Exchange Server 2010 : Backing Up Specific Windows Services

2/15/2011 8:53:33 AM
Most Windows Server services that contain a database or local files are backed up with the System State but also provide alternate backup and restore options. Because the system restore from Windows Server Backup is usually an all-or-nothing proposition, except when it comes to cluster nodes and domain controllers, restoring an entire system might deliver undesired results if only a specific service database restore is required. This section outlines services that either have separate backup/restore utilities or require special attention to ensure a successful backup.

Disk Configuration (Software RAID Sets)

Disk is not a service but should be backed up to ensure that proper partition assignments can be restored. When Dynamic disks are used to create complex volumes—such as mirrored, striped, spanned, or RAID-5 volumes—the disk configuration should be saved. This way, if the operating system is corrupt and needs to be rebuilt from scratch, the complex volumes need to have only their configuration restored, which could greatly reduce the recovery time. Only a full system backup can back up disk and volume configuration.

Certificate Services

Installing Certificate Services creates a certificate authority (CA) on the Windows Server 2008 system. The CA is used to manage and allocate certificates to users, servers, and workstations when files, folders, email, or network communication needs to be secured and encrypted. In many cases, the CA is a completely separate secured CA server; however, many organizations use their Exchange server as a CA server. This might be because of a limited number of servers with several different roles and services installed on a single server, or because the organization wants to use Secure Sockets Layer (SSL) and forms-based authentication (FBA) for secured Outlook Web App and to support encrypted connections from Outlook 2007 or higher to the Client Access servers, so they install Certificate Services on an Exchange server. Whatever the case, the CA needs to be backed up whether on the Exchange server or on any other server; if the CA server crashes and needs to be restored, it can be restored so that users can continue to access the system after recovery.


For security purposes, it is highly recommended that Certificate Services be enabled on a server other than the Exchange server. Definitely do not have the CA services on an Outlook Web App server that is exposed to the Internet. The integrity of certificate-authenticated access depends on ensuring that certificates are issued only by a trusted authority. Any compromise to the CA server invalidates an organization’s capability to secure its communications.

When the CA allocates a certificate to a machine or user, that information is recorded in the certificate database on the local drive of the CA. If this database is corrupted or deleted, all certificates allocated from this server become invalid or unusable. To avoid this problem, the certificates and Certificate Services database should be backed up frequently. Even if certificates are rarely allocated to new users or machines, backups should still be performed regularly.

Certificate Services can be backed up in three ways: backing up the CA server’s System State, using the CA Microsoft Management Console (MMC) snap-in, or using the command-line utility Certutil.exe. Backing up Certificate Services by backing up the System State is the preferred method because it can be easily automated and scheduled. But using the graphic console or command-line utility adds the benefit of restoring Certificate Services to a previous state without restoring the entire server System State or taking down the entire server for the restore.

To create a backup of the CA using the graphic console, follow these steps:

Log on to the CA server using an account with local Administrator rights.

Open Windows Explorer and create a folder named CaBackup on the C: drive.

Select Administrative Tools, Certificate Authority.

Expand the Certificate Authority server, and select the correct CA.

Select Action, All Tasks, Back Up CA.

When the backup wizard launches, click Next.

On the Items to Back Up page, check the Private Key and CA Certificate check box and the Certificate Database and Certificate Database Log check box.

Specify the location to store the CA backup files. Use the folder created in the beginning of this process. Click Next to continue.

When the CA certificate and private key are backed up, this data file must be protected with a password. Enter a password for this file, confirm it, and click Next to continue.


To restore the CA private key and CA certificate, you must use the password entered in step 9. Store this password in a safe place, possibly with the master account list.

Click Finish to create the CA backup.

Internet Information Services (IIS)

Internet Information Services 7.0 (IIS) is the Windows Server 2008 web and FTP services that support websites like OWA. It is included on every version of the Windows Server 2008 platform. IIS stores configuration information for web and FTP site configurations and security, placing the information into the IIS metabase. The IIS backup methodology has changed quite a bit from IIS 6.0.

In IIS 7.0, all the configuration data is stored in %windir%/system32/inetpub/config. If you have a backup of that directory, the configuration can be restored by simply returning the files to this location. A more automated process can be performed by utilizing the appcmd.exe function.

To backup an IIS configuration, simply run appcmd.exe add backup "IIS Backup".

To restore an IIS configuration, simply run appcmd.exe restore backup "IIS Backup".

By creating and scheduling a batch file to perform the backup, you can take regular snapshots of the IIS configuration. This can be useful to perform right before making a change to IIS settings on a Client Access Server so that if the changes cause any problems, the configuration can be quickly restored.

