One of the least exciting yet most important parts of an Exchange administrator’s job is making sure that the Exchange Server environment is properly backed up. Throughout my career I’ve spent many long nights with customers who have suffered a failure of an Exchange server and discovered that their backups are unreliable or even non-existent. In this series I will discuss Exchange Server 2007 backup and recovery and demonstrate some actual disaster recovery scenarios that I have encountered on the job.
What to Back Up on Exchange Server 2007
To understand what to back up in an Exchange Server 2007 environment you must first consider the server roles that you have deployed. In the most basic Exchange Server 2007 deployment the Client Access, Hub Transport, and Mailbox server roles are installed. In more complex environments more than one of each of those roles might be deployed, the Mailbox server might also be clustered for high availability, and other roles such as Edge Transport and Unified Messaging might also be in use.
In addition to the Exchange server roles there are also considerations such as the Active Directory (a pre-requisite of any Exchange environment), client data such as PST files or POP3 mailboxes, and any server-based anti-spam system that is deployed.
All Exchange Servers
Generally speaking all Exchange servers in an organisation should have their local file systems and System State data backed up. However because Exchange Server 2007 stores much of its configuration in Active Directory you can recover some server roles without needing to have backed up any data at all.
For example, if a Hub Transport server crashes and is unrecoverable the Exchange administrators can build a new server of the same name, and then install Exchange Server 2007 on it with the /m:recoverserver setup parameter. This tells the installation to use the configuration stored in Active Directory for the server being rebuilt.
Despite this feature there are still several items to be aware of for Exchange Server 2007 backups.
The most obvious role that an organisation will backup is the Mailbox server role. As the name suggests this role hosts all of the mailbox databases and public folder databases. Because of the database format in use, backups must be performed using an Exchange-aware backup product. These products can use one of two different methods to backup the database.
Streaming Backup – this backup “streams” data directly from the live database page by page. The built-in Backup utility for Windows Server 2003 performs this type of backup of Exchange. Remote streaming backups are disabled by default in Exchange Server 2007 Service Pack 1 but can be re-enabled with a registry change.
Shadow Backup – a VSS shadow copy (or snapshot) of the database is made so that a “point in time” backup can be performed. Most third party backup products perform this type of Exchange backup.
For Mailbox servers with database replication enabled (either Local Continuous Replication, or Cluster Continuous Replication) an Exchange-aware backup product can usually perform its backups using the “passive” copy of each database. This is an advantage in many environments because the entire backup I/O load is kept off the active database, preventing any performance impact on end users. This makes it possible to perform backups during business hours, which is important to some organisations.
Hub Transport Servers
Although most of the Hub Transport configuration is stored in Active Directory the local file system still contains important data such as the message queues, log files, and some configuration files that are often modified by administrators for performance tuning.
By including the C:\Program Files\Microsoft\Exchange Server\TransportRoles folder (and all sub-folders) in the backups you provide some protection from failure, however the queues and logs change on a minute by minute basis so unless you run multiple backups through the day the recovery benefits are minor. Additionally, these files are often locked and in use at all times so the backup must be performed by a product that can handle locked files correctly.
Client Access Servers
Most of the important configuration information for Client Access servers is not stored in Active Directory, but rather is located on the local file system of the server and also the IIS metabase. The IIS metabase in particular contains vital information such as customised settings on the Exchange virtual directories.
To backup these important items you should include the C:\Program Files\Microsoft\Exchange\ClientAccess folder and the System State of the server in your backups.
Edge Transport Servers
Edge Transport servers are not members of any Active Directory domain, so cannot be restored using /m:recoverserver. Instead their configuration must be exported using the ExportEdgeConfig.ps1 PowerShell script, and the export file then backed up elsewhere.
In addition, the message queues and log files should be backed up in the same manner as with Hub Transport servers.
Unified Messaging Servers
Most of the configuration for Unified Messaging servers is stored in Active Directory, but as with other server roles some customisations are only stored on the local file system of the server. The C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging folder should be included in backups.
Exchange Server 2007 relies on Active Directory and uses it to store most of its server configuration information. The Active Directory database is backed up by including the System State of one or more Domain Controllers in backups.
Although organisations are moving away from the use of PST files for email storage some still persist in using them. PST files can be difficult to back up because the Outlook client will lock them “in use” and prevent some backup software from successfully backing them up. Furthermore, if the PST file is stored on an end user machine it probably will not be included in server backups.
I have seen this dealt with in several ways, such as storing PST files on a file server share and using backup software that can handle locked files. In many organisations though they simply consider PST files as being excluded from backups and accept any data loss that may occur from them.
POP3 clients are fairly rare in Exchange Server 2007 environments but the simplest approach with these is to configure the POP3 client to leave copies of mail items on the server so that the Mailbox Server backups can protect them.
Other Messaging Systems
To ensure that the entire messaging environment is backed up you should also consider any other non-Exchange servers that are involved, such as an anti-spam server. In most cases this will mean backing up the file system of the anti-spam server, as well as any SQL databases it uses for storing quarantined items and reporting data.
How to Backup and Restore a Mailbox Server
In the next part of this series I will walk through the process of backing up a Mailbox server, simulating a failure, and then performing a recovery of the server and its databases.