What's New in Retrospect – Retrospect Backup 19 + Retrospect Virtual 2022 + Retrospect Cloud Storage

Exchange Mailbox Guide

Getting Started

Introduction

This user guide aims at providing detailed information for backing up and restoring individual mail items stored in Microsoft Exchange Server with Retrospect Virtual Host Server, also known as the Mail-Level backup.

Mail-Level backup for Microsoft Exchange Server is not designed to fully protect an Exchange Server, but to facilitate easy backup and fast restoration of individual emails, contacts or calendars, etc. A Mail-Level restoration cannot fully recover the Information Store after a disaster.

Important: Mail-Level Backup must be utilized in conjunction with full Information Store Backup, in order to fully protect the Exchange Server.

MS Exchange Server in Data Availability Group (DAG)

Exchange Server in Data Availability Group (DAG) provides higher availability for mail items backup and restoration. The Microsoft Exchange Mailbox add-on module is available if you are using Exchange server 2010/2013/2016/2019.

Refer to the URL for more details.

Best Practices and Recommendations

You are strongly recommended to configure or check all the settings below before you proceed with the Exchange Mail-Level backup and restoration.

Retrospect Virtual Host Server Installation

The latest version of Retrospect Virtual Host Server must be installed on the Exchange Server hosting the database. For Exchange Server 2010/2013/2016/2019, Database Availability Group (DAG) backup option is available, please refer to Performing Mail-Level Backup for Microsoft Exchange 2010/2013/2016/2019 in Database Availability Group (DAG) for details.

Retrospect Virtual Host Server Add-On Module Configuration

Make sure the Microsoft Exchange Mailbox feature has been enabled as an add-on module in your Retrospect Virtual Host Server user account. Contact your backup service provider for more details.

image

Scheduled Backup for Exchange Server in Data Availability Group (DAG) Option

Scheduled backup is required if you choose to back up in DAG option, as Retrospect Virtual Host Server on all DAG members will base on the scheduled backup time to start backups on individual DAG member at the same time.

A DAG backup cycle is considered complete only when scheduled backup on all DAG members have been carried out. An email report will be generated when a complete DAG backup cycle is taken place.

Please keep in mind that manual backup will only be considered as individual mail-level backup, and therefore will not be counted as part of the DAG backup cycle.

Temporary Directory Folder

Temporary Directory folder is used by Retrospect Virtual Host Server for storing backup set index files and any incremental or differential delta files generated during a backup job. To ensure optimal backup/restoration performance, it is recommended that the temporary directory folder is located on a local drive with plenty of free disk space.

Mailbox Access Permission

The Active Directory account used for backup must have full access to the mailboxes. To grant full access right for the account, enter the following command in Exchange Management Shell.

Open the Exchange Management Shell by clicking Start > Microsoft Exchange Server > Exchange Management Shell.

Exchange Server 2007

Enter the following command in Exchange Management Shell

Get-MailboxServer | Add-ADPermission -User "%os_username%" -AccessRights GenericAll
 -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
%os_username% is the username of the operating system account for backup.

Example: granting permission to local account "system"

Get-MailboxServer | Add-ADPermission -User "system" -AccessRights GenericAll
-ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

Other useful commands:

  • To show added permission for an AD account

    Get-MailboxServer | Get-ADPermission -User "%os_username%"

    Example, to show added permission for local account "system"

    Get-MailboxServer | Get-ADPermission -User "system"
  • To remove permission from an AD account

    Get-MailboxServer | Remove-ADPermission -User "%os_username%" -AccessRights GenericAll
    -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Example, to remove permission from local account "system"

    Get-MailboxServer | Remove-ADPermission -User "system" -AccessRights GenericAll
    -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

    Reboot the Exchange Server after executing the command.

Exchange Server 2010 / 2013

Enter the following command in Exchange Management Shell

Get-Mailbox | Add-MailboxPermission -User "%os_username%" -AccessRights FullAccess
%os_username% is the username of the operating system account for backup.

Example: granting permission to local account "system"

Get-Mailbox | Add-MailboxPermission -User "system" -AccessRights FullAccess

Other useful commands:

  • Remove permission from an AD account

    Get-Mailbox | Remove-MailboxPermission -User "%os_username%" -AccessRights FullAccess

    Example:

    Get-Mailbox | Remove-MailboxPermission -User "system" -AccessRights FullAccess
  • To view the mailbox permission of a user

    Get-Mailbox | Get-MailboxPermission -User "%os_username%"

    Example:

    Get-Mailbox | Get-MailboxPermission -User "system"

    Reboot the Exchange Server after executing the command.

Membership Settings of the Operating System Account

The Active Directory account used for the backup must be a member of the following security groups.

