ShadowProtect Granular Recovery for Exchange

Transkrypt

ShadowProtect Granular Recovery for
Exchange
StorageCraft Copyright Declaration
StorageCraft ImageManager, StorageCraft ShadowProtect, StorageCraft Cloud, and
StorageCraft Cloud Services, together with any associated logos, are trademarks of
StorageCraft Technology Corporation in the United States and elsewhere. All other brands and
product names are or may be trademarks or registered trademarks of their respective owners.
Table of Content
Table of Content
1 GRE System Requirements
2 Installing GRE
3 GRE Licensing
4 Configuring GRE
5 Configuring Exchange Permissions
2
3
4
5
9
11
5.1 Exchange Service Account Setup
5.2 Alternate Exchange Service Account Setup
11
15
6 Understanding the GRE User Interface
17
6.1 GRE Settings
6.2 Search Operations
19
20
7 Recovery Operations
22
7.1 Mounting ShadowProtect Images
7.2 Restricted Mode
7.3 Selecting the Source
7.4 Selecting a Target
7.5 Target Management
7.6 Restore
7.7 Import Mailboxes
7.8 Export Operations
22
23
23
24
26
27
28
29
8 ShadowProtect GRE FAQs
© 2016 StorageCraft Technology Corporation
30
StorageCraft Support Center
Page 2 of 31
GRE 8.1
Welcome to Granular Recovery for Exchange (GRE). This product enables you to mount StorageCraft backup image files that
contain Microsoft Exchange server database files. It provides a browser user interface (Windows Explorer-like) to search for, export
(to a separate file), or restore (back to a live Exchange server) individual emails, email folders or entire mailboxes.
This document explains:
How to install GRE
How to configure GRE
How to understand the User Interface
How to perform Recovery operations
The document also includes:
Frequently asked questions
Additional Resources:
The GRE ReadMe contains the most up to date list of enhancements, known issues and fixed bugs.
1 GRE System Requirements
System Requirements
GRE has the following minimum software and hardware requirements:
Component Requirement
Operating
Systems
Windows Server 2008 R2 (64-bit)
Windows 7 (64-bit)
For best results if your Exchange is running
on Windows Server 2008 R2 you should run
GRE on Windows 7 or Windows Server 2008
R2.
Windows Server 2012 R2 (64-bit)
Windows 8, 8.1 and Windows 10 (64-bit)
For best results if your Exchange is running
on Windows Server 2012 you should run GRE
on Windows 8, 8.1 or 10 or Windows Server
2012.
Important: GRE should NOT be installed on
the same machine as an Exchange server
(this includes Small Business Server). This is
not a supported configuration.
RAM
2 GB Minimum, 4 GB recommended.
Drive Space
Program space:
You need at least 65 MB free to install GRE.
Data space:
You need free space that totals at least 110% of the
space used by your combined database files.
Processor
Any processor that runs the compatible operating
systems. Multiple processors will improve
performance.
Page 3 of 31
Other
Hardware
A mouse is required for some of the operations.
For example:
To delete mailboxes or emails that you've restored
you must use the mouse instead of the del key on
the keyboard.
Virtual
Machine
Virtual machines can be used if they meet the
System Requirements listed above.
Application
StorageCraft GRE requires the following files (which
are not included with the GRE installation):
eseutil.exe
ese.dll
exchmem.dll
jcb.dll (for Microsoft Exchange 2003 or 2007
recovery)
exosal.dll (for Exchange 2003 recovery)
Get these files from the Exchange server and copy
them to the folder where GRE is installed.
MAPI
See Configuring GRE for Exchange version specific
details.
Install 32-bit or 64-bit Outlook (2007 SP3 or
newer).
Note: GRE uses the MAPI components
installed with Outlook (trial or licensed).
Licensing
See Licensing.
Important: StorageCraft GRE requires an
active internet connection for initial license
activation, and license validation each time
you launch GRE.
Note: GRE can't run from the IT Edition USB
key (on a Hyper-V guest machine)
because Microsoft Hyper-V doesn’t support
USB pass through. Lack of USB pass through
prevents ShadowProtect IT Edition license
verification.
Microsoft
Exchange
Sources:
Exchange 2003, 2007, 2010, 2013, 2016
Targets/destinations:
PST files, Exchange 2003, 2007, 2010, 2013 and
2016, and can be exported to msg/txt files.
Rights
You must have local admin rights to run GRE. The
GRE Mount Wizard is installed with GRE to ensure
that all users have the ability to mount (WRITABLE)
and dismount ShadowProtect images and access
EDB files.
To restore items directly to an Exchange
environment you must have the proper Exchange
system/domain rights.
2 Installing GRE
Page 4 of 31
To Install GRE
1. Open a browser.
2. Download the GRE installation file.
3. Run ShadowProtect_GRE_Setup.exe.
Note: If you see an Unknow n Error message during installation, reboot the computer and restart the
installation.
To Update GRE
To update GRE (install a newer version of GRE) simply run the installer for the new version.
Note: There is no programmatic w ay to upgrade from GRE version 6 to the new er versions. You must
uninstall version 6 then install the new version.
To Repair GRE
1. Use the Microsoft Control Panel interface and select "Uninstall a Program".
2. Find GRE in the list then click uninstall/change.
3. Choose the repair option and complete the process.
To Uninstall GRE
1. Use the Microsoft Control Panel interface and select "Uninstall a Program".
2. Find GRE in the list then click uninstall/change.
3. Select uninstall.
3 GRE Licensing
This table summarizes the StorageCraft licensing models and options for the GRE product line. Licensing details are described
below the table.
Page 5 of 31
Licensing Option
EDB Options
Mailbox Options
ShadowProtect GRE
Licensed per server, unlimited EDB files on a mounted backup volume.
250 Mailboxes
Unlimited Mailboxes
ShadowProtect GRE for DAG Licensed per server, unlimited EDB files.
Note: Must be licensed for every server in the DAG.
250 Mailboxes
Unlimited Mailboxes
StorageCraft GRE
250 Mailboxes
Licensed per EDB for Exchange 2013 and later.
Note: For Exchange servers earlier than 2013 it is licensed per server. Unlimited Mailboxes
Project License
Licensed per 60 days.
Unlimited EDBs and Servers
Unlimited Mailboxes
MSP GRE
Licensed per server, unlimited EDB files
Unlimited Mailboxes
Licensing Models
StorageCraft offers two GRE licensing models:
StorageCraft ShadowProtect Granular Recovery for Exchange
StorageCraft Granular Recovery for Exchange
StorageCraft ShadowProtect Granular Recovery for Exchange
For restoring from EDB files that were on a machine backed up by ShadowProtect
Requires the EDB to be part of a mounted ShadowProtect Image
Available via subscription from the MSP Portal
StorageCraft Granular Recovery for Exchange
Also known as Direct-to-EDB
For restoring from EDB files that were not part of a ShadowProtect backup
The EDB does not need to be part of a mounted ShadowProtect Image
Not available as a subscription from the MSP Portal
Both models are also offered in Perpetual (250 or unlimited mailboxes) or as a Project License version.
Note: The StorageCraft ShadowProtect IT Edition uses the StorageCraft Granular Recovery for Exchange (Direct-to-EDB)
version.
GRE License Purchase Options
Project (unlimited mailboxes, short term projects - 60 days)
250 (GRE can manage EDB files containing up to 250 mailboxes)
Unlimited (No limit on the number of mailboxes GRE can manage in EDB files)
GRE License types
Page 6 of 31
Unlicensed versions of GRE can't be used to view details (preview) or restore. The preview pane is disabled and you can't export
any of your data.
Node locked
Server bound
DAG
Node Locked
Node locked licenses can only be installed on one machine. You can open EDB files stored locally on the node-locked machine, and
EDB files on a network share that can be seen by the node locked machine. Node locked licenses are not locked to a particular
server name.
When you configure your Node Locked GRE license on the StorageCraft License portal you can enter the ComputerIdentity for the
computer to which the license corresponds. Otherwise the license will be locked to the first machine that installs the license using
the GRE license download functionality.
To obtain the ComputerIdentity:
1. Run GRE on the target machine.
2. Go to the licenses subfolder in the GRE data folder.
The default location is C:\ProgramData\StorageCraft\GRE\Licenses\ComputerIdentity.txt
3. Copy the contents of the ComputerIdentity.txt file.
Server Bound
Server bound licenses only allow you to open EDB files from a specific Exchange server which has been identified in the license as
the source Exchange server.
DAG
A DAG license is different in function and price than a single GRE license. In essence a DAG license is equivalent to bundling
multiple single-licenses into one license that covers all the servers in the DAG.
Special Cases
For Exchange 2013
StorageCraft Granular Recovery for Exchange requires a separate license for each EDB.
StorageCraft ShadowProtect Granular Recovery for Exchange requires a separate license for each server, regardless of the
number of EDB files hosted by that server.
See Exchange 2013 Licensing Scenarios near the end of this page for additional examples.
To configure and download ShadowProtect GRE licenses
Retail
Licenses must be configured in the ShadowProtect Granular Recovery for Exchange Portal prior to downloading the license.
1. Enter the Product Key. This takes you to the GRE licensing page.
2. Enter your name, company name, email settings, and server name, then click Save Configuration.
3. For a DAG license, you need to buy a separate license for each Exchange server in your DAG.
Important: After purchasing the separate licenses, you need to contact StorageCraft support so they can combine the
separate licenses into a single key (DAG License) for all the servers in your DAG.
MSP
ShadowProtect GRE licenses must be purchased through the MSP portal. You must add one GRE product key per Exchange server.
StorageCraft configures the MSP licenses based on the actual server names entered when adding the product key.
Page 7 of 31
Note: Be sure to enter the server name accurately, or select your server from the drop down list in the MSP portal. This
ensures that the server bound license is linked to your specific server.
To automatically download the license
1. Launch GRE.
2. Navigate to GRE>Help>Licensing>Download License.
3. Enter the product key.
To manually download and install the license
1. Click Download on the Success page and save the file.
2. Copy the downloaded license to the licenses subfolder in the GRE data folder. The default location is:
C:\ProgramData\StorageCraft\GRE\Licenses\
3. If GRE is not running, start GRE to automatically find the license. GRE automatically finds the license the next time it starts.
4. If GRE is running, navigate to GRE>Help>Licensing and click Refresh Licenses.
Refreshing Licenses
In the licensing dialog you will see the licenses that pertain to your system. The "Refresh Licenses" functionality refreshes the screen
AND communicates with the licensing server and refreshes the actual licenses list. Licenses that don't pertain to your system (i.e. it
won't work) are visible in the folder but not in the dialog.
Note: Each Public mailbox decrements your license count. However, public folders inside a public mailbox don't decrement
your license count.
GRE License Management
You can use the GRE Licensing dialog to view and manage all installed GRE license types.
Select the license to view or manage from the window on the left.
Information about the selected license is shown in the right window.
GRE Exchange 2013 Licensing Scenarios
ShadowProtect GRE
Exchange 2013 EDB files are hosted on a machine being backed up by ShadowProtect. ShadowProtect GRE EDBs must be on a
mounted volume. ShadowProtect GRE reads the machine name of the server from the ShadowProtect image. The machine name is
used to license the GRE software. This is regardless of the number of EDB files used by that instance of Exchange 2013. If those
EDB files are hosted on the machine being backed up by ShadowProtect, and the GRE license is tied to that machine name, GRE will
be able to open those EDB files – regardless of how many there are – 1 EDB or 10 EDB files, it is the same.
