Exchange database files are being written to an encrypted folder
Topic Last Modified: 2010-07-26
The Microsoft® Exchange Best Practices Analyzer Tool queries the Win32_Directory Microsoft Windows® Management Instrumentation (WMI) class to determine the value of the Encrypted key for the folder that contains the Microsoft Exchange Information Store database files. If the Exchange Server Analyzer finds the value for Encrypted set to True, an error is displayed.
On a computer that is running Exchange 2000 Server or Exchange Server 2003, the database files are written to the following default location:
On a computer that is running Exchange Server 2007 computer, the database files are written to the following default location:
<drive>:\Program Files\Microsoft\Exchange Server\Mailbox\<Storage Group Name>
Microsoft does not support the storage of Exchange data files on an Encrypting File System (EFS) encrypted volume. When you store your Exchange data files on an encrypted volume, the additional overhead significantly affects Exchange performance. The Exchange data files include all the following files:
To help secure your Exchange data files, we recommend that you prevent unauthorized access to the Exchange computer and that you use the S/MIME message format to encrypt message data.
To resolve this problem, you must either turn off file encryption on the folder where the database files are being written, or move the database files to a folder where encryption is not enabled.
Right-click the folder on which you want to turn off file encryption, and then click Properties.
On the General tab, click Advanced.
In the Advanced Attributes dialog box, click to clear the Encrypt contents to secure data check box, and then click OK.
Open Exchange System Manager.
Expand Administrative Groups, expand your administrative group, expand Servers, expand your server, expand your storage group, right-click Mailbox Store, and then click Properties.
On the Database tab, under Exchange database, or Exchange streaming database, click Browse, type the path location to a folder where encryption is not enabled, and then click OK.
Click OK or Apply to apply your changes, and then click Yes on the warning message.
After you click Yes, the stores (databases) are dismounted, moved, and remounted. When these procedures are successfully finished, you receive the following informational message:
The database files have been moved successfully
Follow the guidance in the core Exchange Server 2007 documentation, "How to Move a Storage Group Path" (http://go.microsoft.com/fwlink/?LinkId=80747)
Follow the guidance in the Exchange Server 2010 documentation, Move-DatabasePath
For more information about how to move database files, see Microsoft Knowledge Base article 821915, How to Move Exchange Databases and Logs in Exchange Server 2003.
For more information about Exchange Server data files and EFS, see Knowledge Base article 834638, Information about the storage of data files on an encrypted volume in Exchange Server.
For information about how to secure messages in Exchange Server 2003, see the Exchange Server 2003 Message Security Guide.