Backing up Exchange Server 2010 with Windows Server Backup

Although the native Windows Server Backup is fairly basic in its functionality for Exchange Server 2010, it can, nonetheless, be used to perform a backup of Exchange Server 2010 data via the following steps:

Click Start, All Programs, Administrative Tools, Windows Server Backup.

In the right pane, click Backup Schedule.

When the wizard launches, click Next.

When prompted to select your backup configuration, choose Custom and click Next.

Select the volumes you want to back up and click Next.

Choose the time at which you’d like the backups to run and click Next.

Select the disk on which you want to store the backup. Click Next.

Note: The disk you select for the destination will be reformatted and all data will be lost. Make sure there is no important data on this volume.

View the label of the destination disk and click Next.

  •  Create Bookmark Create Note or Tag Backing Up Windows Server 2008 and Exchange Server 2010
  •  What to Back Up on Exchange Servers 2010
  •  Leveraging and Optimizing Search in SharePoint 2010 : Define Content Sources
  •  Deploying a Native SharePoint 2010 Search Service Application
  •  Backing Up the Exchange Server 2010 Environment : Roles and Responsibilities & Developing a Backup Strategy
  •  Backing Up the Exchange Server 2010 Environment : Supporting Backups with Documentation
  •  Backing Up the Exchange Server 2010 Environment : Understanding the Importance of Backups & Establishing Service Level Agreements
  •  Making the Best Use of SAN/NAS Disks with Exchange Server 2010
  •  Optimizing an Exchange Server 2010 Environment - Properly Sizing Exchange Server 2010
  •  Optimizing an Exchange Server 2010 Environment - Analyzing and Monitoring Core Elements
  •  SharePoint 2010 : Beyond Built-In SharePoint PowerShell Cmdlets
  •  SharePoint 2010 : Understanding Advanced PowerShell Topics
  •  Optimizing an Exchange Server 2010 Environment : Monitoring Exchange Server 2010
  •  Optimizing Exchange Server 2010 Servers
  •  Business Intelligence in SharePoint 2010 with Business Connectivity Services : Consuming External Content Types (part 3) - Business Connectivity Services Web Parts
  •  Business Intelligence in SharePoint 2010 with Business Connectivity Services : Consuming External Content Types (part 2) - Writing to External Content Types
  •  Business Intelligence in SharePoint 2010 with Business Connectivity Services : Consuming External Content Types (part 1) - External Lists & External Data
  •  Optimizing an Exchange Server 2010 Environment : Analyzing Capacity and Performance
  •  Examining Exchange Server 2010 Performance Improvements
  •  Recovering from a Disaster in an Exchange Server 2010 Environment : Recovering Active Directory
    Top 10
    Anatomy of Utrabooks (Part 2) - Acer Aspire S3
    Collaborating via Web-Based Communication Tools : Evaluating Web Mail Services
    Biggest tips guide ever! (Part 4) - Broadband: Wireless Security
    Algorithms for Compiler Design: SWITCH/CASE
    Optimizing the Desktop Environment in Vista
    Reckless Racing 2
    A brief history of transforming robots (Part 1)
    Windows Server : Branch Office Deployment - Branch Office Services (part 2)
    Infrastructure Security: The Application Level
    Mobile Application Security : SMS Security - Application Attacks & Walkthroughs
    Most View
    Integrating Your Application with Windows Phone 7
    Exchange Server 2010 : Maintaining Reliability and Availability - Recover Data
    Windows 7 : Using Advanced Security Options (part 1) - Configuring the Action Center & Performing a Manual Scan
    Introducing IIS 7
    Developing the SAP Data Center : Data Center Physical Requirements
    Building Android Apps: Going Offline - Debugging
    2012: Year of windows
    IIS 7.0 : Striking a Balance Between Security and Performance - SSL
    iPhone 3D Programming : Textures and Image Capture - Fight Aliasing with Filtering
    Create Bookmark Create Note or Tag Backing Up Windows Server 2008 and Exchange Server 2010
    Getting Started with MySQL Enterprise & MySQL Enterprise Components
    Windows Server 2008 R2 Active Directory Domain Services Primer : Outlining the Role of DNS in AD DS
    Windows 7 : Using Windows Defender (part 1) - Configuring Windows Defender
    Customizing Windows 7’s Desktop (part 2) - Getting Around the Start Menu
    Windows 7 : Working with the Windows Firewall (part 3) - Configuring Advanced Firewall Security & Troubleshooting Advanced Firewall Problems
    Hacking - Nonexecutable Stack
    Exchange Server 2007: Manage Recipients - Create Distribution Groups and Dynamic Distribution Groups
    Beginning Android 3 : The Input Method Framework - Fitting In