Publishing Exchange 2007

With ISA 2006

Nguyen Quoc Huy huynq1@fpt.com.vn
Nguyen Van Du dunv@fpt.com.vn

2007

Contents
I. Topology and Description ................................................................................................................... 1
II. Installing and Configuring Exchange Server 2007 ............................................................................ 2
1.

Hardware requirement................................................................................................................. 2

2.

Software requirement .................................................................................................................. 2

3.

Add Components to install Microsoft Exchange Server ............................................................. 3

4.

Install prerequisite packets .......................................................................................................... 5

5.

Install Microsoft Exchange Server 2007 ................................................................................... 12

6.

Configure Exchange 2007......................................................................................................... 21

7.

Insert Offline Address Book in Mail Database ......................................................................... 28

III. Installing ISA 2006 ......................................................................................................................... 30

IV. Publishing an Exchange Web Access (OWA) ................................................................................ 35
1.

Install Certificate Service on domain controller VNFSDC001 ................................................. 35

2.

Create certificate for Exchange web ......................................................................................... 37

a.

Delete default existing certificate ......................................................................................... 37

b.

Create certificate for default website .................................................................................... 41

c.

Export certificate of OWA virtual directory ......................................................................... 45

3.

Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) .................................... 52

4.

Import certificate to ISA VNFSIS001 ...................................................................................... 56

5.

Create Web Listening object on ISA ........................................................................................ 65

6.

Create web publishing OWA rule ............................................................................................. 73

V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) ......................................... 78

1.

Install network service RPC Over HTTP (on vnfsdc001) ........................................................ 78

2.

Enable Outlook Anywhere of Exchange 2007 .......................................................................... 81

3.

Create Outlook Anywhere Publishing rule on ISA VNFSIS001 .............................................. 83

VI. Publishing an Exchange Server for SMTP, POP3 .......................................................................... 90

1.

Install SMTP service on ISA relay connect to SMTP exchange 2007...................................... 90

2.

Configuration SMTP relay on ISA server ................................................................................. 94

3.

Create SMTP Server to SMTP Server Rule .............................................................................. 99

4.

Create publishing SMTP and POP3 rule on ISA server ......................................................... 103

VII. Client test..................................................................................................................................... 107

1.

Login with web access OWA.................................................................................................. 107

2.

Register Outlook Anywhere.................................................................................................... 108

3.

Register POP3 & SMTP ......................................................................................................... 121

I. Topology and Description

This lab is to setup & configure Microsoft Exchange 2007 Enterprise X64. After that, the services
OWA, SMTP, POP3, MAPI are published to internet using Microsoft ISA 2006 Standard
The following is the configuration information of each device:
Computer Number
Computer Name
IP Address Information

1
VNFSDC001
IP address:
192.168.1.2
DG:
192.168.1.1
DNS:
192.168.1.2

OS

Windows Server 2003

En R2 x64
DHCP
DNS
WINS
Certificate Services
Exchange 2007 En
(All updates from

Installed Services

2
VNFSIS001
Internal:
IP address:
192.168.1.1
DNS:
192.168.1.2
External:
IP address:
172.16.1.2
DG:
172.16.1.1
Windows Server 2003
En R2 x86
ISA 2006 Standard
Edition
(All updates from
Microsoft Update
installed)

3
CLIENT01
IP address:
192.168.1.11
DG:
192.168.1.1
DNS:
192.168.1.2

Windows XP
Professional
None
(All updates from
Microsoft Update
installed)

Microsoft Update
installed)
SP2

Addition
Configurations
Domain Name

Domain Member
Exchange Server Role

Admin Account
Password

glfs.myvnc.com
(domain functional
level windows 2003,
forest functional level
windows 2003)
Yes
Mailbox server
Hub Transport
Client Access Server
Administrator
123qwe!@#

SP2, ISA Publishing

Pack Update
glfs.myvnc.com

SP3

Yes
N/A

Yes
N/A

Administrator
123qwe!@#

Administrator
123qwe!@#

glfs.myvnc.com

II. Installing and Configuring Exchange Server 2007

This section will show you how to install exchange 2007 server step by step. This process must be
done in sequence:
a.
b.
c.
d.
e.
f.

