Difference between revisions of "MailStore Server Service Configuration"

[unchecked revision][unchecked revision]
(46 intermediate revisions by 5 users not shown)
Line 1: Line 1:
__NOTOC__
+
With the MailStore Server Service Configuration you can configure low level features of a MailStore Server installation as well as control the MailStore Server service. The current status of the MailStore Server service is shown at the bottom of the window.
  
Basic administrative features are available through the MailStore Server Service Configuration. It can be accessed through the MailStore Server application folder in the Windows Start menu or the corresponding desktop shortcut.
+
== General==
 +
On this page you can select the storage location of the master database, configure where audit events should be stored and enable or disable individual features for accessing MailStore Server.
  
 
[[File:tech_config_01.png|center|500px]]
 
[[File:tech_config_01.png|center|500px]]
  
At the bottom of the window, the current status of the MailStore Server service is shown. The service can be controlled using the ''Start'', ''Stop'' and ''Restart'' buttons. This may be necessary after certain changes to the configuration have been made or before performing backups, for example.
+
=== Master Database ===
 +
Select the storage location of an existing master database. If you chose an empty directory, a new master database will be created therein. If you want to move an existing archive to a new storage location, refer to the instructions in [[Moving the Archive]].  
  
= Allgemein =
+
You can also specify the destination for logging audit events here.
  
'''Master Database''' - Select the storage location of an existing master database. When choosing an empty directory, a new master database is created therein. Additional information about master databases is available in chapter [[Storage_Locations#Structure_of_the_MailStore_Database|Structure of the MailStore Database]].
+
=== Features ===
 +
In this section you can enable or disable individual features for accessing MailStore Server.
  
'''Features''' - Individual components for accessing the MailStore server can be activated or deactivated. These include:
+
* ''MailStore Web Access / Outlook Add-In (HTTP)''<br/>Enables archive access via HTTP through [[Accessing_the_Archive_with_MailStore_Web_Access|MailStore Web Access]] and the [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]].
 +
* ''IMAP Server (STARTTLS)''<br/>Enables the STARTTLS-encrypted archive access through the integrated [[Accessing_the_Archive_via_Integrated_IMAP_Server|IMAP server]] (explicit TLS). Login over unencrypted connections is not supported.
 +
* ''IMAP Server (SSL)''<br/>Enables SSL/TLS-encrypted archive access through the integrated IMAP server (implicit TLS).
 +
* ''MailStore Administration API (HTTPS)''<br/>Enables the [[Administration_API_-_Using_the_API|MailStore Administration API]].
 +
* ''VSS Writer''<br/>Activates the MailStore Volume Shadow Service Writer for enabling live backups of the archive using an [[Backup_and_Restore#Using_External_Backup_Software|external backup software]].
 +
** ''Exclude Indexes from VSS Backup''<br/>Location of index files will not be reported by the VSS Writer.
  
* MailStore Web Access / Outlook Add-In (HTTP)
+
=== Controlling the Service ===
* MailStore Web Access / Outlook Add-In (HTTPS)
 
* IMAP Server (unencrypted / STARTTLS)
 
* IMAP Server (SSL)
 
  
Interfaces can be configured under ''IP Addresses and Ports''.
+
The current status of the MailStore Server service is shown at the bottom of the window. By using the buttons you can control the MailStore Server service.
  
'''Locksmith''' - Through this feature, the user "admin" with the password "admin" can be restored.
+
==== Safe Mode ====
  
= IP Addresses and Ports =
+
The MailStore Server service can be started in ''Safe Mode'' to perform maintenance on the configuration.
  
In addition to activating or deactivating individual components, you can choose the IP address and the port to which a component is to be linked to as well as the SSL certificate that is to be used for encrypted connections.
+
While the ''Safe Mode'' is active:
 +
* Only administrators can log in to MailStore
 +
* Automatic archiving and export profiles are not started
 +
* Jobs are not started automatically
 +
* All internal heartbeats are disabled
 +
* The ''MailStore Server Service Configuration'' cannot be closed
  
