Comments : 6

Backup Exchange Server 2007 on Windows 2008 using NTBackup

Posted by Vishal Vasu | Posted on 25-06-2009

Category : Exchange Server, Microsoft Windows Server

Tags: ,

All those System Administrators running their Exchange Server 2007 on a Windows 2003 (64-bit) server have the previlage to get access to the traditional NTBackup utility to backup their exchange stores. But those who are running their Exchange Server 2007 on Windows 2008 (64-bit) must have faced the dilema of which tool to use to backup their mail stores. This is because Windows Server Backup in Windows Server 2008 no longer supports Exchange-aware backups or restores. In order to back up and restore Exchange Server 2007 Service Pack 1 (SP1) on Windows Server 2008, you must use an Exchange-aware application that supports the Volume Shadow Copy Service (VSS) writer for Exchange 2007, such as Microsoft System Center Data Protection Manager, a third-party Exchange-aware VSS-based application, or a third-party Exchange-aware application that uses the streaming backup APIs locally on the Exchange server to make a backup locally on the Exchange server.

What does all this mean? Nothing but shelling out extra $$$ to invest in a backup solution unless you are interested in a very simple backup solution to assure that the logs get truncated and you have backup copies which you can restore. Here is a basic hack which can help one save a couple of $$$.

Step #1

Get access to a Windows 2003 R2 Server which is running a 64-bit OS. Assuming that you are not running your production Exchange Server 2007 in 32-bit environment, we require the 64-bit version library files. If you do not have a one handy, you can get the source files and then expand the DLL’s or install one in a virtual environment.

Step #2

Copy the ntbackup.exe, ntmsapi.dll, and vssapi.dll files from C:\windows\system32 into a new folder on your Exchange Server 2007 running on Windows 2008. I created a folder called NTBackup under Program Files and placed them there.

NT Backup Exchange 2007

NT Backup Exchange 2007

Step # 3

Right click Ntbackup.exe and choose “Run as administrator”.

Your should see the Exchange Server Information Store as part of your backup wizard.

Select the Information Stores that you want to backup. Choose the Backup media or filename and the path where you want to store your backups. Once you have finished the configuration, click on Start Backup and the exchange store backups should start.

Once the backup is complete, you should see all the transaction logs getting truncated (hope circular logging is not enabled) and also the mail store would be stamped with the Last Full Backup date and time stamp.

One thing to note though: you cannot back up a storage group in a Standby Continuous Replication (SCR) environment. Backups of storage group copies are available for Local Continuous Replication (LCR) or Cluster Continuous Replication only.

Comments : 2

Securing Microsoft SQL Server

Posted by Vishal Vasu | Posted on 15-06-2009

Category : Microsoft Windows Server

Tags:

Here is a quick check list for System Engineers and Data Base Administrators to lock down MS SQL Server and secure the database server:

Communication: If possible and if budget permits, do not expose the SQL Server directly to the Internet. Allow the communication from a web server to the SQL database server over an internal IP address.

Strong Passwords: Ensure that the server uses a strong password for the “sa” account. Use a combination of letters, numbers and symbols. This make it difficult for Brute Force hacks to guess the password.

Authentication: Keep this to Windows Authentication if possible and avoid setting SQL to run under Mixed Mode. Windows Authentication will require SQL server to check the Active Directory and moreover the logins will not be stored in the SQL server.

Service Packs and Updates: Make sure that the SQL Server is always patched with the latest Service Pack and Security Updates. This ensures that the latest security vulnerabilities are addressed and blocked.

Service Accounts: Run both MSSQLSERVER and SQLSERVERAGENT under the Domain User permissions. Do not run them under any Administrator account. This ensures very less damage in case the user account or the server is compromised.

Block Ports: If there is no need to expose the MS SQL Server to the Internet, block port 1433 and 1434 at the firewall. This means that the SQL Server will not be accessible from the Internet, thus making it hard for outside attackers to reach to the server. It also prevents worms and viruses.

Backups: Encrypt and compress the backup files. Put a password on the backups and store them to a safe location. Do not keep them on the server.

Comments : 2

Exchange 2003 Resource Monitoring

Posted by Vishal Vasu | Posted on 13-06-2009

Category : Exchange Server

Tags: ,

 Exchange 2003 Standard and Enterprise offers the feature to monitor the Server status of the Exchange Servers. If some of the monitored services and other Resources (RAM, CPU, Services) are in “Warning State” or “Critical State” we can receive a status e-mail or a customized action provided by a script notification can be run. This article explains in detailed steps how to configure Monitoring and E-Mail notification.

In the first step we have to configure a Server for monitoring and select/configure the resources to monitor. To do so, open the Exchange System Manager Snap-In and select the appropriate Server object in the Servers container.

Right-click the Server object and open the Properties for it.

Once the Properties dialog box is open, select the Monitoring tab as shown above.

There are many resources available for monitoring. We can add the following resources:

  • Available Virtual Memory
  • CPU Utilization
  • Free disk space
  • SMTP queue growth
  • Windows 2003 Service
  • X.400 queue growth

Many other 3rd party monitoring tools like Nagios can do most of the monitoring and so we will only add the two most critical items which are not monitored by Nagios. These are:

  • Available Virtual Memory
  • SMTP queue growth 

In the first step, we will add the Available Virtual Memory instance. Click on the Add button under Monitoring tab. A dialog box similar to the one shown below will open.

Select the Available Virtual Memory from the list and click on OK.

Configuring virtual memory monitoring is very similar to configuring CPU utilization monitoring. We have skipped the CPU Utilization Monitoring. Set the duration to 5 minutes, the warning threshold to 15% and the critical threshold to 10% for Available Virtual Memory. Once the values are set, click on OK.

 

Follow the process for adding another instance and select SMTP Queue Growth this time from the list.

If SMTP queues start backing up, it often indicates that there is a major problem. It shows that message transport has failed, the Internet connection has failed, or someone is using the server to send spam. In any event, we need to know that there is a problem.

We must input a warning and a critical state threshold value, but these values are entered in minutes. The idea is that we must tell Exchange how many minutes the queue should be constantly growing for before we generate a warning or a critical state message. We can use any values that we want, but I recommend setting the warning threshold at 10 minutes and the critical state threshold at 15 minutes.

Close the dialog boxes and the Properties once done. The next step is to configure an E-Mail notification for the recipients of the “Warning” and “Critical” state conditions. To do so, open the Notifications object under Tools.

Click on New and select E-mail Notification.

In this Property dialog box we can specify the monitoring Server and the Servers / Connectors to monitor. We also have to select the State (Critical and warning) for which we configure E-Mail notification.

First we will configure the Warning State notification.

In the “To” field select a recipient for the notifications. 

Change the Email server value to some other server in your organization which runs SMTP. If you do not have any, I suggest setting up a basic MS SMTP service in IIS. This is because when the monitored Server is the same Server as the monitoring Server we can run into trouble. The Server cannot send us an E-Mail notification when it is in an critical state and is unable to send E-Mails.

Next step is to configure E-mail Notifications for Critical State. Follow the same steps that we went through earlier for Warning state notification except for the fact that this time we will select Critical from the drop down.

Once done, close all the property pages and dialog boxes. We are done with the setup.

Now when one or more of the configured resources run into a “Critical” or “Warning” state we receive a E-Mail from an account “WMI@SERVERNAME” with a error message with the server name in the subject line and the condition of the resource / service in the E-Mail body.

Technorati Profile

Previous

  • Visitors Online

    • 01 visitor(s) online
    • powered by WassUp