Exchange Server 2007

  • Microsoft Exchange Security \ Exchange Organization Administrators

  • Microsoft Exchange Security \ Exchange Servers

  • Users \ Domain Admins

Exchange Server 2010 / 2013

  • Microsoft Exchange Security \ Organization Management

  • Users \ Administrator

  • Users \ Domain Admins

  • Users \ Enterprise Admins

Steps to check the current settings

  1. Click Start > Control Panel > Administrative Tools, and then click Active Directory Users and Computers.

  2. Browse to the organization unit containing the corresponding operating system account.

  3. Right click on the user, and select Properties.

  4. Select the Member Of tab to check on the membership setting.

Remote Exchange Management Shell

For setup on Exchange Server 2010 / 2013, Remote Exchange Management Shell must be enabled for the operating system account used for the backup.

Enter the following command in Exchange Management Shell to enable this feature.

>Set-User "%os_username%" -RemotePowerShellEnabled $True

Reboot the Exchange Server after executing the command.

Note: Remote Shell in Microsoft Exchange Server enables you to manage your server running Exchange.

Enabling Mailbox

Make sure the account for backup mailbox has been enabled. Follow the steps below to verify.

Exchange Server 2007 / 2010

  1. Click Start > Microsoft Exchange Server 2007/2010, and then click Exchange Management Console.

  2. Click to expand the Recipient Configuration menu tree, and then select Mailbox.

  3. Right click on the user and select Properties.

  4. Select the General tab to check the settings.

    Make sure the Hide from Exchange address lists box is not checked.

    image

    *Note*: A mailbox-enabled user is a Windows Active Directory user that has one or more Exchange Server mailboxes associated with it. Refer to the URL below for more information http://support.microsoft.com/kb/275636/en-us.

Exchange Server 2013

Refer to the following article from Microsoft for more details on how to check if an account is mailbox enabled. https://technet.microsoft.com/en-us/library/jj991919(v=exchg.150).aspx

Collaboration Data Objects (CDO) 1.2.1

The latest version of CDO must be installed on the Exchange Server for the mail-level backup job to work properly.

Download and install the latest version CDO via the URL below. If you already have CDO installed on the Exchange Server but are not sure if it is the latest version, you are recommended to uninstall the current version and re-install via the URL below.

Exchange Server 2007 / 2010

Exchange Server 2013

LAN Manager Authentication Level

Exchange Server 2013

The LAN Manager authentication level configured on the Exchange Server must be level 3 or above. Follow the steps below to check the settings.

  1. Click Start > Control Panel > Administrative Tools, and then click **Local Security Policy.

    image

  2. Under Security Settings, expand Local Policies > Security Options, then click Network security: LAN Manager authentication level.

  3. Make sure that the setting is configured to use NTLMv2, for example:

    • Send NTLMv2 response only

    • Send NTLMv2 response only. Refuse LM

    • Send NTLMv2 response only. Refuse LM & NTLM

      image

Windows PowerShell 2.0 Engine

Make sure the Windows PowerShell 2.0 Engine is installed.

Exchange Server 2013

To install the feature:

  1. Navigate to Server Manager > Manage, then select Add Roles and Features.

  2. On the Select installation type screen, select Role-based or feature-based installation.

  3. Select the target server.

  4. On the Select features screen, go to the Features option, check the box next to Windows PowerShell 2.0 Engine.

    image

Ensure that all MS Exchange related services have been started, particularly the MS Exchange Information Store and MS Exchange System Attendant Services.

To verify this setting, launch the Services menu by clicking Start then typing “Services” in the search box. All Exchange related services should be started by default, in case if it is not, turn it on by right clicking the item and then select Start.

+ image

IISAuthenticationMethods Setting

Verify if the IISAuthenticationMethods is set to Basic only. If so, change the setting with the commands below.

Exchange Server 2013

  1. Click Start > Microsoft Exchange Server > Exchange Management Shell.

  2. Enter the following command to check on the IISAuthenticationMethods setting:

    >Get-OutlookAnywhere
  3. If it is set to {Basic} only, enter the following command to modify the setting:

    >Set-OutlookAnywhere -Identity:"%Server%\Rpc (Default Web Site)" -IISAuthenticationMethods Basic,NTLM,Negotiate
  4. Reboot the Exchange server.

Connection to Exchange Management Shell (EMS) or Exchange Management Console (EMC)

Confirm on the connection to the Exchange Management Shell (EMS) or Exchange Management Console (EMC).

Ensure that the HTTP binding on the Default Web Site in Internet Information Services (IIS) is correctly configured by following the steps below.

  1. Click Start > Control Panel > Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. Navigate to Default Web Site, then right-click and select Edit Bindings.

    image

    1. Create a new binding that has no host name and a value of All Unassigned for the IP address.

      image

    2. Restart IIS.

.Net Framework 3.5 Features

If you are using Exchange server 2013 on Windows server 2012, please install .Net Framework 3.5 Features.

