Microsoft 365 Backup

Microsoft 365 Backup KB ID 0001887

Problem : Microsoft 365 Backup

Originally released 2023, Microsoft 365 Backup is now general release. Microsoft 365 Backup is a comprehensive backup and recovery solution designed to protect your critical data stored in OneDrive, SharePoint, and Exchange*. This service ensures that your data is always recoverable, providing peace of mind in the face of potential data loss scenarios like ransomware attacks, accidental deletions, or data corruption.

*Note: As of now, it does not include native backup options for Microsoft Teams. The service primarily covers only OneDrive, SharePoint, and Exchange data. However, you can set retention policies and archive Teams, which helps maintain the retention of Teams data. For comprehensive Teams backup, you might need to look into third-party solutions like Veeam, (which offers backup and restore options for Teams, including Channels, Tabs, Posts, and Files.)

Microsoft 365 Backup Key Features

Ultra-Fast Recovery

One of the standout features is its fast recovery times. Microsoft claims that mass restores can be up to 20 times faster than traditional backup methods. This means you can get your business back up and running quickly minimising downtime and disruption.

Comprehensive Coverage

Microsoft 365 Backup covers the following data

  • OneDrive: Backup and restore entire accounts or specific files.
  • SharePoint: Full site backups with the ability to restore to specific points in time.
  • Exchange: Granular item restores, including emails, contacts, and calendar items.

Security and Compliance

Security is a top priority with Microsoft 365 Backup. The service keeps your backups within the Microsoft 365 trust boundary, reducing the risk of security breaches. Additionally, it complies with major regulations like GDPR, ensuring your data is handled with the utmost care.

Microsoft 365 Backup: How It Works

Microsoft 365 Backup operates through the Microsoft 365 admin centre and is available as a standalone pay-as-you-go (PAYGO) solution. There are no additional license requirements, making it accessible and straightforward to implement.

Backup Process

  • Initiate Backup: Use the admin centre to select the data you want to back up.
  • Automated Backups: The service automatically creates backups at frequent intervals, ensuring you always have recent recovery points.
  • Storage: Backups are stored securely within the Microsoft 365 infrastructure.

Recovery Process

  • Select Recovery Point: Choose the specific point in time you want to restore from.
  • Restore Data: Initiate the restore process, and your data will be recovered quickly and efficiently.

Microsoft 365 Backup: Partner Integrations

Microsoft 365 Backup also supports integrations with third-party backup solutions through the Microsoft 365 Backup Storage platform. This allows independent software vendors (ISVs) to build applications that leverage the same high-speed recovery and security features

Getting Started

  • PAYGO Ensure you have setup “Pay as you go billing”
  • Access the Admin Center: Log in to your Microsoft 365 admin centre. (Assuming you are a global administrator or SharePoint administrator)
  • Navigate to Backup: Find the backup section (within settings) and follow the prompts to set up your backups.

  • Monitor and Manage: Use the admin centre to monitor backup status and manage recovery points.

Points to Note

  • At time of writing this will cost $0.15 (Per Gb, Per Month) in backup storage.
  • When restoring SharePoint site(s) ensure sites are not locked in a read-only state.
  • Default retention period is 1 year (RPO  = Exchange every 10 mins for 1 Year, SharePoint/OneDrive = every 10 mins for last 14 days then Every week for weeks 2 to 52).
  • Exchange full mailbox or granular item restores are available.

Related Articles, References, Credits, or External Links

Microsoft Announces General Availability of Microsoft 365 Backup and Microsoft 365 Backup Storage

Upgrade Server 2012 (In Place)

Upgrade Server 2012 KB ID 0001802

Server 2012 End Of Life

Windows Server 2012 (and Windows Server 2012 R2) will go end of life on October 10th 2023. Start planning to migrate your productions workloads off this platform as soon as you can.

I’ve mentioned before on the site, I’m not a fan of ‘in place’ upgrades, you get to migrate all the ‘broken bits’ (that you didn’t realise were broken), and if the process goes wrong, best case scenario is you are going to be restoring from backup.

What can I upgrade to? Well essentially, your target is to upgrade to Server 2019 , (not Server 2022 that’s not supported).

Upgrade Server 2012 Pre Requisites

Licenses: Just because you’re legally running Server 2012 does not mean you can upgrade to Server 2019, unless you have  software assurance. If you’re wondering if you have software assurance you probably do not (typically you buy it on a three year deal with the option to extend it to five years, and it’s VERY expensive). So if you dont know, you probably DONT have the software assurance. So you will need to purchase a new agreement, or buy new retail copies of Server 2019.

You will require a Windows Key for the new server (or KMS services setting up that will allocate a Server 2019 key to the newly upgraded server.)

CALs/SALs (Chances are you WONT have SALs, but if you do then speak to your MSP). You will need the correct amount of user/device CALS for server 2019 before you start your upgrade.

Backup Support: Does your backup solution support server 2019? 

Application Support: Does your AV Software, Endpoint protection solution, or Managed Detection and Response system support Server 2019? Make sure you check this list for Microsoft application support, and ensure any third party applications are supported with the vendor.*

*I cannot stress this enough, I work for a major MSP, and most clients are astounded when we wont simply upgrade their old server(s) from 2012, because we simply cannot guarantee that THEIR applications will work successfully on a newer version of Windows Server.

Hardware Support: Most servers are virtual these days, so this is less of an issue, but the machine/VM being upgraded needs to meet the minimum hardware requirements for server 2019.

Updates: MAKE SURE your existing 2012 server is up to date, (and the applications are patched as much as possible!)

Maintenance Window: During the upgrade the server will be offline to users, this will be for as long as a normal OS install, but you will need to plan in additional time for testing applications (post OS upgrade), then programming in any maintenance timings, and arranging and planning any CAB.

Snapshot: If you’re running in a virtual environment, then carry out a snapshot, (or Checkpoint if you are running Hyper-V).

Backup: Before even entertaining the idea of updating the server, make sure you have a good backup. I would make sure I could restore from backup successfully before even attempting an in place upgrade on a production server running 2012/2012R2. In fact if your risk averse, upgrade the restored server itself!

WARNING: Make sure the media you use to upgrade is up to date. While Windows server has a mainstream support date of 9th January 2024, some earlier versions may not be supported. ENSURE you are using build number 1809 Long-Term Servicing Channel (LTSC) or newer.

If you are in doubt about any role or application that may not work (post in place upgrade), then clone your machine, and test the upgrade on an isolated network to test the procedure beforehand.

Upgrade Server 2012 (Domain Controllers)

Other posts say this is not possible, but that is not true, (with some caveats). But it’s so much easier to build a new member server with server 2019/2022 and then extend the forest and domain, promote the new server to be a DC, and demote the old server(s). 

If you attempt to in place upgrade a 2012 server Windows MAY stop an in place upgrade with the following error;

Active Directory on this server does not contain Windows Server ADPREP / FORESTPREP updates.

Which makes sense (if you’ve ever done any domain upgrades or migrations). Before a 2019 DC can be introduced into a domain the forest and domain need to be prepared, (the schema extended). You can either (on this or another DC) run adprep.exe / forestprep and adprep.exe /domainprep from the 2019 install media (look in the support/adprep folder).  

Note: Make sure you’re logged in as a member of the schema admins group!

Obviously if you’ve already ran forest prep and adprep and already have 2019 domain controllers this error will not appear and the server will simply update.

Upgrade Server 2012 (Exchange Server)

NO ! Just don’t do this. Exchange on-premises is designed to be ‘swing migrated‘ to a newer version. If you need to do this then PeteNetLive is littered with upgrade run through even if you are on older versions of Exchange.

