Using Cloned Configuration Tasks for Edge Transport Server Disaster Recovery

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

You can use cloned configuration to capture and back up the configuration information about an Edge Transport server in Microsoft Exchange Server 2007. Unlike all the other Exchange 2007 server roles, the Edge Transport server role uses Active Directory Application Mode (ADAM) to store configuration data. This means that you cannot recover an Edge Transport server by running the setup /m:recoverserver command. You can back up the Edge Transport server configuration by using the following scripts in the Exchange Management Shell:

  • ExportEdgeConfig.ps1   This script exports all user-configured settings and data from an Edge Transport server, and stores that data in an XML file.

  • ImportEdgeConfig.ps1   This script imports all user-configured settings and data stored in the XML file that is created by the ExportEdgeConfig.ps1 script.

The default location for the scripts folder is C:\Program Files\Microsoft\Exchange Server\Scripts. The scripts capture all the configuration information that is stored on an Edge Transport server and write that information to an intermediate XML file.

Cloned Configuration Process for Disaster Recovery

When you use cloned configuration for disaster recovery, you must follow these steps:

  1. Back up the configuration on the Edge Transport server   Run the ExportEdgeConfig.ps1 script to export the source server's configuration information to an intermediate XML file. Save the XML file in a secure location.

  2. Perform a clean installation of the Edge Transport server   Use the same server name as the server that you are restoring.

  3. Validate the configuration   Run the ImportEdgeConfig.ps1 script. The script checks the existing information in the XML file that you created in step 1 to verify that the settings are valid, and then creates an answer file. The answer file specifies the server-specific information that is used during the next step. If the settings are not valid, you must edit the answer file before you perform the next step.

  4. Import the configuration   The ImportEdgeConfig.ps1 validates the script, and then uses the intermediate XML file and the answer file to restore the backed-up configuration information.

  5. Run the EdgeSync process to establish one-way replication of recipient and configuration information from Active Directory to the ADAM instance on an Edge Transport server   For more information about the EdgeSync process, see "Cloned Configuration and EdgeSync" later in this topic and Subscribing the Edge Transport Server to the Exchange Organization.

Backing Up the Configuration

Run the ExportEdgeConfig.ps1 script after you have installed and configured the Edge Transport server role. You should also run the script to back up the server whenever you make any configuration changes as described in the XML file description that is shown here.

The following information is exported from the backed-up server and stored in the intermediate XML file:

  • Transport server-related information and log file path information. The following file paths are imported:

    • ReceiveProtocolLogPath

    • SendProtocolLogPath

    • MessageTrackingLogPath

    • PickupDirectoryPath

    • RoutingTableLogPath

  • Transport agent-related information that includes the status and priority settings of each transport agent

  • All Send connector-related information. If any Send connectors are configured to use credentials, the password is written to the intermediate XML file as an encrypted string. You can use the -key parameter with the ImportEdgeConfig.ps1 and ExportEdgeConfig.ps1 scripts to specify the 32-byte string to use for password encryption and decryption. If you do not use the -key parameter, a default encryption key is used.

  • Receive connector-related information. To modify the local network binding and port properties, you must modify the configuration information in the answer file that is created in the validate configuration step.

  • Accepted domain configuration

  • Remote domain configuration

  • Configuration settings for anti-spam features. The following information is imported:

    • IP Allow list information. Only the IP Allow list entries that were manually configured by the administrator are exported.

    • IP Block list information

    • Content filter configuration

    • Recipient filter configuration

    • Address rewrite entries

    • Attachment filter entries

Validating the Configuration

Run the ImportEdgeConfig.ps1 script after you have performed a clean installation of the Exchange 2007 Edge Transport server. This step validates the existing information in the intermediate XML file and creates the answer file. The answer file specifies the server-specific information that is used during the next step in the cloned configuration process when you import the configuration on the restored server. The answer file contains entries for each source server setting that is not valid for the server. You can modify these settings so that they are valid for the server. If all settings are valid, the answer file contains no entries.

The ImportEdgeConfig.ps1 script performs the following tasks during the validation step:

  • The script verifies that the data paths and log paths can be created on the server. If the paths cannot be created, a blank path is inserted into the answer file.

