Exchange Backup and Restore Article
| 17 March 2010
Introduction and overview
This article will explain how to perform the more common Exchange DR procedures including the use of Recovery Storage Groups (RSG). Generally I will be working with the available Microsoft tools, however, where things can be improved by doing so I will mention relevant third party tools. So let’s dive straight in with a quick look at the fundamentals of Exchange backups.
One of the most important things to realise about Exchange backups is that Exchange data is not just like any other file data. Exchange data is stored in a database with transaction logs and therefore cannot be simply copied to tape while Exchange is running for backup purposes. Although you can perform “Offline” backups by shutting down Exchange and copying the databases and logs you miss out on several important checks. For example, no consistency checking is done and to no automatic log replay will occur whilst restoring. This is why when Microsoft designed Exchange they included a backup API which allows much simpler and more reliable backup and restore of Exchange. On-line backup operations are fundamental to Exchange Server and enable you to back up databases without shutting down the entire server to perform a file-by-file type backup (off-line backup).
While backup operations are in progress, all services continue to operate, and users can access their data on the Exchange server. Database pages that are cached in memory in the information store buffer pool continue to be updated and pushed to the database on disk. Transactions also continue to be written to the transaction log files, and the checkpoint file continues to advance. When performing a backup using an Exchange Backup API aware application (like the version of NTBackup that comes with Exchange) every page of the database is checked for consistency and the backup will not complete if this is not the case (See here for more info about 1018 errors which occur when you have corrupt pages: http://support.microsoft.com/kb/314917). Not only this, but when restoring a database Exchange will automatically replay any additional transactions logs required to get the database back to a consistent state.
Therefore as you can see, “Online” backups are really the only sensible solution for backing up Exchange and are all that will be covered in this article. The one exception to this rule is that when you are about to perform any major work to an Exchange server such as installing a service pack or doing a restore, it doesn’t hurt to have an offline copy of the database and log files as an option of last resort!
Scenarios to be covered
Having covered the basics of backups here is a list of the scenarios from which it is important that you can recover:
This Article
· Mail message lost
· Mailbox lost
· Mailbox store lost/corrupted
Other articles on MMMUG - http://www.mmmug.co.uk/articles
· Public folder message lost
· Public folder lost
· Exchange Incremental and Differential backups
Mail message lost
You get a call from a user;
“I’ve just realised that I urgently need a mail that I deleted a few days ago. Can you help?”
First you would ask the user to check their deleted items folder! However, if the mail is not there, at this point you make a couple of quick checks before asking the user an important question. The checks you make are as follows;
1. Open ADUC and locate the user
2. Display the properties of the user
3. Select the “Exchange General” tab
4. Make a note of the users “Mailbox Store” value
5. Next open ESM and navigate to the relevant mailbox store
6. Right click the store and select “Properties”
7. On the “Limits” tab check in the “Deletion settings” area for the number of days that deleted items are retained for.
Having gathered the above information you must now ask the user how long ago they deleted the item. If it was less time that the deleted items retention period then you are in luck and should direct the user as follows;
1. In Outlook highlight the “Deleted Items” folder
2. Select the tools menu and click “Recover Deleted Items”
3. In the window that opens locate the relevant mail and highlight it
4. To restore the mail to the deleted items folder click the “Recover Selected Items” button, second in from the left.
5. At this point the user can move the item from the deleted items folder to any folder of their choice.
So what to do if the item was deleted longer ago than the deleted items retention period? Well then you move onto the next scenario; Mailbox Lost. The reason to move onto mailbox lost instead of just message lost is because in order to recover a single message you must restore the entire mailbox first.