'''IP Address'''- Auf dieser IP-Adresse nimmt die Komponente Verbindungen entgegen. In der Regel ist es ratsam alle Komponenten von MailStore an alle IP-Adressen zu binden (Standard).
+
== IP Addresses and Ports ==
'''Port''' - Gibt den TCP-Port an, auf dem die Komponente Verbindungen annimmt.
+
In addition to enabling and disabling individual network based components, you can choose the IP address and the port to which a component is to be bound as well as the SSL/TLS certificate that should be used for encrypted connections.
:'''Example:''' Falls neben MailStore Web Access kein weiterer Webserver installiert ist (z.B. eine IIS-Website, Microsoft Outlook Web Access oder SharePoint), können Sie die HTTP- und HTTPS-Standardports (80 und 443) festlegen. So können Anwender direkt über die URL <nowiki>http://<servername></nowiki> oder <nowiki>https://<servername></nowiki> auf MailStore Web Access zugreifen.
+
[[File:tech_config_02.png|center|550px]]
'''Server Certificate''' - Zeigt das aktuell verwendete SSL-Zertifikat fuer die entsprechende Komponente des MailStore Servers an. Klicken Sie auf den Namen um Details über das SSL-Zertifikat anzuzeigen. Über die Schaltfläche neben dem Namen können Sie:  
 
* ein SSL-Zertifikat aus dem Zertifikatspeicher des MailStore Server Computers auswählen.
 
* ein neues selbstsigniertes SSL-Zertifikat erstellen.
 
* ein SSL-Zertifikat aus einer Datei direkt in den Zertifikatspeicher des MailStore Server Computers importieren.
 
  
= Ereignisanzeige =
+
=== Basic Options ===
 +
==== IP Address ====
 +
The IP address on which the component accepts connections. Generally, it is recommended to bind all MailStore Server components to all IP addresses (default).
  
Hier werden Ereignisse wie das Starten oder Stoppen des MailStore Server Dienstes angezeigt. Im Falle von Fehlern, klicken Sie auf den entsprechenden Eintrag um unterhalb der Liste weitere Details anzuzeigen.
+
==== Port ====
 +
Indicates the TCP port on which the component accepts connections.
 +
:'''Hint:''' If no web server other than MailStore Web Access is installed (e.g. an IIS website, Microsoft Outlook Web Access or SharePoint), you can specify the HTTP- and HTTPS standard ports (80 and 443). This way, users can access MailStore Web access directly using the URLs <code>http://<server name></code> or <code>https://<server name></code> without port numbers.
  
= Debug Protocol =
+
==== Server Certificate ====
 +
Shows the current SSL/TLS certificate for the respective component. Click on the name of the SSL/TLS certificate to view further details. Using the ellipsis button (…) next to the name you can:
 +
* Select an SSL/TLS certificate from the certificate store of the MailStore Server computer.
 +
* Create a new self-signed SSL/TLS certificate.
 +
* Import an SSL/TLS certificate from a file directly into the certificate store of the MailStore Server computer. The file must be in PKCS #12 format and usually has the file extension ''.pfx'' or ''.p12''.
  
'''Debugprotokoll aktivieren''' - Aktivieren Sie diese Einstellung, falls Probleme oder Fehler beim Betrieb des MailStore Servers aufgetreten sind. Nach Neustart des Server-Dienstes über ''Neu starten'' im gleichen Fenster wird eine ausführliche Protokolldatei mitgeschrieben. Diese kann zum Beispiel vom MailStore-Support-Team ausgewertet werden.
+
Further information about certificates and SSL/TLS security can be found in the following articles:
  
'''IMAP-Verbindungs-Debugprotkoll aktivieren''' - Aktivieren Sie diese Einstellung, falls Probleme oder Fehler beim Zugriff auf den MailStore Servers über den integrierten IMAP-Server aufgetreten sind. Nach Neustart des Server-Dienstes über ''Neu starten'' im gleichen Fenster wird eine ausführliche Protokolldatei mitgeschrieben. Diese kann zum Beispiel vom MailStore-Support-Team ausgewertet werden.
+
* [[Using_Your_Own_SSL_Certificate|Using Your Own SSL Certificate]]
 +
* [[Enhancing_SSL_Security|Enhancing SSL Security]]
  