Page 8 of 31
StorageCraft GRE (Direct-to-EDB)
The GRE license (Direct-to-EDB) for Exchange 2013 is tied DIRECTLY to the GUID that identifies the EDB file. This scenario requires
a license for each and every unique EDB file. This is true for both DAG or standard Windows replication (a license for each unique
EDB file). The GUID is always tied directly to the EDB and never changes for that EDB.
You can also back up (or replicate) these EDBs across multiple servers without requiring extra licenses (IF you have a license for
each unique EDB. For example, if you have 5 EDB files replicated across 10 servers you still only need 5 GRE licenses.
Combined Example
MSP licenses are ShadowProtect GRE licenses. If you host all of your EDB files on the same server (which is being backed up by
ShadowProtect) only a single license is required. If those EDBs are then replicated across multiple servers and you need to access
those EDB files from any of the other servers, you need a GRE license for each of the other servers. This is because the GRE license
is tied to the machine name of the server being backed up.
4 Configuring GRE
Several Microsoft Exchange Server management files (ESEUTILS) are used to check and repair EDB files (prior to use if necessary).
The Exchange Server management files must be manually copied from the Exchange Server folder to the installed GRE folder
(applicable for your system) as specified below.
For GRE running on ShadowProtect IT Edition, copy the files to: <IT drive>:\GREUtils
For GRE installed on a specific computer, copy the files to: <GRE install folder/Exchange version folder name>
GRE Install Folder Default Locations
The default GRE install folder locations are:
%SystemDrive%:\Program Files\StorageCraft\GRE (default for GRE if you have 64-bit Outlook)
%SystemDrive%:\Program Files (x86) \StorageCraft\GRE (default for GRE if you have 32-bit Outlook)
The default data file location is:
%SystemDrive%:\ProgramData\StorageCraft\GRE (default data file location for both 32-bit and 64-bit GRE)
Note: ProgramData is a hidden folder on the system volume that contains program data files. These
data files can be moved from the default location if your system volume has limited free space.
Using Exchange 2003 EDB files with GRE
To recover folders or messages from Exchange 2003 EDB files
1. Get a copy of the following files from the Exchange 2003 Server bin directory:
ESEUTIL.exe
ESE.dll
EXCHMEM.dll
JCB.dll
EXOSAL.dll
Note: The default bin directory location for Exchange 2003 is C:\Program Files\Exchsrvr\bin\
2. Save the copy of the files to <GRE install folder location>\ese2003\.
Page 9 of 31
ESEUTIL.exe
ESE.dll
EXCHMEM.dll
JCB.dll
Note: The default bin directory location for Exchange 2007 is C:\Program Files\Microsoft\Exchange
Server\bin\
ESEUTIL.exe
ESE.dll
EXCHMEM.dll
Server\V14\bin\
ESEUTIL.exe
ESE.dll
EXCHMEM.dll
Server\V15\bin\
ESEUTIL.exe
ESE.dll
EXCHMEM.dll
Note: The default bin directory location for Exchange 2016 is C:\Program Files\Microsoft\Exchange Server\V15\bin\
Additional Information
See Microsoft's KB article "How to use eseutil.exe" for additional information.
Page 10 of 31
5 Configuring Exchange Permissions
To Set up Exchange service accounts for use with GRE (Optional)
To restore e-mail content directly to a Microsoft Exchange Server you need to configure Exchange administrative permissions as
described on the following pages:
Exchange Service Account Setup
Alternate Exchange Service Accounts Setup
5.1 Exchange Service Account Setup
Configuring Exchange Server Service Accounts
Complete the steps in this section for all supported versions of Exchange server.
This is the preferred method to configure Exchange service account permissions for use with StorageCraft GRE.
1. In Active Directory Users and Computers (ADUC) create a new user.
The new user is the name of your service account for the Exchange environment.
2. Create a mailbox for the service account user and login to the account at least once to initialize the mailbox.
3. Open the Active Directory® Service Interfaces Editor (ADSI Edit or adsiedit.msc).
This can be installed from the Windows OS install media. (\support\tools\suptools.msi)
4. Navigate to the folder shown below then Right click and select Properties.
5. Select the Security tab:
Page 11 of 31
6. Click Advanced.
7. Click Add.
8. In the Enter the object name to select field, enter the username of the service account created earlier.
This is the name of the new user created with ADUC in step 1.
9. Click Check Names to validate the service account created earlier.
Page 12 of 31
10. Click OK when finished finding & validating the service account name.
11. This window is now shown:
12.
13.
14.
15.
In the Object Permissions window, find and check the Allow box for Full Control.
Click OK to accept new permissions.
Click OK again.
Click OK again.
Note: After you create a service account (by changing permissions), you need to restart the Exchange
Information Store service on the Exchange servers for the permissions to take effect. The Information
Store service is on the Server(s) w ith the Mailbox role.
Additional Configuration Instructions for Exchange 2010 or 2013/2016
Complete the additional steps in this section for Exchange 2010 or 2013/2016 servers.
Note: For mixed environments you need a service account for Exchange 2013/2016 (if part of the environment) and a
separate service account on one of the legacy Exchange servers (Exchange Server 2010 or 2007).
To set up Exchange 2010 or 2013/2016 service accounts rights using RBAC
1. In Active Directory find and select the Microsoft Exchange Security Group OU.
2.
3.
4.
5.
On the right side, double click Organization Management.
Click the Members tab.
Select the name(s) to be assigned admin rights.
Click Add.
