Restores of individual Exchange 2010 mailboxes from GRT enabled backup sets may fail with status code 5 when default SSL/TLS settings were changed in IIS.

Article:TECH130545  |  Created: 2010-01-26  |  Updated: 2013-10-24  |  Article URL http://www.symantec.com/docs/TECH130545
Article Type
Technical Solution


Environment

Issue



Restores of individual Exchange 2010 mailboxes from GRT enabled backup sets may fail with status code 5 when default SSL/TLS settings were changed in IIS.

Solution



Exchange 2010 client access servers by default has Secure Socket Layer certificates installed. During the individual mailbox restore process,
NetBackup requires a secure HTTPS connection to the Client Access Server -Exchange Web Services (EWS) to access the mailbox being restored.
In some environments where unsecured HTTP connections to EWS are still required, modifications to the IIS web security configuration file is
necessary.

Cause:

1. EWS application "Require SSL" setting in IIS is enabled by default but is now disabled.
To verify this setting:
Open the Server Manager. Navigate to Roles, Web Server (IIS), Internet Information Services (IIS) Manager, CAS, Sites, Default Web Site, EWS.
Under IIS - Feature View, select SSL settings.

2. The default web.config file under Program Files\Microsoft\V14\ClientAccess\exchweb\ews was modified to only allow HTTP requests.
Check the modified date of this file to determine if the file was changed from the original version.


Troubleshooting:

Check for the following similar errors in the logs.

From NCFGRE on the client access server:

ERR - unable to create object for restore: \\DAG\Microsoft Information Store\A1-1000-1\Database, rai error = 6
ERR - unable to create object for restore: \\DAG\Microsoft Information Store\A1-1000-1\Database\mailboxname, rai error = 17
ERR - unable to create object for restore: \\DAG\Microsoft Information Store\A1-1000-1\Database\mailboxname\Top of Information Store, rai error = 17
ERR - unable to create object for restore: \\DAG\Microsoft Information Store\A1-1000-1\Database\mailboxname\Top of Information Store\Inbox, rai error = 17
ERR - unable to create object for restore: \\DAG\Microsoft Information Store\A1-1000-1\Database\mailboxname\Top of Information Store\Inbox\<No Subject> <>, rai error = 6
INF - GRE EXITING WITH STATUS = 0
INF - GRE RESTORED 0 OF 5 FILES SUCCESSFULLY
INF - GRE KEPT 0 EXISTING FILES
INF - GRE PARTIALLY RESTORED 0 FILES
INF - Server status = 5



From NCFGRE - VxUL log on the client access server:

[2864] 05/05/10 16:41:47 Exception in sending seedmsg Request failed. The remote server returned an error: (404) Not Found.
[2864] 05/05/10 16:41:47 ---EWSStore::OpenFolder---


From \netbackup\logs\beds\ewstrace.txt log file from CAS: (Viewed as html page)

TraceMessage:: 404 Not Found Content-Length: 0 Cache-Control:
private Date: Thu, 13 May 2010 13:46:52 GMT Set-Cookie: exchangecookie=1ca82aa2bedf4763a1105405159007a2;
expires=Fri, 13-May-2011 13:46:52 GMT; path=/; HttpOnly Server: Microsoft-IIS/7.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET


Workaround:

1.Make sure that EWS application "Require SSL" setting in IIS is enabled/checked.
2.Revert the changes made to the web.config file or replace the file with the original copy.

Microsoft acknowledged that there is a limitation in Exchange server 2010 where by default only POSTs that are made through SSL are accepted.
HTTP POSTs will be accepted in Service Pack 1 for Exchange Server 2010.



References:

http://support.veritas.com/docs/354421 - BUG REPORT: Restores of individual email messages from GRT enabled Exchange Information Store backup sets in NetBackup 7.0 fail with "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" reported if the Exchange Client Access Server has Secure Socket Layer certificates installed.

ET: 2000168 - GRT Exchange Restore failing with Could not establish trust relationship for the SSL/TLS secure channel

http://support.microsoft.com/kb/980048 -
Error message when you try to submit an HTTP POST programmatically to Exchange Server 2010 Web Services or to AutoDiscover: "HTTP 404 Resource Not Found"


Legacy ID



354867


Article URL http://www.symantec.com/docs/TECH130545


Terms of use for this information are found in Legal Notices