====== Requirements ======
----
{{INLINETOC}} \\
===== CloudBacko Pro Installation =====
----
The latest version of CloudBacko Pro must be installed on the MS Exchange Server hosting the mailbox database.
For backup of mailboxes on MS Exchange Server 2010/2013 Database Availability Group (DAG), ensure the same CloudBacko Pro version is installed on all member servers.
For MS Exchange Server 2010/2013, Database Availability Group (DAG) backup option is available.
===== Scheduled Backup for Exchange Server in Data Availability Group (DAG) Option =====
----
Scheduled backup is required if you choose to backup MS Exchange server 2010/2013 setup in DAG option, as CloudBacko Pro on all DAG members will use the scheduled backup time to start backups on all individual DAG members at the same time.
An MS Exchange server 2010/2013 DAG backup cycle is considered complete only when scheduled backup on all DAG members have been run successfully. A backup report will be generated and emailed to the recipients when a complete MS Exchange server 2010/2013 DAG backup cycle has taken place.
Please keep in mind that manual backup will only be considered as individual mail level backup, and therefore will not be counted as part of the DAG backup cycle.
===== Temporary Directory Folder =====
----
The Temporary Directory folder is used by CloudBacko Pro for storing backup set index files and any incremental or differential delta files generated during a backup job. To ensure optimal backup/restoration performance, the temporary directory folder is located on a local drive with plenty of free disk space.
===== Backup Source =====
----
Ensure “Hide from Exchange address list” is unchecked for user mailboxes, otherwise the mailbox will not be visible in the CloudBacko Pro backup source and therefore cannot be selected for backup.
{{public:cloudbacko_module_exchange_2007_mail_03a.png}}
===== Mailbox Access Permission =====
----
The Active Directory account used to authenticate the backup must have full access to the mailboxes. To grant full access right for the account, enter the following command in Exchange Management Shell.
Open the Exchange Management Shell by clicking Start > Microsoft Exchange Server > Exchange Management Shell.
==== Exchange Server 2007 ====
----
Enter the following command in Exchange Management Shell
Get-MailboxServer | Add-ADPermission -User "%os_username%" -
AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
where %os_username% is the username of the operating system account for backup.
Example: granting permission to local account "system"
Get-MailboxServer | Add-ADPermission -User "system" -
AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
Other useful commands:
1. To show added permission for an AD account
Get-MailboxServer | Get-ADPermission -User "%os_username%"
Example, to show added permission for local account "system"
Get-MailboxServer | Get-ADPermission -User "system"
2. To remove permission from an AD account
Get-MailboxServer | Remove-ADPermission -User "%os_username%" - AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
Example, to remove permission from local account "system"
Get-MailboxServer | Remove-ADPermission -User "system" - AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All
Reboot the Exchange Server after executing the command.
==== Exchange Server 2010 / 2013 ====
----
Enter the following command in Exchange Management Shell
Get-Mailbox | Add-MailboxPermission -User "%os_username%" -AccessRights FullAccess
Example: granting permission to local account "system"
Get-Mailbox | Add-MailboxPermission -User "system" -AccessRights FullAccess
Other useful commands:
1. Remove permission from an AD account
Get-Mailbox | Remove-MailboxPermission -User "%os_username%" -AccessRights FullAccess
Example:
Get-Mailbox | Remove-MailboxPermission -User "system" -AccessRights FullAccess
2. To view the mailbox permission of a user
Get-Mailbox | Get-MailboxPermission -User "%os_username%"
Example:
Get-Mailbox | Get-MailboxPermission -User "system"
Reboot the Exchange Server after executing the command.
===== Windows User Account Permission =====
----
The Active Directory account used to authenticate the backup must be a member of the following security groups.
==== Exchange Server 2007 ====
----
* Microsoft Exchange Security \ Exchange Organization Administrators
* Microsoft Exchange Security \ Exchange Servers
* Users \ Domain Admins \\ {{public:cloudbacko_module_exchange_2007_mail_04a.png?640}}
==== Exchange Server 2010 / 2013 ====
----
* Microsoft Exchange Security \ Organization Management
* Users \ Administrator
* Users \ Domain Admins
* Users \ Enterprise Admins \\ {{public:cloudbacko_module_exchange_2007_mail_05a.png?640}}
==== Steps to check the current settings ====
----
- Click Start > Control Panel > Administrative Tools, and then click Active Directory Users and Computers.
- Browse to the organization unit containing the corresponding operating system account.
- Right click on the user, and select Properties.
- Select the Member Of tab to check on the membership setting.
===== Enabling Mailbox on Windows User Account =====
----
Make sure the Windows account used to authenticate the backup has a mailbox enabled. Follow the steps below to verify.
==== Exchange Server 2007 / 2010 ====
----
- Click Start > Microsoft Exchange Server 2007/2010, and then click Exchange Management Console.
- Click to expand the Recipient Configuration menu tree, and then select Mailbox.
- Right click on the user and select Properties.
- Select the General tab to check the settings. Make sure the Hide from Exchange address lists box is not checked. \\ {{public:cloudbacko_module_exchange_2007_mail_06a.png?640}} \\ **Note:** A mailbox-enabled user is a Windows Active Directory user that has one or more Exchange Server mailboxes associated with it.