In der Tabelle finden Sie eine Übersicht aller erstellten Debugprotokolldateien. Sie können den Inhalt einer Debugprotokolldatei durch einen Doppelklick oder klicken auf die Schaltfläche ''Öffnen'' im Texteditor anzeigen lassen. Zum Löschen einer oder mehrerer Debugprotokolldateien, markieren Sie diese zunächst und klicken anschließend auf ''Löschen''.
+
=== Specific Options ===
 +
==== MailStore Client ====
 +
You cannot disable this component because the MailStore Client is essential for managing MailStore Server. The default TCP port is 8460.
 +
==== MailStore Web Access / Outlook Add-in (HTTP) ====
 +
This component provides unencrypted archive access through MailStore Web Access and the MailStore Outlook Add-in. The default TCP port is 8461.
 +
* ''Enable HTTPS redirect''<br/>Enabling this option redirects unencrypted HTTP requests to the HTTPS port.
 +
* ''Redirect to custom server name''<br/>If MailStore Server should use a specific server name for the HTTPS redirect, it must be specified here.
 +
==== MailStore Web Access / Outlook Add-in (HTTPS) ====
 +
This component provides SSL/TLS-encrypted archive access through MailStore Web Access and the MailStore Outlook Add-in. The default TCP port is 8462. This component cannot be disabled.
 +
==== IMAP Server (STARTTLS) ====
 +
This component provides STARTTLS-encrypted archive access through the integrated IMAP server (explicit TLS). The default TCP port is 143. Login over unencrypted connections is not supported.
 +
==== IMAP Server (SSL) ====
 +
This component provides SSL/TLS-encrypted archive access through the integrated IMAP server (implicit TLS). The default TCP port is 993.
 +
==== MailStore Administration API (HTTPS) ====
 +
This component provides SSL/TLS-encrypted access to the MailStore Administration API. The default TCP port is 8463.
  
 +
== Security and Encryption ==
 +
This page provides several security features related to archive access and encryption. Please note that you cannot use these features while the MailStore Server service is running; it has to be stopped first.
 +
[[File:tech_config_03.png|center|550px]]
 +
 +
=== Restore Default Admin ===
 +
Through this feature you can restore the default admin user ''admin'' with the likewise password ''admin''. If the recovery key of the archive whose default admin you want to restore is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.<br />
 +
A restore of the default admin user is written into the audit log.
 +
 +
=== Reinitialize Archive Encryption ===
 +
For security reasons the archive encryption is bound to the Windows installation of the MailStore Server machine. Therefore it might be necessary to reinitialize the archive encryption when moving the archive to another computer. If the recovery key of the archive whose encryption you want to reinitialize is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.
 +
 +
=== Set Recovery Key ===
 +
The recovery key is used to authorize several security related tasks in MailStore Server, such as restoring the default admin, moving the archive to another machine or attaching archive stores from another MailStore installation. That way the number of people that may perform such tasks can be kept small and administrative archive and system duties can be kept separate.
 +
 +
By default, MailStore Server uses the product key provided during setup as recovery key and most security related tasks are carried out automatically without the need to enter the recovery key for authorization.
 +
 +
To improve security you can change your recovery key to an automatically generated, random value. In that case, every security related tasks must be authorized by entering the recovery key. For easier reference, each recovery key has a unique identifier that is displayed when the related recovery key must be provided. Only the most recent recovery key can be used for authorization.
 +
 +
==== Changing the Recovery Key ====
 +
* [[File:Tech_config_04.png|right|340px]]Click on ''Change'' to change the recovery key to an automatically generated, random value.
 +
* You will be asked to save the recovery key to a file and/or print it. You have to choose at least one option to continue.
 +
* After successfully changing the recovery key only the new key can be used henceforth.<br clear=all />
 +
<p class="msnote">'''Important notice:''' Always store the recovery key in a secure location. Without the recovery key carrying out security related tasks is no longer possible.</p>
 +
 +
==== Resetting the Recovery Key ====
 +
You can reset the recovery key to the current product key of your MailStore Server installation at any time. Before the reset you will be asked to enter the current recovery key. By default, MailStore Server already uses the current product key as recovery key and the button is disabled.
 +
 +
== Startup Script ==
 +
The MailStore Server service can execute a script before startup. The script can be used to establish a connection to a network resource using special connection parameters as described in chapter [[Using Network Attached Storage (NAS)]].
 +
 +
== Event Viewer ==
 +
Events such as starting or stopping the MailStore Server service are displayed here. If there are any errors, click on the corresponding entry to view additional details below the list.
 +
 +
== Debug Log ==
 +
On this page you can enable, view or delete all debug logs created by MailStore Server.
 +
 +
=== Enable Debug Log ===
 +
Enable this feature if any problems or errors have occurred while running MailStore Server. After restarting the server service via ''Restart Service'' in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.
 +
 +
=== Enable IMAP Connection Debug Log ===
 +
Enable this feature if problems or errors have occurred while accessing MailStore Server using the integrated IMAP server. After restarting the server service via ''Restart Service'' in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.
 +
 +
The table shows an overview of all debug log files. To view the contents of a debug log file in a text editor, double-click on the file name or click on ''Open''. To delete a debug log file, highlight the file name and click on ''Delete''.
  
