Microsoft made a number of changes in Exchange Server 2013. With regards to TSM mailbox restore, perhaps the most significant change was the requirement for MAPI clients to use RPC over HTTPS (also known a Outlook Anywhere). RPC over HTTP is no longer supported. When using any new or changed technology, you may encounter some bumps in the road. I've been working with Exchange 2013 for quite some time now, and I would like to share with you a few tips for using mailbox restore with Exchange 2013.
Before you start:
- Use FlashCopy Manager 3.2.1 (or later) or Data Protection for Exchange 6.4.1 (or later).
- Use Exchange 2013 CU2 or later
- Use MAPI download 6.5.8320.0 or later
Verify your Exchange environment
- Open the current administrator's mailbox in Outlook or OWA
- Open the target mailbox in Outlook or OWA
- (optional) Use MFCMapi to verify your MAPI configuration. This Microsoft blog lists the steps to perform this verification. If MFCMapi cannot connect to Exchange, then TSM will not be able to either.
If your environment is configured correctly, mailbox restore will work as with previous versions Exchange. However, if you run into trouble, I suggest the following troubleshooting steps:
- Grant "full access" permission to the target mailbox. Especially when using the "Administrator" mailbox, typically Exchange 2013 blocks full access permission for this administrator.
- Log in as an Exchange administrator with a mailbox on an Exchange 2013 database
- Use an Exchange 2013 CAS server (i.e. set the CLIENTACCESSServer parameter to an Ex13 CAS server)
- If using a load balancer, for troubleshooting purposes set the CLIENTACCESSServer to an actual server instead of the load balancer
- Try using Mailbox Restore Browser with "Open Exchange Mailbox" to open the administrator mailbox and the target mailbox. This is the simplest case.
- Check your MAPI registry key. It is located at HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\Windows Messaging Subsystem, and the name of the key is RpcHttpProxyMap_TSM. You may have to change the http to https, or the authentication method, or the domain name to *. The MAPI download (linked above) contains the Microsoft documentation for setting this registry key.