6. Click OK to set the selected user(s) as Exchange 2010 or 2013/2016 administrator(s).
Page 13 of 31
Additional Configuration Instructions for Exchange 2003 (non-mixed)
1. Open Exchange System Manager.
2. Right Click on the top Exchange organization item.
3. Choose Delegate Control.
4. Click Next.
5. Click Add.
6. Change the Role to Exchange Full Administrator.
7. Click Browse to select a User.
Page 14 of 31
8. Click OK after you select the User Account.
9. Click OK to finalize the user selection.
10. Click Finish to finalize choosing Delegate Administrative access configuration.
5.2 Alternate Exchange Service Account Setup
This is an Alternate method (less preferred) for setting up service accounts. Use this method if the other methods don't work.
In order to access and recover to Exchange mailboxes with ShadowProtect Granular Recovery for Exchange, the account running
Granular Recovery for Exchange MUST have FullAccess to the target mailbox(es). Several PowerShell commands are included
below that you can run to help enable users access mailboxes. These scripts must be started through the Exchange Management
Shell console. Additionally, the user running the Exchange Management Shell must be an Exchange administrator and have the
appropriate Exchange permissions to run these cmdlets.
A Note on Exchange Permissions
There are several things you need to understand regarding the Exchange permissions and how they relate to an Active Directory
environment. By default, the permissions of some domain-level accounts (i.e default Administrator Account) have explicit DENY
attributes assigned to all mailboxes (except their own) within the Exchange schema. This differs depending on the versions of
Exchange and Active Directory. Exchange 2007 and Exchange 2010 have will exhibit this behavior.
In order to utilize the ShadowProtect Granular Recovery for Exchange tool, the credentials used to access the mailboxes must have
FullAccess rights to the mailbox they wish to manipulate. Just because the user is the Domain Admin account, it DOES NOT mean
that they have rights to other mailboxes in the Exchange schema. It is therefore recommended to create a service account for use
with ShadowProtect Granular Recovery for Exchange to allow a specific user account to gain FullAccess to all the Exchange
mailboxes. This will enable access while still maintaining security across the domain-level accounts.
Scripts
These scripts should be used with caution. Only the Exchange administrator or the end-user responsible for maintaining the
Exchange in the organization should run them. These scripts are provided for the benefit of simplifying the configuration process
and enabling Exchange administrator’s common resolutions for rights issues in conjunction with the use of the ShadowProtect
Granular Recovery for Exchange tool. You may run these scripts while the Mailbox stores are Mounted.
Page 15 of 31
PowerShell Script One
The following script will add FullAccess rights to the specified mailbox for the specified user. The following command will only
affect the specified user mailbox. It is recommended to use this script to test on a single mailbox before modifying all mailbox
permissions.
Add-MailboxPermission -Identitiy <mailboxname> -User <Domain Account> -AccessRights FullAccess
Example: To add the FullAccess permission to the BobWatanabe mailbox for the StorageCraft Domain ShadowProtect Granular
Recovery for Exchange service account the syntax would be as follows:
Add-MailboxPermission -Identitiy bobwatanabe -User StorageCraft\Administrator - AccessRights FullAccess
*This command does not appear to take time to propagate throughout the AD environment and should immediately allow access as
long as the user does not have any Deny rights inherited from an AD group.
The following script will set the permissions an entire Exchange database:
Get-mailbox –Identity “<database>” | Add-MailboxPermission –User <Domain Account> -AccessRights FullAccess
Example: To add the FullAccess permission to all mailboxes on the Exchange database for the StorageCraft ShadowProtect
Granular Recovery for Exchange service account, the syntax would be as follows:
Get-Mailbox –Identity “mailbox database 1583061650” | Add-MailboxPermission –User StorageCraft\ShadowProtect
Granular Recovery for Exchange -AccessRights FullAccess
PowerShell Script Two
The following script may be required to allow access to all mailboxes and has been needed in addition to the addmailboxpermission cmdlet above. This is a “server-wide” cmdlet as it can be applied to all databases in the Exchange domain. You
will need to run this for each database you want to modify permissions for.
Get-MailboxDatabase -Identity “[mailbox database name]” | Add-ADPermission -User [username] -AccessRights GenericAll
Example: To enable our StorageCraft ShadowProtect Granular Recovery for Exchange service account GenericAll access to the
Exchange database, the command would be as follows:
Get-MailboxDatabase -Identity “mailbox database 1583061650” | Add-ADPermission -User StorageCraft\administrator AccessRights GenericAll
PowerShell Script Three
If a service account is not being used, this script will be needed to remove the DENY attribute on built-in domain Administrator
account in Active Directory. This script provided below to remove the DENY attribute on domain-level accounts (and groups) should
be used with caution and knowledge that this is a potential security concern as it will allow the accounts to have full access to ALL
mailboxes in the Exchange domain organization.
Get-OrganizationConfig | Remove-ADPermission -User <Domain Account> -AccessRights ExtendedRight -ExtendedRights
Receive-As –Deny
Example: To remove the Deny permission for the domain-level administrator account in the StorageCraft domain, the command
would be as follows:
Get-OrganizationConfig | Remove-ADPermission -User StorageCraft\administrator -AccessRights ExtendedRight ExtendedRights Receive-As –Deny
*This command will take time to propagate throughout the domain AD environment, so it may take some time to verify if the
command was successful or not. Additionally, you can use this command for AD groups as well. If the Group name contains a
space, be sure to encapsulate the domain\groupname in quotes.
Example: “StorageCraft\ Enterprise Administrators”.
Other Useful Scripts
The following are scripts that are useful in troubleshooting and verifying Exchange settings and mailbox information.
This script will show the permissions for all users on the specified mailbox. This is useful for verifying and checking to see what
permissions the AD users and groups have to the specific mailbox.
Get-mailboxpermission –identity <mailboxname>
This script is useful in showing the name of the currently connected mailbox database.
Page 16 of 31
Get-mailboxdatabase
Important: It is not the responsibility of StorageCraft employees to validate or be responsible for repercussions in modifying
the rights and permissions of users in the Exchange environment.
6 Understanding the GRE User Interface
The GRE user interface allows you to view, restore and export Exchange email information from sources such as Exchange EDB files
(Exchange 2003 - 2013/2016) or mounted ShadowProtect backup image files.
The user interface consists of menu options, a toolbar and the source and target information windows.
Menu and Toolbar Options
The menu and toolbar options are shown on the left side at the top of the GRE user interface.
Menu
File
Open Source EDB
Open Target
Export Selection
Export Selection to PST
View License String
Quit
Tools
Hide Preview
Search Source
Generate Exchange 2013/2016 License Keys
Settings
Show Status Window
Help
Online Help
Licensing
About
Toolbar
The toolbar is displayed below the list of menu options. The toolbar contains the following icons:
Open Source EDB.
Open Target
Export Selection
Search All Sources
Search in Source Selection
Show Status History Window (View, Export, Clear, Hide status messages from current and past operations)
Restores
Exports
Imports
Information Windows
Source Selection (top left and top middle windows)
Target Selection (bottom left and bottom middle window)
Message Preview (right window)
Source Selection
The source selection directory (top left window)
The source email selection (top middle window)
The message preview (right window)
Page 17 of 31
Target Selection
The target selection directory (bottom left window)
The target email selection (bottom middle window)
The message preview (right window)
User Interface Overview
Source Selection Directory
The top left window is the source selection window from a selected EDB file.
Drilling Down in the
Directory Tree
You can drill down through this directory tree to select a folder or an individual email.
Message Preview
A preview of the selected email or message in the source or target window displays in the right
window.
The right window is called the preview window.
Viewing Entire
Messages
If you see the error shown in the Note below, use GRE's Export function to view the entire message.
Note: If the body of an email is too large, the preview will not show the
message. Instead you'll see the following error:
Target Selection Directory
The lower left window is the target selection window.
The functionality is the same as the source selection window. Select an email or message in the target selection window. The details
are displayed in the target preview window. The maximum message length limitation is the same for the target messages as for
source messages.
Note: If the body of a target email is too large, it can't be exported for viewing. You must use an email client
such as Outlook to view the message.
Page 18 of 31
6.1 GRE Settings
GRE Settings are found under Tools > Settings. This menu allows you to change settings for:
Restoring Duplicates
Security
Log files
PST files
Restoring Duplicates
If duplicate messages are found on the target, GRE can:
Create a duplicate message (fastest)
Skip the source message (ignore and don't copy the message)
Overwrite the target message (slowest)
Security Settings
Allow BCC fields to be shown and restored
Automatically disable Windows Update during restore processes
Confirmation Settings
Always confirm restoration location (check the box to always confirm restoration location)
Restore Links
You can set the number of Maximum simultaneous restores and exports
Logging
The log file size limit defaults to 1 MB. A new log file is automatically created when the log file reaches the specified file size limit.
The new (active) log file always retains the original file name. The log files that have reached the file size limit are renamed and
saved by GRE. Typically it isn't necessary to have log files larger than the default size.
PST
Microsoft recommends 20 GB as the maximum PST file size. If the "Allow creation of additional PST files when size limit is
exceeded" box is checked, GRE creates a new PST when the file size limit is reached. If the box is not checked GRE stops the
Page 19 of 31
restore.
Temporary Database Settings
The default temporary database location is C:\ProgramData\StorageCraft\GRE\. You can choose any convenient temporary database
location.
To restore the default location:
1. Clear the field (delete all text and leave the entry window empty).
2. Click Save.
Reset all Defaults
To restore all default settings click Reset all Defaults.
6.2 Search Operations
GRE offers Basic and Advanced search options and two search modes. Basic and Advanced search functionality is available in both
search modes. The search modes are:
Search All Sources
Search specific objects such as a single mailbox or folder.
Note: Search results appear at the top of the Source selection window. Each new search creates a separate search result entry
in the list. Select a search result entry from the list to display the messages that meet the search criteria.
Basic
The Basic search dialog:
The Basic search tab lets you:
Search for the terms in all emails in the selected path.
Search by date (before or after a specific date).
Page 20 of 31
Advanced
GRE's Advanced Search dialog:
The Advanced search tab lets you Match all fields or Match any field to search for the specified terms:
Body
Subject
From
To
CC or BCC
Attachment Name
By Date scope limiters
Supported and Unsupported Search Characters
GRE supports most alphanumeric characters in the search field except those listed below:
Ampersand: @
Percent: %
Punctuation: periods, commas, quote marks, etc.
For example, in a search for an email address such as [email protected], GRE conducts the search for "John" "Doe",
"somecompany" and "com".
GRE Search Phrase Functionality
1. When a search phrase is entered in GRE:
All text is converted to lower case
All entries are converted to canonical compatible Unicode equivalents
GRE adds a space in front of any word beginning with a letter or number.
Note: Adding a space provides support for languages that don’t typically use w hitespace (for example:
Asian languages). This allow s using a w hitespace to separate w ords.
2. When the search field is left blank, GRE returns all messages. This allows you to search all messages within a specified range of
dates.
3. Punctuation (except the asterisk) will be ignored in searches. Words or partial words followed by an asterisk (*) will return all
words or partial words that match the word in front of the asterisk.
For example, if you search for 'the' (without an asterisk) then only messages that include the literal word 'the' will be returned.
A search for 'the*' will return all messages that include a word that begins with 'the' including ‘then’, ‘there’, ‘their’, ‘they’, etc.
Page 21 of 31
Note: The asterisk w ildcard character must be the last character in the search. You can search for
'the*'but not '*the'.
