Wednesday, May 18, 2011

Microsoft Exchange 2010 Installation Step-By-Step Part 4 (Server Configuration–Continued)

Now that we have installed Exchange 2010, Configured the Organization and installed and configured the Certificate we can move on to configuring the rest of the Server section.

image

The first section ‘Mailbox’ refers to the local Mailbox Database location. Since we are installing a single standalone Exchange server we can leave this section as is and move on to ‘Client Access’.

image

The ‘Client Access’ pane has a number of tabs on it and we will go through each one to ensure that the configuration is correct in order to allow your mail clients to connect correctly.

Let’s start with Outlook Web App.

image

Right-click on ‘owa (Default Web Site) and then click on properties.

image

Under the General Tab note the location of your internal and external URL’s for Web App access. You will need to pass these onto your users once your Exchange goes into production. You will note that Exchange has already configured the internal and external paths as specified by the certificate which was installed previously. The rest of the window’s tabs can be left in their default state as they inherit most of these properties from the Organization Configuration we did in a previous article. Close the window.

With ‘Client Access’ still being highlighted you will note on the 'Right-Hand action pane a task which states ‘Enable Outlook Anywhere…’

image

Click on the link.

image

In the Text Box provided type the Exchange Server’s External host name. This should be the mail.<external domain> which we set to the primary of the Exchange Certificate we configured. Leave authentication as ‘Basic Authentication’ and tick ‘Allow secure channel (SSL) offloading. Then click ‘Enable’.

image

The wizard will complete with information stating that ‘Outlook Anywhere’ will be enabled in approximately 15 minutes.

The rest of the ‘Server Configuration’ section can be left in its default state as these are inherited from the Organization Configuration and since this is a standalone Exchange Installation the defaults of the organisation apply to the server.

Your Exchange installation is now complete!

C

Monday, May 16, 2011

Microsoft Exchange 2010 Installation Step-By-Step Part 3 (Server Configuration–Certificate)

As per the previous article the Organization Configuration is now complete. The next step in the process is to configure the actual Server. In multi-server environments where the roles have been split this would need to take place on each server with the necessary configuration taking place at the required role level.

Let’s begin with the global Server Configuration by clicking on the Server Configuration node on the Exchange Management Console.

image

One of the parts that causes much frustration in modern Exchange installations is the configuration of Outlook Anywhere and ActiveSync which require the publishing of a Subject Alternate Name (SAN) Certificate. To save unnecessary frustration down the line it is recommended that this certificate be acquired from an Enterprise Root Certificate Authority e.g. VeriSign / Thawte / Go Daddy. The Go Daddy certificates are the most cost effective and their publishing process is much simpler so my personal recommendation is to use that service.

Let’s begin by creating the certificate request using the Exchange Management Console. On the right-hand action pane click on ‘New Exchange Certificate…’

image

In the window that opens type a ‘Friendly Name’ for the certificate and then click ‘Next’. The friendly name should be something you will be able to identify in a list full of certificates.

image

Next you will be prompted to define a Domain Scope for subdomains which will issue a ‘wildcard’ certificate request. As I am not configuring a domain with subdomains I am leaving this step out but you may need to use it should you require subdomains at any point. Click ‘Next’ when done.

image

image

You will now need to configure the actual services you will be using. By default I recommend that the following be enabled:

  • Outlook Web App (internal and external)
  • ActiveSync
  • Web Services, Outlook Anywhere, and Autodiscover
  • Hub Transport (Using TLS)

My examples are above. Click ‘Next’ once done.

image

Exchange will generate multiple domains for you. You need to modify these as follows:

  • mail.<external domain> i.e. mail.domain.com, must be set to the common name
  • you only require 3 more (Exchange will generate 6) these are:
    • <external domain> i.e. domain .com
    • autodiscover.<external domain> i.e. autodiscover.domain.com
    • Server Name in this instance it is SFTEXCH.sft.local

Click ‘Next’ once you have modified this.

image

You will now need to fill in the organisation’s details. Once completed click ‘Next’. You will be presented with a summary window… click ‘New’. The certificate request will be generated and the text-based file will be copied to the location you specified in the window above.

Open the text document and submit the generated ‘hash’ to the certificate authority. They will in due course issue you with a certificate which you will now need to install on your Exchange server as per the instructions you can find here on the GoDaddy community: http://community.godaddy.com/help/article/5863

Note if you are not using GoDaddy as your certificate provider then you will more than likely not need to do the import into the ‘Intermediate Certificate Authorities’ it refers to in the first few steps of the process.

Once complete your centre pane should look as follows:

image

Note the status of self-signed should be false.

We now need to assign  services to the newly installed certificate.

image

Right-Click on the Certificate and click on ‘Assign Services to Certificate…’

image

You will see a list of Exchange Servers… in this example there is only one. Click ‘Next’

image

Select your services… in this example I am not configuring Unified Messaging so I tick: IMAP, POP, IIS, SMTP. Click ‘Next’ and on the new screen click ‘Assign’ to assign the services to the certificate.

image

You will be prompted to overwrite the SMTP self-signed certificate service which Exchange created during the original installation. Click ‘Yes’ and once completed, click ‘Finish’.

