Problem
Configuring New Mailbox Level Backups with Intronis 5.6.1
Solution
Before Intronis will allow for a new Mailbox Backup set to be created a user will need to be created and provided the appropriate access. It is good practice to create a new user for this purpose. e.g. Intronis@domain.com
Create a user and add them to the appropriate groups
Create a new user/mailbox for mailbox level backups. This user must be visible in the GAL. Add this user to the groups:
2007 – Organization Administrator
2010 – Organization Management
2013/2016 – Organization Management, Discovery Management
Assign the Application Impersonation role to the user
To grant the service account user Application Impersonation rights. This can be done with the following Exchange Management Shell commands:
For Exchange 2007
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | ForEach-Object {Add-ADPermission -Identity $_.distinguishedname -User (Get-User -Identity ServiceAccount | select-object).identity -extendedRight ms-Exch-EPI-Impersonation}
Get-MailboxDatabase | ForEach-Object {Add-ADPermission -Identity $_.DistinguishedName -User ServiceAccount -ExtendedRights ms-Exch-EPI-May-Impersonate}For Exchange 2010 / 2013 / 2016
New-ManagementRoleAssignment –Name:ImpersonationAssignmentName –Role:ApplicationImpersonation –User:ServiceAccount
...whereServiceAccountis the name of the service account you will use to perform Mailbox Level backups andImpersonationAssignmentNameis the name of the assignment you want to associate with Mailbox Level backups.
Configure Powershell Remoting
Enabling Powershell Remoting (as administrator)
Enter-PSSession -ComputerName localhost
If this fails, additionally run..
Enable-PSRemoting -ForceAfter the command is successfully ran, IIS will need to be configured to allow for remote Powershell access.
Open IIS
Click on the drill down: Domain->Sites->Default Web Site -> Powershell
Click on the “Authentication” icon
Right click on “Basic Authentication” and enable
- Close IIS
- Disable EWS Throttling
- Disable EWS Throttling
This step is optional but is strongly recommended. It has been shown that EWS throttling may interfere with the Mailbox Level backups from completing fully and successfully. Also, disabling EWS throttling may allow the backups to run more quickly. More information about client throttling can be found here. Exchange 2007 does not have configuration options for throttling policies so there is nothing to change if using Exchange 2007. To disable EWS throttling, use the following Exchange Management Shell commands: - Create a throttling policy.
New-ThrottlingPolicy <Policy>
...where<Policy>is the name you choose for the throttling policy. - Specify the nature of the throttling policy.
- For Exchange 2010 use:
Set-ThrottlingPolicy <Policy> -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null -EWSMaxConcurrency $null -EWSMaxSubscriptions $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null - For Exchange 2013 and 2016 use:
Set-ThrottlingPolicy <Policy> -EWSCutoffBalance Unlimited -EWSMaxBurst Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -EWSRechargeRate Unlimited -IsServiceAccount:$true
- For Exchange 2010 use:
- Apply the throttling rule
Get-Mailbox | Set-Mailbox -ThrottlingPolicy <Policy>\ - Get-ThrottlingPolicyAssociation — Enables you to view the relationship between an object and its associated throttling policies. (Use to confirm policy is in place)
- Disable EWS Throttling
- Configure the Backup Set
- Open the Intronis Management Portal - https://manage.intronis.com
- Choose the account you wish to create the backup set on
- Choose the computer/server from the list in the “Computers” tab
- Click the “Backup” tab
- Click “+ Add Backup Set”
- Choose “Exchange Mailbox Level”
- Enter EWS URL. Default this URL is https://mail.domain.com/ews/exchange.asmx
- If you are not sure this is the URL, Open Exchange Management Shell and run the command:
Get-WebServicesVirtualDirectory |Select name, *url* | fl
- If you are not sure this is the URL, Open Exchange Management Shell and run the command:
- Enter the username and password
- Click next.
- Select the email accounts you need email backups for. Try to not set backups for printers, test emails, etc.
- Create a schedule – Note that, if the company has a large number of email addresses backing up, the initial backup will take multiple days or longer.
- In the Settings section please check all the boxes (unless otherwise instructed)
- Finish.
Try to schedule the first backup to start after hours on a weekend as this can be taxing to a server. Some of these steps come from a helpful article published by Intronis. Their document is here: