Backing up and restoring Forefront Security for Exchange Server

 

Applies to: Forefront Security for Exchange Server

This topic describes the recommended backup and restore procedures for Forefront Security for Exchange (FSE):

  • About backups

  • Preparing files for backup

  • Backing up data files

  • Restoring data files

About backups

A backup is a copy of data that is used to restore and to recover lost data after a system failure. By using suitable backups, you can recover from many failures that include the following conditions:

  • Media failure

  • User errors, such as when a file is deleted by mistake

  • Hardware failures, such as a damaged disk drive or the permanent loss of a server

  • Natural disasters

For more detailed information about creating backups and recovering data for Microsoft Exchange Server 2007, see Disaster Recovery.

Preparing files for backup

To keep a copy of the most up-to-date versions of FSE files and registry data, create a batch file, and then create a scheduled task to keep the version information up to date.

Note

The steps for creating a scheduled task differ for Windows Server 2008 or Windows Server 2003; follow the appropriate procedure.

After completing these steps, the server will be configured to automatically export versions of FSE files and registry data.

To create a batch file`

  1. In Windows Explorer, locate the following folder:

    drive**:\Program Files\Microsoft Forefront Security\Exchange Server\Data**

  2. On the File menu, point to New, and then click Text Document.

  3. Type ForefrontDiagnostics.bat for the file name, press ENTER, and then click Yes.

  4. Right-click the ForefrontDiagnostics.bat file, and then click Edit.

  5. In Notepad, edit the batch file to include a command to start the Forefront Security Diagnostic tool (FSCDiag.exe) in order to obtain registry and file information for FSE. The contents of the ForefrontDiagnostics.bat file should resemble the following:

    cd drive:\Program Files\Microsoft Forefront Security\Exchange Server
    FSCDiag.exe /c /ver Forefront /reg Forefront
    

    Note

    If you are not sure about the location of the FSCdiag.exe file, perform a search operation to find the location, and then use it to replace the path in the sample .bat file.

  6. On the File menu, click Save, and then close Notepad.

  7. Double-click the ForefrontDiagnostics.bat file.

  8. In Windows Explorer, locate the following folder:

    drive**:\Program Files\Microsoft Forefront Security\Exchange Server\log\Diagnostics**

  9. Make sure that a file that is named ForefrontDiag-ServerName-Date-Time.zip is created as a result of running the batch file.

    Note

    The placeholders ServerName, Date, and Time represent the actual server name and the date and time when the log file is created.

To create a scheduled task in order to keep the version information up to date on a computer running Windows Server 2008

  1. Click Start, point to Administrative Tools, and then click Task Scheduler.

    If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.

  2. On the Actions menu, click Create Basic Task.

  3. In the Create Basic Task Wizard, type the schedule name in the Name box, type the schedule description in the Description box, and then click Next. For example, type the following information:

    Name: Forefront Diagnostics

    Description: Runs ForefrontDiagnostics.bat in order to update and store updated registry and file version information for Forefront Security for Exchange Server.

  4. On the Task Trigger page, select an acceptable interval, for example Weekly, and then click Next.

  5. Depending on the selected interval, set the start date, the start time, and the recurrence details, and then click Next. For example, configure the following settings:

    Weekly

    Start MM/DD/YYYY - HH:MM:SS AM/PM

    Recur Every: X weeks on: Saturday

    where MM/DD/YYYY is the month, day and year; HH:MM:SS is the hour, minutes, and seconds; and X is the number of weeks.

  6. On the Action page, select the Start a program button, and then click Next.

  7. On the Start a Program page, click Browse, locate the ForefrontDiagnostics.bat file that you previously created, click Open, and then click Next.

    Note

    Leave the Add Arguments (optional) and the Start in (optional) text boxes blank.

  8. On the Summary page, verify the settings, and then click Finish.

To create a scheduled task in order to keep the version information up to date on a computer running Windows Server 2003

  1. Click Start, click Control Panel, and then double-click Scheduled Tasks.

  2. In Scheduled Tasks, double-click Add Scheduled Task.

  3. In the Scheduled Task Wizard, click Next.

  4. On the Click the program you want Windows to run page, click Browse.

  5. In the Select Program to Schedule window, locate and then double-click the ForefrontDiagnostics.bat file that you previously created.

  6. In the Type a name for this task box, type a schedule name, select an acceptable interval, and then click Next. For example, use the following name and interval for the task:

    Forefront Diagnostics

    Weekly

  7. On the Select the time and date you want this task to start page, set an appropriate start date and time, and then click Next. For example, configure the following settings:

    Start HH:MM:SS AM/PM

    Every: X weeks on: Saturday

    where HH:MM:SS is the hour, minutes, and seconds; and X is the number of weeks.

