search
Categories
Sponsors
VirtualMetric Hyper-V Monitoring, Hyper-V Reporting
Archive
Blogroll

Badges
MCSE
Community

Cozumpark Bilisim Portali
Posted in Exchange Server | 32 Comments | 36,294 views | 01/09/2010 21:30

Last parts of guide, I configured Exchange server roles. We have 2 Mailbox + CAS Servers and 2 Hub Transport servers. I made load balanced CAS servers and Hub Transport server with Citrix Netscaler Hardware Load Balancer. Now this part I’ll configure CAS arrays, IMAP, POP and SMTP services. Also I’ll show you configuration of Forefront Protection 2010 for Exchange Server.

First of all, go to EXCAS01 and create a new CAS array.

New-ClientAccessArray -Fqdn "exchange.radore.com.tr" -Site "Default-First-Site-Name"

See Client Access Array:

Get-ClientAccessArray | fl *

Assign DAG databases to new Client Access Array:

Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer “exchange.radore.com.tr”

Okay, we created our CAS array and assigned a database to it. Now we should configure POP and IMAP settings for client access.

Go to EXCAS01 and set Pop settings:

Set-PopSettings -LoginType PlainTextLogin
Set-PopSettings -ExternalConnectionSettings 'exchange.radore.com.tr:995:SSL','exchange.radore.com.tr:110:TLS'

See POP settings:

Get-POPSettings | fl *

Set IMAP settings:

Set-ImapSettings -LoginType PlainTextLogin
Set-ImapSettings -ExternalConnectionSettings 'exchange.radore.com.tr:993:SSL','exchange.radore.com.tr:143:TLS'

See IMAP settings:

We use PlainTextLogin because you can’t get Authenticated with SecureLogin in Hosted Exchange environment. So you should use PlainTextLogin. But don’t worry, we use Citrix Netscaler to secure connection.

Also we should configure Outlook access. First install RPC over HTTP:

ServerManagerCmd -i RPC-over-HTTP-proxy

Then configure Outlook Anywhere:

Enable-OutlookAnywhere -ExternalHostname exchange.radore.com.tr -DefaultAuthenticationMethod:Basic -SSLOffloading $False

You can see your Outlook Anywhere configuration:

Get-OutlookAnywhere | fl *

You should change Autodiscover External URL:

Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (default Web site)' -ExternalURL 'https://exchange.radore.com.tr/autodiscover' -InternalURL 'https://exchange.radore.com.tr/autodiscover' -BasicAuthentication $true

Change OAB virtual directory external URL:

Set-OABVirtualDirectory -Identity "EXCAS01\OAB (Default Web Site)" -ExternalUrl 'https://exchange.radore.com.tr/OAB' -InternalURL 'https://exchange.radore.com.tr/OAB' -BasicAuthentication $true

Change Web services virtual directory external URL:

Set-WebServicesVirtualDirectory -Identity "EXCAS01\EWS (default Web site)" -BasicAuthentication $true -ExternalUrl 'https://exchange.radore.com.tr/EWS/exchange.asmx' -InternalUrl 'https://exchange.radore.com.tr/EWS/exchange.asmx'

We finished changes on POP, IMAP and Outlook Anywhere. Don’t forget to do same steps on EXCAS02. Now it’s time to configure SMTP. Now go back to EXGW01 and EXGW02.

Configure EXGW01 Receive Connector for Outlook Authentication:

Get-ReceiveConnector 'EXGW01\EXGW01 SMTP' | Set-ReceiveConnector -PermissionGroups 'AnonymousUsers','ExchangeUsers','ExchangeServers'

Also configure Inbound SMTP Array for Outlook Authentication:

Get-ReceiveConnector 'EXGW01\Inbound SMTP Array' | Set-ReceiveConnector -PermissionGroups 'AnonymousUsers','ExchangeUsers','ExchangeServers'

Configure Encryption on Receive Connectors:

Get-ReceiveConnector 'EXGW01\EXGW01 SMTP' | Set-ReceiveConnector -AuthMechanism 'Tls','Integrated','BasicAuth'
Get-ReceiveConnector 'EXGW01\Inbound SMTP Array' | Set-ReceiveConnector -AuthMechanism 'Tls','Integrated','BasicAuth'

Also you should change binded ip address of Inbound SMTP Array.
But first you should remove old ones:

Get-ReceiveConnector 'EXGW01\Default *' | Remove-ReceiveConnector
Get-ReceiveConnector 'EXGW02\Default *' | Remove-ReceiveConnector
Get-ReceiveConnector 'EXGW01\Client *' | Remove-ReceiveConnector
Get-ReceiveConnector 'EXGW02\Client *' | Remove-ReceiveConnector

Now see the Receive Connectors:

Get-ReceiveConnector | fl *

Get-ReceiveConnector 'EXGW01\Inbound SMTP Array' | Set-ReceiveConnector -Bindings '0.0.0.0:25','0.0.0.0:587'

Do same thing for EXGW02:

Get-ReceiveConnector 'EXGW02\Inbound SMTP Array' | Set-ReceiveConnector -Bindings '0.0.0.0:25','0.0.0.0:587'

Now lets check again:

Get-ReceiveConnector | fl *

Go back to Citrix Netscaler and configure services for IMAP, POP and RPC:

Also configure virtual servers:

Be sure to choose SOURCEIP for load balancing. After this, you can start to test POP3 and IMAP connection via Outlook. You shouldn’t choose any encryption method like TLS or SSL because of Hosted Exchange AD structure. Now I’ll show you how to configure Forefront Protection 2010. I installed Forefront on EXGW01 and EXGW02.

Enable connection filtering:

Enable DNSBL checking:

Enable SenderID and leave “Stamp header” option:

Enable Sender Filter:

Enable Receipent Filtering:

Enable Backscatter:

Enable Content Filter:

Configure SCL:

You can leave default other options and services of Forefront Protection. I finished this part. Next part, I’ll show you how to create organizations and users. But if you did exact same steps with me, that means you have a fully working Hosted Exchange 2010.


Posted in Exchange Server | 6 Comments | 24,215 views | 31/08/2010 12:13

At Part 3, We configured OWA service and SSL certificate. This part, we will configure our 2 Hub Transport servers, EXGW01 and EXGW02. I’ll use Citrix Netscaler again to make a load balance between them.

Now on EXGW01, open Exchange Management Shell and execute;

New-ReceiveConnector -Name 'Inbound SMTP Array' -Usage 'Custom' -Bindings '94.101.92.2:25','94.101.92.2:587' -Fqdn 'mail.radore.com.tr' -RemoteIPRanges '0.0.0.0-255.255.255.255' -Server 'EXGW01'

Do same thing on EXGW02:

New-ReceiveConnector -Name 'Inbound SMTP Array' -Usage 'Custom' -Bindings '94.101.92.2:25','94.101.92.2:587' -Fqdn 'mail.radore.com.tr' -RemoteIPRanges '0.0.0.0-255.255.255.255' -Server 'EXGW02'

Use Get-ReceiveConnector to see recently added connectors:

Get-ReceiveConnector

Enable receive connectors to get mail from external mail address:

Get-ReceiveConnector "Inbound *" | Set-ReceiveConnector -PermissionGroups:AnonymousUsers,ExchangeUsers,ExchangeServers

Disable default receive connectors:

1
2
3
4
'EXGW01\Default *' | Set-ReceiveConnector -Enabled $false
'EXGW02\Default *' | Set-ReceiveConnector -Enabled $false
'EXGW01\Client *' | Set-ReceiveConnector -Enabled $false
'EXGW02\Client *' | Set-ReceiveConnector -Enabled $false

Now add new receive connectors for EXGW01 and EXGW02:

New-ReceiveConnector -Name 'EXGW01 SMTP' -Usage 'Custom' -Bindings '94.101.92.3:25','94101.92.3:587' -Fqdn 'mail.radore.com.tr' -RemoteIPRanges '0.0.0.0-255.255.255.255' -Server 'EXGW01'
New-ReceiveConnector -Name 'EXGW02 SMTP' -Usage 'Custom' -Bindings '94.101.92.4:25','94101.92.4:587' -Fqdn 'mail.radore.com.tr' -RemoteIPRanges '0.0.0.0-255.255.255.255' -Server 'EXGW02'

Configure load balancing on Citrix Netscaler. First add service definition as TCP – 25 for EXGW01.

Add same service definition for EXGW02 and Create a Virtual Server:

Choose Least Connection as LB Method:

Now telnet your NLB ip and you should see your FQDN:

Ok, now lets create a send connector to send mails to external address:

New-SendConnector -Name 'Exchange Gateway' -Usage 'Custom' -AddressSpaces 'SMTP:*;1' -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $false -Fqdn 'mail.radore.com.tr' -SourceTransportServers 'EXGW01','EXGW02'

Create a SSL request for EXGW01:

New-ExchangeCertificate -FriendlyName 'mail.radore.com.tr' -GenerateRequest -PrivateKeyExportable $true -KeySize '2048' -SubjectName 'C=TR,S="Metrocity",L="Istanbul",O="Radore Hosting",OU="IT",CN=mail.radore.com.tr' -DomainName 'mail.radore.com.tr','autodiscover.radore.com.tr','EXCAS01','EXCAS02','EXGW01','EXGW02' -Server 'EXGW01'

Buy your commercial certificate and save certificate code to C:\cert.txt.
Import your certificate on EXGW01:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\Cert.txt -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password

Assign SMTP services to certificate. Don’t forget to use your own Thumbprint.

