- Back up the ScanMail database from the local SQL Server.
- On the SQL Server Management Studio (SSMS), connect to the SQL Server Instance of the ScanMail server.
- Right-click the ScanMail database and select Tasks > Back Up... to back up the ScanMail database to .bak files (e.g. ScanMail.bak).
- Under the Source section, set Backup type: to Full.
- Under the Destination section, set Back up to: to Disk, and then specify the destination folder and file name.
- When ready, click OK. The following message will appear after a successful database backup.
- Ensure that the database backup is stored on a safe location.
- Restore the database to the remote SQL Server.
- Copy the database .bak file to the remote SQL server.
- Using SSMS, connect to the SQL Server Instance of the remote SQL server.
- On the left panel, right-click Databases and click Restore Database... to restore the ScanMail database from the .bak file.
- Under the Source section, select Device and browse for the .bak file you transferred to the remote SQL server.
- Click OK twice to prepare the Restore Database wizard.
- When ready, click OK. The message below will appear after a successful database restoration.
- On the ScanMail Server, copy the database files ScanMail.mdf and ScanMail_log.ldf and paste them to the remote SQL Server directory.
- Go to the remote SQL server and open the SQL Server Management Studio (SSMS).
- On the Object Explorer section, right-click Databases and select Attach...
- On the Attach Databases window, click Add...
- Select the ScanMail.mdf file you copied earlier from the ScanMail server.
- Click OK to select the file and go back to the Attach Databases window. It will list the MDF file and database details.
- Click OK. The ScanMail database should now be listed on the Object Explorer section.
- Open the Command Prompt as administrator and run the following:
mkdir C:\_trendBackup mkdir C:\_trendBackup\smex_backup mkdir C:\_trendBackup\smex_backup\config cd "C:\Program Files\Trend Micro\Smex\config" copy dbcfg_* "C:\_trendBackup\smex_backup\config\"
- Verify that a backup copy of the configuration files has been created.
Below are the two (2) options to configure the database authentication for the ScanMail databases imported into the remote SQL server:
- Check the user login.
On the SQL Server Management Studio, expand Security and click Logins.If you do not have a Windows Authentication User Login for SMEX, add one first. Consult your database administrator for further assistance. - Once you have a domain service account, right-click the Windows Service Account and click Properties.
- On the Login Properties window, click Server Roles and select dbcreator and public checkboxes.
- On the left panel, click User Mapping.
- Put a check on the Map column that corresponds to the ScanMail database, then select the db_owner and public under the Database role membership section.
- Once done, click OK.
- Check the user login.
On the SQL Server Management Studio, expand Security and click Logins.If you do not have an SQL Authentication User Login for SMEX, add one first. Consult your database administrator for further assistance. - Once you have a domain service account, right-click the Windows Service Account and click Properties.
- On the Login Properties windows, click Server Roles and select dbcreator and public checkboxes.
- On the left panel, select User Mapping.
- Put a check on the Map column that corresponds to the ScanMail database, then select db_owner and public under the Database role membership section.
- Once done, click OK.
Below are some tips on how to retrieve the necessary information for editing the ScanMail configuration files.
- To list the existing database instance on the network, use the following command (either on SMEX server or SQL server).
osql -L
- To get the exact database name of ScanMail, open the SQL Server Management Studio, connect to the remote SQL Server instance, and use the SQL query below:
select * from sys.databases where name like 'ScanMail%';
- To get the database path of the .mdf and .ldf, open the SQL Server Management Studio and go to Database Properties > Files, then check the Path (e.g. D:\SQL_Files\SQL_Data).
Follow the procedure based on the database authentication method you chose in "Step 3. Configure database authentication on the remote SQL Server."
- Open the Command Prompt as administrator and run the commands below to stop the ScanMail for Microsoft Exchange Master Service and ScanMail for Microsoft Exchange System Watcher.
sc stop ScanMail_Master sc stop ScanMail_SystemWatcher
To verify if the service status is stopped, run the following:
sc query ScanMail_Master sc query ScanMail_SystemWatcher
- Check the Service Dependency of ScanMail for Microsoft Exchange Master Service.
By default, if you are using a local SQL database on the same server as SMEX, the Master Service will have a service dependency on the local Microsoft SQL Server Instance. Since we are configuring a remote SQL Server, we will need to remove this dependency.
To view the existing service dependency, open the Command Prompt as administrator and run the following:
sc qc ScanMail_Master
Below is a sample output:
SC] QueryServiceConfig SUCCESS SERVICE_NAME: ScanMail_Master TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\Trend Micro\Smex\svcGenericHost.exe" SMEX_Master.exe .\config\cfg_ipcServerDll1.txt SMEX_HOST LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : ScanMail for Microsoft Exchange Master Service DEPENDENCIES : MSSQL$SCANMAIL SERVICE_START_NAME : LocalSystem
- Remove the service dependency to the local SQL Server.
Open the Command Prompt as administrator and run the command below:
sc config ScanMail_Master depend= ""
To verify, run the following command:
sc qc ScanMail_Master
- Modify the database configuration files to use the remote SQL Server.
