Exchange Data Recovery Guide

First and foremost, DON’T PANIC.  I cannot remember how many times I have seen somebody (myself included) do something completely idiotic and often times irreversible because they didn’t take the time to think things through.  For example, wanting SO badly to get the database mounted again before anybody notices that you don’t do the MOST important step when recovering any data, making a backup and working off of the backed up copy rather than your live data.

That being said, here are the steps to take when disaster hits and your Exchange server is not cooperating.

  1. Make a backup of your important data, NOW!  Do not hold off on this step:
    1. For Exchange 5.5, you will want the Priv.edb, Pub.edb and Dir.edb at the very least.  For Exchange 2000 and 2003, grab the Priv.edb, Priv.stm, Pub.edb and Pub.stm.  For 2007, there is no longer an stm so just grab the Mailbox Database.edb and Public Folder Database.edb
    2. Grab any uncommitted log files.  I will explain later in this article on determining which log files have been committed and which have not.  You may also want to grab committed log files because if you need to go to an older backup of your database, these can be played back to bring the database up to date.
    3. By default the data files and log files are stored in the <exchange directory>\MDBDATA folder but can be split over 2 different drives.
    4. I highly recommend backing 2 separate backup copies of your data, at least one of which is stored on a completely different physical drive, computer or storage device.
  2. While you are waiting for your data to copy, assess the situation and gather information:
    1. Find out what the problem is that is preventing Exchange to function by checking the application and system event logs.  Copy any events related to Exchange to a notepad document or write them down.
    2. Check for any other serious errors in the logs that could point to an issue possibly related (hard drive going bad, virus, etc…)
    3. Check to make sure there is enough hard drive space.  A hard drive filling up can corrupt your database if there is not enough room to grow it.
  3. Gather information from ESEUTIL:
    1. Run ESEUTIL.exe /mh <path to data file>
      1. This will tell you if your file is in a Dirty or Clean Shutdown state
      2. It will also tell you which log files are needed to bring it to a Clean state on the “Log Required” line.
  4. Resolve underlying issues first:
    1. If your problem is because of faulty hardware, inadequate drive space, a virus / malware, or something else external to Exchange, resolve that first.
  5. Research the errors obtained during step 2:
    1. One of the best resources: Google it!  Searching for your error on Google can produce a wealth of useful information
    2. Also look on support.microsoft.com
  6. Decide on a recovery strategy:
    1. Your options are:
      1. Recover yourself using Microsoft tools, 3rd party software and online resources
      2. Restore from backup.
      3. Call a professional recovery company to assist.
  7. For a corrupted database, here are the steps I would take to recover:
    1. See if ESEUTIL can solve the problem with a soft recovery
      1. Run ESEUTIL.exe /r E00 /d <path to database directory> /l <path to log file directory> /s <path to directory with checkpoint file> where E00 is the first 3 characters of your log files.
    2. Try to fix with ESEUTIL hard recovery
      1. I actually forego this step in most cases and only use it as a last resort as it CAN lose data from your database, but it can bring a database to a mountable state.  Use at your own risk!
      2. Run ESEUTIL /p <path to database file>
    3. Restore from a recent backup.
      1. If you have a recent backup, sometimes this may be a better option than trying to fix a corrupted database, because there is almost always some data loss when fixing a corrupted data file.
    4. Restore from an OLD backup and replay logs to bring current.
      1. If you have located an old backup AND you have ALL logs files from then until now, the log files can be replayed into it to bring it up to date.  If any logs are missing or corrupt, this may not be a viable option.
    5. Restore from 3rd party software or call a professional.
      1. If all other recovery options fail, it may be time to enlist the help of outside sources.  Only you can put a value on what your data is worth to you and if it is feasible to hire (or purchase) outside help to restore your server back to normal.

Well that’s it for now.  This is NOT a comprehensive list, just  a few pointers that are often overlooked.  If you need any help with an Exchange issue, you can email exchangesupport@dtidata.com

Comments

  1. John, nice introductory article on Exchange Recovery and thought you might like to know about Lucid8s DigiScope that can do all the repair, search, recovery and data extraction desired within a simple yet powerful GUI and at very reasonable prices i.e. starts at $ 375.00 for Three (3) month linces for a Single Database with Unlimited Mailboxes.

    Anyway check it out if you get time and also there is also this cool little 7 minute flash demo that shows off the product functionality
    http://l8downloads.com/FLASH/DSWEB/DigiScope_Overview.html

Trackbacks

  1. [...] the original post here: Exchange Recovery what to do when Disaster Strikes Tags: data, data-recovery-solutions, database, drive, drive-recovery, exchange, exchange-recovery, [...]

Speak Your Mind