Your certificate console should now look like this:

image

Note the services are now assigned to your newly installed certificate.

Your certificate installation is now complete. Note that you may need to export this certificate if the Firewall you are publishing this service through needs it e.g. Microsoft ISA / TMG.

C

Wednesday, May 11, 2011

Microsoft Exchange 2010 Installation Step-By-Step Part 2 (Organization Configuration)

Now that the base install of Exchange 2010 is up and running as per my previous article we can start the finalisation of the deployment tasks.

A good link to follow is the standard one on Technet (Exchange has a link to it on the Management Console). http://technet.microsoft.com/en-us/library/bb125262(EXCHG.140).aspx?v=14.0.639.21&t=exchgf1

I find the best way to configure Exchange is to go through each setting and configure as you go along. The Exchange Management Console (EMC) is set out to start with the Organisation Configuration, followed by the Server Configuration and finally the Recipient Configuration. In multi-Exchange environments each of these could split off but as we are building a standalone environment all of these apply. See clipping below.

image

 

Let’s start with Organization Configuration – Mailbox

image

The first tab on the viewing pane is the Mailbox tab. By default Exchange creates a single Database and stores it on the C: Drive of the server. It is always advisable to separate your data from your system so it would be better to move the database to separate volume. I have created an E: Drive on this server so here are the steps to move the database to separate volume.

1. Right-Click on the Database Name and click on ‘Move Database Path’

2. In the window that opens direct the database and log files to the new volume. In this example I have pre-created a ‘Data’ folder and ‘Logs’ folder and I am moving the relevant files to this location. This is accomplished by changing the path in the text boxes provided as per the example below.

image

Click on ‘Move’. Exchange will warn you that it will need to dismount the database and this will cause user access errors. Bear this in mind if you are doing this post deploying Exchange into your production environment.

image

Click on ‘Yes’. The wizard will now move the data and logs and will communicate once done as below. Naturally the larger the data in question, the longer this process will take.

image

I generally leave the rest of the tabs in this section (Organization Configuration – Mailbox) which are generated by Exchange during the installation.

 

Let’s move to the next section – Organization Configuration – Client Access

This section has two tabs as per the example below. I leave them as they were generated by Exchange during the installation.

image

 

Now on to Organization Configuration – Hub Transport

The Hub Transport Section has several tabs as per the clipping below:

image

I generally leave Remote Domains on default. Let’s move onto Accepted Domains.

You will note that in this Tab, Exchange has created a default accepted domain as per the AD organisation of the Exchange server. In this example it is sft.local.

image

We do however need to add our external mail domain to this list else Exchange will not accept mail for our domain. Right-Click in the pane and click on ‘New Accepted Domain’. A window will open.

image

Type the domain name in the format domain.com in both text boxes as it is easier to manage when you start having multiple accepted domains. Select the ‘Authoritative Domain’ and click ‘New’. In this example Exchange is standalone but you may select internal / external relay in larger installations if you so require.

Exchange will create the new domain. You now need to set it to default.

image

Right-click on the newly created domain and click on ‘Set as Default’. Click Yes when challenged by the system.

In the E-Mail Address Policies Tab when need to create an e-mail address policy. Right-click in the pane and click on ‘New E-Mail Address Policy..'.’

image

As this is an example domain I am using I select my ‘Users’ OU but you can set a policy per OU if you so wish. Simpler is always better so try and keep your policies as few as possible. Give the Policy a name and select All Recipient Types and then click ‘Next’.

image

There are no custom values in this example. Click ‘Next’.

image

We now need to create our e-mail address policy. Click on Add.

image

I have selected name.last name as my default but you can set it to your organisation standard. I also have selected the ‘Select the accepted domain to the e-mail address’ and selected the domain I created in the previous step not the default AD domain. Click ‘Ok’ then Click ‘Next’.

image

You can select to apply the policy immediately or else defer it or put it on hold. In this example we apply it immediately. Click ‘Next’.

image

Click Next and the policy is created and applied.

I leave Transport Rules and Journal Rules as they do not apply to my organisation. Next we move on to ‘Send Connectors’.

image

We need to configure a ‘Send Connector’ to enable Exchange to send e-mail. Right-Click in the pane and click on ‘New Send Connector’.

image

Give the connector a name… I used ‘Default Connector’ and set the type to ‘Custom’. Click ‘Next’.

image

We are allowing this Exchange to send to everyone. Click ‘Add’ and in the address field type “*” i.e. Shift-Eight. Click ‘Ok’ then click ‘Next’.

image

Select ‘DNS’ as your preferred Network Setting. Click ‘Next’

image

As this is a standalone installation the source server is the current server. Click ‘Next’.

image

You are now ready to create the Send Connector. Click ‘New’ and then ‘Finish’.

The last two tabs of the Hub Transport Role I leave in their default state. You can however amend the Transport rules in the last tab where you can specify maximum mail size, number of recipients etc.