Mailbox Lost
There are a couple of takes on this scenario. First, if a mailbox is accidentally deleted either by deleting the user using ADUC or by deleting the mailbox using the “Exchange Tasks” section of either ADUC or ESM this will result in the mailbox being orphaned, that is so long as the deleted mailbox retention period is turned on on the properties/limits page of the mailbox database. In this case, you can make use of the Mailbox Recovery Center in the tools section of ESM. Note that the mailbox will not be marked as orphaned until the Mailbox Cleanup Agent (MCA) has run. The MCA runs automatically as part of the standard nightly maintenance process, but to force it to run and show you disconnected mailboxes, select the mailbox store, open it and select the “mailboxes” folder, right click it and select “Run Cleanup Agent”. To use the Mailbox Recovery Center (MRC) proceed as follows;
1. First locate the store with the disconnected mailbox
2. Next right click the Mailbox Recovery Center and select “Add Mailbox Store”
3. In the standard AD object type window which opens type the name (or the beginning of the name) of the mailbox store and click “Check Names”.
4. Select the relevant store from the list and click “OK” twice
5. You will then see the mailboxes that need reconnecting marked with a red cross
6. Now either restore the user using your AD restore tools (http://www.windowsitpro.com/Article/ArticleID/41576/41576.html) or create a new user with the same name remembering not to create a mailbox when prompted.
7. Move back to ESM and the MRC and right click the relevant mailbox and select “Find Match”, run through the resulting wizard.
8. On completion again right click the relevant mailbox and select “Resolve Conflicts”. This will start a wizard which shows you what the previous wizard found as possible options to reconnect the mailbox to.
9. Finally right click the relevant mailbox for the last time and select “Reconnect”. This will reconnect the mailbox to the user selected in the previous wizard.
Where this tool really comes into its own is when you have had to restore a mailbox store to a different Exchange server or storage group than the one it came from. In this case all the users’ “homeMDB” attributes will be pointing to the wrong place so there mailboxes will be marked as disconnected. You can run through the steps above for all the mailboxes to reconnect them all in one go.
The second take on the mailbox lost scenario is as follows. If a mailbox is accidentally deleted and the deleted mailbox recovery period has expired or was never on in the first place, then the mailbox will have been purged. This also follows on from our first scenario where a single item needs restoring but is not in the deleted items recovery location, the dumpster. In this scenario the only option is to restore from backup.
As this is the first scenario where an actual backup is required I will take a few moments to outline the options and requirements in detail. They will then be assumed for the following scenarios unless stated otherwise.
First, take a look at the permissions required to take and restore Exchange backups. The account used to take backups must be a “Domain backup operator”. To restore you must also be an “Exchange Full Administrator”. Note that you should make use of the Runas command so as not to log on as an Administrative account unless absolutely necessary. This can be done by “shift-right clicking” the NTBackup executable and selecting Run As and then entering suitable credentials.
As mentioned above online backup will;
· Perform consistency check which takes place as follows. For every page (4KB in size in 2003 and earlier and 8KB in size with Exchange 2007) Exchange creates a checksum when the page is written and stores it with the page. When the backup API accesses a page for backup the checksum is calculated and compared with the original checksum. If they do not match the procedure is retried. If they don’t match for a second time then the backup with fail and an 1018 error will be logged in the event log.
· Truncate logs depending on the backup type; see below:
Backup types and Exchange:
It is possible to make Full, Incremental and Differential backups of Exchange using the Exchange backup API. Below I outline the differences between the three types of backup.
· A full backup will backup any stores selected in their entirety and will then truncate the logs leaving on the E00.log file and the most recent log. This is the simplest method of backup but that simplicity is offset by the fact that the time taken to backup can be long.
· Incremental backups simply backup the transaction logs. They also truncate the logs leaving only the E00.log file and the most recent log. Backups are therefore very quick however to restore all incremental backups are required which increased the chance that the restore could fail due to faulty media.
· Differential backups again backup only the transaction logs but this time instead of truncating the logs all logs are left in place. This makes backups slightly longer than incremental backups but means that only the original full backup followed by the latest differential backup is required to restore.
So for small Exchange shops the full backup is the way to go. In fact anytime you have enough speed on your backup solution to do full backups then that is what I would recommend. If the backup window simply isn’t long enough then look into using differential backups to speed things up. A third option would be to consider a snapshot based backup tool which is something I may discuss in a future article.
So now we understand the basics lets get started with taking our backup.
1. Run NTBackup
2. If this is the first time you have run NTBackup then remove the checkbox next to “Always start in Wizard mode” and then click on the “Advanced Mode” link.
