Revision as of 21:48, 9 December 2014

How to Setup Retain with Exchange 2013

Exchange and Retain out of the box are not really set up to do true archiving. Exchange does not have a simple system to indicate that a message has been archived or not. So we need to do a few things to give Retain a chance to archive all the messages.

While Retain will certainly dredge Exchange for messages and Exchange will given them. If a user receives a message, deletes it and then purges it from Recoverable Items, Retain will never see it for archiving. So in this case we would only get a snapshot backup of Exchange and not a true archive. So we have to make sure that Exchange is set up so it will not allow messages to be permanently deleted before Retain has a chance to archive them.

DNS Server Prerequisites

The CAS, AD, Exchange and Retain servers should all be pointing to the DNS server, if they must point to different DNS see link below. Make sure that there is an entry for the autodiscover server on the DNS Forward Lookup Zone.

Creating a DNS SRV record for Exchange http://support.gwava.com/kb/?View=entry&EntryID=2402

How to Make Exchange's Autodiscover Work When Retain and Exchange Point to Different DNS Servers http://support.gwava.com/kb/?View=entry&EntryID=2233

CAS Server Prerequisites

Go to IIS Manager on each of your CAS servers and enable Basic Authentication for EWS and Autodiscover see page 229 in the Admin Guide (get pictures for EX2013) Backup the IIS config file. http://technet.microsoft.com/en-us/library/cc754617(v=ws.10).aspx

Check which DNS the CAS are pointing to. Command line “ipconfig /all” or right-click Start/Network Connections/Properties/Internet Protocol Version 4. If you change the DNS make sure to run "ipconfig /flushdns" from the command line to update the new setting immediately.

Firewall/proxy exceptions: Retain needs to be able to connect to Exchange's EWS service. Make sure that your firewalls and proxies contain an exception to allow TCP traffic to and from the Retain server.

EWS throttling: It is recommended to create a throttling policy specifically for Retain, which allows for large attachments. After creating the policy, you can use the following command to apply the policy to the impersonation account used by Retain. See "Retain and Exchange Server 2010 Throttling Policies" for more information. http://support.gwava.com/kb/?View=entry&EntryID=2343

Backup the IIS config file. http://technet.microsoft.com/en-us/library/cc754617(v=ws.10).aspx

Active Directory Prerequisites

Log into your Active Directory server Check that the DNS server is the one configured above.

Create Retain User Account

Go into Server Manager/Tools/Active Directory Users and Groups. Create a user for Retain to log into Exchange with. Note the user logon name and password. Go to the Account tab, then set in the Account Options:

• User cannot change password
• Password never expires
• Account expires never

Multiple Domains (if applicable)

If you have multiple domains in your active directory tree or you have a different internal domain from your email domain you can change the LDAP login that your users use to log into Retain.

In Active Directory Domains and Trusts:

• Right-click on the top container called "Active Directory Domains and Trusts" and select Properties
• Here you can add Alternative UPN suffixes.
• Click Apply, then OK.

Then you can go into the Exchange Admin Center:

• In Recipients/Mailboxes choose a user and edit them.
• Here you can change the User logon name: and from the drop down choose the domain you want them to login with.

Finally you can attempt logging in as a user with that new domain into Retain. This will not create a new mailbox in Retain as the user is also identified by their GUID which is unique.

Look at the worker log to determine which autodiscover URL Exchange is returning to Retain. Make sure there is a record for the autodiscover server in the Exchange system. The default port for autodiscover is 443.

Exchange Prerequisites

Verifying Basic Authentication is Enabled

Check that all CAS servers have successfully been updated. Bring up the Exchange Management Shell and run: Get-WebServicesVirtualDirectory | fl Make sure that you find the following line under each server: BasicAuthentication : True Determining if Basic Authentication is enabled on your network http://support.gwava.com/kb/?View=entry&EntryID=2395

Retain User Setup

Browse to the Exchange Admin Center https://[yourExchangeServerURL]/ecp Create a retain user account using the existing user you created in Active Directory and give it ImpersonationApplication rights. see page 227 of the Admin Guide (get pictures from EX13)

In-Place Holds

To properly archive your Exchange system you will need to setup In-Place Holds so they cannot delete messages before they have had a chance to be archived by Retain. http://technet.microsoft.com/en-us/library/ff637980%28v=exchg.150%29.aspx To set a hold on all mailboxes http://technet.microsoft.com/en-us/library/dn767952(v=exchg.150).aspx Since there is no flag that can be set to mark that a particular message has been archived, we are hoping everything works. A 90-day hold is a good amount of time to have a hold in place to catch any failures in the system and repair them.