The final tab in Organization Configuration is Unified Messaging but as we are not creating this server to have a UM role. This part is not touched.

We are now complete with the Organization Configuration section of the installation.

C

Monday, May 9, 2011

Microsoft Exchange 2010 Installation Step-By-Step Part 1 (Software Installation and Pre-Requisites)

In today’s times, the uptime for any mail environment must be as close as possible to 100% as e-mail is the de facto communication mechanism for most organisations and any down time translates to lost opportunities and efficiencies.

Microsoft Exchange has been our de-facto mail server since version 5.5. The latest version of Exchange (2010) is what we will be dealing with in this article. Generally Exchange is installed by an Exchange expert once and then left to run for years on end. However if you do not have an Exchange expert handy I hope that this article will assist you in building your Exchange with a step-by-step installation and configuration guide for a simple, standalone environment.

Due to the long and complex nature of a modern Exchange installation, this article will be split into two parts. Part 1 deals with the installation of a standalone Exchange server in an Active Directory domain environment. Subsequent part(s) will deal with configuring the Exchange for additional  services e.g. Outlook Anywhere and ActiveSync which will allow your users to connect via their workstations / mobile devices from anywhere… assuming of course they have Internet access.

Installing the Pre-Requisites

There are a number of pre-requisites required for an Exchange 2010 installation. Although the Exchange installation wizard will not allow you to continue until these are in place it will save a little time to have these done before you run the Exchange 2010 wizard.

The basics (What I have done so far):

  • I have already created a domain and added the soon-to-be Exchange server to that domain.
  • The server is running Windows Server 2008 R2 SP1. Note that Exchange since version 2007 has only been able to run on a x64 platform.
  • I have run the latest updates.
  • I have disabled the built-in Windows Firewall as the Server is in a DMZ between two TMG servers
  • I have also disabled UAC as it makes remote work easier over a very slow Internet connection.

Pre-Requisite Number 1 (ADDS and .Net 3.5 SP1):

  • Open Server Manager and click on ‘Add Roles’
  • Tick ‘Active Directory Domain Services’ and click ‘Next’
  • You will be prompted to add the ‘.Net Framework 3.5 SP1’ which you will also need for Exchange so click on ‘Add Required Features’ then click on ‘Next’ and install the role and the feature.

image

Pre-Requisite Number 2 (IIS):

  • Open Server Manager and Click on ‘Add Roles’
  • Tick the ‘Web Server (IIS)’ block and Click Next.

image

In IIS I enable all features except the ones shown in the clippings below:

  • ASP
  • CGI

image

  • FTP server
  • IIS Hostable Web Core

image

Once you have selected the correct features go ahead and install IIS.

Pre-Requisite Number 3 (RPC over HTTP Proxy)

This is needed to enable the Outlook Anywhere functionality but is not documented in any part of the Exchange 2010 install and all pre-requisite tests pass without this feature being in place. It is important to get this in before you start the Exchange 2010 install to save your self precious time later.

  • Open Server Manager and click on ‘Add Features’

image

  • Tick the RPC over HTTP Proxy and click ‘Next’ and then ‘Install’. If there are some IIS features that you have not installed as a prerequisite you will be prompted to add these at this point.

Pre-Requisite Number 4 (2007 Office System Converter):

image

Pre-Requisite Number 5 (Set the .Net TCP Port Sharing Service to Automatic)

Open the Services MMC and find the .Net TCP Port Sharing Service. You will note that it has not started and is set to disabled by default.

image

Double-Click the service name and set the ‘Startup Type’ to Automatic.

image

Apply the change, click ‘Ok’ then right-click on the service and click on ‘Start’

image

We are now ready to start the Exchange 2010 install!

Double-click ‘Setup.exe’ on the Exchange 2010 DVD.

image

Click on ‘Choose Exchange language option’

Select install only languages from the DVD

image

Click on Install Microsoft Exchange

image

Click ‘Next’

image

Accept the License Terms and Click ‘Next’

image

Select your preferred Error Reporting an Click ‘Next’

image

We are installing a ‘typical’ Exchange which hosts all the Exchange roles on a single server. Choose the top option and click ‘Next’

image

Specify the Exchange Organisation. I usually leave this at the default ‘First Organisation’. Click ‘Next’

image

Specify non-standard client settings i.e. if you have Outlook 2003 or Entourage running then select yes. We do not for this example so the selection stays on ‘No’. Click ‘Next’

image

Specify the mail domain i.e. the FQDN of the mail server on the Internet i.e. mail.domain.com. Then click ‘Next’

image

Select your preference for ‘Customer Experience Improvement Program’ then click ‘Next’.

image

Exchange setup will now run through a Readiness Check. If you have followed the pre-requisite steps above the final screen should look like the one below. Now click ‘Install’.

image

Exchange 2010 will now go through the installation process. In this example it took approximately 20 minutes.

image

Click ‘Finish’. The Exchange Management Console (EMC) will now open and we can now start the configuration which is detailed in the next article.

image

C