Open the Command Prompt as administrator and run the command below. If you have installed SMEX on a non-default directory, change the directory location accordingly.
cd "C:\Program Files\Trend Micro\Smex\config"
Command Description notepad dbcfg_ConfDBName.txt
Verify that it uses the correct ScanMail database name. notepad dbcfg_ConfInitFileName.txt
Verify that this file is blank. notepad dbcfg_DatabaseInstance.txt
Modify this file and use the SQL Server FQDN. Make sure that SMEX can resolve the FQDN. notepad dbcfg_InstallPath.txt
Modify this file and use the Path (Directory) of the ScanMail .mdf and .ldf on the remote SQL Server. notepad dbcfg_IsSeperateSQLServer.txt
Modify this file, change the value to 1. notepad dbcfg_LogDBName.txt
Verify that it uses the correct ScanMail database name. notepad dbcfg_ReportDBName.txt
Verify that it uses the correct ScanMail database name. notepad dbcfg_ReportInitFileName.txt
Verify that this file is blank. notepad dbcfg_SecurityString.txt
Verify that it uses the following values: Integrated Security=SSPI;Persist Security Info=False; notepad dbcfg_ServerName.txt
Verify that it uses the hostname of the ScanMail server. notepad dbcfg_SQLPassword.txt
Modify this file and remove all its content, it should be blank. notepad dbcfg_SQLServerAuthenticationMethod.txt
Verify that this file has a value of 1. notepad dbcfg_SQLUserId.txt
Verify that this file is blank. - Modify the ScanMail for Exchange Master Service and System Watcher Service to use the Windows Service Account.
Open the Command Prompt as administrator and run the commands below. Make sure to replace the command with your domain service account and password, which should be the same domain service account configured on the SQL Windows Authentication.
sc config ScanMail_Master obj= "DOMAIN\SVC_ACCOUNT" password= "PASSWORD" type= own sc config ScanMail_SystemWatcher obj= "DOMAIN\SVC_ACCOUNT" password= "PASSWORD" type= own
- Start the ScanMail for Exchange Master Service and System Watcher Service by running the following command in the Command Prompt as administrator.
sc start ScanMail_Master sc start ScanMail_SystemWatcher
Starting the ScanMail for Exchange Master Service takes a few minutes. Verify the service status again after a few minutes and open the web console to verify that it works. In services.msc, the services should look like below.
- Open the Command Prompt as administrator and run the commands below to stop the ScanMail for Microsoft Exchange Master Service and ScanMail for Microsoft Exchange System Watcher.
sc stop ScanMail_Master sc stop ScanMail_SystemWatcher
To verify if the service status is stopped, run the following:
sc query ScanMail_Master sc query ScanMail_SystemWatcher
- Check the Service Dependency of ScanMail for Microsoft Exchange Master Service.
By default, if you are using a local SQL database on the same server as SMEX, the Master Service will have a service dependency on the local Microsoft SQL Server Instance. Since we are configuring a remote SQL Server, we will need to remove this dependency.
To view the existing service dependency, open the Command Prompt as administrator and run the following command:
sc qc ScanMail_Master
Below is a sample output:
[SC] QueryServiceConfig SUCCESS SERVICE_NAME: ScanMail_Master TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : "C:\Program Files\Trend Micro\Smex\svcGenericHost.exe" SMEX_Master.exe .\config\cfg_ipcServerDll1.txt SMEX_HOST LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : ScanMail for Microsoft Exchange Master Service DEPENDENCIES : MSSQL$SCANMAIL SERVICE_START_NAME : LocalSystem
- Remove the service dependency to the local SQL Server by running the following command in the Command Prompt as administrator:
sc config ScanMail_Master depend= ""
To verify, run the command below:
sc qc ScanMail_Master
- Modify the database configuration files to use the remote SQL Server.
Open the Command Prompt as administrator and run the command below. If you have installed SMEX on a non-default directory, change the directory location accordingly.
cd "C:\Program Files\Trend Micro\Smex\config"
Command Description notepad dbcfg_ConfDBName.txt
Verify that it uses the correct ScanMail database name. notepad dbcfg_ConfInitFileName.txt
Verify that this file is blank. notepad dbcfg_DatabaseInstance.txt
Modify this file and use the SQL Server FQDN. Make sure that SMEX can resolve the FQDN. notepad dbcfg_InstallPath.txt
Modify this file and use the Path (Directory) of the ScanMail .mdf and .ldf on the remote SQL server. notepad dbcfg_IsSeperateSQLServer.txt
Modify this file, change the value to 1. notepad dbcfg_LogDBName.txt
Verify that it uses the correct ScanMail database name. notepad dbcfg_ReportDBName.txt
Verify that it uses the correct ScanMail database name. notepad dbcfg_ReportInitFileName.txt
Verify that this file is blank. notepad dbcfg_SecurityString.txt
Verify that it uses the following value: Persist Security Info=True; notepad dbcfg_ServerName.txt
Verify that it uses the hostname of the ScanMail server. notepad dbcfg_SQLServerAuthenticationMethod.txt
Verify that this file has a value of 0. notepad dbcfg_SQLUserId.txt
Modify this file and enter the SQL authentication login name. notepad dbcfg_SQLPassword.txt
Note: The following steps will change the encrypted value inside "C:\Program Files\Trend Micro\Smex\config\dbcfg_SQLPassword.txt" cd "C:\Program Files\Trend Micro\Smex\" toolChangeRemoteDBPWD.exe -p "C:\Program Files\Trend Micro\Smex\config" -c <SQL_ACCOUNT_PASSWORD>
To verify, use the following commands:
cd "C:\Program Files\Trend Micro\Smex\config" notepad dbcfg_SQLPassword.txt
- Start the ScanMail for Exchange Master Service and System Watcher Service by running the commands below in the Command Prompt as administrator.
sc start ScanMail_Master sc start ScanMail_SystemWatcher
Starting the ScanMail for Exchange Master Service takes a few minutes. Verify the service status again after a few minutes and open the web console to verify that it works. In services.msc, the services should look like below.
Open the ScanMail Management Console and login. Verify if all the configurations are there and no error appears on the console.
Once the ScanMail database has been successfully migrated, uninstall the ScanMail database instance in the local SQL Server. Follow this Microsoft article for the complete procedure: Uninstall an Existing Instance of SQL Server (Setup).