VOX

You can, that's how I am setup. You just need to make sure the Domain Admin has full rights as an Exchange admin. Just go to Exchange Administration and use the delegate control wizard. (Right click on the Organization level and select it from context menu)

Your administrator will then be added to a few more groups in AD for Exchange.

To deynub:

Ok, I checked by running the Delegate Control Wizard, and the domain administrator is already there with a role of "Exchange Full Administrator".
Evidently this was done automatically, because I just did a fresh install of the OS, and a fresh install of Exchange. I say it was done automatically because I didn't KNOWINGLY do it. Actually, I have never ran that wizard before.
At any rate, that is how it is set, but when I go into Active Directory Users and Computers and look at the "Member Of" properties of the domain admin account, there are no items listed that have anything to do with Exchange. You mentioned that a few extra groups would be there? All I have is member of: Administrators, Domain Admins, Domain Users, Enterprise Admins, Group Policy Creator Owners, and Schema Admins.
Should there be others?

> Have you tried adding exchange admin login..

Do you mean add the Exchange Admin login as a login in Backup Exec? If so, I haven't tried that.

Yes, I have two Exchange specific memberships:

Exchange Domain Servers
Exchange Services

Not sure why you wouldn't have those...

Hmmmm

I went to Active Directory Users and Computers and tried to add those two items to the domain admin's account.

I did "Add", then "Advanced", and did a query for names that start with "ex". The only things returned were "Exchange Domain Servers" and "Exchange Enterprise Servers".

Nothing for "Exchange Services". I'm running Exchange 2003 on Win Server 2003. Are you running the same version?

Yes, E2K3 on W2K3. My Exchange has SP1installed. My domain admin account is the oneI installed Exchange with.

If you've verified that the account in question is indeed an 'Exchange Full Administrator' at both the 'Organizational' and 'Administrative Group' level, then you should be fine. You do this via the Exchange System Manager interface. You're not going to see the 'exchange admins' type of group in ADUC, as these members/roles are managed through the ESM.

Are you having a particular problem with the Exchange component that originates with user rights?

I'm assuming you set up Veritas and specified a particular account during the install to be used by the app to 'do its thing'. That info is stored in Veritas and the additional rights are assigned to the specified account (log on as service, create token, etc) to allow it to run backups. The Backup Exec services use that account to log on to the system. WRT Exchange, is the account that is specified as 'Exchange Full Admin' the exact one that was specified as the Veritas Service Account? Those things need to be synched up.

Finally, does the account in question have an active Exchange Mailbox and corrresponding MAPI profile to which mail can be sent/received? Veritas needs this in order to manage its email notifications.

HTH

John

Hi John,

When installing BackupExec, I was logged in as the domain admin, and it was that account that was made the BE default logon account.
In ESM, at the top-most level I ran the Delegate Control Wizard and set the domain admin account as Exchange Full Admin.
I'm not certain it got set at the Administrative Group level though.
I did send and receive emails through the domain admin account, so the mailbox has been set up.

Unfortunately I just did a full backup and started a disaster recovery restore which is still going, so I can't check the "Administrative Group level" thing right now.

When I did this before, the problem was that everything about the server was restored successfully, but Exchange resources could not be mounted. When I went into BE and looked at my selection list, the Exchange items were no longer selected and when I tried to select them, I got the logon account dialog box telling me that I didn't have access to the items with the default logon account.

OK. I'm not sure at which point you encountered the Exchange error, but I recall that in order to be able to successfully restore the Exchange IS, you need to enable overwrite of the IS DB. Open up the ESM and access the properties sheet of the given IS. Once there, hit the 'Database' tab, and check the 'This database may be overwritten by a restore' checkbox. It is not checked by default. Then re-try your IS restore. If you haven't done that, you may want to check that out when you get a chance.

This sounds like a possible combo of the issue above, Exchange perms and (possibly) one other thing. Did you say in another post that this server is also an AD DC? I'm wondering because I think I read something that the veritas account must be a member of the 'local admins' on the Exchange server, and when a W200x server is made into a DC, all local groups (including local admins) are gone. I haven't particulary read any warnnings about issues with Exchange and AD DC's on the same server as regards Veritas Exchange backups/restores, but it might be another avenue worth checking out. Also, the 'local admins' requirement might only be a requirement for the advanced Exchange features (i.e. individual mailbox backup/restore) and not for the general (i.e. IS backups/restores), so I may be barking up the wrong tree on that. I'd look for a good Exchange restore walkthrough and focus on the pre-requisites that must be configured before you can perform the restore.Message was edited by: jonbenak

P.S.: A dedicated service account is a much better way to deploy apps like Veritas, Symantec, etc. It's easier to keep track of (created a dedicated OU), you can specify the PW and other properties, and not worry about the apps getting hosed because you made a change in an oft-used account. The first thing I do when installing BE is to create a service account, create a MB (and send a message to it to validate), and add it to Domain Admins. I then specify the account credentials during the install, and all is (usually!) well.

