We want your feedback on Exchange Certificate Management!

Exchange 2007 has GUI elements to manage certificates?

Shame I haven't played enough with Exchange 2010 certificates but from what I have used of it the GUI was a big help considering so many people, myself included, broke their autodiscover etc in Exchange 2007.

This is a real time saver!

Don't get me wrong, I like Powershell, except for managing basic tasks during setup.

I wish this would be available in the Lync control panel.

This is not related to this post but could you guys do a posting or at least answer some serious questions about Exchange and VSS that I have ?

From what I have figured out about VSS, when you do a VSS based backup you are doing a block level backup which is (basically) like copying database files when the databse application is shut down. In this case Exchange can't do a checksum on the database pages. So the backup program has to do a checksum later.

So my questions are:

1) Does the backup program built into Windows Server 2003, Windows Server 2008 or Windows Server 2008 R2 know how to do the check after ?

2) If it does not does that mean that a streaming backup is being made ?

3) If a streaming backup is being made can the Exchange VSS writer be disabled or removed to remove a point of failure from the server ?

4) Is a streaming backup the "gold standard" for Exchange backup vs a VSS backup ?

@ Dean:

I think a lot of your questions are answered in our documentation. Basically - E2010 does not support streaming backups at all. E2007 does, but after Sp1, it needs to be specifically enabled. More info here:

msdn.microsoft.com/.../aa579267(EXCHG.140).aspx

Yes, a consistency check is done as a part of the backup:

technet.microsoft.com/.../dd876854.aspx

More current information around features / limitations of in-box backup:

technet.microsoft.com/.../ee221172(EXCHG.80).aspx

"I think a lot of your questions are answered in our documentation."

Well, they are answered for those of you in the know at Microsoft. For those of us in the real world you could search for weeks and still not find an answer to your questions. There may be a small part of the answer here and another small part waaaaaaay over there and then yet another part in some distant reaches of the Microsoft galaxy. And you have to have inside knowledge that those parts go together. That's why I wanted a post or a document that CLEARLY lists all of the answers that I wanted. I'm sure there is more than one person who would like to see that also. I know. There is no time.

Your links just bring up more questions. Especially since that MSDN documentation is about as readable as an old IBM assembly language manual.

For example is "remote streaming backup" the same as doing a streaming backup on a server to a local backup device ?

Your answer about the consistency check only covered Exchange 2010. What about Exchange 2003 and 2007 ?

@Andrew Palmer: Please see New Administrative Functionality in the Exchange Management Console > Feature Changes (technet.microsoft.com/.../dd335120.aspx)

and aka.ms/certificates for details.

I have another question from your links. Does this:

"Backups taken with Windows Server Backup occur at volume level. To back up a storage group and database, you must back up the entire volume containing the storage group and database. You cannot back up any data without backing up the entire volume containing the data."

mean that if my Exchange databases are on the system volume or on a volume containing other data I now have a COMPLETE backup of the system volume or the other data and can use that to do a complete restore of the system volume or the other data ?

Hi Dean,

We are quite off topic here :). If you have more questions, please email me at ninob AT microsoft DOT com. But quickly:

- Exchange 2003 did not support in-box VSS backups; so consistency check - as done in E2010 was not there

- Exchange 2007, if backed up with streaming backup, also does not do such a check; if backed up with in-box VSS, then there is a check (msdn.microsoft.com/.../bb204080(EXCHG.80).aspx)

- Yes, if your Exchange databases are on the system drive, everything on that drive (the whole volume) has to be backed up. When restoring, you do not need to restore the whole volume, but can choose to restore "Application" as in - Exchange data only. (I

put some screenshots of how this looks here:

blogs.technet.com/.../details-of-exchange-2007-sp2-in-box-backup-when-running-on-windows-server-2008.aspx) You may restore in place or out of place.

Hope this helps!

How about a wizard seperate from the installation for generating the cert pre-installation of the CAS servers.  Personally, I just start the cert gen request in IIS, and add the SAN names when processing the cert on godaddy or entrust.  Its really ideal to have that cert completed before installation (O2007/10 likes to hit the cas's thanks to autodiscover srv records being autocreated, and thanks to the self-signed certs users get cert warnings eveb though the users have nothing to do with E2010)

I think current Exchange certificate wizard is quite brillient and I personally happy with that.