IIS settings

Make sure that IIS on the Exchange server is throttled and configured appropriately for use with Retain. Attachment size limits are a common problem. The changes you'll want to consider making will be to the Exchange Web Services. http://technet.microsoft.com/en-us/library/hh529949(v=exchg.150).aspx

Backup the IIS config file. http://technet.microsoft.com/en-us/library/cc754617(v=ws.10).aspx

Prerequisites to Installing Retain

Preparing the Retain Server

Retain is quite comfortable running in a VM. It is recommended to use a VM because it is much easier to backup, restore and reconfigure the server.

Install the OS.

Create 4 disks and make sure that they will be extensible:

• OS: so the operating system is safe from disk full errors.
• DATA: for the database (30%)
• STORAGE: for the storage directory (40%)
• INDEX: for the indexes, their backups and the logs (30%)

Create a directory off the root called /software.

Install Java. http://download.gwava.com/download.php?product=jvm6&version=win64

Install IIS by adding the role in Server Manager.

Install SQL Server 2008 R2, 2012, or 2014 preferably on a separate server with the following setting:

1. Install as default instance, with Latin 1_General_C1_AS as standard encoding.
2. Enable SQL Server Authentication in addition to Windows Authentication
3. Once installed, Verify server is listening on port 1433 (telnet [ip address]:1433)
4. Ensure TCP/IP is enabled - Run SQL Server Configuration Manager
5. Expand SQL Server Network Configuration
6. Protocols for MSSQLSERVER
7. Enable TCP/IP
8. Run SQL Server Management Studio, connect to Server
9. Under Security/Logins, right click and select "create Login, (for example dbuser) that uses SQL Server authentication.
10. Assign a password.
11. Right click on Databases, and create a new database named retain and assign dbuser as the owner.

(There are other ways to grant the permissions but this is easiest)

Download and extract the latest version of Retain. http://download.gwava.com/download.php?product=Retain&version=versions

Have disks or network mounts available for the OS, database, storage area, index and logs

You should have been emailed Validation Keys for Retain Server, Exchange module and any other modules you have bought. Browse to https://licenses.gwava.com/ to receive your license files. Save these to your Retain Server and back them up someplace safe.

Install Retain

Launch the installer.

Install the Server, Worker and Reporting&Monitoring Server

(Fill in info)

Browse to http://localhost/RetainServer

(Fill in Info)

Set bookmark.

Post-Install Tasks

Tune Tomcat Memory Setting

Windows Tomcat memory tuning: 1) Go to the System Tray icon for Tomcat. (If using the embedded Tomcat, launch tomcat.exe located in C:\Program Files\Apache Software Foundation\Tomcat\bin. Skip step 2.) 2) Choose configure. 3) Go to the Java tab. 4) Set the Minimum Memory (always used), Maximum Memory, and Stack Size. (Tomcat is pre-tuned to 256MB initial and 1024MB max memory with a 160K stack size.)

For a typical 16GB system you will want to set Tomcat to 10240MB for initial and max memory size with 256 for thread stack size.

Load Licenses

Have the .pem files available and upload them to the server via the web console.

Setup Exchange Module

Check that Core settings are enabled. Set the Impersonation Account. (retain@company.com, password) Set the Exchange forest: AD forest, 3268/plaintext || 3269/SSL. Create a Search Base: top level of their forest (dc=organizationDomain,dc=domainType). Save Changes. Refresh address book.

Setup Job

Setup the Initial Dredge.

Schedule

Create a SingleUse schedule. Used mainly for initial dredging and testing. A RecurringUse Schedule is for the daily archive dredge.

Profile

Create a DredgeEverything Profile. All messages, set Item Store Flag, Try to publish all messages. Store all attachments, include archive mailbox and recoverable items. This is good for the initial dredge. A DailyProfile should be set to something more limited. Mainly use the Ignore all messages older than item store flag (fast) This is the workhorse profile and should be fast. A TestProfile will be used for testing and generally would not have Item Store Flag set so messages are not lost, but would be if you are working on a single user that has issues.

Worker

Create a worker for the mail server. The best practice is to have one worker for each mail server for best performance.

Job

Create an InitialDredge Job. Make sure to select the AD container and not the mailserver. Enter the Notification details. This would apply for the DailyJob as well. This would be for each mail server.

Setup RetainWorker web console

Log into worker console. (localhost/RetainWorker) Upload bootstrap. Set bookmark.

Setup Reporting and Monitoring

Have them enter details, then save and upload bootstrap. Log into R&M Server. (localhost/RetainStatsServer) Set bookmark.

Monitoring shows stats about the server. Reporting can generate reports about many things in the system.