Jump to content


  • 0
Andersson

How-to-guide: Basic configuration Exchange 2010 SP1

Question

Published: 2011-01-18

Updated: -

Version: 1.0

 

Please note that this guide is designed to get you up and running in a LAB Environment as quickly as possible.

This guide is provided as is without any guarantee, if you find any errors please report them in the forums.

 

 

 

The purpose with this how-to-guide is to give those administrators around the world an insight in how to configure a default/basic installation to work with basic functionality.

 

Let's get started…

 

 

 

In the previous post I successfully installed Exchange 2010 so let's take it from there.

 

Here are a couple of things that we need to know from the beginning..

 

· Certificate

 

o Using own certificate server (CA) or buying from 3rd part?

 

o Using single name certificate or going with SAN/UC certificate?

 

· Mail flow?

 

o Is there any existing mail server or gateway?

 

· DNS settings

 

o MX records?

 

· Firewall rules

 

o Who handles the firewall? What rules need to be configured?

 

· Send/Receive connectors

 

o Configuration?

 

· Email address policy

 

o Configuration?

 

 

 

 

 

Mail flow

 

All those points above needs to be investigated before starting the configuration of Exchange.

 

The mail flow and firewall rules hangs together, if you don't handle the firewall yourself, be a nice friend to the firewall guy/girl!

That's where we should start, investigate if there are any existing rules for incoming SMTP (port 25) traffic allowed and if there are, where do they go?

Let's say they goes to an existing Exchange 2003 server, also investigate if there are any other rules pointing to this server.

 

Most commonly there would be a firewall rule for HTTPS (port 443) to this server as well, this is used for Outlook Web App (OWA), ActiveSync (EAS) and Outlook Anywhere (OA).

 

So let's say those two rules are allowed and pointing to the "legacy" Exchange 2003 server.

There is no need to change anything right now, one consideration is that the best would be if we can use a new public IP address for the new server so they can both be published.

 

Or else the users won't be able to use OWA, EAS and OA.

But if there aren't so many users and not so much mail data to be migrated, I would recommend doing this over a weekend with a "big-bang" and then switch the server to the new one.

 

Then you won't need an extra public IP address or those other coexistence configurations.<br style=""> <br style="">

 

Certificates

 

With this consideration we need to check if there are any existing certificates on the Exchange 2003 server and if that can be used on our new server.

This is done by starting a MMC console, selecting certificates and choosing computer (local), go to personal and check if there are any.

The picture below shows the certificate that's installed.

 

pic01.png

 

 

Also check if IIS is using this certificate, it's done in the IIS manager (mmc console). Right click Default Web Site and select the tab "Directory Security".

If there is any certificate it should be located under "Secure communications" and the "View certificate…" should be available to click on.

In my example below it shows the certificate that's installed.

 

pic02.png

 

 

 

Let's export this certificate so it can be used on Exchange 2010 server.

This is done by viewing the certificate and selecting the tab "Details" and pressing "Copy to file…".

 

pic03.png

 

 

 

Select "Yes, export the private key". Press Next.

 

pic04.png

 

 

 

Select the option "Include all certificate in the certification path if possible". Press Next.

 

pic05.png

 

 

 

Set a password for the certificate file. Press Next.

 

pic06.png

 

 

 

Check the path. Press Next.

 

pic07.png

 

 

 

Press Finish.

 

pic08.png

 

 

 

The certificate is now exported, this should be copied to the new Exchange 2010 server.

When the certificate is copied to the Exchange server, start up the Exchange Management Console.

 

Go to server configuration and right click the Exchange server and select "Import Exchange certificate".

 

pic09.png

 

 

 

Press the browse button and select the certificate file and type in the password for it. Press Next.

 

pic10.png

 

 

 

Make sure that the Exchange server is selected. Press Next.

 

pic11.png

 

 

 

Press Import.

 

pic12.png

 

 

 

Press Finish.

 

pic13.png

 

 

 

Right click the imported certificate, click "Assign services to certificate".

 

pic14.png

 

 

 

Make sure that the Exchange server is selected. Press Next.

 

pic15.png

 

 

 

I will use this certificate for the following services: SMTP and IIS. Make your selection and press Next.

 

pic16.png

 

 

 

Press Assign.

 

pic17.png

 

 

Press "Yes to all".

 

pic18.png

 

 

 

Press Finish.

 

pic19.png

 

 

 

So let's say that the migration will be done over a weekend since we have about 100 users and 50 GB mail data.

The migration is going to be started at Friday at 17.00 when the office(s) have been closed and the end-users have gone home over the weekend.

 

 

 

DNS Settings

 

If this is a migration there is certainly an already configured MX record that points to the firewall.