Enable-ExchangeCertificate -Server 'EXGW01' -Services 'SMTP' -Thumbprint '5C9F5C946CAC544F054D24'

We will export our certificate and import it to second Hub Transport server, EXGW02.

1
2
$File = Export-ExchangeCertificate -Thumbprint '5C931E54FDA054D24' -BinaryEncoded:$true -Password (Get-Credential).password
Set-Content -Path "C:\htcert2.pfx" -Value $File.FileData -Encoding Byte

Now, transfer your pfx file to EXGW02 and import it:

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\htcert2.pfx -Encoding Byte -ReadCount 0)) -Password:(Get-Credential).password -PrivateKeyExportable $true

Enable SMTP service for EXGW02:

Enable-ExchangeCertificate -Server 'EXGW02' -Services 'SMTP' -Thumbprint '03BB616D714D03B9476'

Go to Citrix Netscaler again and create a Virtual Server for SMTP.
Choose SSL as protocol and 443 as port number.

Configure LB method as Least Connection.

Check Hosted Exchange 2010 Setup Guide Part 3 for how to import SSL Certificate to Citrix:

Bind SSL certificate to virtual server.

Also you can add HTTP, 80 as another Virtual Server.

Please follow Hosted Exchange 2010 Part 3 for how to add HTTP 80 Virtual Server.

Go to EXGW01 and EXGW02, open IIS manager (inetmgr) and navigate to SSL Security for Default Web Site.

Clear “Require SSL” and click Accept from SSL settings.

Now test your Exchange Server 2010 SMTP address:

Wadaaaa again! We finished Citrix Netscaler Load Balancing for Hub Transport Servers.
Next Part, We will see how to configure Forefront Protection 2010 for Exchange Servers.
Thanks for reading.

Please continue with Part 5:

Hosted Exchange 2010 – Hosted Exchange 2010 Installation


Posted in Exchange Server | 13 Comments | 70,925 views | 28/08/2010 09:17

A few days ago, Exchange Server 2010 SP1 just released and it’s time to install a Hosted Exchange organization without HMC. Before SP1 installation, you should not install any Exchange Server on your current domain forest. If you have one, you should remove it or create a new forest for the Exchange Server 2010 SP1. What I will have in my environment:

* 2 x 1 Hub Transport Role
* 2 x 1 CAS + Mailbox Role

I don’t have enough resource to split CAS and Mailbox Role. If you don’t need a huge infrastructure, you can do same thing as me. Now I’m ready to install Exchange Server 2010 SP1.

Download Microsoft Exchange Server 2010 SP1 from here:

It’s an exe file. You should extract it first. For your information, for the Hosted Exchange infrastructure, you should install SP1 by command line. There is no option on GUI for Hosted Exchange.

I’m going to install one of my Hub Transport server called EXGW01. As the first step, install required features:

servermanagercmd /ip Exchange-All.xml

Set “NetTcpPortSharing” startup type as Automatic with Powershell:

Set-Service NetTcpPortSharing –startuptype Automatic

Also Exchange setup has to extend active directory scheme so you need to install:

ServerManagerCmd -i RSAT-ADDS

After required features installation, you should restart the server.

When restart is completed, install Office 2010 filter pack.

Now we are ready to go.
Open a command prompt windows (CMD) and type install command.

setup.com /mode:install /role:HT,MT /organizationName:HostedExchange /hosting

Full list of Role codes:

HubTransport: HT
ClientAccess: CA
Mailbox: MB
EdgeTransport: ET
ManagementTools: MT

So Step 1 is below:

At the same time lets check schema status:

Do you see differences between Exchange Server 2010 and Hosted Exchange 2010? Yes, in the Hosted Exchange configuration, you see a new unit called ConfigurationUnits.

Btw, installation is going on well..

And finally, we finished our first server installation. Now we have a Hub Transport server.

I’ll do same thing to my second Hub Transport server. After installation, I’ll will make them load balanced servers. I’ll show how to load balanced them later.

Next, I’ll start setup of CAS and Mailbox Server. As I said, they will on the same server because I don’t have so many resources. Also as you know, much servers means much license prices. I use CMD again for the installation. But before the installation, install required updates.

You don’t need to reboot your server after updates.

If you don’t install required updates, Exchange setup fails.

Start installation:

setup.com /mode:install /role:CA,MB,MT /organizationName:HostedExchange /hosting

If you installed all required features, then setup would finish without errors.

After setup completed, you have to reboot your server.
Now go to second server and do same processes to other CAS + Mailbox Server.
If you finish installation of second server, we can continue with configuration of our Hosted Exchange environment.

I’ll post configuration of Hosted Exchange 2010 at the second part. We completed our Part 1.

Please continue with Part 2:

Hosted Exchange 2010 – Hosted Exchange 2010 Installation