Migrate Exchange 2010 to Exchange 2016 (& 2013)

Exchange 2019 Migration from Exchange 2016 (&2013)

Upgrade Server 2012 (SQL Server)

We are in murky waters here! Server 2019 (at time of writing) does not support anything OLDER than SQL 2014. So you may need to upgrade your SQL instances before you consider upgrading the OS. Every single time I’ve ever replaced a SQL server (and I’ve been doing this for over 20 years now) I’ve built a new one, migrated the databases and then the application vendor has installed ‘whatever‘ application or website that required the database.

Also Server 2019/2022 have particular SQL CU level requirements!

If some SQL Jedi walks in here I’d welcome any comments below. But for me it’s a No!

Upgrade Server 2012 / 2012 R2 to Server 2019 (In Place)

By this point you’re adamant you DON’T want to build a new server and migrate your apps and data, and you’ve understood all the pre-requisites and warnings above.

Before starting, Microsoft recommend that you gather some information, run the following commands and take the information dumped into text files and put them safely elsewhere.

[box]

Systeminfo.exe >> SystemInfo.txt
ipconfig /all >> IPConfig

[/box]

Then take a copy of the contents of the following two registry values;

[box]

HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\BuildLabEx

HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EditionID

[/box]

Note: I lost the will to live trying to work out how to dump those two values into a text file with PowerShell 5.1 (there’s a challenge for you!)

Present the Server 2019 Install to your 2012 server, locate and run setup.exe.

It will ask to check for update let it do so  > Next.

If you are installing a ‘retail’ version of Windows server, at this point it will ask of the licence key > 

Call me an  old traditionalist, I require a graphical user interface > Next.

I believe that someone at Microsoft should be made to read one of these out loud for EVERY copy of Windows it sells, seriously they could put anything in here. Now that your firstborns soul belongs to Microsoft > Accept.

The whole point is to retain our data! > Next.

It will now run through its pre-flight checks, pull down any updates and make sure it’s happy. When finished it will warn you if there’s any potential problems. Here it’s complaining about my monitor driver, (probably because it’s using the Window update download one, and not the VMware tools one to be fair). I know this wont cause me any problems, I can click Confirm > 

Last chance to bail out! Install.

One hour and twenty five minutes later,

In Place Upgrade of Server 2012 Running Certificate Services

Can you do this? Yes – Even if you have a multi-tier PKI deployment. see here

 

Related Articles, References, Credits, or External Links

In Place Upgrade Windows 2016 to Windows 2019

Exchange 2000 / 2003 – Exporting Mail to .pst files with ExMerge

KB ID 0000091

Problem

ExMerge has been around for a long time, its used (as the name implies) to merge pst files into existing mailbox’s. However its also a great tool to export/backup users mail box’s if you’re doing a migration, or if you have got your “Disaster Recovery” hat on.

The following is a run through of how to export from a mail store to pst files – Note on a live system this can take some time, the example below was done in VMware on a test Exchange box that had 1000 users (as it was a test server the mailbox’s were tiny) If you need to do this on a production server plan in a LOT of time if your moving a large amount of data.

Solution

 

Note: I’ve mentioned it in the video, but just to reiterate, your mailbox’s need to be smaller than 2GB, if that can not be achieved, you can either;

1. Use ExMerge and export particular “date ranges” and produce multiple .pst files for the same mailbox (hopefully less than 2GB).

2. Use Outlook 2007 (or greater) to export the mailbox to .pst files individually.

Related Articles, References, Credits, or External Links

Download ExMerge 

Exchange 2010 Bulk Import .pst Files

Exchange 2007 – Export Mailbox’s to PST files

A Reboot From a Previous Installation is Pending

KB ID 0001755

Problem

You may see the “A Reboot From a Previous Installation is Pending” error when either attempting to install Microsoft Exchange or apply a cumulative update, (which is basically a reinstall anyway!) You may also see this if you are only installing the management tools.

At command line;

A reboot from a previous installation is pending. Please restart the system and then rerun Setup.

