Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

MS Exchange 2013 Datastore on Bitlocker Encrypted Volume

Posted on 2013-11-17
1
Medium Priority
?
1,614 Views
Last Modified: 2013-11-17
Dear EX Community,

I am currently experimenting with MS Exchange 2013 and Bitlocker Drive Encryption (Windows Server 2012 R2). My intention is to put the Exchange Database on an encrypted volume.  I am aware that this does not protect the data when the system is in a running state.  My goal is to protect the data in case one of the hard drives (RAID 1 Array) gets swaped out, since the server is located in an external Data Center.

On the server I have currently 2 partitions:
C: - System Partition (unencrypted)
D: - Data Partition (Bitlocker Encrypted, has to get manually unlocked using a key after every reboot)

Exchange itself I'd install on C: while the Exchange Database would get put on the encrypted D partition.

Now my question is how Exchange will cope at boot time when the Data Partition is not yet unlocked and Exchange can't access the Datastore.  I suppose this will lead into troubles?  How about if I set all Exchange related services to manual startup in order to start the services manually after the D: partition has been unlocked?

I am aware that there is a possibility to automatically unlock the D: partition at boot time but this would require that the System Partition is also encrypted, which is not possible in this scenario since the server doesn't have a TPM-Module and I don't want to enter the key through the KVM-Console when rebooting the server.

Any feedback is highly appreciated.  Thank you very much!
0
Comment
Question by:MrFortune100
1 Comment
 

Accepted Solution

by:
MrFortune100 earned 0 total points
ID: 39655336
After multiple tests, I can confirm that my suggestion above seems to work well.

After the Exchange 2013 installation I have moved the Mailbox Database to the Bitlocker Encrypted Volume.  Then I have set the following Exchange 2013 Services from Automatic to Manual start up:

Microsoft Exchange Active Directory Topology
Microsoft Exchange Anti-spam Update
Microsoft Exchange Diagnostics
Microsoft Exchange EdgeSync
Microsoft Exchange Frontend Transport
Microsoft Exchange Health Manager
Microsoft Exchange Information Store
Microsoft Exchange Mailbox Assistants
Microsoft Exchange Mailbox Replication
Microsoft Exchange Mailbox Transport Delivery
Microsoft Exchange Mailbox Transport Submission
Microsoft Exchange Replication
Microsoft Exchange RPC Client Access
Microsoft Exchange Search
Microsoft Exchange Search Host Controller
Microsoft Exchange Service Host
Microsoft Exchange Throttling
Microsoft Exchange Transport
Microsoft Exchange Transport Log Search
Microsoft Exchange Unified Messaging
Microsoft Exchange Unified Messaging Call Router

Open in new window


Additionally, I've created a batch file which starts all of these services followed by a IIS-Restart at the end:

net start MSExchangeADTopology
net start MSExchangeAntispamUpdate
net start MSExchangeEdgeSync
net start MSExchangeIS
net start MSExchangeMailboxAssistants
net start MSExchangeMailboxReplication
net start MSExchangeRepl
net start MSExchangeRPC
net start MSExchangeServiceHost
net start MSExchangeThrottling
net start MSExchangeTransport
net start MSExchangeTransportLogSearch
net start MSExchangeFastSearch
net start MSExchangeDelivery
net start MSExchangeFrontEndTransport
net start MSExchangeDiagnostics
net start MSExchangeHM
net start MSExchangeSubmission
net start HostControllerService
net start MSExchangeUM
net start MSExchangeUMCR
IISReset

Open in new window


After a server reboot I manually unlock the Bitlocker Drive and then start Exchange using the bat file. Exchange 2013 seems to run fine, at least I couldn't find any errors in the Event Log. I suppose this scenario is not supported by Microsoft, but it seems to do the trick for my requirements.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question