Jump to content


Photo

How-to-guide: Basic configuration Exchange 2010 SP1


  • This topic is locked This topic is locked
1 reply to this topic

#1 Andersson

Andersson

    Advanced Member

  • Members
  • PipPipPip
  • 109 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Exchange
    Workout
    Soccer

Posted 06 January 2011 - 12:29 PM

Published: 2011-01-18
Updated: -
Version: 1.0

Please note that this guide is designed to get you up and running in a LAB Environment as quickly as possible.
This guide is provided as is without any guarantee, if you find any errors please report them in the forums.




The purpose with this how-to-guide is to give those administrators around the world an insight in how to configure a default/basic installation to work with basic functionality.

Let's get started



In the previous post I successfully installed Exchange 2010 so let's take it from there.

Here are a couple of things that we need to know from the beginning..

Certificate

o Using own certificate server (CA) or buying from 3rd part?

o Using single name certificate or going with SAN/UC certificate?

Mail flow?

o Is there any existing mail server or gateway?

DNS settings

o MX records?

Firewall rules

o Who handles the firewall? What rules need to be configured?

Send/Receive connectors

o Configuration?

Email address policy

o Configuration?





Mail flow

All those points above needs to be investigated before starting the configuration of Exchange.

The mail flow and firewall rules hangs together, if you don't handle the firewall yourself, be a nice friend to the firewall guy/girl!
That's where we should start, investigate if there are any existing rules for incoming SMTP (port 25) traffic allowed and if there are, where do they go?
Let's say they goes to an existing Exchange 2003 server, also investigate if there are any other rules pointing to this server.

Most commonly there would be a firewall rule for HTTPS (port 443) to this server as well, this is used for Outlook Web App (OWA), ActiveSync (EAS) and Outlook Anywhere (OA).

So let's say those two rules are allowed and pointing to the "legacy" Exchange 2003 server.
There is no need to change anything right now, one consideration is that the best would be if we can use a new public IP address for the new server so they can both be published.

Or else the users won't be able to use OWA, EAS and OA.
But if there aren't so many users and not so much mail data to be migrated, I would recommend doing this over a weekend with a "big-bang" and then switch the server to the new one.

Then you won't need an extra public IP address or those other coexistence configurations.<br style=""> <br style="">

Certificates

With this consideration we need to check if there are any existing certificates on the Exchange 2003 server and if that can be used on our new server.
This is done by starting a MMC console, selecting certificates and choosing computer (local), go to personal and check if there are any.
The picture below shows the certificate that's installed.

pic01.png


Also check if IIS is using this certificate, it's done in the IIS manager (mmc console). Right click Default Web Site and select the tab "Directory Security".
If there is any certificate it should be located under "Secure communications" and the "View certificate" should be available to click on.
In my example below it shows the certificate that's installed.

pic02.png



Let's export this certificate so it can be used on Exchange 2010 server.
This is done by viewing the certificate and selecting the tab "Details" and pressing "Copy to file".

pic03.png



Select "Yes, export the private key". Press Next.

pic04.png



Select the option "Include all certificate in the certification path if possible". Press Next.

pic05.png



Set a password for the certificate file. Press Next.

pic06.png



Check the path. Press Next.

pic07.png



Press Finish.

pic08.png



The certificate is now exported, this should be copied to the new Exchange 2010 server.
When the certificate is copied to the Exchange server, start up the Exchange Management Console.

Go to server configuration and right click the Exchange server and select "Import Exchange certificate".

pic09.png



Press the browse button and select the certificate file and type in the password for it. Press Next.

pic10.png



Make sure that the Exchange server is selected. Press Next.

pic11.png



Press Import.

pic12.png



Press Finish.

pic13.png



Right click the imported certificate, click "Assign services to certificate".

pic14.png



Make sure that the Exchange server is selected. Press Next.

pic15.png



I will use this certificate for the following services: SMTP and IIS. Make your selection and press Next.

pic16.png



Press Assign.

pic17.png


Press "Yes to all".

pic18.png



Press Finish.

pic19.png



So let's say that the migration will be done over a weekend since we have about 100 users and 50 GB mail data.
The migration is going to be started at Friday at 17.00 when the office(s) have been closed and the end-users have gone home over the weekend.



DNS Settings

If this is a migration there is certainly an already configured MX record that points to the firewall.
But if there aren't anyone created, this needs to be done for the SMTP domains that we should be able to use.

