Professional Documents
Culture Documents
Executive Summary
Server Configuration
Verification Steps
For purposes of providing an example, the template uses the fictitious company name of
Contoso. Also, you can download this template, along with templates for other server roles, as a
download package in .zip file format at Microsoft Exchange Server 2010 Install Guide Templates
(http://go.microsoft.com/fwlink/?LinkID=187961).
Executive Summary
The purpose of this document is to explain the installation and configurations necessary to install
the Exchange 2010 Client Access server role on the Windows Server 2008 platform.
Business Justification
By having an installation guide, Contoso will be able to ensure standardization across the
enterprise, reducing total cost of ownership (TCO), and easing troubleshooting steps.
Scope
The scope of this document is limited to installation of an Exchange 2010 Client Access server for
Contoso on the x64 version of the Windows Server 2008 (SP2 or R2) operating system.
Prerequisites
The administrator should have working knowledge of Windows Server 2008 concepts, Exchange
2010 concepts, the Exchange Management Console and Exchange Management Shell, the
command line, and various system utilities. This document does not elaborate on the details of
any system utility except as necessary to complete the tasks within.
In addition, before implementing the server role, the administrator should review the
Understanding Client Access topic in the Exchange Server 2010 Library
(http://go.microsoft.com/fwlink/?LinkId=187352).
Assumptions
This document assumes that Windows Server 2008 x64 Edition is installed on the intended Client
Access server per company baseline regulations which include the latest approved service pack
and hotfixes. In addition, the following system prerequisites have been installed:
Microsoft .NET Framework 3.5 SP1 and the update for .NET Framework 3.5 SP1 For more
information, see Microsoft Knowledge Base article 959209, An update for the .NET
Framework 3.5 Service Pack 1 is available (http://go.microsoft.com/fwlink/?
linkid=3052&kbid=959209).
This document assumes that forest and domain preparation steps have been performed as
described in the Prepare Active Directory and Domains topic in the Exchange Server 2010 Library
(http://go.microsoft.com/fwlink/?LinkId=187262).
This document assumes that the account you will be using for the Exchange tasks has been
delegated the Server Management management role, as described in the Server Management
topic in the Exchange Server 2010 Library (http://go.microsoft.com/fwlink/?LinkId=187265).
This document also assumes that both Exchange 2010 Windows Server 2008 and Windows
Server 2008 will be secured following the best practices found in the Windows Server 2008
Security Guide (http://go.microsoft.com/fwlink/?LinkId=122593).
Important:
The procedures within this document should be followed sequentially. If changes are
made out of sequence, unexpected results may occur.
Server Configuration
The following media are required for this section:
Select the check box to Append parent suffixes of the primary DNS suffix.
Drive Configuration
1. Connect to the server through Remote Desktop and then log on with an account that has
been delegated local administrative access.
2. Click Start > Administrative Tools, and then select Computer Management.
3. Expand Storage and then click Disk Management.
4. Using the Disk Management snap-in of the Microsoft Management Console (MMC), format,
rename, and assign the appropriate Drive Letters so that the volumes and DVD drive match
the appropriate server configuration.
Drive configuration
LUN
Drive letter
Usage
DVD drive
For the C: drive, set the Maximum Size (MB) value to that of the Initial Size.
d. In the Drive list, select the page file drive (for example, the P: drive), and then click
Custom size.
e. In the Initial Size (MB) box, type the result of one of the following calculations:
If the server has less than 8 GB of RAM, multiply the amount of RAM times 1.5.
If the server has 8 GB of RAM or more, add the amount of RAM plus 10 MB.
f.
In the Maximum Size (MB) box, type the same amount that you typed in the Initial Size
box.
d. Click OK.
10. Click OK two times to close the System Properties dialog box.
11. Click No if prompted to restart the system.
Note:
For more information about page file recommendations, see the following Microsoft
Knowledge Base articles: How to determine the appropriate page file size for 64-bit
versions of Windows Server 2003 or Windows XP (http://go.microsoft.com/fwlink/?
linkid=3052&kbid=889654); and Overview of memory dump file options for Windows
Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003,
Windows XP, and Windows 2000 (http://go.microsoft.com/fwlink/?
linkid=3052&kbid=254649).
Drive Permissions
1. Connect to the server through Remote Desktop, and then log on with an account that has
been delegated local administrative access.
2. Click Start, and then select Computer.
3. Right-click D Drive, and then select Properties.
4. Click the Security tab.
5. Click Edit.
6. Click Add, and then select the local server from Locations.
7. Grant the following rights as outlined in the following table.
Drive permissions
Account
Permissions
Administrators
Full Control
SYSTEM
Full Control
Authenticated Users
CREATOR OWNER
Full Control
HTTPS
443
IMAP4
POP3
135
59595
59596
Note:
This document uses TCP59595 for the Address Book service and TCP59596 for the RPC
Client Access service, but you can use any TCP high ports that are available within the
environment between ports 59530 and 60554.
1. Connect to the server via Remote Desktop, and then log on with an account that has been
delegated local administrative access.
2. Install Network Load Balancing for your operating system:
a. Windows Server 2008 SP2 Open an administrative command prompt window and run
the following command:
ServerManagerCmd.exe -i NLB
b. Windows Server 2008 R2 Open an elevated Windows PowerShell console, and run the
following commands:
Import-Module ServerManager
Add-WindowsFeature NLB
3. Click Start>Administrative Tools, and then right-click Network Load Balancing Manager.
4. Click Cluster-New.
5. In the New Cluster wizard, enter the local servers computer name, click Connect and then
select the appropriate network connection.
6. Click Next.
7. In the Host Parameters section, verify the hosts IP address and subnet mask.
8. Click Next.
9. In the Cluster IP Address section, click Add and enter:
10
a. IP Address
b. Subnet Mask
10. Click Next.
11. In the Cluster Parameters section, enter in the Full Internet Name (for example,
mail.contoso.com) that will be used by the cluster and make sure Unicast is selected.
12. Click Next.
13. In the Port Rules section, select the default rule and click Edit.
14. Under Port Range, change the From value to 80 and the To value to 80.
15. Under Protocols, select TCP.
16. Click OK.
17. Click Add to create a new port rule.
a. Under Port Range, change the From value to 443 and the To value to 443.
b. Under Protocols, select TCP.
c.
Click OK.
Note:
If you are using IMAP or POP in the environment, be sure to create the
appropriate rules.
Click OK.
Click OK.
Click OK.
Click OK.
Note:
The above rule for UDP 500 should be created if you are using IPSec in the
environment.
11
a. Under Port Range, change the From value to 995 and the To value to 995.
b. Under Protocols, select TCP.
c.
Click OK.
Click OK.
Click OK.
Verification Steps
The following procedures are in this section:
1. Organizational Unit Verification
2. Active Directory Site Verification
3. Domain Controller Diagnostics Verification
4. Exchange Best Practices Analyzer Verification
Important:
The procedures within this document should be followed sequentially. If changes are
made out of sequence, unexpected results may occur.
12
13
Management tools installed through Remote Desktop and log on with an account that has local
administrative access.
1. Click Start > All Programs > Microsoft Exchange Server 2010 and then select Exchange
Management Console.
2. Open the Toolbox node.
3. Double-click Best Practices Analyzer.
4. Check and apply any updates for the Best Practices Analyzer engine.
5. Provide the appropriate information to connect to Active Directory and then click Connect to
the Active Directory server.
6. In Start a New Best Practices Scan, select Health Check, and then click Start Scanning.
7. Review the report, and take action on any errors or warnings that are reported by following
the resolution articles that are provided within the Best Practices Analyzer.
14
15
16
17
18
Launch the Exchange Management Shell with an account that has been delegated the Server
Management role and then run the following command:
New-ClientAccessArray -Fqdn <FQDN of CAS load balanced array> -Site
<Active Directory Site>
d. Right-click ParametersSystem, point to New, and then click DWORD (32-bit) Value.
e. Type TCP/IP Port to name the new value.
f.
g. In the Value data box, type 59595, and then click OK.
Configure a static port for the Microsoft Exchange Address Book service by performing the steps
below for your version of Exchange 2010.
In the Release to Manufacturing (RTM) version of Exchange 2010:
1. Navigate to <Exchange Install Path>\bin.
2. Open the MicrosoftExchange.AddressBook.Service.exe.config file in Notepad and add the
following entry to the <appSettings> section of the file:
<add key="RpcTcpPort" value="59596" />
3. Close and save the file.
In Exchange 2010 Service Pack 1 (SP1):
1. Start Registry Editor.
19
Important:
Incorrectly editing the registry can cause serious problems that may require you to
reinstall your operating system. Problems resulting from editing the registry
incorrectly may not be able to be resolved. Before editing the registry, back up any
valuable data.
a. Navigate to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeAB
b. Right-click MSExchangeAB, point to New, and then click Key.
c.
Double-click RpcTcpPort.
g. In the Value data box, type 59596, and then click OK.
2. Close Registry Editor and then restart the Microsoft Exchange Address Book service.
Autodiscover Configuration
Exchange 2010 includes a service named the Autodiscover service. The Autodiscover service
makes it easier to configure Outlook 2007 or Outlook 2010 and some mobile phones. For more
information, see the Understanding the Autodiscover Service topic in the Exchange Server 2010
Library (http://go.microsoft.com/fwlink/?LinkId=194169).
1. Launch the Exchange Management Shell with an account that has been delegated the Server
Management role.
2. Configure the internal Autodiscover URL by running the following command within the
Exchange Management Shell. In the following example, CAS01 is the name of the Client
Access server and internal.domain.fqdn is the internal namespace used for Autodiscover:
Set-ClientAccessServer Identity CAS01
-AutoDiscoverServiceInternalUri
https://internal.domain.fqdn/autodiscover/autodiscover.xml
3. Optional: Follow the procedure outlined in the Configure the Exchange Services for the
Autodiscover Service topic in the Exchange Server 2010 Library
(http://go.microsoft.com/fwlink/?LinkId=187243) to configure the Autodiscover service for use
by Internet clients. This will enable Outlook Anywhere and set the offline address book (OAB),
Web Services, and Unified Messaging virtual directories external URL parameter.
