Prerequisites - Exchange Mailbox Agent

Table of Contents

Microsoft Outlook Requirements

  • Microsoft Outlook 2007, 2010, or 2013.
  • Either of the following:
    • For Microsoft Outlook 32-bit installation, install the 32-bit version of the agent.
    • For Microsoft Outlook 64-bit installation, install the 64-bit version of the agent.

      Note: If you archive PST files, you must install the 64-bit version of the agent.

If you install the agent on a 64-bit off-host proxy computer:

  • Make sure that the proxy computer has been added to the same domain where the Exchange server is located.
  • Install Microsoft Outlook 2007, 2010, or 2013 on the off-host proxy computer so that the software drivers that are required for the agent to function in an off-host proxy configuration are installed.

Note: If you use Exchange 2016, you must install Microsoft Outlook 2013 SP1 or later service packs.

Assigning Full Access to Service Accounts

The service account must have full access rights to all mailboxes on the server.

Exchange Server 2007 or Later

The service account must be a member of:
  • the Organization Management group
  • the Local Administrator Group
  1. From the ADSIEDIT console, connect to the domain controller.
  2. In Connection Settings, click Select a well known Naming Context and select Configuration from the list.
  3. Expand Services > Microsoft Exchange.
  4. Right-click the appropriate organization name, and then click Properties.

    The Properties dialog box appears.

  5. Click the Security tab.
  6. Under Permission entity, verify the permissions for the Organization Management Group.
  7. For the Organization Management Group to which the service account belongs, select the Allow check box for the Full Control permission, and then wait for replication.

    Selecting Allow for Full Control selects Allow for all of the permissions. The Deny check box for all permissions must be cleared.

  8. To add the backup account, start the PowerShell, and type the following command:

    Get-MailboxDatabase -server <Exchange Mailbox Server name> | Add-ADPermission -user "<service account>" -ExtendedRights Receive-As

    You must include the Receive-As permissions to backup archive mailboxes.

    Note: Run the Get-MailboxDatabase PowerShell command each time you add a new database.

Exchange Online

In an Exchange Online environment, you can assign full access only to mailboxes that currently exist. As you add mailboxes, you must assign full access to the new mailboxes individually. Failure to assign access to newly added mailboxes causes backups of those mailboxes to fail. To prevent backup failures, you can assign full access to one mailbox at a time.

  • The Exchange Online Administrator Account (Exchange Online user) must be:
    • a member of Global Admin group
    • an online mailbox
  • The Exchange Administrator Service Account (Windows user), must be a member of the Local Administrator Group.
  1. Open Windows PowerShell and create a remote PowerShell session to Exchange Online.
  2. Assign full access to all existing mailboxes or to one newly added mailbox.
    • To assign full access to all existing mailboxes, type the following command:

      Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User "<service_account>" -AccessRights FullAccess -InheritanceType all -AutoMapping: $false

    • To assign full access to one mailbox, type the following command:

      Add-MailboxPermission -Identity "<mailbox_name>" -User "<service_account>" -AccessRights FullAccess -InheritanceType all -AutoMapping:$false

    Where:

    service account is the Exchange Online Administrator Account (Exchange Online user).

    mailbox name is the name of a mailbox on the server that you want to back up.

    The AutoMapping:$false parameter disables the Exchange automapping ability. For more information, see the Microsoft support article KB 2646504: "How to remove automapping for a shared mailbox in Office 365".

  3. To verify that a mailbox has been assigned Full Access Permissions, type the following command:

    Get-MailboxPermission -Identity "<mailbox_name>"

Exchange 2003

Use the Exchange Administration Delegation wizard to configure administrative permissions for Exchange Server objects in Active Directory.

  1. In System Manager, right-click the organization, and then click Delegate control.
  2. In the Exchange Administration Delegation wizard, assign Exchange Full Administrator permission to the MailboxAdmin user.