3. Once in the main windows select the “Backup” tab
4. Locate the “Microsoft Exchange Server” object in the left hand pane
5. Drill down to “Microsoft Information Store” and check the check box. This will ensure all exchange databases on the server are backed up.
6. In the lower section of the window select a backup location, either to tape if you have a tape drive or, as in the instance above to a file on a connected hard drive or network drive.
7. Next click “Start Backup” to open the window below.
8. Select “Replace the data on the media with this backup” and then click “Start Backup” to actually begin the backup.
9. If prompted to overwrite media then click “yes”.
10. Throughout the backup, progress will be noted in the windows below
11. Once the backup completes click “Report” to view the backup report and then click “Close”.
Having completed the steps laid out above, you are now prepared to help the user whose lost item can’t be restored from the dumpster or whose entire mailbox has been lost. In fact you are also ready for most restore operations short of restoring an entire server. Before you think about restoring the user his item you must first understand exactly what is required.
As I mentioned earlier, by default the version of NTBackup that comes with MS Exchange doesn’t give you the ability to restore just a single mail item. In fact neither does it give you the ability to restore a single mailbox! Therefore in order to get back that single mail or for that matter single mailbox, you have to make use of one of Exchange 2003s most welcome backup features; the Recover Storage Group (RSG). The RSG is an extra storage group used only for backups that you can add to and Exchange 2003 server even if it has used is full complement of production storage groups. You can then restore the relevant mailbox store to it and recover the lost item or mailbox. So let’s get started:
1. First open ESM and navigate to the server which you want to restore onto.
2. Right click the server and select “New” and then “Recovery Storage Group”
3. Give the RSG a name and verify that you have enough space in the location where the files will be stored to restore the database you need to restore.
4. Click “OK”
5. Next right click the RSG and select “Add database to recover”
6. In the next window select the DB and click “OK” (Note that you can restore DBs from earlier Exchange version here too)
7. The next window you see will show the storage location for the DB you are about to restore. So long as you are happy there will be enough space to do the restore click “OK”
8. Now open NTBackup and select the “Restore and Manage Media tab”
9. Drill down until you find the relevant backup and check the box next to the mailbox store to restore.
10. Next click “start restore” and you will see a window as below.
11. Enter a location for the temporary restore of logs and patch files. Click Last Restore Set (so long as this is a full backup. (See http://www.mmmug.co.uk/content/ArticleList.aspx for restore of differential and incremental backups). Next click “OK”
12. The restore will start. Once it is complete click close and return to ESM to check the results.
13. Right click on the mailbox store under the RSG and click “Mount Store”. Then refresh the view. You should now be able to drill down and see the mailboxes in the mailbox store.
14. Right click the mailbox which you need to either restore completely or recover and item from. Select “Exchange Tasks”
15. In the Wizard that opens click “Next”. You should then see a windows like below. Select “Recover Mailbox Data” and click “Next”
16. Click “Next” again.
17. In the window shown below you will see that you now have two choices. You can either merge the data recovered back into the users’ mailbox or you can create a subfolder in the mailbox and put all info back in there.
18. The next window allows you to schedule the restore to occur at a time of your choice. To start now click “Next” followed by next.
19. Click “Finish” to close the wizard.
At this point you must speak to the user and inform him that his data has been restored. If you opted to merge the data then any items not found in the mailbox when the restore was done will have returned. If you opted to “Copy Data” then the user will find a new folder in his mailbox. The user can then select the required item and delete the rest.
One important thing to note about the about procedure is that it relies on the Exmerge technology which is built into the Exchange Recover Mailbox Data wizard. Unfortunately, this means that it cannot deal with restoring entire mailboxes larger the 2GB limit imposed by the use of the ANSI format. Of course this wouldn’t be a problem with restoring a single item.
The final variance of the above scenario is if the mailbox and user have actually been deleted and purged from AD and Exchange. In this case a little more work is required to make use of the RSG to restore the data. You must follow the procedure as above but once you have restored the relevant Exchange DB to the RSG you need to consider where and how to attach the MB to a user.