4. Multiple keyword searches:
An AND search is used when multiple keywords are not surrounded by quotation marks. Messages containing all the
keywords (in any order) will be returned.
An exact phrase search is used when multiple keywords are surrounded by "quotation marks". Only messages with the exact
phrase will be returned.
A hybrid search will be used when an AND search and "exact phrase" search are combined. Only messages with the "exact
phrase" and the individual keywords without quotation marks (in any order) will be returned.
5. Advanced searches return only messages that contain the specific search terms.
Note: You should avoid using punctuation (other than the asterisk). You should only use letters and
numbers (or the local language equivalent) in searches.
7 Recovery Operations
1. Navigate the backup image chain for the desired point-in-time to recover (applies only to ShadowProtect backup image files).
2. Right click the backup image and mount. Remember to include any images from the same backup job that contain database files
and or transaction logs. Also, do not use the Quick Mount feature as the image must be writable (applies only to ShadowProtect
backup image files).
3. Launch the ShadowProtect GRE application and then open the source EDB by browsing to the location in the mounted image
and the associated log file folder path if needed.
4. Select a target.
5. Restore Email messages, folders, or mailboxes.
Important: Migrating or restoring large EDBs can take a long time. To prevent rebooting during the
process, ensure that Automatic updates are NOT selected in W indow s Updates.
If the GRE client loses connection w ith the Exhcange Server during a restore it w ill try to reestablish
communication for up to 3 hours before reporting an error.
StorageCraft also strongly recommends disabling "Full Text Search Indexing" w hen migrating large EDBs
to prevent netw ork errors during the migration.
7.1 Mounting ShadowProtect Images
Mounting Images and Configuring GRE
Images containing the Exchange EDB and log files must be mounted as writable. See ShadowProtect Mounting Backup Image
Files.
If the EDB file is on a different volume than the log files you must mount images for both volumes. All images for a specific
GRE session must be from the same ShadowProtect backup job.
Note: W hen configuring Shadow Protect, if the Exchange EDB and transaction logs are on separate
volumes, Shadow Protect must be configured to back up the volumes as part of the same backup job.
Details
If you mount an image on a network drive, then later lose the connection to that drive, (for example a VPN or a WAN connection):
Page 22 of 31
1.
2.
3.
4.
Dismount the drive.
Discover and correct the connection problem
Re-mount (as writable) the backup image as a drive.
If an I/O error is displayed (for example: This drive is not accessible.) you may need to reboot the operating system to
prevent the errors.
Note: If you have ongoing problems accessing the mounted images from across the netw ork, try
copying the image chain locally (to the GRE w orkstation), or to physically attached external media.
This allow s for the fastest access and recovery times.
7.2 Restricted Mode
If you attempt to open or restore an EDB before a license is downloaded for that EDB, you'll see: "Due to license restrictions the
selected action cannot be completed". This means you are viewing the mailbox data in restricted (unlicensed) mode. If this
happens, download a valid license file then close and reopen the database.
In unlicensed mode you can see the mailboxes and folders and the messages but not the message preview. You need a license to
restore Mailboxes and folders. You also need a license to view and restore or export messages.
7.3 Selecting the Source
GRE initially starts without any open EDB source files. Open the Exchange EDB file (or multiple files if you are using more than one
EDB).
To open an EDB file
1. Select Open Source. GRE displays the Open Source dialog:
2.
3.
4.
5.
6.
Enter the name of the source EDB file or use Browse to select it.
Enter the path for the associated log files.
Enter the path for the mailbox store (stm) file.
Click Open.
Repeat for each EDB file wanted.
Note: Multiple EDB files must be opened from the same server, have the same server name, or have a DAG license for
use with multiple server names. The EDB file must be from one of the servers with an active DAG license.
To Open an EDB file Dialog
On a new installation the dialog to open an EDB file is displayed automatically when GRE starts. This dialog is displayed each time
you open an EDB file.
If the Attempt to skip EDB recovery and repair option is not selected, the log file path (associated log file folder path) is
required if the EDB was not in a clean state in the snapshot.
If the Attempt to skip EDB recovery and repair option is not selected and a log path is provided, a recovery (process
pending transactions from the log files) is attempted. If the recovery fails, it attempts to repaire the EDB file.
If the Skip Recovery option is selected and GRE is able to successfully skip the recovery then the database is opened. Skip
the recovery means change the database from dirty flag to clean and open the database.
Page 23 of 31
Warning: This has the potential for data loss and corruption.
If the Skip Recovery option is selected but GRE is not able to open the EDB (after attempting to skip recovery) it will
attempt to do a recover/repair. Depending on the size of the database this might take several hours.
If you skip recovery and have problems you have to:
1.
2.
3.
4.
5.
Close the database
Dismount the backup file (do not save changes.)
Mount the backup image again.
Open the EDB file in GRE (Do not check Skip EDB Recovery or Repair).
After the database maintenance is finished, GRE displays the mailboxes and content.
7.4 Selecting a Target
A GRE target, can be:
A new PST file
An existing PST file
All mailboxes on a Microsoft Exchange server
A single mailbox on a Microsoft Exchange server
To Create a New PST File
GRE lets you save a mailbox to a new PST file:
1.
2.
3.
4.
Click Open Target.
Select Create a New PST File.
Browse to where you want the file created and provide the filename.
Click Open. GRE creates the target PST file.
Note: This new PST file can be sent to a different Exchange server (one that the current user may
not have rights to administer) for restoring.
To Open an Existing PST file
1.
2.
3.
4.
Click Open Target.
Select Open an Existing PST File.
Specify the PST file using either the dropdown or the Browse button.
Click Open. GRE opens the target PST file.
Page 24 of 31
To Connect to Microsoft Exchange Server
Note: For mixed environments you need a service account for Exchange 2013 (if part of the environment) and a separate
service account for one of the legacy Exchange servers (Exchange Server 2010 or 2007).