Exchange Server Requirements

Exchange Server 2013 or Later

  1. Prior to running backups, verify that Outlook is running on the client computer and that it is configured to use the same user that is specified in the Mailbox Agent Properties.
  2. On each Exchange server with a CAS role:
    1. In PowerShell, run the following command:

      Set-OutlookAnywhere –identity "<Exchange Client Access Server name>\rpc (Default Web Site)" -InternalClientAuthenticationMethod ntlm

    2. In Windows, open the Command Prompt window, and then run IISRESET.
  3. To manage the performance of your Exchange environment and enforce connection bandwidth limits, set the following throttling policy:
    1. In Windows, on the taskbar, click Start, and then click All Programs > Microsoft Exchange Server version_number.
    2. Click Exchange Management Shell.
    3. Run the following commands:

      New-ThrottlingPolicy CVThrottlingPolicy

      Set-ThrottlingPolicy CVThrottlingPolicy -RCAMaxConcurrency unlimited -RcaMaxBurst unlimited -RcaRechargeRate unlimited -RcaCutoffBalance unlimited –IsServiceAccount:$true

      Set-Mailbox <service account> -ThrottlingPolicy CVThrottlingPolicy

      Where:

      service account is the Exchange Administrator Service Account.

Exchange Server 2010

To manage the performance of your Exchange environment and enforce connection bandwidth limits, set the throttling policy.
  1. On the Exchange Server, from the Windows Start menu, click All Programs > Microsoft Exchange Server 2010.
  2. Click Exchange Management Shell.
  3. Type the following commands:

    New-ThrottlingPolicy –name CVThrottlingPolicy

    Set-ThrottlingPolicy –identity CVThrottlingPolicy –RCAMaxConcurrency $null –RCAPercentTimeInAD $null –RCAPercentTimeInCAS $null –RCAPercentTimeInMailboxRPC $null

    Set-Mailbox –Identity <service account> –ThrottlingPolicy CVThrottlingPolicy

    Where:

    service account is the Exchange Administrator Service Account.

Exchange Online

  • The agent must be installed off-host. That is, it must be installed on a different computer than the computer where the Exchange server is installed.
  • If you use both Exchange Online and an on-premise server, you cannot use the same agent to back up data for both types of servers. You can do either of the following:
    • Use the same off-host proxy, but different instances for each server type.
    • Use a different off-host proxy for each server type.
  • Install the agent and Outlook on the same computer.
  • Install .NET Framework 3.5 on the Exchange Online agent computer.

    You can install version 3.5 and later versions of .NET Framework on the same computer.

The following SnapProtect features are not supported for Exchange Online:

  • Auto Discover options:
    • Active Directory User Group Affinity
    • Database Affinity
  • Mailbox-level delegation
  • Mailbox Quota Rules
  • Exchange Offline Mining
  • Exchange Archive mailbox
  • Retention Tags

Enabling Exchange Online

  1. From the CommCell Console, right-click the CommServe, and then click Properties.

    The CommServe Properties dialog box appears.

  2. Click the Additional Settings tab.
  3. Click Add.

    The Add Additional Settings dialog box appears.

  4. In the Name box, type bEnableExchangeOnline.
  5. In the Value box, type true.
  6. Click OK.
  7. Click OK.
  8. Restart the CommCell Console.

Considerations for Exchange 2016

If you use Exchange 2016, prepare the environment accordingly.

Selecting the Exchange Version for 2016

Wherever you are asked to specify an Exchange version in the SnapProtect software, use Exchange 2013.

Disabling MAPI Over HTTP

Applies to: Exchange 2016

Exchange 2016 backups require RPC over HTTP. You must disable MAPI over HTTP before you configure accounts for Exchange 2016.

Procedure

  1. Log on to the proxy client where you installed the agent.

    Use the credentials for the Windows account that you defined in the Exchange Mailbox properties.

  2. In Windows on the client computer, click Start, and then type regedit in the Search programs and files box.
  3. Press Enter.

    The Registry Editor appears.

  4. Expand HKEY_CURRENT_USER > Software > Microsoft > Exchange.
  5. Right-click Exchange, and then click New > DWORD.

    A new DWORD entry appears in the right pane.

  6. Right-click the new DWORD entry, and then click Rename.
  7. Type MapiHttpDisabled.
  8. Right-click the MapiHttpDisabled entry, and then click Modify.

    The Edit DWORD Value dialog box appears.

  9. In the Value box, type 00000001, and then click OK.
  10. Close the Registry Editor.
  11. Verify that the protocol has been changed to RPC over HTTP.
    1. Restart Outlook.
    2. Press Ctrl and right-click the Outlook icon in the notification area at the far right of the task bar.
    3. Click Connection Status.

      The Microsoft Exchange Connection Status dialog box appears.

    4. Verify that the value in the Protocol column is RPC/HTTP.
    5. If the value is HTTP, delete the Outlook profile, and then recreate it.
  12. Note: Make sure to use the same Exchange 2016 service account name for the new profile and disable cache mode.