Exchange Server 2007 is designed to allow remote streaming backups. This means that your backup software can back up a remote Exchange server without running directly on the Exchange server itself. While being able to back up Exchange Server remotely sounds beneficial, Microsoft warns of two potential security threats associated with this method.
- Any designated backup operator can back up Exchange Server remotely.
- Exchange data that is backed up remotely isn't encrypted. Unless you perform these backups across a server backbone segment, users on the network potentially could sniff the unencrypted traffic as it flows across the wire.
Whether this is a problem depends largely on your network topology. On some networks, a switch may form a virtual circuit between the Exchange server and the backup machine. In this case, the data that is being backed up would never flow across a network segment that user workstations are using.
NOTE: Microsoft has disabled remote streaming backups in Exchange Server 2007 Service Pack 1 (SP1). If you're using Exchange Server 2007 and are performing remote streaming backups, then installing SP1 will break the backups.
The good news is that there's a workaround that you can use to re-enable remote streaming backups. The bad news is that it involves editing the registry, which is dangerous. Make a full system backup of your server before attempting this workaround.
- Open the Registry Editor, and navigate through the registry tree to:
- Create a new DWORD value named Enable Remote Streaming Backup. The value that you assign to this registry key will determine whether remote streaming backups are enabled or disabled. A value of 1 enables remote streaming backups, while a value of 0 disables them.
- Once you've made the necessary modifications, you must restart the Exchange server's information store service. The easiest way to do this is reboot the Exchange server. If rebooting isn't an option, you can open a Command Prompt window and enter the following commands:
Net Stop MSExchangeIS
Net Start MSExchangeIS
There are two things to keep in mind when using these commands:
- Running these commands restarts the information store service, which will cause Exchange Server databases to be dismounted temporarily. This means that users will lose connectivity to their mailboxes until the stores have been remounted.
- Stopping and restarting the Exchange information store service is more involved if the mailbox server is clustered. For a clustered mailbox server, open the Exchange Management Shell and enter the following commands:
-StopReason "Enable Remote Streaming Backup" –Confirm:$False Start-ClusteredMailboxServer Exit
About the author: Brien M. Posey, MCSE, is a four-time recipient of Microsoft's Most Valuable Professional Award for his work with Windows Server, Internet Information Server (IIS) and Exchange Server. Brien has served as CIO for a nationwide chain of hospitals and healthcare facilities, and was once a network administrator for Fort Knox. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.
Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.