DOCUMENT:Q223161 11-JUN-2002 [exchange] TITLE :XADM: Information on ESE Zeroing PRODUCT :Microsoft Exchange PROD/VER:winnt:5.5 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Server, version 5.5 ------------------------------------------------------------------------------- IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: Q256986 Description of the Microsoft Windows Registry SUMMARY ======= This article explains ESE Zeroing, a feature first included in Microsoft Exchange Server, version 5.5 Service Pack 2. MORE INFORMATION ================ ESE Zeroing is a feature designed to overwrite unused pages in the Exchange Server databases with zeroes so that the data within these unused pages cannot be recovered using conventional means. When an item is deleted from the Exchange Server (with Deleted Item Retention disabled), such as when a user deletes a message from their mailbox, the item is dereferenced and the pages that item was occupying are marked as unused. When ESE Zeroing is enabled, the data that is contained in unused pages is overwritten with various characters (either 'z', 'd', 'l', or 'u', depending on the type of page being overwritten) during an online backup. As each database page is written to the tape, the page is overwritten with zeroes in the database on the hard disk one time. After the backup has completed, the deleted data is on the tape, but is no longer in the database and cannot be recovered using conventional means. To enable ESE zeroing during online backups with Microsoft Exchange Server Service Pack 2, you must add the following registry entry: 1. Start Registry Editor (Regedt32.exe). 2. Go to the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem 3. Add the following entry: Name: "Zero Database During Backup" (without quotes) Type: REG_DWORD Value: 0x00000001. 4. Quit Registry Editor. After this change has been applied, the Microsoft Exchange Information Store service must be stopped and restarted for these changes to take effect. You will now receive ESE Zeroing notifications in the Windows NT Event Viewer's Application log after an online backup. Additionally, you will receive an Event ID 197 and 198 for each Information Store database on the server. Event ID 197 from ESE97 is logged when the database zeroing operation starts. Event ID 198 from ESE97 is logged when database zeroing is completed. This event will give details about the operation. The output will resemble the following: MSExchangeIS ((###) ) Online zeroing of database D:\EXCHSRVR\MDBDATA\PRIV.EDB finished after # seconds with err # #### pages # blank pages #### pages unchanged since last zero ### unused pages zeroed ##### used pages seen ## deleted records zeroed # unreferenced data chunks zeroed where the #'s are numbers that will vary from system to system. An additional switch has been added to ESEUTIL as of Microsoft Exchange Server, version 5.5 Service Pack 2. ESEUTIL /z will perform the zeroing of unused database pages in the same manner as explained above, by running an offline command-line database utility. It will also detect and zero orphaned long values. For more information about orphaned long values, see the following Microsoft Knowledge Base article: Q185271 XADM: Orphaned LV Errors Running ESEUTIL Consistency Checker." SECURE: DESCRIPTION: Removes all deleted records from database. SYNTAX: ESEUTIL /z (database name) PARAMETERS: (database name) - filename of database to compact, or one of /ispriv, /ispub, or /ds (see NOTES below) NOTES: 1. The switches /ispriv, /ispub, and /ds use the Registry to automatically set the database name for the appropriate Exchange store. Running ESEUTIL /z against the Exchange Server databases will yield an output similar to the following: Microsoft(R) Windows NT(TM) Server Database Utilities Version 5.5 Copyright (C) Microsoft Corporation 1991-1999. All Rights Reserved. Initiating SECURE mode... Database: priv.edb Scanning Status ( % complete ) 0 10 20 30 40 50 60 70 80 90 100 |----|----|----|----|----|----|----|----|----|----| ................................................... #### pages seen #### blank pages seen #### unchanged pages seen #### unused pages zeroed #### used pages seen #### pages with unknown objid #### nodes seen #### flag-deleted nodes zeroed #### flag-deleted nodes not zeroed #### version bits reset seen #### orphaned LVs Operation completed successfully in ##.### seconds. where the #'s will be actual numbers that will vary from system to system. Additional query words: scrub scrubbing ====================================================================== Keywords : Technology : kbExchangeSearch kbExchange550 kbZNotKeyword2 Version : winnt:5.5 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.