Hardware requirement
Software requirement
Add the necessary component
Install the perquisite packages
Install Exchange 2007 Enterprise
Configure Exchange 2007 Enterprise

1. Hardware requirement
The first step is to determine whether a computer is capable of running Exchange Server
2007. The following list details the hardware requirements of the computer that will host
Exchange Server 2007:

x64 architecture-base processor that supports the Intel EM64T or AMD64 instruction
set

2 GB of RAM plus 5 MB of RAM per mailbox

1.2 GB of disk space on the volume on which Exchange is installed plus 500 MB per
unified messaging language pack that is to be installed

200 MB of free disk space on the system volume

2. Software requirement
Prior to the installation of Exchange, the software environment should meet the following
requirements:

64-bit edition of Windows Server 2003 or Windows Server 2003 R2. If you plan to
use single-copy cluster or cluster continuous replication, the enterprise editions of
Windows Server 2003 and Windows Server 2003 R2 are required

The following volumes must be formatted with the NTFS file system:
2

System volume

Volumes that store Exchange program files, storage group files, transaction
log files, database files, and all other Exchange files

Microsoft .Net Framework 2.0 SP1

Microsoft Windows PowerShell. This can be downloaded from Microsofts Web site

MMC 3.0. This version of the MMC is included with Windows Server 2003 R2 but
not with Windows Server 2003. This MMC is installed when you apply SP2 to
Windows Server 2003 R2

Update for Windows Server 2003 x64 edition KB904639

Update for Windows Server 2003 x64 edition KB918980

The Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol
(NNTP) service must not be installed.

3. Add Components to install Microsoft Exchange Server

The service IIS with ASP.Net needs to install prior Exchange 2007 setup

Click Start, point to Control Panel.

Click Add or Remove Programs

Click Add/Remove Windows

Components.

In Windows Component Wizard, on the

Windows Components page, highlight
Application Server, and then click
Details.

In Application Server, select the

ASP.NET check box.

Click Next, and when the Windows

Components Wizard completes, click
Finish.

4. Install prerequisite packets

The following package will be installed as prerequisite packets:
a. ADAM
b. .Net Framework 2.0 SP1
c. Windows Power Shell
ADAM package

Open windows explorer and double click

on the package ADAM

Click Next on the Software Update

Installation Wizard dialog

Check Agree and click Next

Wait for the installation

The package is installed successfully

Click Finish

.Net Framwork 2.0

Open windows explorer and double click

on the package .Netx64

Click Next on the Microsoft .Net

Framework 2.0 (x64) Setup dialog

Check I accept the terms of the License

Agreement then click Next

Wait for the installation

Click Finish for successful installation

Go on installing the update of .Net

Framework.

Double click the update package

Click Ok to update the Microsoft .NET

Framework 2.0

Click on I accept button

Waiting for the installation

Click OK

Click Reboot Now and your computer is

going to restart

10

Windows PowerShell

Double click on the package Windows

PowerShell

Click Next on the Software Update

Installation Wizard

Check I Agree then click Next

Waiting for the Installation

11

Click OK to finish the installation of

Windows PowerShell

5. Install Microsoft Exchange Server 2007

The domain server will be also Exchange mail server. Its exchange roles are Client Access, Hub
Transport, Mailbox server.

Insert Exchange 2007 DVD into DVD

Rom

The Exchange 2007 Setup dialog shows

Click Next

12

Check I accept the items in the license

agreement

Click Next

Select Yes (Recommended) to enable Error

Reporting for improving the quality,
reliability, and performance of Microsoft
software

Click Next

Choose option Typical Exchange Server

Installation.

This option will install the mail server roles

: Hub Transport, Client Access, Mailbox
and Exchange Management Tools

You need to choose the location for

exchange files

Click Browse
13

Create the folders in which Exchange 2007

files store

Click OK

Continue setting up. Click Next

14

Enter the Exchange organization

Click Next

Note: the example organization is GLFS

If the clients in your company use Outlook

2003, choose Yes so that outlook 2003 is
compatible with exchange 2007

Click Next

Waiting for the Readiness Checks

15

All prerequisites are ok. You can go on

installing exchange 2007

Click Install

Waiting for the installation process

16

The installation is successful.

Check the Finalize installation using the

Exchange Management Console

Click Finish

Exchange Management Console shows up.

It instructs the finalize deployment

First, you need to supply the License Key

of product.

On the left pane, expand Microsoft

Exchange -> Server Configuration -> Hub
Transport

On the Action pane, select Enter Product

Key

17

Enter key on product key text box

Click Enter button

Congratulation, the wizard of Product key

finish properly

Click Finish

Turn back the first dialog of Exchange

18

Second, the exchange 2007 needs to be

updated

On the left pane, select Toolbox

On the right pane, select Best Practices

Analyzer

The Microsoft Exchange Best Practices

Analyzer appears

Check on Check for updates on startup

(recommended) and Join the Microsoft
Customer Experience Improvement
Program

Select Check for updates now

The update is on progress for checking

19

Select Download the lasted updates

Updated packages are downloaded and

installed

Finish updating product

20

6. Configure Exchange 2007

After setting up exchange, the basic configuration had better be configured for normal working.