Or if you are running the install upgrade from the GUI;

A Reboot From a Previous Installation is Pending : FIX

Before we go any further, I’m assuming you have rebooted the server in question, this post is for the good folk who have already done the obvious, and are still getting prompted with the above error!

This happens because the setup procedure checks TWO registry keys, though to be fair the first one is for older versions of the OS so don’t be surprised if you look for it, and the key does NOT exist, there’s nothing wrong!

Open the registry editor and navigate to;

[box]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile

[/box]

If the key exists either delete it completely or set its value to ‘0’ (Zero).

Then navigate to;

[box]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

[/box]

This is a string value which means it can contain multiple values, as you will probably see most of them will be corrupt links to things. Many sites will tell you to delete the entire string value (PendingFileRenameOperations), but you don’t need to simply empty out all the values like so, before;

After

Then retry.

Related Articles, References, Credits, or External Links

NA

Exchange Stopped Working?

KB ID 0001749

Problem

I see various posts in online forums, and the process is held up because a lot of techs can’t do basic troubleshooting on their Exchange deployments. So I thought I’d put together some basic ‘first steps’ for you to do when your  ‘Exchange Stopped Working

This way you can at least get an error code to search for or a better idea of what’s going on.

Exchange Stopped Working – First Steps

Well it is Microsoft, reboot it, (yes turn it off and turn it on again.) I myself have lost time troubleshooting a problem that would have been cured with a simple reboot!

Disk Space: Look at you drives, if you are low on space, databases will fail to mount and bad things will happen, If you’re not backing up and logs are not getting flushed, then drives will fill up. It takes two seconds to check.

Services:  Next culprit, look for all the Exchange services that are set to ‘Automatic‘ and manually start them (some may start and stop and that’s OK), but if you get an error, then screenshot that error, look in event viewer and get a copy of the error/warning then you are armed with good internet searching ammunition!

Use The Tool

For a long time, Microsoft have supplied a Remote Connectivity Analyzer. Run though the tests on here.

Exchange Stopped Working – Are you Accepting SMTP?

The simplest test is to see if Exchange is actually providing main services (on TCP Port 25 (SMTP)). You can do this by (on the Exchange server).

[box]

telnet localhost 25

[/box]

And you should get a response (see below). If that fails, then the usual culprit, (if all the services are running), is AV software blocking port 25.

Exchange Stopped Working  – Test Email from CLI (Telnet)

I consider this a basic Exchange Skill, (the ability to send an email from command line). You first need to Telnet to the server (as above) you can then send an email. WARNING if you make a mistake, or have a typo (even if you correct that typo, before hitting enter) it will error! If in doubt write all your commands in notepad and paste them in!

Commands to use;

ehlo {Enter}

This is an ‘Extended’ helo (yes that’s spelled correctly) it opens communications and the server should respond with a list of the services it offers.

Tech Note: Also a good way to see if TLS is supported (it should respond with 250-STARTTLS)

mail from: {email-address} {Enter}

This can be ‘any’ source email address, even one that does not exist.

rcpt to:{email-address} {Enter}

Needs to be an email address that this Exchange has a mailbox for (on a domain that it’s authoritative for).

data {Enter}

Then type some text, you can continue typing as much text as you like.

.{Enter}

That’s a full stop, (period for the US), followed by Enter.

Then, (assuming it was successful and said 250 2.6.0 mail queued for delivery). If not you have an error code to Google. Check the mail was received.

Exchange Stopped Working – Test ‘Inbound’ Mail flow.

If you got this far then internally things are looking healthy, you need to see if you can accept mail from ‘Outside’. Repeat the test you carried out above but for a machine on the public internet, telnet in to the public DNS name of your Exchange and send an email via command line.

This proves your DNS is correct*, your firewall is setup correctly, and your Exchange is receiving mail. 

*Note: Assuming you connected to the DNS name, (if you connected to the public IP then your problem may be DNS!)