All Mailboxes
1. Click Open Target.
2. Select Microsoft Exchange Server (All Mailboxes).
3. Enter the Target server name.
Note: The user must log in to the Target server's domain. Accessing all mailboxes requires domain authentication.
4. If you want public folders included, check Connect Public Folders.
Note: The CAS server is required when connecting to a 2010 Exchange server that doesn't have the client access
role.
5. Click Open.
Single Mailbox
1.
2.
3.
4.
5.
6.
Click Open Target.
Select Microsoft Exchange Server (Single Mailbox).
Enter the Target SMTP/Email Address name.
Enter the Server Name (or IP address).
If you want public folders included, check Connect Public Folders.
Click Open.
Page 25 of 31
Exchange Server as a Target
When you open GRE, and want to connect to the target Exchange All Mailboxes, the current user needs to have a mailbox in the
Exchange domain where you want to connect.
Note: If you are using Outlook 2013, the current user's mailbox must be hosted on Exchange 2007 or
new er.
Your computer must also be a member of the Exchange domain and the user must have Exchange administrative rights (see Setting
up Exchange Service Accounts below for more information).
When you connect to a single mailbox it prompts you for the mailbox credentials. You may need to include the server IP address in
the host file of the server you are connecting to if you are connecting to a machine that's not part of your domain. You can connect
to multiple single mailboxes at the same time. You can't use the All Mailboxes connect option to connect to an Exchange server
outside the domain you are logged into.
Client Access Server (CAS)
When you connect to Exchange Server as a Target, you need to use the address for the server which is performing the Client Access
Role (2010) or the Mailbox Role (2007).
In a Mixed Environment you should:
Use the CAS field for connecting to an Exchange Server 2010 using the Single mailbox or All mailboxes setting.
You should not use the CAS Role server for connecting to an Exchange Server 2007; whether using the Single mailbox or All
mailboxes setting.
For single mailbox the CAS server name should be entered into the Server Name field since the CAS Server field is not
shown.
7.5 Target Management
To manage a target you need to:
Create a new folder
Rename an existing file or folder
Delete a file or folder
To create a new folder
1. Select the level of the Target's tree where you want to place the new folder. This could be the Inbox, the mailbox root, an
existing folder or an existing subfolder.
2. Right-click on this item. GRE displays the Target Operations submenu:
Page 26 of 31
3. Click Create Folder. GRE adds a new folder to the tree.
4. Name the new folder.
To rename a folder
1. Right-click on the folder in the tree.
2. Click Rename. GRE displays the insertion box with the folder's existing name.
3. Type in a new name for the folder.
To delete a folder
1. Right-click on the folder in the tree.
2. Click Delete.
Warning: GRE does not ask you to confirm the deletion. W hen you click delete, the operation begins
instantly. If you accidentally delete a folder, you can use the restore option in GRE to retrieve it from
the backup EDB file.
To delete restored objects
You can only delete target objects that have been created in the current session. Only folders created with the Create Folder option,
or during a restore operation can be renamed. If you restore a message or mailbox, then close GRE and reopen it, the restored
objects will be permanent. You must use the mouse to delete objects. Right click on the object to be deleted and click Delete from
the menu.
7.6 Restore
Restoring Email messages, folders, or mailboxes can be done in two different ways:
Use the mouse to drag the source object and drop it on the target mailbox or folder.
Right-click the source item and copy, then right-click on a destination mailbox or folder in the target directory tree at the
lower left.
Note: If you restore a specific type of Exchange item (such as a contact, calendar item, or message)
to a different type of folder (for example: restoring a contact to a calendar folder, a calendar item to a
contact folder, or a message to a calendar folder, etc.) it w ill be restored and visible in GRE, but you
w on’t be able to see it in Outlook.
Warning: If you restore different (multiple) mailboxes or folders w ith the same name, to the same
location, the messages from the multiple mailboxes w ill be mixed. If you restore (merge) multiple
mailboxes (regardless of the source mailbox names) to a mailbox root folder in the target, the contents
w ill be merged.
Page 27 of 31
Note: Content deleted from mailboxes or folders w ill not be restored w hen the mailboxes or folders
are restored.
7.7 Import Mailboxes
Creating a user account
The alias from the email address will be the login name for the user account that will be created and associated with a new mailbox.
The new user account will have the same user domain as the current Windows user.
For example:
If the email address is "[email protected]" and the user domain is "mycompany.local", then the userPrincipalName is set to
"[email protected]".
Importation Options
Important: StorageCraft strongly recommends disabling "Full Text Search Indexing" when importing large EDBs to prevent
network errors.
Initiating the importation:
Use the mouse to drag the source EDB or mailbox and drop it on the target mailbox or folder.
Important: The target needs to be a mailbox store (not a mailbox or folder). Target mailboxes and folders are treated
as restores, not an import.
Right-click the source item and copy, then right-click on a destination mailbox or folder in the target directory tree at the
lower left.
Full or Partial Importing:
Import an entire EDB (all mailboxes)
Create a single mailbox
Note: GRE imports only user mailboxes. Link mailboxes are not created. Public folders, equipment mailboxes, and all other
non-user mailboxes will not be imported.
Import the entire EDB
Importing an entire EDB can only be done if there are no corresponding user accounts or mailboxes in the domain. If you created a
user account or mailbox in the domain with the same name as any account or mailbox in the EDB you cannot import the entire
EDB.
Important: The EDB does NOT contain the actual username associated with a mailbox. GRE only makes a best guess for
what the username should be. It is possible that it won't be the same as the original username. If a wrong username is
created during importing you'll need to use Microsoft administrative tools to change the username. In other words, if any of
the accounts or mailboxes already exist in the domain DON'T import the entire EDB.