  • For each Send connector in the XML file, the script adds a blank entry for the source IP address in the answer file.

  • For each Receive connector in the XML file, the script adds a blank entry for the local network bindings in the answer file.

You must manually modify the answer file to provide the following information about server-specific settings:

  • Fill in the data paths and log paths. If these paths are left blank in the answer file, the paths that are configured in the intermediate XML file are used in the next step when you import the configuration on the target server.

  • For each Send connector entry, fill in the source IP address. If this field is left blank, an error occurs in the import configuration step.

  • For each Receive connector entry, fill in the local network bindings. If the local network bindings are left blank, an error occurs in the next step when you import the configuration on the target server.

Importing the Configuration

Run ImportEdgeConfig.ps1 script to restore the server to a specific configuration. After you run this script, the server’s configuration matches the settings in the intermediate XML file and the answer file.

Important

It is a best practice to back up the existing server configuration before you run the import configuration process, so that if the restoring operation fails, the server can be restored to the previous stable state.

This step uses the server-specific information that is provided in the answer file. If a setting is not specified in the answer file, the data in the intermediate XML file is used. Before the script modifies the configuration, the script validates the data in the intermediate XML file and the answer file.

The following configuration settings of the target server are modified during the import configuration step:

  • Transport agent configuration.

  • The existing connectors on the target server are removed, and the connectors that are present in the intermediate XML file are added.

  • The existing accepted domains are removed, and the accepted domain entries in the intermediate XML file are added.

  • The existing remote domains are removed, and the remote domain entries in the intermediate XML file are added.

  • The existing IP Allow list entries are removed, and the IP Allow list entries in the intermediate remote domains file are added.

  • The existing IP Block list entries are removed, and the IP Block list entries in the intermediate remote domains file are added.

  • The following anti-spam configuration is cloned to the target server:

    • Content filter configuration

    • Recipient filter configuration

    • Address rewrite entries

    • Attachment filter entries

Cloned Configuration and EdgeSync

Run the EdgeSync process after you restore the server's configuration. To perform recipient lookup and message security tasks, the computer that has the Edge Transport server role installed requires data that resides in the Active Directory directory service. EdgeSync is a collection of processes that are run on a computer that has the Hub Transport server role installed to establish one-way replication of recipient and configuration information from Active Directory to the ADAM instance on an Edge Transport server. The Microsoft Exchange EdgeSync service copies only the information that is required for the Edge Transport server to perform anti-spam tasks and the information about the connector configuration that is required to enable end-to-end mail flow. The Microsoft Exchange EdgeSync service performs scheduled updates so that the information in ADAM remains current.

The cloned configuration backup and restore process does not duplicate the Edge Subscription settings of a server. The certificates that are used by the Microsoft Exchange EdgeSync service are not cloned. You must run the EdgeSync process separately for each Edge Transport server. The Microsoft Exchange EdgeSync service overwrites any settings that are included in both cloned configuration information and in EdgeSync replication information. These settings include Send connectors, Receive connectors, accepted domains, and remote domains.

Configuration Information That Is Not Cloned

When the configuration information is exported from the source Edge Transport server, the transport configuration object is not written to the intermediate XML file, and therefore, the configuration information for this object is not cloned to the target server. The settings of the transport configuration object define server-wide e-mail transport settings for an Edge Transport server. After you import the intermediate XML file to the target server, the settings of the transport configuration object will have default values.

To back up the transport configuration object settings on the Edge Transport server, run the Get-TransportConfig cmdlet and make a record of the current settings. For more information, see Get-TransportConfig.

To restore the transport configuration object settings on the Edge Transport server, after the import process is complete, you must configure the settings by using the Set-TransportConfig cmdlet. For more information, see Set-TransportConfig.

New in Exchange 2007 SP1

Edge Transport servers that have Microsoft Exchange Server 2007 Service Pack 1 (SP1) installed include the transport configuration object in the information that is written to the intermediate XML file. Therefore, the settings of the transport configuration object on the target server will have the same values as the source server after the intermediate XML file is imported.

