboxes processed in parallel, the higher is the stress on the mail system.

Number of log file copies to keep for problem determination
If a problem occurs with the connector processes, the connector copies its log files to a separate subdirectory of the log file directory for later analysis. The crash directory is a subdirectory of the support directory and contains as many subdirectories for failures as you define here. The name of the subdirectory for the failure information is the timestamp when the failure occurred, for example, <icclog>\support\crash\<timestamp>, where <icclog> is the path to the log file location. The Content Collector default path is C:\Program Files\IBM\ContentCollector\ctms\log on a 32-bit operating system and C:\Program Files (x86)\IBM\ContentCollector\ctms\log on a 64-bit operating system.
Retry interval
This is the time interval after which documents for which processing failed are processed again. However, documents with a permanent problem are not processed again.

The retry interval should not be smaller than the schedule interval of active task routes. For example, if the task route is configured to run every hour and the retry interval is even shorter, the maximum number of retries for an erroneous document might be reached before temporary error conditions can be detected.

Also consider the maintenance intervals of source and target servers, when you set the retry interval.

Maximum number of processing attempts
This setting defines how often a collector attempts to process documents again when the processing failed before. Limit the number of processing attempts so that an erroneous document is not processed over and over again. You can find details about the erroneous document under Tools > Blacklist.

The maximum number should not be lower than two, so that temporary errors do not prevent blacklisted documents from being successfully reprocessed.

Enable stubbing functions for CommonStore documents
Select this option to enable the stubbing functions for documents that were archived with IBM® CommonStore. Configure stubbing for CommonStore documents in the stubbing collector.
Log settings
Define the level of detail for logging events and the location where the log files are stored.

With the Truncate log files option, you configure multiple log files. Also specify the maximum number of log files to be created and the maximum size that a log file is allowed to reach. There is a dependency between the number of log files and the size that each log file can have. As soon as the first log file reaches this size level, a new log file is created. When the maximum number of log files has been reached, and all log files have also reached their maximum size, the oldest log file is overwritten with a new one. This is also known as the round-robin method. If you do not select to configure multiple log files, a single log file of unlimited size is written.

Working directory
Specify the full path to the directory in which you want to save temporary files. These files are created by collectors and provide the basis for further processing steps in a task route. The path must contain no other characters than a-z, A-Z, and 0-9 of the Latin-1 character set.
Important: The working directory must be a local directory on a separate and fast disk and not on a shared network drive. If you use a shared network directory as working directory, this will decrease performance significantly.

Connection settings

To be able to connect to an email server, the host name of that server must be known to Content Collector. Select Automatic configuration to have Content Collector automatically determine the host name of the Microsoft Exchange Server based on the credentials that you specify in the Credentials section. Alternatively, you can manually provide the fully qualified host name of the Microsoft Exchange mail server for Microsoft Exchange 2007 or of the Microsoft Exchange Server that has the CAS Role (CAS Server) for Microsoft Exchange 2010 or 2013.

You can select to open mailboxes or public folders or both with privileged access if the account running the Content Collector Email Connector service and the Content Collector Web Application service has the following Exchange administrator rights:
Microsoft Exchange 2007
The account requires the Exchange Organization Administrator role or Exchange Server Administrator role for all Microsoft Exchange mail servers that host the mailboxes to be archived or the trigger mailbox.
You can use the Exchange Management Console to apply an administrator role to an account.
Microsoft Exchange 2010 or 2013 or 2016
The account must be a member of the Exchange built-in role group Organization Management.
Microsoft Exchange Online
Note: The Automatic configuration option is not applicable and so, disabled.
  • You need to manually provide the proxy name of the Exchange Online mail server, which automatically redirects to a dedicated Exchange server on the Microsoft cloud network based on the user mailbox details provided as a User ID.
  • You cannot open mailboxes or public folders or both, with privileged access so, the following options are disabled:
    • Open mailboxes with privileged access
    • Open public folders with privileged access
Microsoft Exchange Hybrid
Note: The Automatic configuration option is not applicable and so, disabled.
  • You need to manually provide the proxy name of the Exchange Online mail server.
  • On-premises mailboxes: You can open mailboxes with privileged access only if the mailconnector user has the Exchange Administrative permissions.
  • If a user does not have administrative permissions, 'Full Access' rights are required for accessing the desired mailbox.

Common information:

If a user account does not have Exchange administrator rights, it requires the following access rights:
  • For opening mailboxes: 'Full Access' permission to the mailboxes to be archived and to the trigger mailbox
  • For opening public folders: 'Editor' permission for the public folders to be archived and 'Reviewer' permission to the parent folders
Note: A user account cannot be given Exchange administrator rights in case of an Microsoft Exchange Online system.

To archive messages from personal folders (PST files), the account does not require specific access rights unless you use the EC Copy to Mailbox task to copy the message stubs from the PST to a mailbox. In this case, the account must have Exchange administrator rights or full access permission on the mailbox that is associated with the PST.