Exchange Stopped Working – Test ‘Outbound’ Mail flow.

This one is easy to troubleshoot, send an outbound mail.

Locate the Exchange Toolbox > Queue Viewer.

Look for mail ‘stuck‘ on the outbound queue, in production there will probably be hundreds of them, but what you are looking for is an error message. In the example below that’s 451 4.4.397 (Which I forced to happen by blocking outbound traffic from the Exchange server on the firewall). If you see this make sure the Exchange has TCP port 25 open outbound. 

Now you have enough information to either get on the forums and search, or open a new question if your stuck (AND TRY SEARCHING THIS WEBSITE FOR THE ERROR (TOP RIGHT)). I’ve fixed a few!

Related Articles, References, Credits, or External Links

NA

Free Exchange Certificate

KB ID 0001739

Problem

A couple of weeks ago I wrote an article about getting free certificates for IIS with ‘Let’s Encrypt’. Last week the renewal for my ‘test’ Exchange server’s certificate came though. So I thought “Why don’t I try and get a ‘Free Exchange Certificate’?”

Free Exchange Certificate

Before we start let’s take a moment to take a look at our existing Exchange Certificate, as you can see it’s a publicly signed and trusted certificate, the only thing wrong with it, is it’s going to expire in a couple of weeks, yours may have already expired, or you may be running a self signed SSL certificate, (horror!)

To do all the heavy lifting you need a peice of software, the easiest (I’ve seen) is win-acme (at time of writing the latest version is 2.1.14.996) you simply download it as a zip file.

Extract the contents of that zip file to a folder on your hard drive.

Apply For & Install the Free Exchange Certificate

Open an administrative command prompt > Navigate to the folder you just created > run wacs.exe

WARNING: Some other run throughs I’ve read, have different option numbers, (wacs.exe has obviously been updated). So instead of just posting the Number to select I’ll post the Option, then put the number, (or letter) of that option in brackets, (in case they change the option numbers again!)

Create a new certificate (full options) {m} > Manual Input {2}.

Manual Input {2} > Enter the public filly qualified domain name(s) of your exchange server (spectated by commas) > Press Enter to accept the default friendly name (unless you want to specify your own).

[http-01] Serve certification files from memory {2} > RSA Key {2}. 

Note: You will need TCP Port 80 open to the Exchange server for this to work, (in most cases you will only have HTTPS or TCP Port 443 open!)

Windows certificate store {4} > No (additional) store steps {5}.

Create or update https binding in IIS {1} > Default Web Site {1} > Start external script or program {3} > Paste in the following;

[box]

./Scripts/ImportExchange.ps1

[/box]

At the prompt paste in the following;

[box]

'{CertThumbprint}' 'IIS,SMTP,IMAP' 1 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'

[/box]

No (additional) installation steps {4}.

No, (or it will open the terms and conditions in another window) > Yes (your soul now belongs to Let’s Encrypt!) > Type in an email address  > Quit {q}

Now reconnect to either OWA or the Exchange Admin Center > And you should see you have a new certificate.

It only lasts three months! That’s correct but;

Let’s Encrypt Free Exchange Certificate Auto Renewal

As well as getting your certificate, win-acme also created a scheduled task to check your certificate validity and renew it before it expires. Cool eh?

Where Does Win-ACME Store its information

Good question, it took me a little while to find that out, essentially once ran it creates a new folder in %programdata% (That’s a hidden folder on the C drive usually) called win-acme all your settings are in there, so if you make a mistake like enter the wrong email address, you can delete this folder and start again.

How To Remove Let’s Encrypt Exchange Free Certificate & Settings

  1. Remove the certificate from Exchange Admin Center.
  2. Remove the win-acme folder from %Programdata%.
  3. Delete the scheduled update task from ‘Task Sheduler‘.

Related Articles, References, Credits, or External Links

NA

Exchange 2019: How Many CALs/SALs Do You Need?