The method of creating a new user and mailbox with the same name will not work because the MB in the RSG is actually linked to the original MB by GUID. All mailboxes have a Globally Unique Identifier which Exchange matches with the one restored to the RSG if they are not the same then the linkup will not be possible. This is what allows Exmerge to log onto the disconnected mailbox in the RSG and extract data from it. As you can see this causes a problem if the original mailbox (or the user it was attached to) has been deleted/purged. However, this doesn’t mean that the RSG is not useful in this case.
So in this case you will need to follow the procedure outlined below as follows:
1. Create a new storage group by right clicking on the server and selecting “New” / “Storage Group”.
2. Next name the group see the screen shot below
3. Next click “OK”
4. Then select the new Storage group and right click. Select “New” / “Mailbox Store”
5. Name the store and click the “Database” tab
6. Ensure that the DB names match the DB names of the files restored to the RSG.
7. Next click “OK”
8. Now mount (if it is not already) and then dismount the RSG database to leave it in a consistent state. Do this by right clicking the DB under the RSG and selecting “Dismount”. This ensures that the DB is in a consistent state. You could also check by running ESEUTIL /mh dbname.edb.
9. Once it has dismounted copy the DB files from their current location to the location of the new MB store you just created.
10. Next on the properties page for the DB you just created locate the DB tab
11. Select the check box next to “This Database can be overwritten by a restore”
12. Click “OK”
13. Mount the DB
14. Under the DB node, locate the relevant mailbox (which should show as disconnected).
15. You can now use the procedure outlined above to reconnect the mailbox to an account of your choice. The required items can then either be exported with Exmerge or exported to a PST file through Outlook.
In all the basic scenarios we have covered so far (the loss of a single mail or mailbox) third party tools could potentially save you time over the native NTBackup. This is because third party tools can often make “brick level” backups which allow you to restore single mail items or single mailboxes without restoring the whole mailbox store. This can therefore save time when the mailbox store is large and therefore take a long time to restore fully. Of course there is a trade off with the convenience of being able to restore single items easily and that is that brick level backups put a great load on your Exchange server and take a very long time to complete as they are effectively opening every single item on the server to back it up!
The final scenario we will cover in this article is what happens if you have a problem with an entire database. For example, if your DB won’t mount or you get 1018 errors what should you do? If this happens you will need to recover the entire DB from the most recent backup and then roll forward to the time of failure by replaying the transaction logs into the DB. This replay of transaction logs is why it is so important that you keep the logs and DBs on different drives. If you have a failure of your DB drive then you can restore that from backup. If the logs are on a separate drive, then any logs that haven't been committed to the DB when the DB drive crashed will be replayed into the DB when it is restored. If your logs are on the same drive then they would have been lost so you would only get the data back up until the last backup point.
So, here are the steps in detail:
1. Ensure that the information store and system attendant services are running.
2. Next, if it is still mounted, dismount the store to be recovered
3. Now open NTBackup and select the “Restore and Manage media” tab
4. In the left hand pane, drill down and locate the last good backup.
5. Select both the “Log Files” and the “Mailbox Store”
6. Click “Start Restore”
7. In the next window ensure that the server to “Restore To” is correct.
8. Enter a location for the restored logs to reside and if this is the last backup to restore (i.e. you have no incremental backups or differential backups left) then select “Last Restore Set”
9. Finally if you want to have the store automatically mount after the restore is finished select “Mount Database After Restore”
10. Click “OK” to begin the restore
At this point the backup will start and will restore the DB files over the top of the existing ones. It will also restore the logs to the temporary location specified. Once the restore is complete a hard recovery will begin. This means that Exchange first checks the logs in the temp directory and plays forward any required transactions. It then checks the live log files and plays them into the DB. Once this is done the store will be mounted.
Conclusions
So that is all for now, I hope that you have gained a better understanding of exactly what is required to restore Exchange in different scenarios. Finally I feel that the most important thing I can tell you is to test your backups and procedures before you need them for real!
Add this page to your favorite Social Bookmarking websites
