Migration Guide 2033 to 2034

The following brief instructions explain the necessary update steps and also provide best practice recommendations / optimisation options.

Before you carry out the update of the REDDOXX Appliance to 2034, please make sure that a backup of both the appliance and (if used) the archive storage / archive container is available.

Please note that new user interfaces will also be necessary after the update: https://www.reddoxx.com/support#downloads
With the old user interfaces, access to the new version of the appliance is no longer possible; this must be taken into account in a corresponding rollout.
When using the REDDOXX Outlook Addin / Plugin, REDDOXX Desktop is also necessary.

Please also check in advance that the conditions regarding hardware / virtual machines for 2034 are fulfilled.

With 2034 some new firewall settings - especially here port 80 / 443 - are necessary, please check this before the update so that hotfixes can also be installed.

If you are using the MailDepot, make sure that a high-performance storage is used, as the containers are counted with regard to the number of documents during the update.
Only after this process is finished can the appliance process mails again. Especially with slow storages or large or many containers, this can take several hours.
This should be taken into account when planning the time for the update.

With version 2034, MailDepot Basic licences are no longer used. Our sales team will convert these to Premium licences in advance.

You are welcome to familiarise yourself in advance with the setting options and the new functions using the video screencasts.

Version 2034 includes important changes regarding the LDAP connection:

  • Currently, only Local and Microsoft AD Realms are supported.
    As long as other connections (Novell, Openldap, Lotus Notes etc.) are in use, an update is not possible.
  • During the update to 2034, the created users and thus also the authorisations (category accesses, deputy policies, audit authorisations) will be removed and must be
    and must be adjusted again after the update.
    Since these realm connections are supported with 2034 SP1, they can be deleted in advance and recreated after updating to 2034 SP1, but it is advisable to test the realm and sync on a parallel installed 2034 SP1 appliance first.
  • To support this, a dummy realm is created during the migration, in each case with the prefix "rdx2033-" in which the old users are still present.
    This makes it easier to restore the former authorisations after the update.
  • However, as access to AD groups, shared mailboxes and public folders is then also taken into account, especially through AD synchronisation,
    deputy permissions are no longer necessary in this form.

There are also some changes to be considered in the Spamfinder area:

  • The RBL and antispoofing filters are decoupled from the profile-based filters and are already applied during the SMTP connection setup.
  • Furthermore, there is no option for marking or rejecting in the filter profiles, so detected spam is always in a quarantine / ciss or virus queue.
  • User-based filter settings for AD users are not migrated in the update. The users should be informed accordingly in advance,
    so that they can make a note of any important settings and re-enter them later.

General incompatibilities

  • The update is blocked for cluster environments and appliances where MailSealer Light is used.

In the Admin Web Interface => Diagnostic Centre => Firmware, install any missing hotfixes (hotfixes on Install + Start).
If hotfixes have been installed, restart the appliance afterwards.

Check the general state of the appliance via the diagnosis "Health Status" and correct any warnings or errors that occur.
Via the F1 key, you will receive corresponding help in the context-based online documentation for each diagnosis.

Also make sure that the DNS configuration of the appliance (Admin Web Interface => Configuration => Network) is correct and that a mixture of external / internal DNS servers is not used.

  • Delete users and realms if they are connected via Novell eDirectory, Lotus Domino, OpenLDAP or OpenExchange AE and an update is to be carried out anyway.
    Please note that with 2034 there is initially no AD connection to these systems and users / e-mail addresses must then be created locally.
    You can access the realm / user and group administration in the admin web interface via Administration => User and Groups.
  • Configure a storage (Configuration => Storages) and select it as storage for backups via Administration => Backup and Restore => Settings.
  • After the update, the old permissions that are no longer effective will be displayed via a copy of the realms with prefix "rdx2033-" and must then be corrected manually.
    For proxy policies where "Apply to all users" was enabled, there is a dummy "apply to all users" group that reflects this.
    However, to be on the safe side, make a note of the permissions in categories (Mail Depot => Categories), deputy policies (Administration => User and Groups => Policies) and audits (Mail Depot => Audit Sessions) as well as the membership of users in the corresponding groups.
  • Ensure that the appliance is provided with at least 4 GB of memory (Diagnostic Centre => Memory for a quick check of the current equipment).
    If the appliance should perform the spam finder function with activated virus scanner and archiving in the mailflow, 6 or 8 GB of working memory would be more optimal.

  • Check whether the retention period for log files (Administration => Logfiles => Settings) is configured (we recommend 30 days and archive before deleting).
  • Check whether the archive policies (MailDepot => Archive Policies) and archive tasks (MailDepot => Archive Tasks) are still necessary.