 
[[de:MailStore_Server_Dienst-Konfiguration]]
 
[[de:MailStore_Server_Dienst-Konfiguration]]
 +
[[en:MailStore Server Service Configuration]]

Revision as of 12:37, 16 January 2019

With the MailStore Server Service Configuration you can configure low level features of a MailStore Server installation as well as control the MailStore Server service. The current status of the MailStore Server service is shown at the bottom of the window.

General

On this page you can select the storage location of the master database, configure where audit events should be stored and enable or disable individual features for accessing MailStore Server.

Tech config 01.png

Master Database

Select the storage location of an existing master database. If you chose an empty directory, a new master database will be created therein. If you want to move an existing archive to a new storage location, refer to the instructions in Moving the Archive.

You can also specify the destination for logging audit events here.

Features

In this section you can enable or disable individual features for accessing MailStore Server.

  • MailStore Web Access / Outlook Add-In (HTTP)
    Enables archive access via HTTP through MailStore Web Access and the MailStore Outlook Add-in.
  • IMAP Server (STARTTLS)
    Enables the STARTTLS-encrypted archive access through the integrated IMAP server (explicit TLS). Login over unencrypted connections is not supported.
  • IMAP Server (SSL)
    Enables SSL/TLS-encrypted archive access through the integrated IMAP server (implicit TLS).
  • MailStore Administration API (HTTPS)
    Enables the MailStore Administration API.
  • VSS Writer
    Activates the MailStore Volume Shadow Service Writer for enabling live backups of the archive using an external backup software.
    • Exclude Indexes from VSS Backup
      Location of index files will not be reported by the VSS Writer.

Controlling the Service

The current status of the MailStore Server service is shown at the bottom of the window. By using the buttons you can control the MailStore Server service.

Safe Mode

The MailStore Server service can be started in Safe Mode to perform maintenance on the configuration.

While the Safe Mode is active:

  • Only administrators can log in to MailStore
  • Automatic archiving and export profiles are not started
  • Jobs are not started automatically
  • All internal heartbeats are disabled
  • The MailStore Server Service Configuration cannot be closed

IP Addresses and Ports

In addition to enabling and disabling individual network based components, you can choose the IP address and the port to which a component is to be bound as well as the SSL/TLS certificate that should be used for encrypted connections.

Tech config 02.png

Basic Options

IP Address

The IP address on which the component accepts connections. Generally, it is recommended to bind all MailStore Server components to all IP addresses (default).

Port

Indicates the TCP port on which the component accepts connections.

Hint: If no web server other than MailStore Web Access is installed (e.g. an IIS website, Microsoft Outlook Web Access or SharePoint), you can specify the HTTP- and HTTPS standard ports (80 and 443). This way, users can access MailStore Web access directly using the URLs http://<server name> or https://<server name> without port numbers.

Server Certificate

Shows the current SSL/TLS certificate for the respective component. Click on the name of the SSL/TLS certificate to view further details. Using the ellipsis button (…) next to the name you can:

  • Select an SSL/TLS certificate from the certificate store of the MailStore Server computer.
  • Create a new self-signed SSL/TLS certificate.
  • Import an SSL/TLS certificate from a file directly into the certificate store of the MailStore Server computer. The file must be in PKCS #12 format and usually has the file extension .pfx or .p12.

