For Exchange Administrators Only
Troubleshooting Exchange 2010 and 2013 is below this section.
The Username and Password used to login to the Exchange Server should have enough permission to access mailboxes that need to be backed up.
The Administrators group should have the Allow option set and Deny option not set for Send As and Receive As Permission.
i. Open the Exchange System Manager.
ii. Expand the Organization
iii. Expand the Administrative Groups container.
iv. Expand <administrative group name>, Servers container, <server name>, the Storage Group and <storage group name>
a. Right click on the store containing the mailboxes you want to grant access to, and choose properties.
b. Click on the security tab and choose the Administrators group from the list. If the Administrators group is not already there, click on Add and add it.
264733 How to enable the Security tab for the organization object in Exchange 2000 and in Exchange 2003 HYPERLINK http://support.microsoft.com/default.aspx?scid=kb;EN-US;264733
c. Scroll down the list of permissions and check allow for the Send As and Receive As permission and then click OK. Make sure the Deny Permissions are not set.
if you still cannot access the mailbox restart the Remote Backup Client Software. Restart all exchange services from the services panel or reboot the machine.
These following steps have to be done on all the mailboxes(user accounts) that you are trying to access and backup.
Suppose you are trying to access MailBox B and C with Username A. You must grant access for Username A to access MailBoxes B and C. So you should edit the mailbox rights of B and C to grant permission for A.
Follow these steps to grant access to a user for a mailbox.
i. Open Active Directory Users and Computers from Control Panel -> Administrative Tools. Go to the Users section.
ii. Right Click on the mailbox (user account) that you are trying access and back up from the client software. Select Properties
iii. Navigate to the "Exchange Advanced" Tab. Click on MailBox Rights.
iv. Click on Add and add the user that you are using to back up Exchange. Grant "Full MailBox Access" and click ok.
If you still cannot access the mailbox, restart the Remote Backup Client Software. Restart all exchange services from the services panel or reboot the machine.
i. Open Active Directory Users and Computers from Control Panel -> Administrative Tools.
ii. Right Click on Users and select New User. Give the new user a FirstName, LastName, logon name etc, and click Next.
iii. Type a password, enter the same in the Confirm Password, select your password options, and click Next.
iv. Make sure "Create an Exchange Mailbox" is checked, then click Next.
v. Click on Finish to create the user.
vi. Right Click on the created user and select Properties.
vii. Navigate to the "Member of" Tab, click on Add. Type Administrators, click OK and then OK again to close both windows.
viii. Open the Exchange System Manager.
ix. Expand the Organization.
x. Right click (on the top node) and choose the Delegate control
a. Click next and then Add and Browse. From the object picker choose the user (the user that we just created) to which you want to grant access, and click ok
b. Make sure the Exchange View Only Administrator is chosen and click OK.
c. Click Next and Finish.
xi. Next expand the Administrative Groups container
xii. Expand <administrative group name>, Servers container, <server name>, the Storage Group and <storage group name>
a. Right click on the store containing the mailboxes you want to grant access to and choose Properties.
b. Click on the security tab and choose the user from the list. If the user was added as part of a group at the View Only Administrator level then that individual user will need to be added at this time if the entire group is not going to be granted Receive As permissions here. If the security tab is not visible, follow the instructions in the following article.
"264733 How to enable the Security tab for the organization object in Exchange 2000 and in Exchange 2003 HYPERLINK http://support.microsoft.com/default.aspx?scid=kb;EN-US;264733"
c. Scroll down the list of permissions and check Allow for the Send As and Receive As permission and then click OK.
The Information store may cache this data and it can take up to 2 hours for this cache to be flushed. Dismount and remount the store to flush this cache immediately or reboot the machine for this cache to reflect the permissions immediately.
Troubleshooting Exchange 2010 and 2013
Here are some of the common trouble-shooting steps and solutions.
IMPORTANT! Service Pack 1 is required for SBS 2011
Service Pack 2 is required for Exchange 2010
Service Pack 1 is required for Exchange 2013
Error: ‘CommandNotFoundException’ or ‘ObjectNotFound error’:
To resolve:
1) Launch Exchange powershell
2) Run “Add-pssnapin microsoft*”
3) Run “install-CannedRbacRoles”
4) Run “Install-CannedRbacRoleAssignments”
5) Close powershell
Role-assignment
[Error] The term 'New-MailboxExportRequest' is not recognized as the name of a cmdlet, function, script file, or operable program.
To resolve:
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
From Exchange Management Shell (run as administrator), assign new management role as follows:
[PS] C:\Windows\system32>new-managementroleassignment -role "Mailbox Import Export" -User "DomainName.local\Administrator"
Where, “DomainName.local” is the domain name. Include ‘.local’ if domain name has ‘.local’ defined.
Ref: http://technet.microsoft.com/en-us/library/ee633452.aspx
Enable PS-Remoting
(When errors are encountered connecting to Exchange Server)
ref: http://technet.microsoft.com/en-us/library/dd819498.aspx
To enable export/import requests PS-Remoting must be enabled.
Click Start, then select Microsoft Exchange Server, and Exchange Management: Shell - Run as Administrator
The following text was copied from the Powershell window.
[PS] C:\Windows\system32>enable-PSRemoting
WinRM Quick Configuration
Running command "Set-WSManQuickConfig" to enable this machine for remote management through WinRM service.
This includes:
1. Starting or restarting (if already started) the WinRM service
2. Setting the WinRM service type to auto start
3. Creating a listener to accept requests on any IP address
4. Enabling firewall exception for WS-Management traffic (for http only).
Do you want to continue?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
WinRM already is set up to receive requests on this machine.
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
WinRM firewall exception enabled.
Confirm
Are you sure you want to perform this action?
Performing operation "Registering session configuration" on Target "Session configuration "Microsoft.PowerShell32" is
not found. Running command "Register-PSSessionConfiguration Microsoft.PowerShell32 -processorarchitecture x86 -force"
to create "Microsoft.PowerShell32" session configuration. This will restart WinRM service.".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
More info:
Errors during Incremental Backup
(Error: :Script block literals are not allowed in restricted language mode or a Data section)
Description: We cannot run methods in restricted language mode.
The Exchange configuration is locked down (restricted session). By default, only administrators can connect to the end point, but they are restricted as well.
A few words on the LanguageMode property - There are three possible values: NoLanguage, RestrictedLanguage, and FullLanguage. In FullLanguage you can do whatever you want. In NoLanguage mode only commands that are using the Runspace APIs are allowed, and in RestrictedLanguage mode commands that contain scripts that need to be evaluated are not allowed.
To resolve:
We can change the language mode by opening the web.config file in the PowerShell virtual directory:
