The sections in this topic describe the recommended backup and restore procedures for Forefront Protection 2010 for Exchange Server (FPE):
A backup is a copy of data that is used to restore lost data after a system failure. By using suitable backups, you can recover from many failures that include the following conditions:
- Media failure
- User errors, such as when a file is deleted
- Hardware failures, such as a damaged disk
drive or the permanent loss of a server
- Natural disasters
For more detailed information about creating backups and recovering data for Microsoft Exchange Server 2007, see Disaster Recovery.
Preparing files for backup
In order to keep a copy of the most up-to-date versions of FPE files, you should create a batch file and then create a scheduled task to keep the version information up to date.
|The steps for creating a scheduled task differ for Windows Server 2008 and Windows Server 2003; follow the appropriate procedure.|
After you complete these steps, the server is configured to automatically export versions of FPE files.To create a batch file
In Windows Explorer, locate the FPE data folder. For the location of the default FPE data folder on your operating system, see Default folders.
On the File menu, point to New, and then click Text Document.
Type ForefrontDiagnostics.bat for the file name, press ENTER, and then click Yes.
Right-click the ForefrontDiagnostics.bat file, and then click Edit.
In Notepad or a similar text editor, edit the batch file to include a command to start the Forefront diagnostic tool (FSCDiag.exe) in order to obtain file information for FPE. For more information about the Forefront diagnostic tool, see Using the diagnostic tool to gather information about the product. The contents of the ForefrontDiagnostics.bat file should resemble the following two lines (provided that you are using the default FPE program folder):
cd drive:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server FSCDiag.exe /c /ver Forefront
Note: If you are not sure about the location of the FSCdiag.exe file, perform a search operation to find the location, and then use it to replace the path in the sample .bat file.
On the File menu, click Save, and then close the text editor.
Double-click the ForefrontDiagnostics.bat file.
In Windows Explorer, open the Diagnostics folder under the log folder you just created by running the batch file. The log folder is located under the FPE data folder. For example:
c:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\Data\log\Diagnostics
Make sure that a file that is named ForefrontDiag-ServerName-Date-Time.zip was created as a result of running the batch file.
Note: The placeholders ServerName, Date, and Time represent the actual server name and the date and time when the log file was created.
Click Start, point to Administrative Tools, and then click Task Scheduler.
If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.
On the Actions menu, click Create Basic Task.
In the Create Basic Task Wizard, type the schedule name in the Name box, type the schedule description in the Description box, and then click Next. For example, type the following information:
Name: Forefront Diagnostics
Description: Runs ForefrontDiagnostics.bat in order to update and store updated file version information for FPE.
On the Task Trigger page, select an acceptable interval (for example, Weekly), and then click Next.
Depending on the selected interval, set the start date, the start time, and the recurrence details, and then click Next. For example, configure the following settings:
Start MM/DD/YYYY - HH:MM:SS AM/PM
Recur Every: X weeks on: Saturday
Where MM/DD/YYYY is the month, day and year; HH:MM:SS is the hour, minutes, and seconds; and X is the number of weeks.
On the Action page, select the Start a program button, and then click Next.
On the Start a Program page, click Browse, locate the ForefrontDiagnostics.bat file that you previously created, click Open, and then click Next.
Note: Leave the Add Arguments (optional) and the Start in (optional) text boxes blank.
On the Summary page, verify the settings, and then click Finish.
Click Start, click Control Panel, and then double-click Scheduled Tasks.
In Scheduled Tasks, double-click Add Scheduled Task.
In the Scheduled Task Wizard, click Next.
On the Click the program you want Windows to run page, click Browse.
In the Select Program to Schedule window, locate and then double-click the ForefrontDiagnostics.bat file that you previously created.
In the Type a name for this task box, type a schedule name, select an acceptable interval, and then click Next. For example, use the following name and interval for the task:
On the Select the time and date you want this task to start page, set an appropriate start date and time, and then click Next. For example, configure the following settings:
Start HH:MM:SS AM/PM
Every: X weeks on: Saturday
Where HH:MM:SS is the hour, minutes, and seconds; and X is the number of weeks.
On the Enter the name and password of a user page, provide the user credentials for an administrator who has permissions to the server, and then click Next.
On the You have successfully scheduled the following task: schedule name page, click Finish.
Backing up data files
In order to make sure that you can recover configuration settings, all quarantined items, and malware, spam, and filtering incidents, copy all FPE data files to another location. In order for this to work, the version of the product that you are copying must be the same version of the product that you will later try to restore.To back up the data files
Create a new folder in a new location (for example: C:\BackupDatabase).
Access the Services Control Manager and then stop all relevant Microsoft Exchange and Microsoft Forefront Server Protection services. Typically, this includes the Microsoft Exchange Transport, Microsoft Exchange Information Store, and Microsoft Forefront Server Protection Controller services.
Make sure the incidents database is in a “Clean Shutdown” state by running the following from a command prompt at the Incidents directory, which is located under the data folder (for the location of the default FPE data folder, see Default folders):
esentutl -mh incident.fssdb
Look for the State item in the output. If it says "Clean Shutdown", you can proceed. If it says "Dirty Shutdown", the backup failed. In that case, start and stop the Microsoft Forefront Server Protection Eventing Service service. Then run the following again:
esentutl -mh incident.fssdb
Copy the contents of the data folder, excluding the ProgramLog.etl file and the Engines and EngineUpdateLocks folders, to the folder you created in step 2 (for example, C:\BackupDatabase).
Note: You may want to back up the ProgramLog.etl file in order to review previous FPE diagnostic information, but you will not be able to restore this file with the rest of the FPE data folder.
Restoring data files
After you have successfully backed up your FPE data files and restored your entire system to an earlier state (including the failed Exchange server), use the following procedures to restore your FPE data files.
|You cannot restore data files to a server with a different operating system from the server on which you created the backup files.|
Install FPE and all related hotfixes or rollups that were installed at the time of the backup.
Note: You can compare the file versions against the VerForefront.csv file that is located in the latest ForefrontDiag backup.
On the Exchange server that you restored, stop all relevant Microsoft Exchange and Microsoft Forefront Server Protection services. Typically, this includes the Microsoft Exchange Transport, Microsoft Exchange Information Store, and Microsoft Forefront Server Protection Controller services.
Follow these steps in order to restore your configuration files, quarantine data files, the incidents database, and all related files:
- In Windows Explorer, locate and open the FPE data folder. For
the location of the default FPE data folder on your operating
system, see Default folders.
- Rename the Quarantine folder to
- Rename the Incidents folder to IncidentsOld.
- Copy the contents of the FPE data folder you backed up to the
temporary location (for example: C:\BackupDatabase),
including the subfolders, to the FPE data folder. If prompted,
overwrite all existing files.
- Delete everything from the Incidents folder (located
under the FPE data folder) except Incident.fssdb.
- In Task Manager, click the Processes tab, and
then select Show processes from all users. If the
FSCConfigurationServer.exe process is running, end this
- Start all relevant Microsoft Exchange services.
- In Windows Explorer, locate and open the FPE data folder. For the location of the default FPE data folder on your operating system, see Default folders.