VirtualMetric Hyper-V Monitoring, Hyper-V Reporting


Cozumpark Bilisim Portali
Hosted Exchange 2010 Setup Guide – Part 5
Posted in Exchange Server | 32 Comments | 36,600 views | 01/09/2010 21:30

Last parts of guide, I configured Exchange server roles. We have 2 Mailbox + CAS Servers and 2 Hub Transport servers. I made load balanced CAS servers and Hub Transport server with Citrix Netscaler Hardware Load Balancer. Now this part I’ll configure CAS arrays, IMAP, POP and SMTP services. Also I’ll show you configuration of Forefront Protection 2010 for Exchange Server.

First of all, go to EXCAS01 and create a new CAS array.

New-ClientAccessArray -Fqdn "" -Site "Default-First-Site-Name"

See Client Access Array:

Get-ClientAccessArray | fl *

Assign DAG databases to new Client Access Array:

Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer “”

Okay, we created our CAS array and assigned a database to it. Now we should configure POP and IMAP settings for client access.

Go to EXCAS01 and set Pop settings:

Set-PopSettings -LoginType PlainTextLogin
Set-PopSettings -ExternalConnectionSettings '',''

See POP settings:

Get-POPSettings | fl *

Set IMAP settings:

Set-ImapSettings -LoginType PlainTextLogin
Set-ImapSettings -ExternalConnectionSettings '',''

See IMAP settings:

We use PlainTextLogin because you can’t get Authenticated with SecureLogin in Hosted Exchange environment. So you should use PlainTextLogin. But don’t worry, we use Citrix Netscaler to secure connection.

Also we should configure Outlook access. First install RPC over HTTP:

ServerManagerCmd -i RPC-over-HTTP-proxy

Then configure Outlook Anywhere:

Enable-OutlookAnywhere -ExternalHostname -DefaultAuthenticationMethod:Basic -SSLOffloading $False

You can see your Outlook Anywhere configuration:

Get-OutlookAnywhere | fl *

You should change Autodiscover External URL:

Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (default Web site)' -ExternalURL '' -InternalURL '' -BasicAuthentication $true

Change OAB virtual directory external URL:

Set-OABVirtualDirectory -Identity "EXCAS01\OAB (Default Web Site)" -ExternalUrl '' -InternalURL '' -BasicAuthentication $true

Change Web services virtual directory external URL:

Set-WebServicesVirtualDirectory -Identity "EXCAS01\EWS (default Web site)" -BasicAuthentication $true -ExternalUrl '' -InternalUrl ''

We finished changes on POP, IMAP and Outlook Anywhere. Don’t forget to do same steps on EXCAS02. Now it’s time to configure SMTP. Now go back to EXGW01 and EXGW02.

Configure EXGW01 Receive Connector for Outlook Authentication:

Get-ReceiveConnector 'EXGW01\EXGW01 SMTP' | Set-ReceiveConnector -PermissionGroups 'AnonymousUsers','ExchangeUsers','ExchangeServers'

Also configure Inbound SMTP Array for Outlook Authentication:

Get-ReceiveConnector 'EXGW01\Inbound SMTP Array' | Set-ReceiveConnector -PermissionGroups 'AnonymousUsers','ExchangeUsers','ExchangeServers'

Configure Encryption on Receive Connectors:

Get-ReceiveConnector 'EXGW01\EXGW01 SMTP' | Set-ReceiveConnector -AuthMechanism 'Tls','Integrated','BasicAuth'
Get-ReceiveConnector 'EXGW01\Inbound SMTP Array' | Set-ReceiveConnector -AuthMechanism 'Tls','Integrated','BasicAuth'

Also you should change binded ip address of Inbound SMTP Array.
But first you should remove old ones:

Get-ReceiveConnector 'EXGW01\Default *' | Remove-ReceiveConnector
Get-ReceiveConnector 'EXGW02\Default *' | Remove-ReceiveConnector
Get-ReceiveConnector 'EXGW01\Client *' | Remove-ReceiveConnector
Get-ReceiveConnector 'EXGW02\Client *' | Remove-ReceiveConnector

Now see the Receive Connectors:

Get-ReceiveConnector | fl *

Get-ReceiveConnector 'EXGW01\Inbound SMTP Array' | Set-ReceiveConnector -Bindings '',''

Do same thing for EXGW02:

Get-ReceiveConnector 'EXGW02\Inbound SMTP Array' | Set-ReceiveConnector -Bindings '',''

Now lets check again:

Get-ReceiveConnector | fl *

Go back to Citrix Netscaler and configure services for IMAP, POP and RPC:

Also configure virtual servers:

Be sure to choose SOURCEIP for load balancing. After this, you can start to test POP3 and IMAP connection via Outlook. You shouldn’t choose any encryption method like TLS or SSL because of Hosted Exchange AD structure. Now I’ll show you how to configure Forefront Protection 2010. I installed Forefront on EXGW01 and EXGW02.

Enable connection filtering:

Enable DNSBL checking:

Enable SenderID and leave “Stamp header” option:

Enable Sender Filter:

Enable Receipent Filtering:

Enable Backscatter:

Enable Content Filter:

Configure SCL:

You can leave default other options and services of Forefront Protection. I finished this part. Next part, I’ll show you how to create organizations and users. But if you did exact same steps with me, that means you have a fully working Hosted Exchange 2010.

Comments (32)

Yusuf Ozturk » Hosted Exchange 2010 Setup Guide – Part 4

September 3rd, 2010

[…] Please continue with Part 2: […]


September 10th, 2010

Hi Yusuf,

thanks for the good explanation and guide. do you know where i can find the part of creating customers and adresslists etc. ? as you mentioned at the end of part 2 it will follow in part 3.



September 27th, 2010

This guide was great. Thanks. Do you have a link to the next part you mentioned on creating organizations and users?


September 28th, 2010

Hello Manny and Klaus,

Thank you for your feedbacks. I’ll post them in a week. There are so much details to write :)


October 3rd, 2010

Hello Yusuf,

Great guide, thanks for the effort of making it! I learned a lot by reading it.

And thanks in advance for the next part of creating OU’s and users.



October 3rd, 2010

Thank you so much Kaj :)

Part 6 will be about “How to backup with DPM 2010” and “Forefront 2010 TMG Configuration”.

Then at the Part 7, I’ll talk about how to create organizations, plans etc.

I’m working on screenshots right now.


October 5th, 2010

Slm Yusuf,

Nice doc! msgr var mi sende? Bazen konusuruz.



October 13th, 2010

Great job. Any update on part 6 and 7?


October 14th, 2010

Also what about setting up Forefront Online Protection for Exchange?


October 14th, 2010

And installing Update Rollup 1 for Exchange Server 2010


October 15th, 2010

Thank you Donnie.
The problem is, I left my job. I am transfered by another hosting company. I have to build hosted exchange environment again. That’s why I couldn’t write next parts. But I want to finish articles.


October 15th, 2010

Also to update rollup 1, you should be careful. Because of DAG configuration, you can’t update rollup with windows update. The best way is, install rollup update before DAG configuration. Then install DAG. But if you made so far, you should check technet articles about how to install rollup updates on DAG.


October 15th, 2010

Also because of there is no public folders support, we should install Sharepoint. I’m planing to write about it too, because it’s important. Customers need something like public folders. Also to share their calender, they will need sharepoint.


October 19th, 2010

Send me a email. I Have a demo environment setup with your writeup that you can use to finsish writing this.


November 1st, 2010

Awesome stuff!!! Any updates??? We are dieing to see what’s next. Cheers.


November 3rd, 2010

Any update on part 6 and 7.


November 3rd, 2010

Thanks so much for this guide! You’re awesome!!!


November 24th, 2010

Thank you very much about the wonderful explanation


May 13th, 2011

I have installed Exchange in hosting mode as you write there, but now it’s not working with windows xp with any versions of Microsoft outlook (can’t connect to resolve account name and pass). It’s good working with windows 7 and passed all tests from Any ideas about this?


May 13th, 2011

And problem is in the netscaler – all good working when publish directly either of the two exchange servers


May 16th, 2011

Hi Alex,

I didn’t understand well. If you don’t use Citrix or if you just add one server to the Virtual Servers Pool, then you can connect via Windows XP?

I haven’t tested it with Windows XP. Your XP has latest updates like CredSSP fix etc.?



May 18th, 2011

XP sp3 with latest updates. If I publish netscaler through ISA its good working on Win 7 but not working on Win XP. But if I publish directly one of two exchange servers (with CAS role & Outlook anywhere enabled) its working fine with both operating systems

John Benson

May 19th, 2011

Great articles, but am desperate for parts 6 & 7. Is there any way you could complete these please? Thanks :-)

Ahmed el-hoseny

May 23rd, 2011

thank u Yusuf for your big effort we wait more

Jatinderr Kumar

June 25th, 2011

i followed your stpes.. how can i check Outlook anywhere working and secondly what kind of ssl certificate do i need for other tenants to work, that said we have tenants with total different FQDN not the sub domains.. some registered with us some they own the registration.
Please help
and this doc is really GREAT>>>>>>>>>>>>>>


June 30th, 2011


Hosted Exchange 2010 SP1 Configuration Tool is released. You can check it.

Consider this as a part 6 :) Sorry for that guys.



October 24th, 2011

I’ve got a test environment with 1 CAS, 2 MB, 2 DCs (both GC) and 2 Hubs. Outlook anywhere can’t connect to port 6004 NSPI interface on the MB servers.

netstat -an |Select-String 600 reveals that only port 6001 is listening on the MB servers, no port 6004. However on both GCs port 6004 is listening.

Anything special that needs to be done to get the MB servers listening on 6004? Or is it a configuration problem that they are looking at MB servers for NSPI, should they be going to the DCs instead?


October 24th, 2011

Hi BP,

Yes, you need GC servers to make it work. Is there any firewall between MB and DC servers? If MB and DC can’t talk properly, then Outlook Anywhere will fail. If you do same steps as articles, then there won’t be any configuration problem.



October 24th, 2011

Basically it turned out to be the old ID10T error, I was trying to manually configure an Outlook profile where I manually specified the mailbox server as “Exchange Server” with CAS only as the proxy server. I was doing this becuase that is how I had done it in 2007, and I hadn’t bothered to set up Autodiscover with a redirect. Once I got that set up, everything worked fine (since I had followed your articles, thanks for that), and I realized in Ex2010 the CAS is the one that is used for everything in Outlook.

Thanks for the quick response too! :D Keep up the good work!


May 9th, 2012

in my environment i have deployed same but i am using TMG2010 owa pulishing sussess but RPC over HTTP not working & yahoo, msn & other internet doamin not working


May 23rd, 2012

Thanks for providing very good guide.
everything is working fine, can you please tell me about how i receive emails for Organizations?


Alex Bolla

June 14th, 2012

Hello Yusuf,
I am looking for info on how to add organizations to my hosted Exchange 2010 that has already been setup w/ the /hosting switch. Can you point me in the right direction?

Leave a Reply