  8. On the Enter the name and password of a user page, provide the credentials for a user who has permissions to the server, and then click Next.

  9. On the You have successfully scheduled the following task: schedule name page, click Finish.

Backing up data files

To make sure that you can recover FSE, back up the following folders. Be sure to include all files within the folders:

  • drive:\Program Files\Microsoft Forefront Security\Exchange Server\Data

  • drive:\Program Files\Microsoft Forefront Security\Exchange Server\Log\Diagnostics

Restoring data files

After you select the restoration strategy that is most applicable to your environment, you can perform the appropriate restoration tasks. The recovery procedures that you perform depend on the following factors:

  • The kind of disaster or failure that may occur

  • The kind of backups that are available

  • The time that you can spend to perform the recovery

After the whole system has been restored to an earlier state, you can recover the Incidents database and the Quarantine database along with your configuration settings. You can also create templates to deploy configuration settings to servers in your enterprise. (For more information about creating templates, see Templates.) Then, you can use these templates and the Microsoft Forefront Server Security Management Console (FSSMC) in order to help you quickly recover from a failure.

Note

The steps outlined in the following procedures provide general instructions for performing specific tasks; for more detailed instructions, see the Microsoft Forefront Server Security Management Console User Guide.

To restore data files in an environment that is running FSSMC

  1. On the server that you want to use for configuring the FSE templates, upload the Template.fdb file to FSSMC.

  2. In FSSMC, configure the General Options settings.

  3. Restore the failed Exchange server.

  4. On the Exchange server that you restored, follow these steps:

    1. Install FSE and all related hotfixes or rollups that were installed at the time of the backup.

    2. Deploy the FSSMC deployment agent.

    3. Deploy the “Template” package to the Exchange server.

    4. Deploy the “General Options” package to the Exchange server.

    5. Restore the Incidents.mdb database and the Quarantine folder to a temporary location.

    6. Stop the FSCController service.

      Note

      Stopping this service stops the Microsoft Exchange Information Store and Microsoft Exchange Transport services, as well as the other FSE services, causing mail to stop flowing.

    7. In Windows Explorer, locate and open the following folder:

      drive:\Program Files\Microsoft Forefront Security\Exchange Server\Data

    8. Rename the Incidents.mdb file to Incidents.old.

    9. Rename the Quarantine folder to QuarantineOld.

    10. Move the Incidents.mdb file and the Quarantine directory from the temporary location to the following folder:

      drive:\Program Files\Microsoft Forefront Security\Exchange Server\Data

    11. Start the Forefront services.

To restore data files in a standalone environment

  1. Select the server that you want to use for configuring your Forefront Security for Exchange templates.

  2. Restore the failed Exchange server.

  3. On the Exchange server that you restored, follow these steps:

    1. Install FSE and all related hotfixes or rollups that were installed at the time of the backup.

      Note

      You can compare the file versions against the VerForefront.csv file that is located in the latest ForefrontDiag backup.

    2. Restore the Template.fdb file, the Incidents.mdb file, and the Quarantine directory to a temporary location.

    3. Stop the FSCController service.

      Note

      Stopping this service stops the Microsoft Exchange Information Store and Microsoft Exchange Transport services, as well as the other FSE services, causing mail to stop flowing.

    4. In Windows Explorer, locate and open the following folder:

      drive:\Program Files\Microsoft Forefront Security\Exchange Server\Data

    5. Rename the Incidents.mdb file to Incidents.old.

    6. Rename the Quarantine folder to QuarantineOld.

    7. Rename the Templates.fdb file to Templates.old.

    8. Move Templates.fdb, Incidents.mdb, and the Quarantine folder from the temporary location to the following folder:

      drive:\Program Files\Microsoft Forefront Security\Exchange Server\Data

    9. Start the Forefront services.

    10. At a command prompt, type the following command and then press ENTER:

      cd drive:\Program Files\Microsoft Forefront Security\Exchange Server FSCStarter t
      

Note

The FSCStarter t command loads the templates from the Templates.fdb file.
Because the General Options settings have registry values that are associated with them, they cannot be recovered in a stand-alone environment. It is recommended that you compare your registry settings against another server in your organization or against the Reg_ForefrontSoftware.txt file that is located in the latest ForefrontDiag backup, and then manually configure the General Options settings by using the Forefront Server Security Administrator. (For more information about configuring General Options, see "General Options" in Forefront Server Security Administrator.)
It is recommended that you do not copy Forefront database (.fdb) files from another server. If you do this, the associated globally unique identifiers (GUIDs) of the databases will have conflicts.