The Email Connector automatically detects whether to use RPC or RPC over HTTP to connect to Microsoft Exchange. When connecting to Microsoft Exchange 2013 and later, RPC over HTTP is used. In this case, you can enforce an SSL connection.

When the IBM Content Collector Email Connector service accesses the Microsoft Exchange Server, the number of concurrent requests per process is restricted, which limits the throughput. For better throughput, the IBM Content Collector Email Connector service can create multiple child processes, where each process runs with its own set of credentials. In the Credentials section, specify a list of credentials for that purpose. The Email Connector then creates a process for each of the specified user accounts. However, each process adds to the load on both the Content Collector Server and the Microsoft Exchange Server. Therefore, consider carefully how many processes you actually need to achieve better performance.

If you selected automatic configuration of the server host name, specify at least the credentials of the user who runs the IBM Content Collector Email Connector service. When you add credentials to the list, enter the user ID in user principal name (UPN) format, which is an Internet-style name format similar to the SMTP format (iccuser@mycompany.com). The specified user accounts must all have the same access rights, which must include the following rights in addition to the previously mentioned Exchange access rights:
  • Adjust memory quotas for a process (authorization constant SeIncreaseQuotaPrivilege)
  • Bypass traverse checking (authorization constant SeChangeNotifyPrivilege)
  • Log on as a batch job (authorization constant SeBatchLogonRight)
  • Log on as a service (authorization constant SeServiceLogonRight)
  • Replace a process level token (authorization constant SeAssignPrimaryTokenPrivilege)

Active Directory settings

When Content Collector archives an email, the email needs to be associated with the correct email user so that the mailbox of this user can be identified when the email is stubbed or restored. Because a user can have several email addresses, a lookup is performed to identify the user and associate the email with a unique ID or account.

Therefore, specify the Active Directory that you want to use to resolve data in email recipient fields.
Tip: Make sure that the machine that runs the Content Collector server is part of the Active Directory domain. Otherwise the Email Connector might fail.
Note:
  • The Active Directory settings are disabled when Microsoft Exchange Online mailbox users are managed by Azure Active Directory, and there is no synchronization between the Exchange Online Azure Active Directory and a local Active Directory.
  • A Microsoft Exchange Hybrid system requires the Local Active Directory be in synchronization with Azure Active Directory. Therefore, a Local Active Directory is used and the corresponding settings are enabled, and can be configured.
Select the type of Active Directory server to use:
  • The domain default server is one of the Active Directory servers to which the DNS lookup of the domain name resolves. If there are several Active Directory servers, Content Collector picks one of them.
  • The user-defined server can be any other global catalog server. In this case, provide the following information:
    • The fully qualified host name of the Active Directory server. The global catalog must be enabled on that server.
    • The LDAP port, which is the port number for communication with the specified domain server. This is the default domain server of the domain that the specified global catalog server belongs to.
    • The global catalog port, which is the port number for network communication with the specified global catalog server.

Specify the credentials for accessing the Active Directory server. Validate your entries to ensure that you entered the correct credentials.

Processing options

The following advanced processing options are available:
Retrieve user IDs of internal recipients and senders from Active Directory
FileNet® Email Manager retrieved the email metadata properties To User ID, CC User ID, and BCC User ID for internal recipients and senders from the Active Directory. These properties can be used, for example, to set permissions in FileNet P8. Select this option to retrieve these properties in Content Collector as well. For users, the Email Connector retrieves the sAMAccountName. For groups, it retrieves the CommonName (CN). Enabling this option might affect performance of the Email Connector.
Note:
  • The processing option is disabled when Microsoft Exchange Online mailbox users are managed by Azure Active Directory and there is no synchronization between the Exchange Online Azure Active Directory and a local Active Directory.
  • The processing option is supported only when Content Collector is configured with Microsoft Exchange Hybrid.
When processing journal reports for IRM-protected messages, process the original encrypted message even if a clear-text copy is available

If Information Rights Management (IRM) and journal report decryption are enabled in your Microsoft Exchange environment, journal report messages contain a clear-text copy of IRM-protected messages along with the original IRM-protected message. Depending on the setting of this option, IBM Content Collector processes the encrypted message or the clear-text message.

If you select to process the original encrypted message, the message is deduplicated with copies of the same message in user mailboxes, but the content cannot be indexed and made available for search. If you do not select this option, thus choose to process the clear-text copy of the encrypted message, a unique instance of the message is stored in the archive. As a result, the message is not deduplicated with copies of the same message in user mailboxes, but the content can be indexed and made available for search.

Select which messages are treated as journal reports
In some cases, IBM Content Collector might not recognize all envelope journal messages and might treat some journal messages as normal messages. Use this option to determine which messages should be treated as journal reports.
Setting Description
Automatic IBM Content Collector attempts to detect whether a message is a journal report message.
All All messages are treated as journal reports.
Based on format All messages that contain exactly one embedded message attachment are treated as journal reports.