KB ID 0001703

Problem

At his point I’m going to assume you know that there are Standard Exchange CALs/SALs, and Enterprise Exchange CALs/SALs. And you know the difference! If you’re unsure see my comments here

With older versions of Exchange 2010/2007 etc. You could get this information from the GUI. Now you need to use some PowerShell.

Solution

The two commands you want to use are;

Find Out How Many Exchange Standard CALs / SALs Are Required

[box]

Get-ExchangeServerAccessLicenseUser -LicenseName (Get-ExchangeServerAccessLicense | ? {($_.UnitLabel -eq "CAL") -and ($_.LicenseName -like "*Standard*")}).licenseName | measure | select Count

[/box]

Find Out How Many Exchange Enterprise CALs / SALs Are Required

[box]

Get-ExchangeServerAccessLicenseUser -LicenseName (Get-ExchangeServerAccessLicense | ? {($_.UnitLabel -eq "CAL") -and ($_.LicenseName -like "*Enterprise*")}).licenseName | measure | select Count

[/box]

Sit back, light your pipe, and admire your handiwork!

What About CALS for Exchange 2010?

That you can get from the EMC (if it says Unknown click the option to refresh at the bottom).

Related Articles, References, Credits, or External Links

NA

Setup Cant Continue PowerShell Has Open Files

KB ID 0001633

Problem

While attempting to uninstall Microsoft Exchange server;

Setup can’t continue with the uninstall because the powershell (PID) has open files. Close the process, and then restart setup.

Solution

Seems to be a common error, and is usually caused because someone has the Exchange Web Management page open, (probably in another user session);

In some cases you may need to reboot, but in my case I was simply being a doofus, look at the window I’m running the command from! Open an administrative command window and try again 😉

Related Articles, References, Credits, or External Links

NA

Exchange Cant Mount Database ‘0x80004005’

KB ID 0001632

Problem

When attempting to mount an Exchange Database I got this error;

Failed to mount database “{Database-Name}”. Error: An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionDatabaseError: Unable to mount database. (hr=0x80004005, ec=1108) Diagnostic context: Lid: 65256 Lid: 10722 StoreEc: 0x454 Lid: 1494 —- Remote Context Beg —- Lid: 1238 Remote Context Overflow Lid: 34760 StoreEc: 0xFFFFFDEF Lid: 41344 Guid: 6967a2e8-2e07-4c6f-a7ff-cb5f3414bad5 Lid: 35200 dwParam: 0x3F28 Lid: 59596 dwParam: 0x231090 Msg: JI20 Lid: 43212 dwParam: 0x231090 Msg: JT05 Lid: 43212 dwParam: 0x231090 Msg: JT08 Lid: 59596 dwParam: 0x231090 Msg: WM19 Lid: 59596 dwParam: 0x231090 Msg: WM20 Lid: 59596 dwParam: 0x231090 Msg: WM21 Lid: 54472 StoreEc: 0x980 Lid: 42184 StoreEc: 0x454 Lid: 10786 dwParam: 0x0 Msg: 15.01.1847.005:PNL-Mail:6967a2e8-2e07-4c6f-a7ff-cb5f3414bad5 Lid: 51578 Guid: 6967a2e8-2e07-4c6f-a7ff-cb5f3414bad5 Lid: 1750 —- Remote Context End —- Lid: 1047 StoreEc: 0x454 [Database: Database-Name, Server: Server-Name]

Solution

It’s been a while since I last saw an 0x80004005 error, last time it was because the AV software on the Exchange server had quarantined a log file, but this server was not running any third party AV. On closer inspection the problem was pretty obvious;

My ‘log-file’ partition was full, (I had something else doing diagnostic logging), once I tidied up the partition and freed up some space the database mounted without complaining.

Related Articles, References, Credits, or External Links

Exchange – Failed to mount database(hr=0x80040115, ec=-2147221227)

Event ID 3154 ‘Active Manager Failed To Mount Database’