We need to have an A record pointing to the external IP address, let's say my external IP in this case (what the picture shows) is: 172.16.2.12.
Then an MX record should be created and pointing to that A record.

In a Windows DNS it's done like this.

Right click the appropriate DNS zone and choose "New Mail Exchanger (MX)".

pic20.png



Browse to the record pointing to the external IP address and set a priority to the MX record.
If we only have one record it doesn't matter, I will set it to 10.

pic21.png



It looks like this when it's completed.

pic22.png



Firewall configuration

Let's continue to configuring the firewall rules for allowing incoming SMTP traffic to the Exchange server.
In my environment I'm using a Threat Management Gateway (TMG) server for taking care of the traffic.
Start up the Forefront TMG Management.

pic23.png

Give it a friendly name. Press Next.

pic24.png

Select "Server-to-Server communication". Press Next.

pic25.png

Mark SMTP. Press Next.

pic26.png

Type in the IP address of the mailserver. Press Next.

pic27.png

Check the box for External. Press Next.

pic28.png

Press Finish.

pic29.png

This could also be achieved by using the new feature in TMG called E-mail policy.



A firewall rule for outgoing SMTP traffic needs to be added.
Select "Create Access Rule" in the action panel and give the rule a friendly name.

pic30.png

Make sure the rule is "Allow". Press Next.

pic31.png

Select the SMTP protocol, make sure it's the SMTP and not SMTP Server. Press Next.

pic32.png

Create a computer object and select this one. Press Next.

pic33.png

Select External as the destination. Press Next.

pic34.png

Make sure "All Users" is selected. Press Next.

pic35.png

Press Finish.

pic36.png

Don't forget to Apply the rules, or else they won't take action.



Send/Receive connectors

Another thing that needs to be configured is the Receive and Send Connectors.

The receive connector is used to receive mails and the send connector is to send mails, that's pretty obvious.

Receive connectors is found in EMC under Server configuration, Hub transport. There is "Client WNEX01" and "Default WNEX01".
The default one can either be used or we can create a new one, it's pretty up to you.

A recommendation if the server is published like this way, I would create a new receives connector so the correct name is included.
The receive name should match the send connectors name.

Let's start and create a new receive connector.

pic37.png

Make sure the IP address is selected and type in the appropriate FQDN name for the connector.

pic38.png

Press New.

pic39.png

Press Finish.

pic40.png



It's time for the send connector to be created so we can be able to send mails.
Go to Organization configuration, Hub transport and select the tab Send Connector.
Select New Send Connector and type in a friendly name and select Internet as usage.

pic41.png

In the address space, make sure the address is * so you will be able to send mails to all domains using this connector.

pic42.png

Next thing to choose between is the use for how the mails should be sent.
Using DNS or Smarthost, in most cases the smarthost is used, if the customer have a SMTP Gateway/Spam solution etc.
Or if the mails needs to be sent through the ISP, if not the DNS method can be used.
Make sure that your firewall has a rule for that, or else it won't work.

pic43.png

Make sure the server is selected as a source server (HUB)

pic44.png

Press New.

pic45.png

Press Finish.

pic46.png



Email address policy

To could be very helpful to have in place, it's configured under Organization configuration and Hub transport, select the tab for Email address policy.

Choose Edit on the default policy. Press Next.

pic47.png

Press Next.

pic48.png

Press the Add button and select how the addresses should be created, I've selected firstname.lastname@domain.com.
Press OK.

pic49.png

It will look like this

pic50.png

Since in a Swede, we have some characters that are not so nice to have in an email address. We want to filter them out.

Just press the address you want to edit or mark it and press F2. In my case it will look like this:
%ra%ra%ro%re%g.%ra%ra%ro%re%s@domain.com

And I'm setting this as the reply (primary) address as well. Press Next.

pic51.png

Apply the policy immediately. Press Next.

pic52.png

Press Edit.

pic53.png



Maybe there are some more additional steps that might be interesting for you to read about.
Just send a comment or a post :-)

Thanks for reading and I hope it did gave you some good information.
  • yellowflowers likes this

Microsoft Community Contributor Award 2011/2012 - MCITP Exchange 2010
My linkedin profile at > http://se.linkedin.c...sson/10/b4a/225
Follow me on Twitter > @jonand82
Follow windowsnoob.com on Twitter > @windowsnoob
Check my blog at > http://www.testlabs.se/blog


#2 mardbr

mardbr

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 03 August 2012 - 08:18 AM

Great work Mr. Andersson.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Locations of visitors to this page