Further information about certificates and SSL/TLS security can be found in the following articles:

Specific Options

MailStore Client

You cannot disable this component because the MailStore Client is essential for managing MailStore Server. The default TCP port is 8460.

MailStore Web Access / Outlook Add-in (HTTP)

This component provides unencrypted archive access through MailStore Web Access and the MailStore Outlook Add-in. The default TCP port is 8461.

  • Enable HTTPS redirect
    Enabling this option redirects unencrypted HTTP requests to the HTTPS port.
  • Redirect to custom server name
    If MailStore Server should use a specific server name for the HTTPS redirect, it must be specified here.

MailStore Web Access / Outlook Add-in (HTTPS)

This component provides SSL/TLS-encrypted archive access through MailStore Web Access and the MailStore Outlook Add-in. The default TCP port is 8462. This component cannot be disabled.

IMAP Server (STARTTLS)

This component provides STARTTLS-encrypted archive access through the integrated IMAP server (explicit TLS). The default TCP port is 143. Login over unencrypted connections is not supported.

IMAP Server (SSL)

This component provides SSL/TLS-encrypted archive access through the integrated IMAP server (implicit TLS). The default TCP port is 993.

MailStore Administration API (HTTPS)

This component provides SSL/TLS-encrypted access to the MailStore Administration API. The default TCP port is 8463.

Security and Encryption

This page provides several security features related to archive access and encryption. Please note that you cannot use these features while the MailStore Server service is running; it has to be stopped first.

Tech config 03.png

Restore Default Admin

Through this feature you can restore the default admin user admin with the likewise password admin. If the recovery key of the archive whose default admin you want to restore is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.
A restore of the default admin user is written into the audit log.

Reinitialize Archive Encryption

For security reasons the archive encryption is bound to the Windows installation of the MailStore Server machine. Therefore it might be necessary to reinitialize the archive encryption when moving the archive to another computer. If the recovery key of the archive whose encryption you want to reinitialize is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.

Set Recovery Key

The recovery key is used to authorize several security related tasks in MailStore Server, such as restoring the default admin, moving the archive to another machine or attaching archive stores from another MailStore installation. That way the number of people that may perform such tasks can be kept small and administrative archive and system duties can be kept separate.

By default, MailStore Server uses the product key provided during setup as recovery key and most security related tasks are carried out automatically without the need to enter the recovery key for authorization.

To improve security you can change your recovery key to an automatically generated, random value. In that case, every security related tasks must be authorized by entering the recovery key. For easier reference, each recovery key has a unique identifier that is displayed when the related recovery key must be provided. Only the most recent recovery key can be used for authorization.

Changing the Recovery Key

  • Tech config 04.png
    Click on Change to change the recovery key to an automatically generated, random value.
  • You will be asked to save the recovery key to a file and/or print it. You have to choose at least one option to continue.
  • After successfully changing the recovery key only the new key can be used henceforth.

Important notice: Always store the recovery key in a secure location. Without the recovery key carrying out security related tasks is no longer possible.

Resetting the Recovery Key

You can reset the recovery key to the current product key of your MailStore Server installation at any time. Before the reset you will be asked to enter the current recovery key. By default, MailStore Server already uses the current product key as recovery key and the button is disabled.

Startup Script

The MailStore Server service can execute a script before startup. The script can be used to establish a connection to a network resource using special connection parameters as described in chapter Using Network Attached Storage (NAS).

Event Viewer

Events such as starting or stopping the MailStore Server service are displayed here. If there are any errors, click on the corresponding entry to view additional details below the list.

Debug Log

On this page you can enable, view or delete all debug logs created by MailStore Server.

Enable Debug Log

Enable this feature if any problems or errors have occurred while running MailStore Server. After restarting the server service via Restart Service in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.

Enable IMAP Connection Debug Log

Enable this feature if problems or errors have occurred while accessing MailStore Server using the integrated IMAP server. After restarting the server service via Restart Service in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.

The table shows an overview of all debug log files. To view the contents of a debug log file in a text editor, double-click on the file name or click on Open. To delete a debug log file, highlight the file name and click on Delete.

Retrieved from "https://help.mailstore.com/en/server/index.php?title=MailStore_Server_Service_Configuration&oldid=6246"