Forum Discussion

woelki's avatar
woelki
Iron Contributor
Dec 03, 2020

Exchange On-Premise mail queue export

Hey guys, I got an interesting question in a hard case.  We are just helping a customer who had a cyber security incident some months ago. In the time where the Exchange servers have not been access...
2010
Exchange Server
  • woelki's avatar
    woelki
    Dec 04, 2020

    At least I could figure it out myself. It was a combination of VMware and disabling all NTP services. I have disabled the EXSI time sync for the single machines. In Windows safe mode I was able to disable all NTP possibilities and rename the mail.que

    This is marked as faulty move, but this is not important for the operation. After starting Windows in regular mode the transport service did not come up, what is great for our purpose. And the most important thing here is, although the transport service is not up and running in this situation you are allowed to execute changes with Set-TransportService.
    So I executed...

     

    Set-TransportService -Identity Edge01 -MessageExpirationTimeout 90.00:00:00

     


    ... renamed the backup.que back to mail.que and started the transport service. As the server now believed in time travel, no messages have been purged.

    For erveryone who reads this and wants to know how to export messages...

    Export messages from queues 

woelki's avatar
woelki
Iron Contributor

RNalivaikayes, I'm sure, because the mails came from the internet.

RNalivaika's avatar
RNalivaika
Iron Contributor
Dec 03, 2020

Ah, yes I had misread your question.. i would suggest contacting microsoft premier support for that..

Resources