P. 1
Publishing Exchange 2007 With ISA 2006

Publishing Exchange 2007 With ISA 2006

5.0

|Views: 2,177|Likes:
Published by Nguyen Quoc Huy

More info:

Published by: Nguyen Quoc Huy on Feb 24, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/29/2013

pdf

text

original

Sections

Publishing Exchange 2007 With ISA 2006

Nguyen Quoc Huy Nguyen Van Du Email: nguyen.quoc.huy@hotmail.com dunv@fpt.com.vn

2007

Contents
I. Topology and Description ................................................................................................................... 1 II. Installing and Configuring Exchange Server 2007 ............................................................................ 2 1. 2. 3. 4. 5. 6. 7. Hardware requirement................................................................................................................. 2 Software requirement .................................................................................................................. 2 Add Components to install Microsoft Exchange Server ............................................................. 3 Install prerequisite packets .......................................................................................................... 5 Install Microsoft Exchange Server 2007 ................................................................................... 12 Configure Exchange 2007......................................................................................................... 21 Insert Offline Address Book in Mail Database ......................................................................... 28

III. Installing ISA 2006 ......................................................................................................................... 30 IV. Publishing an Exchange Web Access (OWA) ................................................................................ 35 1. 2. a. b. c. 3. 4. 5. 6. Install Certificate Service on domain controller VNFSDC001 ................................................. 35 Create certificate for Exchange web ......................................................................................... 37 Delete default existing certificate ......................................................................................... 37 Create certificate for default website .................................................................................... 41 Export certificate of OWA virtual directory ......................................................................... 45 Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) .................................... 52 Import certificate to ISA VNFSIS001 ...................................................................................... 56 Create Web Listening object on ISA ........................................................................................ 65 Create web publishing OWA rule ............................................................................................. 73

V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) ......................................... 78 1. 2. 3. Install network service RPC Over HTTP (on vnfsdc001) ........................................................ 78 Enable Outlook Anywhere of Exchange 2007 .......................................................................... 81 Create Outlook Anywhere Publishing rule on ISA VNFSIS001 .............................................. 83

VI. Publishing an Exchange Server for SMTP, POP3 .......................................................................... 90 1. 2. 3. 4. Install SMTP service on ISA relay connect to SMTP exchange 2007...................................... 90 Configuration SMTP relay on ISA server ................................................................................. 94 Create SMTP Server to SMTP Server Rule .............................................................................. 99 Create publishing SMTP and POP3 rule on ISA server ......................................................... 103

VII. Client test..................................................................................................................................... 107 1. 2. 3. Login with web access OWA.................................................................................................. 107 Register Outlook Anywhere.................................................................................................... 108 Register POP3 & SMTP ......................................................................................................... 121

I. Topology and Description

This lab is to setup & configure Microsoft Exchange 2007 Enterprise X64. After that, the services OWA, SMTP, POP3, MAPI are published to internet using Microsoft ISA 2006 Standard The following is the configuration information of each device: Computer Number Computer Name IP Address Information 1 VNFSDC001 IP address: 192.168.1.2 DG: 192.168.1.1 DNS: 192.168.1.2 2 VNFSIS001 Internal: IP address: 192.168.1.1 DNS: 192.168.1.2 External: IP address: 172.16.1.2 DG: 172.16.1.1 Windows Server 2003 En R2 x86 ISA 2006 Standard Edition (All updates from Microsoft Update installed) 3 CLIENT01 IP address: 192.168.1.11 DG: 192.168.1.1 DNS: 192.168.1.2

OS Installed Services

Windows Server 2003 En R2 x64 DHCP DNS WINS Certificate Services Exchange 2007 En (All updates from

Windows XP Professional None (All updates from Microsoft Update installed)

1

Addition Configurations Domain Name

Microsoft Update installed) SP2 glfs.myvnc.com (domain functional level windows 2003, forest functional level windows 2003) Yes Mailbox server Hub Transport Client Access Server Administrator 123qwe!@#

SP2, ISA Publishing Pack Update glfs.myvnc.com

SP3 glfs.myvnc.com

Domain Member Exchange Server Role

Yes N/A

Yes N/A

Admin Account Password

Administrator 123qwe!@#

Administrator 123qwe!@#

II. Installing and Configuring Exchange Server 2007
This section will show you how to install exchange 2007 server step by step. This process must be done in sequence: a. b. c. d. e. f. Hardware requirement Software requirement Add the necessary component Install the perquisite packages Install Exchange 2007 Enterprise Configure Exchange 2007 Enterprise

1. Hardware requirement The first step is to determine whether a computer is capable of running Exchange Server 2007. The following list details the hardware requirements of the computer that will host Exchange Server 2007:     x64 architecture-base processor that supports the Intel EM64T or AMD64 instruction set 2 GB of RAM plus 5 MB of RAM per mailbox 1.2 GB of disk space on the volume on which Exchange is installed plus 500 MB per unified messaging language pack that is to be installed 200 MB of free disk space on the system volume

2. Software requirement Prior to the installation of Exchange, the software environment should meet the following requirements:  64-bit edition of Windows Server 2003 or Windows Server 2003 R2. If you plan to use single-copy cluster or cluster continuous replication, the enterprise editions of Windows Server 2003 and Windows Server 2003 R2 are required The following volumes must be formatted with the NTFS file system: 2

o o   

System volume Volumes that store Exchange program files, storage group files, transaction log files, database files, and all other Exchange files

Microsoft .Net Framework 2.0 SP1 Microsoft Windows PowerShell. This can be downloaded from Microsoft’s Web site MMC 3.0. This version of the MMC is included with Windows Server 2003 R2 but not with Windows Server 2003. This MMC is installed when you apply SP2 to Windows Server 2003 R2 Update for Windows Server 2003 x64 edition KB904639 Update for Windows Server 2003 x64 edition KB918980 The Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP) service must not be installed.

  

3. Add Components to install Microsoft Exchange Server The service IIS with ASP.Net needs to install prior Exchange 2007 setup

Click Start, point to Control Panel.

Click Add or Remove Programs

3

Click Add/Remove Windows Components.

In Windows Component Wizard, on the Windows Components page, highlight Application Server, and then click Details.

In Application Server, select the ASP.NET check box.

4

Click Next, and when the Windows Components Wizard completes, click Finish.

4. Install prerequisite packets The following package will be installed as prerequisite packets: a. ADAM b. .Net Framework 2.0 SP1 c. Windows Power Shell ADAM package

Open windows explorer and double click on the package ADAM

5

Click Next on the Software Update Installation Wizard dialog

Check Agree and click Next

Wait for the installation

6

The package is installed successfully

Click Finish

.Net Framwork 2.0

Open windows explorer and double click on the package .Netx64

Click Next on the Microsoft .Net Framework 2.0 (x64) Setup dialog

7

Check I accept the terms of the License Agreement then click Next

Wait for the installation

8

Click Finish for successful installation

Go on installing the update of .Net Framework.

Double click the update package

Click Ok to update the Microsoft .NET Framework 2.0

9

Click on I accept button

Waiting for the installation

Click OK

Click Reboot Now and your computer is going to restart

10

Windows PowerShell

Double click on the package Windows PowerShell

Click Next on the Software Update Installation Wizard

Check I Agree then click Next

Waiting for the Installation

11

Click OK to finish the installation of Windows PowerShell

5. Install Microsoft Exchange Server 2007 The domain server will be also Exchange mail server. Its exchange roles are Client Access, Hub Transport, Mailbox server.

Insert Exchange 2007 DVD into DVD Rom

The Exchange 2007 Setup dialog shows

Click Next

12

Check I accept the items in the license agreement

Click Next

Select Yes (Recommended) to enable Error Reporting for improving the quality, reliability, and performance of Microsoft software

Click Next

Choose option Typical Exchange Server Installation.

This option will install the mail server roles : Hub Transport, Client Access, Mailbox and Exchange Management Tools

You need to choose the location for exchange files

Click Browse 13

Create the folders in which Exchange 2007 files store

Click OK

Continue setting up. Click Next

14

Enter the Exchange organization

Click Next

Note: the example organization is GLFS

If the clients in your company use Outlook 2003, choose Yes so that outlook 2003 is compatible with exchange 2007

Click Next

Waiting for the Readiness Checks

15

All prerequisites are ok. You can go on installing exchange 2007

Click Install

Waiting for the installation process

16

The installation is successful.

Check the Finalize installation using the Exchange Management Console

Click Finish

Exchange Management Console shows up. It instructs the finalize deployment

First, you need to supply the License Key of product.

On the left pane, expand Microsoft Exchange -> Server Configuration -> Hub Transport

On the Action pane, select Enter Product Key

17

Enter key on product key text box

Click Enter button

Congratulation, the wizard of Product key finish properly

Click Finish

Turn back the first dialog of Exchange

18

Second, the exchange 2007 needs to be updated

On the left pane, select Toolbox

On the right pane, select Best Practices Analyzer

The Microsoft Exchange Best Practices Analyzer appears

Check on Check for updates on startup (recommended) and Join the Microsoft Customer Experience Improvement Program

Select Check for updates now

The update is on progress for checking

19

Select Download the lasted updates

Updated packages are downloaded and installed

Finish updating product

20

6. Configure Exchange 2007 After setting up exchange, the basic configuration had better be configured for normal working.

On Exchange Management Consoles, Go to Server Configuration -> Hub transport. On the left pane, right click on Client VNFSDC001, select Properties

Enter mail.glfs.myvnc.com on the Specify the FQDN

21

Select tab Authentication, uncheck Offer Basic authentication only after starting TLS Select Permission Groups

Select tab Permission Groups, check Anonymous Users, Exchange Users Click Ok

Right click on Default VNFSDC001, select Properties

22

Enter mail.glfs.myvnc.com

On Authentication tab, uncheck Offer Basic authentication only after starting TLS Select Permission Groups

23

Check Anonymous users, Exchange Users, Exchange Servers & legacy Exchange Servers Click Ok

Go to Server Configuration - > Client Access On the right pane, right click on owa and select Properties

Input the external URL: https://mail.glfs.myvnc.com/owa Choose Authentication tab

24

Check Basic authentication (password is sent in clear text)

Click ok to finish changing

Go to Organization Configuration -> Hub Transport Select tab Send Connectors on the right pane Right click on this and select New send connector

25

Enter the name of Send Connector: Outbound to Internet Select the intended use “internet” for the send connector

On the New Send Connector dialog, Click Add and enter * on the Domain textbox Click Ok

Click Next

26

Click Next

Select Source Server and click Next

Click new to create send connector

27

Click Finish

7. Insert Offline Address Book in Mail Database The following steps help remove the error of the object missing in exchange cached mode.

Open Exchange Mangement Console Go to Microsoft Exchange -> Server Configures -> Mailbox

On the right pane, Right click on First Storage Group – Mailbox Database Select Properties

28

On Mailbox Database Properties, Go to tab Client Settings Click Browse

Select Default Offline Address Book Click OK

29

Click OK

Close the console

III. Installing ISA 2006
On the server VNFSIS001, you set IP address for internal & external interface properly. ISA 2006 Standard plays roles as gateway for internal, gateway for VPN at external and publishing owa, outlook anywhere, pop3, smtp.

30

Put the CD the the cdrom drive, the welcome of ISA appears Click on Install ISA Server 2006

Waiting for the preparation

Click Next the the welcome page

31

Select I accept the terms.. Click Next

Enter the name and Organization Click Next

Choose Typical Click Next

32

Choose the range of Internal Network Click Next

Click Next

Click Next

33

Click Install to start setting up

Waiting for the installation

Waiting…

34

Select Invoke ISA Server Management Click Finish

The interface of ISA 2006 turns out

IV. Publishing an Exchange Web Access (OWA)
This section shows you how to publish OWA. Certificate of default web access need creating & exporting to ISA server. ISA server uses this certificate to create web listener & OWA publishing rule. 1. Install Certificate Service on domain controller VNFSDC001

On add or remove programs

35

Select certificate sevices

Select enterprise root CA

Enter mail on common name for this CA

36

Click Next

Waiting for installation

Click Finish

2. Create certificate for Exchange web a. Delete default existing certificate 37

Open Internet information service

Right click Default web site and select Properties

Select tab Directory Security, click Server Certificate

38

Click Next

Select Remove the current certificate and click Next

Click Next

39

Click Finish

On the Default Web Site, click Edit

Check Require secure channel (SSL) Click Ok

40

Click OK

b. Create certificate for default website

On the Internet Information Services Manager, right click on Default Web Site Select Properties

On tab Directory Security, click Server Certificate

41

Click Next

Choose Create a new certificate Click Next

Choose Send the request … Click Next

42

On the textbox name, enter mail.glfs.myvnc.com Click Next

Enter Organization, click Next

Input Country, State, city Click Next

43

Click Next

Click Next

Click Next for accepting confirmation

44

Click Finish

Click Ok

c. Export certificate of OWA virtual directory This section will export the certificate for OWA. As to implementation, Virtual directory RPC needs exporting for OWA & RPC over HTTP

45

Right click RPC and click properties

Select Directory Security tab, Click Edit in Authentication and access control

46

Check Integrated windows authentication and Basic authentication (password is send in clear text)

Click Edit on Secure communications

47

Check Require secure channel (ssl) and Require 128-bit encryption

Click View Certificate

48

Select Details tab and click Copy to file

Click Next

49

Select yes, export the private key and click Next

Select include all certificate in the …. Click Next

Enter password for file certificate. Note: keep it, when import on ISA we must enter this password

50

Browse to save file Click Next

Click Finish

Click OK for finishing exporting certificate

51

Click OK

Click OK

3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) Three CName (mail, pop, smtp) mapping to VNFSIS001.glfs.myvnc.com (192.168.1.1) are created on DNS of VNFSDC001. They are used for OWA, RPC publishing, pop3 and smtp.

52

Open DNS

On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…

Enter mail on Alias name Select vnfsis001.glfs.myvnc.com for FQDN Click OK

53

The DNS console appears like this

On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…

Enter mail on Alias name Select vnfsdc001.glfs.myvnc.com for FQDN Click OK

54

On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…

Enter mail on Alias name Select vnfsdc001.glfs.myvnc.com for FQDN Click OK

The DNS windows after create CName

55

4. Import certificate to ISA VNFSIS001 The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on Personal & Trusted Root Certificate store.

Copy file mycert.pxf from VNFSDC001 (this file exported in OWA of IIS)

Click Start, select Run….

Enter MMC and click OK

56

Click menu File, Add/ Remove ….

Click Add

57

Select Certificates and click Add

Select Computer account and click Next

Click Finish

58

Click Close

Click OK

59

Right click on Personal, select All Tasks Import

Click Next

Browse for the certificate file

60

Enter password of the certificate file you have set Click Next

Click Next

Click Finish

61

Click OK

The certificate has been imported

Go to Trusted Root Certificate, right click on Certificates, select All tasks -> Import

62

Click Next

Click Browse for the certificate file

Enter password of file Click Next

63

Click Next

Click Finish

Click OK

64

The certificate has been imported

5. Create Web Listening object on ISA

Open ISA

Move to firewall rule, on the right pane right click on Web Listener Select New Web Listener

65

Enter name for the web listener

Select Require SSL secure connections with clients Click Next

66

Select Internal, External Click on Select IP Addresses

Add IP address of external Click OK

Select internal, click Select IP Addresses

67

Add ip address of internal Click OK

Select IP address of external and click Select Certificate

Select certificate mail.glfs.myvnc.com Click Select

68

Select IP address of internal and lick select certificate

Select certificate mail.glfs.myvnc.com

69

Click Next

Select HTML From Authentication and LDAP (active directory)

70

On the textbox SSO, enter .glfs.myvnc.com

Select the LDAP Servers Click Add

71

Enter FQDN name of VNFSDC001 (domain controller) on Server name Click OK

Enter glfs.myvnc.com for type the Active Directory domain name Click Next

72

Click Finish

6. Create web publishing OWA rule

Right click Firewall Rule  New  Exchange Web Client Access Publish rule

73

Enter name for publishing rule. Please input Publishing OWA

Select exchange server 2007 and check Outlook Web Access Click Next

74

Select Use SSL to connect to the published web server or server farm Click Next

Enter mail.glfs.myvnc.com for internal site name Enter vnfsdc001.glfs.myvnc.com for Computer name or IP address

75

Enter mail.glfs.myvnc.com for Public name Click Next

Select Web listener which was created Click Next

76

Select Basic authentication Click Next

Click Next

77

Click Finish

Click Apply

V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP)
The RPC publishing rule is the same as OWA publishing rule. The web listener object is also used to make rule. 1. Install network service RPC Over HTTP (on vnfsdc001)

78

Open control panel and click Add or remove Programs

On left panel click Add/removes windows

Select role and move down

79

Select Network services and click Detail

Select RPC Over HTTP proxy and click OK

Click Next

80

Wait for installation

Click Finish

2. Enable Outlook Anywhere of Exchange 2007

Open Ms exchange 2007 console

81

Click Server configuration  client access

On right panel click Enable outlook any where

Enter mail.glfs.myvnc.com for external host name Select basic authentication and click enable

82

Click Finish

The window after enabling Outlook Anywhere are shown

3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001

Open ISA windows, Right click Firewall rule, select new and exchange web client access publishing rule

83

Enter name for rule and click next

Select Exchange server 2007 and check Outlook anywhere

84

Select Publish a single web site or load balancer

Select Use ssl connect to the published web server or server fam

85

Enter mail.glfs.myvnc.com in internal site name and vnfsdc001.glfs.myvnc.com in computer name or IP address

Select this domain name and enter mail.glfs.myvnc.com

86

Select web listener is My listener

Select Basic authentication

87

Click Next

Click Finish

Select Publishing Outlook Anywhere rule

88

Right click and select Properties

Select To tab and select requests appear to come from the original client

89

Select Traffic tab and check Require 128bit encryption for HTTPs traffic

Click Apply

VI. Publishing an Exchange Server for SMTP, POP3
Two publishing rule need creating in order for the other mail server & client to communicate. First, the smtp service (in IIS) is installed on ISA Server. Second, making 2 smtp & pop3 rules.

1. Install SMTP service on ISA relay connect to SMTP exchange 2007

90

Go to Control panel, double click on Add or Remove Programs

On the left pane, click on Add/Remove Windows Components

Click on Accessories and Utilities and click the button Detail

91

Select Internet Information Services (IIS) Click Detail

Check SMTP Service Click OK

Click OK

92

Click Next to install SMTP services

Wait for installation

Click Finish

93

2.

Configuration SMTP relay on ISA server

Click Start on the below left corner Click on Programs -> Administrators Tools -> Internet Information Services (IIS) Manager

On the Internet Information Services Manager dialog, Right click Default SMTP Virtual Server Select Properties

94

On the tab General, select IP address 192.168.1.1 Go to Access tab

Click Authentication

95

Check Basic authentication and Integrated Windows Authentication Enter glfs.myvnc.com on Default domain textbox Click OK

Click OK

96

Go to Default SMTP Virtual Server -> Domains On the right pane, Right click and select New -> Domain…

Select Remote Click Next

Enter glfs.myvnc.com on Name textbox Click Finish

97

Right click glfs.myvnc.com Select Properties

Check Allow incoming mail to this domain On the Forward all mail to smart host, enter vnfsdc001.glfs.myvnc.com Click Apply

Close the IIS dialog

98

3. Create SMTP Server to SMTP Server Rule

Open ISA Console, Right click Firewall Rules Select New -> Mail server Publishing Rule…

On the Welcome dialog, Enter SMTP Server to on Rule name

Select Server-to-server communication :SMTP, NNTP Click Next

99

Check SMTP Click Next

Enter server IP address 192.168.1.2 Click Next

Select Internal, Click Address…

100

Specify IP address 172.16.1.2 click ADD Click OK

Check Internal Click Address…

Specify IP 192.168.1.1, click Add Click OK

101

Click Next

Click Finish

The rules show on ISA console

102

4. Create publishing SMTP and POP3 rule on ISA server

Open ISA Console, Right click Firewall Rules Select New -> Mail server Publishing Rule…

Enter Publishing on rule name textbox

Select Client access: RPC, IMAP, POP3, SMTP Click Next

103

Check POP3, SMTP Click Next

Enter Server IP address 192.168.1.2 Click Next

Check External Click Address…

104

Specify IP 172.16.1.2, click Add Click OK

Check Internal Click Address…

Select IP 192.168.1.1, click Add Click OK

105

Click Next

Click Finish

The rules show on ISA console

106

VII. Client test
The final section is to test the work of above configurations.

1. Login with web access OWA

Open Internet browse Enter https://mail.glfs.myvnc.com/owa in address and enter

Enter username and password and click log on

Log on ok

107

2. Register Outlook Anywhere
a. Import certificate The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on Personal & Trusted Root Certificate store.

Click start run

Enter MMC and click OK

Click menu File, Add/ Remove ….

108

Click Add

Select Certificates and click Add

109

Select Computer account and click Next

Click Finish

Click Close

110

Click OK

Right click on Personal, select All Tasks Import

Click Next

111

Browse for the certificate file

Enter password of the certificate file you have set Click Next

Click Next

112

Click Finish

Click OK

The certificate has been imported

113

Go to Trusted Root Certificate, right click on Certificates, select All tasks -> Import

Click Next

Click Browse for the certificate file

114

Enter password of file

Click Next

Click Finish

115

Click OK

The certificate has been imported

b. Register outlook any where

Open Control Panel and click Mail

116

Click E-mail Accounts

Click Next

Select Microsoft Exchange Server and click Next

117

Enter vnfsdc001.glfs.myvnc.com for Microsoft Exchange Server Enter username Click More settings

Select Connection tab

118

Check Connect ton my Exchange mailbox using HTTP and click Exchange Proxy Settings

Enter mail.glfs.myvnc.com for HTTPS:// Uncheck Manually authentication the session when connecting with SSL Check On fast network, connect using HTTP first, then connection using TCP/IP Select Basic Authentication for Proxy authentication settings Click OK

Click Check Name

119

Click Next

Click Finish

Click Close

120

Open MS Outlook and enter password for accounts Ex: username: glfs\huynq Password: 123qwe!@#

The outlook works with RPC ok

3. Register POP3 & SMTP

Open MS Outlook

121

Click Tool, Email-Accounts

Click Next

Select POP3 and click Next

122

Enter your name, email address. Enter pop.glfs.myvnc.com for Incoming mail server (POP3) Enter smtp.glfs.myvnc.com for Outgoing mail server (SMTP) Enter username and password Click more settings

Go to Outgoing Server tab

123

Check My outgoing server (SMTP) requires authentication Click OK

Click Test Accounts Settings…

124

Test ok and click Close

Click Next

Click Finish

125

The MS Outlook work ok with POP3 and SMTP

126

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->