4. Optional: Follow the procedure outlined in the Configure Exchange ActiveSync Autodiscover
Settings topic in the Exchange Server 2010 Library (http://go.microsoft.com/fwlink/?
LinkId=187244) for usage by mobile clients.
5. Optional: Enable site affinity by following the procedure outlined in the Configure the
Autodiscover Service to Use Site Affinity topic in the Exchange Server 2010 Library
(http://go.microsoft.com/fwlink/?LinkId=187245).
20
6. Verify that Autodiscover functions correctly by following the procedure outlined in the Test
Outlook Autodiscover Connectivity topic in the Exchange Server 2010 Library
(http://go.microsoft.com/fwlink/?LinkId=187247).
21
IMAP4 Configuration
If the Client Access server will not allow IMAP4 connections, you can skip this section.
1. Launch the Exchange Management Shell with an account that has been delegated the Server
Management role.
a. To configure the IMAP4 bindings, run the following command. In the following example,
CAS01 is the Client Access server and 0.0.0.0 implies any IP address.
Set-ImapSettings server CAS01 UnencryptedOrTLSBindings
0.0.0.0:143 SSLBindings 0.0.0.0:993
b. To disable plain text authentication and enable custom calendar item retrieval option for
IMAP4, run the following command. In the following example, mail.contoso.com is the
certificate name and external URL.
Set-ImapSettings server CAS01 -X509CertificateName
mail.contoso.com LoginType SecureLogin
-CalendarItemRetrievalOption Custom -OwaServerUrl
https://mail.contoso.com/owa
c.
To enable the Exchange IMAP4 service for automatic startup, run the following
command:
Set-Service MSExchangeIMAP4 -ComputerName CAS01 -StartupType
automatic
POP3 Configuration
If the Client Access server will not allow POP3 connections, you can skip this section.
1. Launch the Exchange Management Shell with an account that has been delegated the Server
Management role.
a. To configure the POP3 bindings, run the following command. In the following example,
CAS01 is the Client Access server and 0.0.0.0 implies any IP address.
Set-PopSettings server CAS01 UnencryptedOrTLSBindings
0.0.0.0:110 SSLBindings 0.0.0.0:995
b. To disable plain text authentication and enable custom calendar item retrieval option for
POP3, run the following command. In the following example, mail.contoso.com is the
certificate name and external URL.
Set-PopSettings server CAS01 -X509CertificateName
mail.contoso.com LoginType SecureLogin
-CalendarItemRetrievalOption Custom -OwaServerUrl
https://mail.contoso.com/owa
c.
To enable the Exchange POP3 service for automatic startup, run the following command:
Set-Service MSExchangePOP3 -ComputerName CAS01 -StartupType
automatic
22
23
1. Launch the Exchange Management Shell with an account that has been delegated the Server
Management role.
2. Configure Windows Integrated Authentication by following the procedure outlined in the
Configure Forms-based Authentication for Outlook Web App topic in the Exchange Server
2010 Library (http://go.microsoft.com/fwlink/?LinkId=187486).
3. Optional: Configure GZip compression by following the procedure outlined in the Configure
Gzip Compression Settings topic in the Exchange Server 2010 Library
(http://go.microsoft.com/fwlink/?LinkId=187343).
4. Configure WebReady Document Viewing by following the procedure outlined in the Configure
WebReady Document Viewing topic in the Exchange Server 2010 Library
(http://go.microsoft.com/fwlink/?LinkId=187344).
5. Configure private and public computer file access by following the procedure outlined in
Configure Public and Private Computer File Access topic in the Exchange Server 2010
Library (http://go.microsoft.com/fwlink/?LinkId=187346).
6. Optional: To simplify the Outlook Web App URL and redirect users to HTTPS, follow the
procedure outlined in the Simplify the Outlook Web App URL topic in the Exchange Server
2010 Library (http://go.microsoft.com/fwlink/?LinkId=187347).
7. Restart the Client Access server.
24
Note:
Replace Domain Controller with a domain controller that is in the same Active
Directory site as the Exchange server (optional parameter).
The output will be similar to the following if successful:
Z:\E2010-Scripts\CAS>legacyeas.vbs -d:W2K3-DC-01 a:NorthAmerica
Microsoft (R) Windows Script Host Version 5.1 for Windows
Copyright (C) Microsoft Corporation 1996-1999. All rights reserved.
Exchange Server Container cn=Microsoft-ServerActivesync,cn=1,cn=HTTP,cn=Protocols,cn=<Server>,cn=Servers,cn=NorthAmer
ica,cn=Administrative Groups,cn=<OrgName>,cn=Microsoft
Exchange,cn=Services,cn=Configuration,dc=<root domain>
Attribute Name & Value msExchAuthenticationFlags: 6
Attribute Set!!
Handoff Test
Before you can complete the diagnostic tasks in this section, you must have already created test
mailboxes in your environment by using the New-TestCasConnectivityUser.ps1 script.
25
26