Exchange transaction logs are written to an encrypted folder
[This topic is intended to address a specific issue called out by the Exchange Server Analyzer Tool. You should apply it only to systems that have had the Exchange Server Analyzer Tool run against them and are experiencing that specific issue. The Exchange Server Analyzer Tool, available as a free download, remotely collects configuration data from each server in the topology and automatically analyzes the data. The resulting report details important configuration issues, potential problems, and nondefault product settings. By following these recommendations, you can achieve better performance, scalability, reliability, and uptime. For more information about the tool or to download the latest versions, see "Microsoft Exchange Analyzers" at http://go.microsoft.com/fwlink/?linkid=34707.]
Topic Last Modified: 2007-02-27
The Microsoft Exchange Analyzer Tool queries the Win32_Directory Microsoft Windows Management Instrumentation (WMI) class to determine the value of the Encrypted key for the folder that contains the information store transaction logs. If the Exchange Analyzer finds the value for Encrypted set to True, an error is displayed.
When a message is delivered to Exchange, it is first written to the transaction logs before it is committed to the store and delivered. On an Exchange 2000 Server or an Exchange Server 2003 computer, the transaction logs are written to the following default location:
On an Exchange Server 2007 computer, the transaction logs are written to the following default location:
**<drive>:\Program Files\Microsoft\Exchange Server\Mailbox\<Storage Group Name>
Microsoft does not support the storage of Exchange data files on an Encrypting File System (EFS) encrypted volume. When you store your Exchange data files on an encrypted volume, the additional overhead significantly affects Exchange Server performance. The Exchange data files include all the following files:
To help secure your Exchange data files, it is recommended that you prevent unauthorized access to the Exchange computer and that you use the S/MIME message format to encrypt message data.
To resolve this error, you must either turn off file encryption on the folder where the transaction logs are being written, or move the transaction logs to a folder where encryption is not enabled.
To turn off file encryption on a specified folder
Right-click the folder where you want to turn off file encryption, and then click Properties.
On the General tab, click Advanced.
In the Advanced Attributes dialog box, clear the Encrypt contents to secure data check box, and then click OK.
To move the transaction logs on Exchange 2000 Server or Exchange Server 2003
Open Exchange System Manager.
Expand Administrative Groups, expand your administrative group, expand Servers, right-click your storage group, and then click Properties.
On theGeneral tab, under Transaction log location, click Browse.
Enter the path to the new location for the log files, and then click OK.
To move the location of an Exchange storage group's transaction log files for Exchange Server 2007
- Follow the guidance in the core Exchange Server 2007 documentation, "How to Set or Change the Location of Storage Group Log Files" (http://go.microsoft.com/fwlink/?LinkID=80702).
For more information about moving log files, see the Microsoft Knowledge Base article 821915, "How to Move Exchange Databases and Logs in Exchange Server 2003" (http://go.microsoft.com/fwlink/?LinkId=3052&kbid=821915).
For more information about Exchange Server data files and EFS, see Microsoft Knowledge Base article 834638, "Information about the storage of data files on an encrypted volume in Exchange Server" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=834638).
For information about how to secure messages in Microsoft Exchange Server 2003, see the Exchange Server 2003 Message Security Guide (http://go.microsoft.com/fwlink/?linkid=47574).