This feature can enabled by accessing Server Manager > Dashboard > Add Roles and Features Wizard > Feature Page.

+ image

Overview of MS Exchange Mail-Level Backup Process

The following steps are performed during an Exchange mail-level backup job:

image

Performing Mail-Level Backup for Microsoft Exchange 2007/ 2010/2013/2016/2019

Creating Mail-Level Backup Set for Microsoft Exchange 2007/ 2010/2013/2016/2019

  1. Click the Backup Sets icon on the main interface of Retrospect Virtual Host Server.

    image

  2. Create a new backup set by clicking the “+” icon next to Add new backup set.

  3. Select the Backup set type as MS Exchange Mail Level Backup. The system will automatically detect and select the Exchange Server version, make sure the version selected is correct. Name your new backup set and then click Next to proceed.

    image

  4. In the Backup Source menu, select the Mailbox Store for backup.

    You can click to expand the mailbox store to select which mailbox to back up. You can also click Show mails to select individual mail to back up. Click Next to proceed when you are done.

  5. In the Schedule menu, you can configure a backup schedule for backup job to run automatically at your specified time interval. Click Add to add a new schedule, then click Next to proceed when you are done setting.

    image

    *Note:* By default, a daily backup scheduled for 22:00 is created automatically.

  6. In the Destination menu, select a backup destination where the backup mail will be stored. Click the “+” icon next to Add new storage destination / destination pool.

    image

  7. Select the destination type and destination storage, then click OK to proceed.

    image

  8. Click Next on the Destination menu page to proceed.

    image

  9. By default, the Encrypt Backup Data option is enabled with an encryption key preset by the system which provides the most secure protection. You can also change the Encryption Type to Custom to set your own encryption key, key length, algorithm and method. Click Next to continue.

    image

  10. If you have enabled the Encryption Key feature in the previous step, the following pop-up window shows, whether you set the Encryption Type as Default or Custom.

    image

    The pop-up window has the following three options to choose from:

    • Unmask encryption key – The encryption key is masked by default. Click this option to show the encryption key.

      image

    • Copy to clipboard – Click to copy the encryption key, then you can paste it in another location of your choice.

    • Confirm – Click to exit this pop-up window and proceed to the next step.

  11. Enter the Windows login credentials for user authentication. Click Next to proceed.

    image

    1. The following screen shows when the new backup set is created successfully.

      image

    2. Click Backup now to start a backup immediately, or you can run a backup job later by following the instructions in Running Mail-Level Backup Job for Microsoft Exchange 2007/ 2010/2013/2016/2019.

Running Mail-Level Backup Job for Microsoft Exchange 2007/ 2010/2013/2016/2019

  1. Log in to Retrospect Virtual Host Server.

  2. Click the Backup icon on the main interface of Retrospect Virtual Host Server.

    image

  3. Select the backup set which you would like to start a backup for.

    image

  4. If you would like to modify the In-File Delta type, Destinations and Retention Policy settings, click Show advanced option.

    image

    image

  5. Click Backup to start the backup.

Performing Mail-Level Restoration for Microsoft Exchange 2007/ 2010/2013/2016/2019

Restoring Mail-Level Backup for Microsoft Exchange 2007/ 2010/2013/2016/2019

  1. In the Retrospect Virtual Host Server main interface, click the Restore icon.

  2. Select the backup set that you would like to restore mail from.

    image

  3. Select the backup destination that contains the mail(s) that you would like to restore.

    image

  4. Click to expand the menu tree to select which mailbox to restore. You can also select mail item(s) from a specific backup job or all mail items that you have backed up to restore. Click Next to proceed.

    image

  5. Select to restore the mail to their Original mailbox, or to an Alternate mailbox.

    • Restore to Original Mailbox

      Select the Original location option, then press Next to proceed.

      image

    • Restore to Alternate Mailbox

      You can choose to restore mailbox item(s) to another mailbox in the same Exchange server. Select the Alternate location option and the desired mailbox destination, then press Next to proceed.

      In addition, you can also restore mailbox item(s) to a different Exchange server of the same version. In this case, the restoration should be triggered by the Retrospect Virtual Host Server on the destination Exchange server.

  6. Select the temporary directory for storing temporary files, such as delta files when they are being merged, click Restore to start the restoration.

    image

  7. The following screen with the text Restore Completed Successfully shows when the restoration is completed.

    image

Performing Mail-Level Backup for Microsoft Exchange 2010/2013/2016/2019 in Database Availability Group (DAG)

License Requirement to Back up Exchange Mailboxes in DAG environment

Each member in the DAG requires separate license for Microsoft Exchange Mailbox Add-on Module. One license will be deducted from each installation of the Retrospect Virtual Host Server on the DAG environment. Please check with your backup service provider if more Microsoft Mailbox Add-On module is required.