Table 1 describes the attributes that are associated with the transport configuration object and the default values for the release to manufacturing (RTM) version of Exchange 2007 and for Exchange 2007 SP1. You configure this object on both Hub Transport servers and Edge Transport servers. However, many attributes apply only to Hub Transport servers and configuring those attributes on an Edge Transport server will have no effect.

Table 1   Transport configuration attributes and default values

Attribute Description Exchange 2007 RTM default value Exchange 2007 SP1 default value

ClearCategories

This attribute specifies whether to clear Microsoft Office Outlook categories during content conversion.

True

True

GenerateCopyOfDSNFor

This attribute specifies the delivery status notification (DSN) codes that cause the DSN message to be copied to the postmaster e-mail address. DSN codes are entered as x.y.z and are separated by commas.

5.4.8, 5.4.6, 5.4.4, 5.2.4, 5.2.0, 5.1.4

5.4.8, 5.4.6, 5.4.4, 5.2.4, 5.2.0, 5.1.4

InternalSMTPServers

This attribute specifies a list of internal Simple Mail Transfer Protocol (SMTP) server IP addresses or IP address ranges that should be ignored by Sender ID and connection filtering.

Null

Null

JournalingReportNdrTo

This attribute specifies the e-mail address to which journal reports are sent if the journaling mailbox is unavailable. This attribute doesn't apply to the configuration of an Edge Transport server.

Null

Null

MaxDumpsterSizePerStorageGroup

This attribute specifies the maximum size of the transport dumpster on a Hub Transport server. This attribute doesn't apply to the configuration of an Edge Transport server.

18 MB

18 MB

MaxDumpsterTime

This attribute specifies how long an e-mail message should remain in the transport dumpster on a Hub Transport server. This attribute doesn't apply to the configuration of an Edge Transport server.

7.00:00:00

7.00:00:00

MaxReceiveSize

This attribute specifies the maximum message size that can be received by recipients in the organization. This attribute doesn't apply to the configuration of an Edge Transport server.

Unlimited

10 MB

MaxRecipientEnvelopeLimit

This attribute specifies the maximum number of recipients that are allowed in a single e-mail message. This attribute doesn't apply to the configuration of an Edge Transport server.

Unlimited

5,000

MaxSendSize

This attribute specifies the maximum message size that can be sent by senders in the organization. This attribute doesn't apply to the configuration of an Edge Transport server.

Unlimited

10 MB

TLSReceiveDomainSecureList

This attribute specifies the remote domains that will use mutual Transport Layer Security (TLS) authentication through Receive connectors configured to support Domain Security. Multiple domains may be separated by commas. The wildcard character (*) is not supported in the domains that are listed in this attribute.

Null

Null

TLSSendDomainSecureList

This attribute specifies the remote domains that will use mutual TLS authentication when e-mail is sent through a Send connector configured to support Domain Security and the address space of the target domain. Multiple domains may be separated by commas. The wildcard character (*) is not supported in the domains that are listed in this attribute.

Null

Null

VerifySecureSubmitEnabled

The valid values for this attribute are $True or $False. The VerifySecureSubmitEnabled attribute verifies that e-mail clients that are submitting messages from mailboxes on Mailbox servers are using encrypted MAPI submission. This attribute doesn't apply to the configuration of an Edge Transport server.

False

False

VoicemailJournalingEnabled

This attribute specifies whether Unified Messaging voice mail is journaled by the Journaling agent. This attribute doesn't apply to the configuration of an Edge Transport server.

True

True

Xexch50Enabled

This attribute specifies whether Xexch50 authentication should be enabled for backward compatibility with Exchange Server 2003 servers.

True

True

Note

If the Edge Transport server is subscribed to the Exchange organization later, the value of the InternalSMTPservers attribute is overwritten during the EdgeSync process. For more information, see Preparing to Run the Microsoft Exchange EdgeSync Service.

For More Information

For more information about how to use cloned configuration tasks for backup and recovery, see the following topics:

For more information about the EdgeSync process, see Subscribing the Edge Transport Server to the Exchange Organization.