Page 28 of 31
Warning: If there are any conflicts (i.e. the same account name or mailbox) between the EDB to be imported and the target
domain, the importation for that mailbox will be skipped.
To import the entire EDB:
1.
2.
3.
4.
5.
Select the Organization Unit.
Enter the applicable Domain Name (See Creating a user account).
Enter the password you want to use as the Default.
Confirm the Default password.
Click Begin to continue or Cancel to abort.
Import a single mailbox
Important: If the user account for the mailbox you want to import already exists in the target domain, you need to Restore
that mailbox to the existing account in the target domain instead of importing it.
To import a single mailbox:
1.
2.
3.
4.
5.
6.
Enter the Display Name.
Select the Organization Unit.
Enter the Email Address.
Enter the password for the mailbox.
Confirm the password.
Click Begin to continue or Cancel to abort.
7.8 Export Operations
GRE exports files from the Source directory in these formats:
MSG
Txt
To export one or more files
Page 29 of 31
1. Select one or more files from the Source email selection view or select a mailbox or folder from the Source directory.
2. Right-click on the selected file(s) to open the Options Submenu:
3. Click Export Selection. GRE displays the Export Selection menu:
4. Use the selector box to choose either Message (MSG) or Text (TXT) export format.
5. Type destination path or use the Browse button to locate the destination for the exported files.
6. Click Export.
Warning: If you export different (multiple) mailboxes or folders w ith the same name, to the same
location, the messages from the multiple mailboxes w ill be mixed.
8 ShadowProtect GRE FAQs
Frequently Asked Questions
Add Exchange Server Certificate as a Trusted Root Certificate
The Exchange Server certificate must be added as a Trusted Root Certificate. This may be done by accessing a mailbox on the
Exchange Server via Outlook and importing the Exchange Server certificate.
ESEUTIL.EXE error when recovering Exchange 2007 or 2003 EDB
ESEUTIL.EXE occasionally returns an error when you try to recover a 2007 or 2003 EDB file (even when the Microsoft provided DLL
is in the same folder as ESEUTIL.EXE). To fix this problem, copy the JCB_x86.dll or JCB_x64.dll (depending on whether your
ESEUTIL.EXE is the x86 or x64 version) over the Microsoft JCB.DLL to recover 2007 or 2003 EDB files. The files (JCB_x86.dll and
JCB_x64.dll) can be found (if installed in the default location) in C:\Program Files\StorageCraft\GRE, or C:\Program Files
(x86)\StorageCraft\GRE.
Mount Driver Issue - Losing Network Connections (Windows Mounting)
If you mount an image across a network connection, then lose the network connection, (for example a VPN or a WAN connection),
you need to dismount the drive where that image is stored, fix the network connection issues, re-mount the backup image as a
drive. If an I/O error is displayed (For example: This drive is not accessible) you may need to reboot the operating system to stop
the errors from occurring.
If you are running VMware Workstation, and you want to mount a backup image, you may see a network connection issue if you
attempt to use the host computers’ (i.e. the computer that is running VMware Workstation) network shared folder. It causes a
condition where neither the host nor VM can access the network. A VMware bridged network connection (not NAT) probably has a
problem in the VMware bridged networking driver or networking subsystem. It appears to be blocking network traffic from both the
VM and the host computer. If you configure a NAT network connection for the VM it doesn't have the problem and you can use the
host computers’ (i.e. the computer that is running VMware Workstation) network shared folder as the destination to mount a
backup image.
Display names with Unicode characters fail to connect to single mailbox on MS Exchange Server
Use the Mailbox SMTP/Email address to connect to a single mailbox.
Page 30 of 31
Deleting Restored Objects
You can only delete target objects that have been created in the current session. If you restore a message or mailbox, then close
GRE and reopen it, the restored objects will be permanent. You must use the mouse to delete objects. Right click on the object to
be deleted and click Delete from the menu.
Soft deleted messages and folders show in Source View
In GRE, soft deleted messages and folders are shown in the Source view to allow the opportunity to restore them.
Date Variance where UTC versus Local Time
Data timestamps are recorded in Exchange databases in GMT. The local machine (and GRE) user interface translates it to local time.
File Name Length Exceeded
One rare problem can occur especially if you have a lot of nested folders. In Microsoft operating systems you can’t create folders (or
folder/subfolder tree) with a path longer than 258 Characters. The total length of the tree is 258 characters (total character length).
However, Exchange lets you use as many characters as you want. If this happens and you try to export it, it can lock up. Two
different errors describe these conditions.
Note: Microsoft Windows has a folder/filename tree-length maximum of 258 characters. The full path length of any restored
folder or file must be 258 characters or less. Exchange allows you to have more than 258 characters for a message's
folder/filename path length. If you try to export a message or folder with more than 258 characters you'll see one of the
following errors:
1. File name length exceeded
2. Maximum folder/filename tree-length exceeded
If you see either of these errors, you need to restore the data to a .pst file.
Bridged Driver Loopback Error
If you are running VMware Workstation, and you want to mount a backup image, you may see a network connection issue if you
attempt to use the host computers’ (i.e. the computer that is running VMware Workstation) network shared folder. It causes a
condition where neither the host or VM can access the network. A VMware Bridged network connection (not NAT) probably has a
problem in the VMware bridged networking driver or networking subsystem. It appears to be blocking network traffic from both the
VM and the host computer. If you configure a NAT network connection for the VM it doesn't have the problem and you can use the
host computers’ (i.e. the computer that is running VMware Workstation) network shared folder as the destination to mount a
backup image.
Page 31 of 31

ShadowProtect Granular Recovery for Exchange

Transkrypt

Podobne dokumenty

Prezentacja programu PowerPoint

st. isidore rc church - Saint Isidore RC Church