Creating Mail-Level Backup Set for Microsoft Exchange 2010/2013/2016/2019 in Database Availability Group (DAG)

  1. Click the Backup Sets icon on the main interface of Retrospect Virtual Host Server.

    image

  2. Create a new backup set by clicking the “+” icon next to Add new backup set.

  3. Select the Backup set type as MS Exchange Mail Level Backup and choose the correct Exchange Server version with “Database Availability Group”. Name your new backup set and then click Next to proceed.

    image

  4. In the Backup Source menu, select the Mailbox Store for backup.

    You can click to expand the mailbox store to select which mailbox to back up, and then click Show mails to select individual mail to back up. Click Next to proceed when you are done.

  5. In the Schedule menu, you can configure a backup schedule for backup job to run automatically at your specified time interval. Click Add to add a new schedule, then click Next to proceed when you are done setting.

    image

  6. In the Destination menu, select a backup destination where the backup email will be stored. Click the “+” icon next to Add new storage destination / destination pool.

    image

  7. Select the destination type and destination storage, then click OK to proceed.

    image

  8. Click Next on the Destination menu page to proceed.

    image

  9. By default, the Encrypt Backup Data option is enabled with an encryption key preset by the system which provides the most secure protection. You can also change the Encryption Type to Custom to set your own encryption key, key length, algorithm and method. Click Next to continue.

    image

  10. If you have enabled the Encryption Key feature in the previous step, the following pop-up window shows, whether you set the Encryption Type as Default or Custom.

    image

    The pop-up window has the following three options to choose from: * Unmask encryption key – The encryption key is masked by default. Click this option to show the encryption key.

    + image

    +

    • Copy to clipboard – Click to copy the encryption key, then you can paste it in another location of your choice.

    • Confirm – Click to exit this pop-up window and proceed to the next step.

  11. Enter the Windows login credentials for user authentication. Click Next to proceed.

    image

  12. The following screen shows when the new backup set is created successfully. Backup will run automatically at the configured scheduled time.

    image

    You may click Backup now to start a backup immediately, however, manual backup will not be counted as part of the DAG backup cycle. For more information, refer to Scheduled Backup for Data Availability Group (DAG) Option.

  13. On all other Exchange Servers within the same DAG, open the Retrospect Virtual Host Server and click the same backup set, and make sure the Run scheduled backup for this backup set is turned on in the Backup Schedule menu. Make sure you save the setting before exiting the application.

    image

Performing Mail-Level Restoration for Microsoft Exchange 2010/2013/2016/2019 in Database Availability Group (DAG)

Pre-restoration requirements

Refer to the following steps to restore individual items to the active database on the relevant Microsoft Exchange server within the DAG.

The mail-level restoration should be performed on the active database only. You can identify the Exchange server with the active database from the Exchange Management Shell by following the steps below.

Type the following command in the Exchange Management Shell.

Get-MailboxDatabase | ft name, server

It will show which Exchange server is hosting the active mailbox database. In the following case, Mailbox Database 01 and 03 are hosted on EX1, while Mailbox Database 02 and 04 are hosted on EX2.

[PS] C:\>Get-MailboxDatabase | ft name, server
Name Server
Mailbox Database 02 EX2
Mailbox Database 01 EX1
Mailbox Database 03 EX1
Mailbox Database 04 EX2

When you can identify which Exchange server hosted the active database, you can logon to that Exchange server to restore the database.

Restoring Mail for Exchange Server in DAG

  1. In the Retrospect Virtual Host Server main interface, click Restore.

    image

  2. Select the backup set that you would like to restore mail from.

    image

  3. Select the backup destination that contains the mail that you would like to restore.

    image

  4. Click to expand the menu tree to select which mailbox to restore. You can also select mail item(s) from a specific backup job or all mail items that you have backed up to restore. Click Next to proceed.

    image

  5. Select to restore mail to their Original mailbox, or to an Alternate mailbox.

    • Restore to Original Mailbox

      Select the Original location option, then press Next to proceed.

      image

    • Restore to Alternate Mailbox

      You can choose to restore mailbox item(s) to another mailbox in the same Exchange server. Select the Alternate location option and the desired mailbox destination, then press Next to proceed.

      In addition, you can also restore mailbox item(s) to a different Exchange server with the same version of Exchange server installed. In this case, the restoration should be triggered by the Retrospect Virtual Host Server on the destination Exchange server.

  6. Select the temporary directory for storing temporary files, such as delta files when they are being merged, click Restore to start the restoration.

    image

  7. The following screen with the text Restore Completed Successfully shows when the restoration is completed.

    image

Technical Assistance

To contact Retrospect support representatives for technical assistance, visit the following website: https://www.retrospect.com/support.

To access Retrospect Knowledgebase, visit the following website: https://www.retrospect.com/support/kb.