==== Exchange Server 2013 ====
----
Refer to the following article from Microsoft for more details on how to check if an account is mailbox enabled.
[[https://docs.microsoft.com/en-us/exchange/create-user-mailboxes-exchange-2013-help]]
===== Remote Exchange Management Shell =====
----
For setup on MS Exchange Server 2010 / 2013, the Remote Exchange Management Shell must be enabled for the operating system account used for the backup.
Enter the following command in Exchange Management Shell to enable this feature.
>Set-User "%os_username%" -RemotePowerShellEnabled $True
Reboot the Exchange Server after executing the command.
Remote Shell in Microsoft Exchange Server enables you to manage your server running Exchange.
===== Collaboration Data Objects (CDO) 1.2.1 =====
----
The latest version of CDO must be installed on the Exchange Server for the mail level backup job to work properly.
Download and install the latest version CDO via the URL below. If you already have CDO installed on the Exchange Server but are not sure if it is the latest version, you are recommended to uninstall the current version and re-install via the URL below.
==== Exchange Server 2007 / 2010 ====
----
Exchange Server with MS Outlook 2007
[[https://www.microsoft.com/en-us/download/details.aspx?id=3671]]
Exchange Server without MS Outlook 2007
[[https://www.microsoft.com/en-gb/download/details.aspx?id=42040]]
==== Exchange Server 2013 ====
----
[[https://www.microsoft.com/en-gb/download/details.aspx?id=42040]]
===== LAN Manager Authentication Level =====
----
==== Exchange Server 2013 ====
----
The LAN Manager Authentication level configured on the Exchange Server must be level 3 or above. Follow the steps below to check the settings.
- Click Start > Control Panel > Administrative Tools, and then click Local Security Policy. \\ {{public:cloudbacko_module_exchange_2007_mail_07a.png?640}}
- Under Security Settings, expand Local Policies > Security Options, then click Network security: LAN Manager authentication level.
- Make sure that the setting is configured to use NTLMv2, for example:
- Send NTLMv2 response only
- Send NTLMv2 response only. Refuse LM
- Send NTLMv2 response only. Refuse LM & NTLM \\ {{public:cloudbacko_module_exchange_2007_mail_08a.png?640}}
===== Windows PowerShell 2.0 Engine =====
----
Make sure the Windows PowerShell 2.0 Engine is installed.
==== Exchange Server 2013 ====
----
To install the feature:
- Navigate to Server Manager > Manage, then select Add Roles and Features.
- On the Select installation type screen, select Role-based or feature-based installation.
- Select the target server.
- On the Select features screen, go to the Features option, check the box next to Windows PowerShell 2.0 Engine. \\ {{public:cloudbacko_module_exchange_2007_mail_09a.png?640}}
===== MS Exchange related Windows Services =====
----
Ensure that all MS Exchange related services have been started, particularly the MS Exchange Information Store Services.
To verify this setting, launch the Services menu by clicking Start then typing “Services” in the search box. All Exchange related services should be started by default, in case if it is not, turn it on by right clicking the item and then select Start.
{{public:cloudbacko_module_exchange_2007_mail_10a.png?640}}
===== MS Exchange Database Status =====
----
Ensure the MS Exchange Mailbox and Public Folder databases are mounted.
Example: MS Exchange 2010 \\ {{public:cloudbacko_module_exchange_2007_mail_11a.png?640}}
Example: MS Exchange 2013 \\ {{public:cloudbacko_module_exchange_2007_mail_12a.png?640}}
===== IISAuthenticationMethods Setting =====
----
Verify if the IISAuthenticationMethods is set to Basic only. If so, change the setting with the commands below.
==== Exchange Server 2013 ====
----
- Click Start > Microsoft Exchange Server > Exchange Management Shell.
- Enter the following command to check on the IISAuthenticationMethods setting: >Get-OutlookAnywhere
- If it is set to {Basic} only, enter the following command to modify the setting:>Set-OutlookAnywhere -Identity:"%Server%\Rpc (Default Web Site)" -IISAuthenticationMethods Basic,NTLM,Negotiate
- Reboot the Exchange server.
===== Connection to Exchange Management Shell (EMS) or Exchange Management Console (EMC) =====
----
Confirm on the connection to the Exchange Management Shell (EMS) or Exchange Management Console (EMC).
Ensure that the HTTP binding on the Default Web Site in Internet Information Services (IIS) is correctly configured by following the steps below.
- Click Start > Control Panel > Administrative Tools, and then click Internet Information Services (IIS) Manager.
- Navigate to Default Web Site, then right-click and select Edit Bindings. \\ {{public:cloudbacko_module_exchange_2007_mail_13a.png?640}}
- Create a new binding that has no host name and a value of All Unassigned for the IP address. \\ {{public:cloudbacko_module_exchange_2007_mail_14a.png?640}}
- Restart IIS.
===== Net Framework 3.5 Features =====
----
If you are using Exchange server 2013 on Windows server 2012, please install .Net Framework 3.5 Features.
This feature can be enabled by accessing Server Manager > Dashboard > Add Roles and Features Wizard > Feature Page.
{{public:cloudbacko_module_exchange_2007_mail_15a.png?640}}