After installing security update for Exchange Server, Exchange mailbox backups fail with the following error:
Cannot open public folder or mailbox.
Access is denied
Security update for Exchange server included a loopback check security feature that is designed to help prevent reflection attacks on your computer (see CVE-2018-8581 for more information). Authentication fails if the FQDN or the custom host header that you use does not match the local computer name.
- On the Exchange server, open Registry Editor: Start -> Run -> type regedit
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
- Create a new multi-string value BackConnectionHostNames under MSV1_0
As value data, add a multiple strings with CNAMEs or ALIASes under which the Exchange Client Access Server should be reachable internally and externally, e.g.:
Close registry editor and reattempt the backup