Forum Discussion

Corey_Wilson's avatar
14 years ago

Exchange 2010 with BE 2010R3

Trying to configure BE 2010 R3 to backup Exchange 2010. I have it configured currently to backup Exchange 2007 and it is working fine. The only item I have installed is the Exchange 2007 mapi. The backup account I am trying to use is a member of the Exchange Organization Administator's group (for exchange 2010) as well as local administrator on the EX2010 servers to be backed up. The documentation states that the Exchange management tools are required for Exchange 2007 and 2010. I did not require them for our 2007 servers, but I went ahead and installed them just to be sure, when I couldnt connect.

The issue is, the servers are showing as available Windows resources in Backup Exec selection however when I expand them they do not show any Exchange related services (logs, databases, exchange vss) to select. If I try and exapand the DAG under Exchange Resources I keep getting a permission error stating the account being used needs to be Administrator or Exchange Organization Administrator member, etc. It is. I have tried with the service account we use for all our backups as well as an enterprise level adminstrator account as well, with the same results.

Not sure if Im missing something here. These are Windows 2008 r2 servers with Exchange 2010 SP1 with rollup 3 v3 installed, configured in a DAG. As a  side note, these servers are in a DMZ network and we had to open ports to allow communication between these servers are our backup servers. I am not sure it could still be a port issue at this point anymore once the machines are showing in the backup exec selection options and can be expanded to show the folders and volumes.

Any help would be great here.

Thanks

  • Yes, the exchange 2010 management tools are required on your Backup Exec server !

    But why are you installing Exchange 2010 in a DMZ ?
    This is definitely not supported (execpt for the Edge role) by Microsoft:http://blogs.technet.com/b/exchange/archive/2009/10/21/3408587.aspx

    See below for the ports to be used by Backup Exec:
    (you probably need to open 10000)

    http://www.symantec.com/business/support/index?page=content&id=TECH49563

    And make sure your Backup Exec service account has an unique (not hidden) mailbox !


     

  • Hi Corey,

     

    Are you able to browse any local drives on the DMZ Exchange server? If so, RAWS is then probably communicating correctly. If it wasn't you wouldn't be able to browse that server at all.

    Is the Exchange agent publishing to the media server? If so, have you tried using the IP address in the publishing tab of the RAWS agent?

    Also, is the Exchange agent license installed correctly? You can always try removing the license and then reinstalling it...

    The TN below explains what permissions the BESA account needs in order to back up Exchange properly...

    http://www.symantec.com/business/support/index?page=content&id=TECH124615

    Thanks!

  • Thanks, but I dont need to be schooled on the implementation of Exchange. Our mail environment sits behind a barracuda load balancer which connects our production to DMZ network. From an internal standpoint it is NOT in a dmz. From our backup environment, it is.

    As for your suggestions on the port, thank you. I will have a look, but I am certain it is already open along with the remainder of the ports Symantec provides  in the table as required.

  • Hey Craig. Yup, we can browse the exchange servers volumes through the Windows Resources section when creating a backup job. So at this point I can confirm that the agent is in fact communicating with the host successfully because if I stop the agent on the remote hosts the media server fails to connect.

    I can only presume the exchange agent is installed corrently considering we are currently backing up our exchange 2007 environment from the same media server without issue. Likewise, Symantec's documentation states that the management tools are required to do so. We have been backing up our exchange 2007 servers successfully for the past 2.5 years with no Exchange management tools installed. Just the MAPI connection files and it has been working properly.

    I will review the article in detail but our backup account has local admin rights on the exchange 2010 servers, was added to the exchange organization administrators group and was even added to the enterprise admin's group to fully rule out a permission issue.

    At this point I am unable to open the DAG resource or view any exchange related attributes when browsing the exchange 2010 servers.

    PS.

    I do have the exchange management tools installed on this server, I did this as a last resort a couple days ago and not surprisingly, it did not make a difference.

  • Thanks Guys.

    I have gone through each of these articles, twice! I am still experiencing this problem :-(

    I have verified that the appropriate permissions are indeed applied to the backup service account, this service account has a visible mailbox in the GAL, that has been verified to send and receive mail. It has been logged on to the media server. It has local admin rights on each of the DAG members, is a domain admin member as well in the ORganization Management group. The exchange management tools are installed on the media server with the same version and patch level as the mail servers. All members of the DAG can be pinged from the media server and telnet'ed into on port 10000. The agents are installed on all members of the DAG and report back to the media server correctly. They are all at the latest version as I pushed them from the media server after all the latest updates were applied through Liveupdate (there was only one needed). Each of the Exchange servers have even been restarted aftwerwards for good measure.

    The media server is 2k8 SP2 64bit with all the latest symantec liveupdate patches applied. I uninstalled and reinstalled the Exchange agent on the media server. The same problem exists in that when I browse the remote mail servers through the backup selection list, they show local volumes and folders but do not show any Exchange related services such as information store, exchange vss, public folders, etc. When trying to expand the DAG I get the errors that were pointed out in the articles linked to by ZeRoCOOL.

    I even went through the process of changing the ip configuration in the hosts file to rem out ipv6 and set all the local hostname entries as suggested in one of the articles.

    Im at a complete loss. I have been working with BackupExec for nearly ten years, since it was Veritas have worked with every version and almost ever single different Agent and I have never had a problem I could not resolve given the information available in the KB articles, forums or other internet postings.

    I am going to have one of our network engineers intervene and trace traffic once again, but we have opened all ports according to the requirements supplied by symantec in their port table.


    Any more suggestions? Im at a loss here.

    Thanks guys!!

  • ...I've hit the support flag for you...if you get assisted to have this solved, please put that here and then close off your query wink