Share via

How to Recover Crashed Exchange Server?

  • Article

At some point in time, an Exchange Administrator encounters a disaster event where the Exchange Server does not work, with the server being unrecoverable.

This can happen due to various reasons, such as:

  • -          Hardware issue
  • -          Software issues with a third-party application installation
  • -          Failed or crashed Windows or system update
  • -          Sudden power loss
  • -          Human error
  • -          Malware or ransomware infection

Although you try your best to prevent the disasters from happening, you cannot prevent unforeseen disasters. You can only prevent what you know.

We have listed human error as one of the reasons because we are all humans. Like all humans, we are not perfect and do mistakes. Such mistakes include virtual machine is incorrectly updated, mistakes while doing maintenance, or any other occurrence that can impact the server.

What would be the first thing that comes in mind, especially when you are working with virtual machines? No trouble at all as you can just roll back to a previous snapshot of the virtual machine and solve the problem in minutes. This is where you are wrong as even Microsoft states that rolling back to a snapshot of crashed Exchange Server will not work and it is not supported.

According to Microsoft, “However, virtual machine snapshots aren't application aware, and using them can have unintended and unexpected consequences for a server application that maintains state data, such as Exchange. As a result, making virtual machine snapshots of an Exchange guest virtual machine isn't supported.”

In this case, the first step is to try to repair the operating system and boot the server with repair or try to boot in safe mode to identity the issue, and possibly try to figure out how to solve the issue. If this fails, the result will be of a full restore of the server from backup.

Before doing so, you need to consider all the eventualities and cons of this operation, such as:

  • -          What happens to the data on the server?
  • -          Do you have enough resources for this?
  • -          Do you have the expertise?

In case of any incident, you would not want to lose any data. But by going back to the last healthy backup means that from the last backup onwards, any changes done or added data will be lost. So, you need to have enough resources and storage to recover and keep a copy of the server’s virtual disks to recover the databases. If you have a physical computer, you need to find a way to keep a safe copy of the current mailbox databases and the files related to them.

The first thing to do is to look at the documentation of the server to check that all the updates are installed, along with the configuration that comes with them, including resources and operating system, while gathering the media to re-install the server. In the case of a physical server, you need to commission a new server as soon as possible. In the case of a virtual machine, you need to have enough resources to create a new Windows Server virtual machine.

Let’s assume that you have enough resources in your hypervisor or you have a new server in hand. In such a scenario, you will need to install the operating system and update it to the latest patches, keeping the same computer name and network configuration. For this, you can refer the documentation of the server to follow the installation process of operating system.

Once installed and updated with the latest patches, you need to join the machine to the domain and login with the administrator credentials on the server.

The server must also match the storage of crashed server. Suppose, if you had a drive to keep the mailbox databases with the drive letter M and a drive to keep the mailbox database logs with the drive letter L, these need to be matched.

Once this is done, before installing the Exchange Server, you need to install all the pre-requisites for the service. After these are installed, you need to run another update to install any new updates or updates related to the pre-requisites installed.

The next step is to extract the ISO file of the Exchange Server 2016 or the version you had installed in your new server. Then, run the below given command to start the installation with recovery option.

setup /mode:recoverserver /IAcceptExchangeServerLicenseTerms

For servers running Exchange Server 2016, most of the configuration is stored in the Active Directory schema, including settings such as location of database, database names, URLs of virtual directories, and transport settings, apart from others.

During the installation, which may take some time, you need to check the documentation for any custom configurations that might have been deployed in the Exchange Server. Such custom configurations could include settings in the IIS web server, installed SSL certificates that you need to re-install, or custom registry keys that would be recoverable from the documentation of the server, should be updated.

Restoring the Database

If the transaction logs of databases were not lost or damaged during the server failure, you can just copy the databases and logs into the same location and path, and these will successfully mount. However, if you have all the files and they were not damaged but still the databases are not mounting, then you need to run the ESEUtil to repair the databases.

If the databases won’t mount due to damaged or lost log files, then you have two options. First, you can restore from the last backup but the changes from the last backup onwards will be lost. Second, you can use a third-party tool that can open damaged EDB file.