Just passing on a lesson learned...
jonbenak

Yes, the machine is the domain controller, BE media server, and the Exchange server. Actually, it is just a single test machine that is on our LAN, but has no ties or relationships with any other machine or software.
I'm trying to keep the setup as simple as possible while I learn how to do all this.
As far as the DC-Exchange thing goes, I have read in the BE literature that it is not recommended to have Exchange on your domain controller because in a disaster recovery situation, you must first restore the DC, then restore Exchange. This implies that even if not reccomended, it is possible. However, I will look into that more.

I agree that the dedicated service account is probably the best way to go. My plan was to keep it simple and easy and use the domain controller's account while I was learning, then once I had that working, experiment with a dedicated account.

My latest disaster-recovery restore has completed successfully, and as before, everything seems to be working except Exchange will not mount the information stores.

Here is what I did:
Before backup, I set the domain admin account up as advised in previous posts.
FULL system backup including all local resources.
IDR restore of entire system.
In ESM, set properties of both "Mailbox Store" and "Public Folders Store" so that they could be overwritten by restore.
Followed the disaster recovery for Exchange steps on pg. 1150 of the Admin Guide:
Inventoried and cataloged the tape
Created a restore job, selecting the "First Storage Group", which is the only storage group that I have.
In Exchange settings, set it so that the "No Loss Restore" checkbox was cleared.
Set it to commit and mount after completion.

This restore completed successfully, but even after a reboot, Exchange still will not mount the mailbox and public folder stores.

Since a successful restore of the Information Store still did not do the job, I thought I would try to restore all the mailboxex and public folders by selecting them in the selection list.

That restore fails, saying that it is unable to attach to a resource. I imagine that it is because they are offline.

If the IS restored successfully before, how do I get the mailbox store and the public folders mounted and back online????

Ray,

It is very possible you have out of sequence log files, particularly if you have tried a few no loss restores. Verify the log sequence is not missing a file or two. Databases will not mount if the logs are out of sequence.

If you are out of order, try to locate the backup which contains the missing log file first. Otherwise you might have to clean slate it and restore the logs which you do have in order.

Another thing you could try is to delete the checkpoint file (.chk) and try mounting the database store. It will play the logs forward, but again a missing log will fail it.

If you have to do mulitple restore jobs, make sure only the last restore job has the "commit" option selected.

deynub,

I spent most of the day yesterday on the phone with tech support and finally we deleted the database folder and manually monuted the stores, which recreated the mailbox and public folder stores.
After creating a couple of users and sending a few emails, we backed the new information store up and was able to restore it successfully (not via IDR though).
The consesus was the same as what you said. Probably the log files were messed up or possibly the database corrupted in that backup. The problem was that I only had the one full backup, so no others to try.

So today, I am backing up again a few times, and will try the IDR again. If the problem was just a fluke, then the odds are slim that it will happen again today on multiple backups. If it does happen again, especially on more than one backup, then my guess is that it is tied to the IDR restore process somehow.

Since we paid for the IDR, I intend to make sure that it works.

Thanks for your feedback and ideas.

FYI on IDR:

There are currently some interoperability problems with Win2003 SP1 & IDR. (See: http://seer.support.veritas.com/docs/276538.htm ), so bear that in mind during your IDR planning. I'm trying to develop an IDR solution too, but have to limit it currently to those servers that are either W2K or W2K3 w/o SP1.

Good luck.

Thanks for the heads up, but unfortunately I ran headlong into that problem myself.

My current soultion is to leave W2k3 SP1 off. However, someone has posted that the MANUAL disaster recovery can be done with SP1. The trick is to install W2k3 and SP1 before starting the DR. Evidently, having the OS in the same state as it was before disaster does the job.

I intend to test this myself, but I have not done so yet.

It appears it was NOT A FLUKE.

Repeating the exercise yields the same results on all the backups I did. I have determined that the actual database files in the mdbdata folder are restored, but Exchange absolutely will not mount them.

Since I didn't want to start the phone support ordeal on a Friday afternoon, I spent the rest of the day experimenting.

I was able to get all my mailboxes and public folders completely restored, but not by the way it is supposed to go. Here is how I did it:

- I did an IDR restore of the entire system, rebooting twice to get everything working.
- Stopped all Exchange services.
- Deleted the C:\Program Files\Exchsrvr\mbddata folder.
- Started all the Exchange services that are set to automatically start. (This recreated the folder and a few files in it)
- In ESM, mounted the mailbox and public folders stores, answering YES to have the databases recreated.
- Modified the properties of both stores so that they can be overwritten by a restore.
- In BEWS, created a new restore job, selecting all the mailboxes and all public folders. NOT selecting the information store.
- Under the Exchange properties, cleared the checkbox for "No loss restore...", and checked the checkboxes for it to dismount, commit, and then mount.
- Ran the job.

Everything restored and seems to work, but this would not work if I had not chosen to back up all mailboxes and public folders individually. I may not have space to do this in the future, so this is not a sufficient solution.

I guess Monday I'll be back on the phone with Veritas tech support.