For security purposes, the application signs each message sent to recipients from Backup with a header containing an encrypted hash of the message.
A signature decryption key is generated automatically during installation or upgrade of the application. When necessary, you can also re-generate a key.
Users in the Kse Administrators group can perform actions with the message signature decryption key in the Windows PowerShell environment on the Hub Transport server. To work with a key on an Edge Transport server, all you have to do is run the Windows PowerShell as an administrator.
To export a key:
Export-MessageSignKey -FileName <file path> -Server <server name>
where:
The key will be saved to the specified file.
When the command is executed on a server deployed in the Hub Transport role, the keys of all Microsoft Exchange servers added to the domain are exported. All keys are written to one file.
When the command is executed on a server deployed in the Edge Transport role, only the key of the specific server is exported.
To import a key:
Import-MessageSignKey -FileName <file path> -Server <server name>
where:
The key will be imported to the server.
To re-generate a key:
Regenerate-MessageSignKey -Server <server name>
where <server name> is the name of the Microsoft Exchange server for which the key is being re-generated.
The key will be reissued.
Page top