  • Download the update (Administration => Updates => Request Updates).
  • Start the installation, first a pre-migration check and a migration check will be carried out, which will prevent an update if necessary, if there are any obstacles.
  • If you are sure that you want to ignore the warnings, start the Pre-Migration Check diagnosis in the Diagnostic Centre with Ignore Warnings => Activate Self-Test => Update Self-Test Parameters => Start and run the update procedure again. This only applies to warnings, errors cannot be ignored.
  • After the update has been installed and completed with OK, it is initially not possible to log in to the browser window, so if caching is activated in the browser, first clear the browser cache or switch to a private tab.

After the installation, some configurations have to be adjusted:


  • Adjust the SMTP host and check whether the appliance notification (Test Notification) can be delivered successfully.
  • Check the DNS settings under Configuration => Network => General (especially the new input field Search Domains).
  • In the configuration for the POP3 proxy, the TLS certificate to be used can now be selected in the TLS Settings area.


  • Install the hotfixes in the section Administration => Updates => Install Hotfixes.
  • Adjust the realm settings via Edit and enter the access data of an authorised user (a readonly service account is sufficient here) in the LDAP Connection area.
  • If you use public folders in the Exchange and the access rights are also to be synchronised (important especially for e-mail activated public folders with activated recipient verification, activate "Enable Public Folders" in the tab "Exchange Web Service
    Also enter an access-authorised user here (this user must have at least a read authorisation for the corresponding public mailboxes, so a service account in the root authorisations is recommended here) and the Exchange Web Service url.
    Basic Authentication to the Web Service is required for this access.

In the Exchange Management Shell you can determine the web service URL as follows:

Get-WebServicesVirtualDirectory | fl

Basic Authentication can be activated in the Exchange Management Shell as follows:

Get-WebServicesVirtualDirectory -Server $env:computername | Set-WebServicesVirtualDirectory -BasicAuthentication:$true
  • In the tab User and Group Synchronisation you can regulate the groups / users to be synchronised via an OU filter if desired.
  • Save the realm adjustments and carry out a synchronisation.
  • With "Set as Default" you can define a realm as the default realm, which will be displayed first in the user interface.
  • Adjust the group assignments again and check with a logon to the user interface whether deputy guidelines are still necessary.
  • If specific proxy policies are required, reconfigure them.
  • Migrated dummy groups and users in the permissions of the policies / deputy groups have the realm with prefix rdx2033 displayed.
    Add the correct new users / groups back and then remove the dummy groups / users.


Due to the changes to the filter profiles, only one filter profile may be necessary here.
Check the filter profiles and ideally adjust the default filter profile accordingly (as this will then be used for the newly created email addresses from the synchronised realm).

Mail depot

Check the permissions in the categories and audits, migrated dummy groups and users have shown the realm with prefix rdx2033.
Add the correct new users / groups back and then remove the dummy groups / users.

As some new features are available after the installation, these can be configured additionally:

  • You can adjust the TLS protocol versions for the web server.
  • TLS protocol versions can also be adapted in the send and receive connectors as well as in the transport policies.
  • You can define external domain policies if certain communication partners have specific requirements for e-mail communication.
  • Statistical overviews can be obtained by activating the telemetry data.
  • PGP has now been added to the MailSealer area.
  • The virus scanner can now block protected compressed attachments and phishing urls.
  • MailDepot policies can now be configured based on the source of an email

It could be that the inodes diagnosis shows an error "Numeric Value Required" after the update,
Please adjust the parameters once in the Inodes diagnosis via "Selftest" and start the diagnosis afterwards.

The MailProcessingQueue could contain "WaitingForVirusScanner", in this case start it in the Admin Webinterface => Spamfinder => Filter Settings => Virus Scanner with "Apply Settings".

This error may occur after the update if the appliance is accessed via http://APPLIANCE-IP. Please access the appliance via https://.

If archive policies are used which are supposed to prevent e-mail archiving on sender or recipient patterns, they are currently ineffective.
The reason for this is that the correct addresses are not known when the journal is received, but these are then correctly applied when the e-mail is processed.
As a workaround, it is therefore currently possible to delete these e-mails from the container, e.g. via Archive Task (Delete).

If dynamic distribution groups are configured when using an Exchange system, they currently do not work.
This has a corresponding effect on the recipient check. In this case, a security or regular distribution group should be created temporarily as a work around.

If the directory monitoring is used in the MailDepot, there is currently the problem that the source folder is not emptied after importing the e-mails.

The display of the realms currently supports a maximum of 25 realms, as the old realms are created as a backup copy during migration.
appliances that use more than 12 realms under 2034 are affected.