But if there aren't anyone created, this needs to be done for the SMTP domains that we should be able to use.

 

We need to have an A record pointing to the external IP address, let's say my external IP in this case (what the picture shows) is: 172.16.2.12.

Then an MX record should be created and pointing to that A record.

 

In a Windows DNS it's done like this.

 

Right click the appropriate DNS zone and choose "New Mail Exchanger (MX)".

 

pic20.png

 

 

 

Browse to the record pointing to the external IP address and set a priority to the MX record.

If we only have one record it doesn't matter, I will set it to 10.

 

pic21.png

 

 

 

It looks like this when it's completed.

 

pic22.png

 

 

 

Firewall configuration

 

Let's continue to configuring the firewall rules for allowing incoming SMTP traffic to the Exchange server.

In my environment I'm using a Threat Management Gateway (TMG) server for taking care of the traffic.

Start up the Forefront TMG Management.

 

pic23.png

 

Give it a friendly name. Press Next.

 

pic24.png

 

Select "Server-to-Server communication". Press Next.

 

pic25.png

 

Mark SMTP. Press Next.

 

pic26.png

 

Type in the IP address of the mailserver. Press Next.

 

pic27.png

 

Check the box for External. Press Next.

 

pic28.png

 

Press Finish.

 

pic29.png

 

This could also be achieved by using the new feature in TMG called E-mail policy.

 

 

 

A firewall rule for outgoing SMTP traffic needs to be added.

Select "Create Access Rule" in the action panel and give the rule a friendly name.

 

pic30.png

 

Make sure the rule is "Allow". Press Next.

 

pic31.png

 

Select the SMTP protocol, make sure it's the SMTP and not SMTP Server. Press Next.

 

pic32.png

 

Create a computer object and select this one. Press Next.

 

pic33.png

 

Select External as the destination. Press Next.

 

pic34.png

 

Make sure "All Users" is selected. Press Next.

 

pic35.png

 

Press Finish.

 

pic36.png

 

Don't forget to Apply the rules, or else they won't take action.

 

 

 

Send/Receive connectors

 

Another thing that needs to be configured is the Receive and Send Connectors.

 

The receive connector is used to receive mails and the send connector is to send mails, that's pretty obvious.

 

Receive connectors is found in EMC under Server configuration, Hub transport. There is "Client WNEX01" and "Default WNEX01".

The default one can either be used or we can create a new one, it's pretty up to you.

 

A recommendation if the server is published like this way, I would create a new receives connector so the correct name is included.

The receive name should match the send connectors name.

 

Let's start and create a new receive connector.

 

pic37.png

 

Make sure the IP address is selected and type in the appropriate FQDN name for the connector.

 

pic38.png

 

Press New.

 

pic39.png

 

Press Finish.

 

pic40.png

 

 

 

It's time for the send connector to be created so we can be able to send mails.

Go to Organization configuration, Hub transport and select the tab Send Connector.

Select New Send Connector and type in a friendly name and select Internet as usage.

 

pic41.png

 

In the address space, make sure the address is * so you will be able to send mails to all domains using this connector.

 

pic42.png

 

Next thing to choose between is the use for how the mails should be sent.

Using DNS or Smarthost, in most cases the smarthost is used, if the customer have a SMTP Gateway/Spam solution etc.

Or if the mails needs to be sent through the ISP, if not the DNS method can be used.

Make sure that your firewall has a rule for that, or else it won't work.

 

pic43.png

 

Make sure the server is selected as a source server (HUB)

 

pic44.png

 

Press New.

 

pic45.png

 

Press Finish.

 

pic46.png

 

 

 

Email address policy

 

To could be very helpful to have in place, it's configured under Organization configuration and Hub transport, select the tab for Email address policy.

 

Choose Edit on the default policy. Press Next.

 

pic47.png

 

Press Next.

 

pic48.png

 

Press the Add button and select how the addresses should be created, I've selected firstname.lastname@domain.com.

Press OK.

 

pic49.png

 

It will look like this

 

pic50.png

 

Since in a Swede, we have some characters that are not so nice to have in an email address. We want to filter them out.

 

Just press the address you want to edit or mark it and press F2. In my case it will look like this:

%råa%räa%röo%rée%g.%råa%räa%röo%rée%s@domain.com

 

And I'm setting this as the reply (primary) address as well. Press Next.

 

pic51.png

 

Apply the policy immediately. Press Next.

 

pic52.png

 

Press Edit.

 

pic53.png

 

 

 

Maybe there are some more additional steps that might be interesting for you to read about.

Just send a comment or a post :-)

 

Thanks for reading and I hope it did gave you some good information.

  • Like 1

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

Guest
This topic is now closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.