Last modified: 2019/08/27 (Note: Content written for AhsayCBS v7+v8, and may generally apply to latest product release)

AhsayOBM allows you to back up individual mailboxes in your Microsoft Exchange Server with the MS Exchange Mail Level Backup Module. This module provides a set of tools to protect your mailboxes and public folders on Microsoft Exchange Server 2007/2010/2013. This includes backup and recovery of individual emails, contacts, calendars and other mail items in your mailboxes and public folders, with snapshots / versioning, and retention policy to protect even email that you may have accidentally deleted from your Exchange 2007/2010/2013 mailboxes or public folders.

AhsayOBM supports backup of mailboxes on both MS Exchange Server for deployed in standalone and Database Availability Group (DAG).

An MS Exchange mail level backup must be utilized in conjunction with full Information Store backup (Exchange Database backup set), as mail level backup for Microsoft Exchange Server is not designed to fully protect an Exchange Server, but to facilitate easy and fast recovery of emails, contacts, calendars for individual mailboxes and public folder items.

Below is the system architecture diagram illustrating the major elements involved in the backup process among the Microsoft Exchange Server, AhsayOBM backup client, AhsayCBS backup server, and Cloud storage.

You are strongly recommended to check all the settings below before you proceed with the MS Exchange Mail Level 2007/2010/2013 backup and restore.

For the list of compatible operating systems and application versions, refer to: Ahsay Software Compatibility List (SCL)

To optimize performance of AhsayOBM on Windows, and to avoid conflict with your antivirus software, refer to this list of processes and directory paths that should be added to all antivirus software white-list / exclusion list

The latest version of AhsayOBM must be installed on the MS Exchange Server hosting the mailbox database.

For backup of mailboxes on MS Exchange Server 2010/2013 Database Availability Group (DAG), ensure the same AhsayOBM version is installed on all member servers.

For MS Exchange Server 2010/2013, Database Availability Group (DAG) backup option is available.

AhsayOBM licenses are calculated on a per device basis.

• For backup of mailboxes on a standalone Microsoft Exchange 2007/2010/2013 Server, one AhsayOBM license is required.
• For backup of mailboxes on a Microsoft Exchange Server 2010/2013 DAG setup, the number of AhsayOBM licenses required is equal to the number of members (nodes) in the DAG. For example, if there are three members then three AhsayOBM licenses are required.

Make sure that your AhsayOBM user account has sufficient storage quota assigned to accommodate the storage of additional Exchange mailbox and public folder items for the new mail level backup set.

One Microsoft Exchange Mailbox license is required for the backup of each user mailbox.

Make sure the Microsoft Exchange Mailbox feature has been enabled as an add-on module in your AhsayOBM user account and there is sufficient Microsoft Exchange Mailbox license quota to cover the backup of your mailboxes.

Scheduled backup is required if you choose to backup MS Exchange server 2010/2013 setup in DAG option, as AhsayOBM on all DAG members will use the scheduled backup time to start backups on all individual DAG members at the same time.

An MS Exchange server 2010/2013 DAG backup cycle is considered complete only when scheduled backup on all DAG members have been run successfully. A backup report will be generated and emailed to the recipients when a complete MS Exchange server 2010/2013 DAG backup cycle has taken place.

Please keep in mind that manual backup will only be considered as individual mail level backup, and therefore will not be counted as part of the DAG backup cycle.

The Temporary Directory folder is used by AhsayOBM for storing backup set index files and any incremental or differential delta files generated during a backup job. To ensure optimal backup/restoration performance, the temporary directory folder is located on a local drive with plenty of free disk space.

Ensure “Hide from Exchange address list” is unchecked for user mailboxes, otherwise the mailbox will not be visible in the AhsayOBM backup source and therefore cannot be selected for backup.

The Active Directory account used to authenticate the backup must have full access to the mailboxes. To grant full access right for the account, enter the following command in Exchange Management Shell.

Open the Exchange Management Shell by clicking Start > Microsoft Exchange Server > Exchange Management Shell.

Get-MailboxServer | Add-ADPermission -User "%os_username%" -
AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

Get-MailboxServer | Add-ADPermission -User "system" -
AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

Get-MailboxServer | Get-ADPermission -User "%os_username%"

Get-MailboxServer | Get-ADPermission -User "system"

Get-MailboxServer | Remove-ADPermission -User "%os_username%" - AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

Get-MailboxServer | Remove-ADPermission -User "system" - AccessRights GenericAll -ExtendedRights ms-exch-store-admin,receive-as,send-as -InheritanceType All

Get-Mailbox | Add-MailboxPermission -User "%os_username%" -AccessRights FullAccess

Get-Mailbox | Add-MailboxPermission -User "system" -AccessRights FullAccess

Get-Mailbox | Remove-MailboxPermission -User "%os_username%" -AccessRights FullAccess

Get-Mailbox | Remove-MailboxPermission -User "system" -AccessRights FullAccess

Get-Mailbox | Get-MailboxPermission -User "%os_username%"

Get-Mailbox | Get-MailboxPermission -User "system"

The Active Directory account used to authenticate the backup must be a member of the following security groups.

Make sure the Windows account used to authenticate the backup has a mailbox enabled. Follow the steps below to verify.

For setup on MS Exchange Server 2010 / 2013, the Remote Exchange Management Shell must be enabled for the operating system account used for the backup.

Enter the following command in Exchange Management Shell to enable this feature.

>Set-User "%os_username%" -RemotePowerShellEnabled $True

Reboot the Exchange Server after executing the command.

The latest version of CDO must be installed on the Exchange Server for the mail level backup job to work properly.

Download and install the latest version CDO via the URL below. If you already have CDO installed on the Exchange Server but are not sure if it is the latest version, you are recommended to uninstall the current version and re-install via the URL below.

Make sure the Windows PowerShell 2.0 Engine is installed.

Ensure that all MS Exchange related services have been started, particularly the MS Exchange Information Store Services.

To verify this setting, launch the Services menu by clicking Start then typing “Services” in the search box. All Exchange related services should be started by default, in case if it is not, turn it on by right clicking the item and then select Start.

Ensure the MS Exchange Mailbox and Public Folder databases are mounted.

Example: MS Exchange 2010

Example: MS Exchange 2013

Verify if the IISAuthenticationMethods is set to Basic only. If so, change the setting with the commands below.

Confirm on the connection to the Exchange Management Shell (EMS) or Exchange Management Console (EMC).

Ensure that the HTTP binding on the Default Web Site in Internet Information Services (IIS) is correctly configured by following the steps below.

1. Click Start > Control Panel > Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. Navigate to Default Web Site, then right-click and select Edit Bindings.
   
3. Create a new binding that has no host name and a value of All Unassigned for the IP address.
   
4. Restart IIS.

If you are using Exchange server 2013 on Windows server 2012, please install .Net Framework 3.5 Features.

This feature can be enabled by accessing Server Manager > Dashboard > Add Roles and Features Wizard > Feature Page.

The following steps are performed during an MS Exchange mail level backup job:

• Microsoft Exchange Server 2007/2010/2013 Mail Level Backup and Restore Guide

• How to create a MS Exchange mail level backup set with AhsayOBM (MS Exchange 2007 / 2010)?
• How to create a MS Exchange mail level backup set with AhsayOBM (MS Exchange 2013)?

• Duplicate databases are displayed under empty DAG group when creating a MS Exchange mail level backup set (MS Exchange mail level backup)
• Incorrect error message 'Another backup job is still running' is displayed (MS Exchange mail level backup)
• MS Exchange mail level backup job cannot run to completion (for backup set with backup schedule disabled)