On Exchange Management Consoles,

Go to Server Configuration -> Hub
transport.
On the left pane, right click on Client
VNFSDC001, select Properties

Enter mail.glfs.myvnc.com on the Specify

the FQDN

21

Select tab Authentication, uncheck Offer

Basic authentication only after starting
TLS
Select Permission Groups

Select tab Permission Groups, check

Anonymous Users, Exchange Users
Click Ok

Right click on Default VNFSDC001, select

Properties

22

Enter mail.glfs.myvnc.com

On Authentication tab, uncheck Offer

Basic authentication only after starting
TLS
Select Permission Groups

23

Check Anonymous users, Exchange Users,

Exchange Servers & legacy Exchange
Servers
Click Ok

Go to Server Configuration - > Client

Access
On the right pane, right click on owa and
select Properties

Input the external URL:

https://mail.glfs.myvnc.com/owa
Choose Authentication tab

24

Check Basic authentication (password is

sent in clear text)

Click ok to finish changing

Go to Organization Configuration -> Hub

Transport
Select tab Send Connectors on the right
pane
Right click on this and select New send
connector

25

Enter the name of Send Connector:

Outbound to Internet
Select the intended use internet for the
send connector

On the New Send Connector dialog, Click

Add and enter * on the Domain textbox
Click Ok

Click Next

26

Click Next

Select Source Server and click Next

Click new to create send connector

27

Click Finish

7. Insert Offline Address Book in Mail Database

The following steps help remove the error of the object missing in exchange cached mode.

Open Exchange Mangement Console

Go to Microsoft Exchange -> Server
Configures -> Mailbox

On the right pane, Right click on First

Storage Group Mailbox Database
Select Properties

28

On Mailbox Database Properties, Go to tab

Client Settings
Click Browse

Select Default Offline Address Book

Click OK

29

Click OK

Close the console

III. Installing ISA 2006

On the server VNFSIS001, you set IP address for internal & external interface properly. ISA
2006 Standard plays roles as gateway for internal, gateway for VPN at external and publishing owa,
outlook anywhere, pop3, smtp.

30

Put the CD the the cdrom drive, the

welcome of ISA appears
Click on Install ISA Server 2006

Waiting for the preparation

Click Next the the welcome page

31

Select I accept the terms..

Click Next

Enter the name and Organization

Click Next

Choose Typical
Click Next

32

Choose the range of Internal Network

Click Next

Click Next

Click Next

33

Click Install to start setting up

Waiting for the installation

Waiting

34

Select Invoke ISA Server Management

Click Finish

The interface of ISA 2006 turns out

IV. Publishing an Exchange Web Access (OWA)

This section shows you how to publish OWA. Certificate of default web access need creating &
exporting to ISA server. ISA server uses this certificate to create web listener & OWA publishing rule.
1. Install Certificate Service on domain controller VNFSDC001

On add or remove programs

35

Select certificate sevices

Select enterprise root CA

Enter mail on common name for this CA

36

Click Next

Waiting for installation

Click Finish

2. Create certificate for Exchange web

a. Delete default existing certificate
37

Open Internet information service

Right click Default web site and select

Properties

Select tab Directory Security, click

Server Certificate

38

Click Next

Select Remove the current certificate and

click Next

Click Next

39

Click Finish

On the Default Web Site, click Edit

Check Require secure channel (SSL)

Click Ok

40

Click OK

b. Create certificate for default website

On the Internet Information Services

Manager, right click on Default Web Site
Select Properties

On tab Directory Security, click Server

Certificate

41

Click Next

Choose Create a new certificate

Click Next

Choose Send the request

Click Next

42

On the textbox name, enter

mail.glfs.myvnc.com
Click Next

Enter Organization, click Next

Input Country, State, city

Click Next

43

Click Next

Click Next

Click Next for accepting confirmation

44

Click Finish

Click Ok

c. Export certificate of OWA virtual directory

This section will export the certificate for OWA. As to implementation, Virtual directory
RPC needs exporting for OWA & RPC over HTTP

45

Right click RPC and click properties

Select Directory Security tab, Click Edit

in Authentication and access control

46

Check Integrated windows

authentication and Basic authentication
(password is send in clear text)

Click Edit on Secure communications

47

Check Require secure channel (ssl) and

Require 128-bit encryption

Click View Certificate

48

Select Details tab and click Copy to file

Click Next

49

Select yes, export the private key and

click Next

Select include all certificate in the .

Click Next

Enter password for file certificate.

Note: keep it, when import on ISA we
must enter this password

50

Browse to save file

Click Next

Click Finish

Click OK for finishing exporting certificate

51

Click OK

Click OK

3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001)

Three CName (mail, pop, smtp) mapping to VNFSIS001.glfs.myvnc.com (192.168.1.1) are
created on DNS of VNFSDC001. They are used for OWA, RPC publishing, pop3 and smtp.

52

Open DNS

On DNS console, right click on

glfs.myvnc.com
Select New Alias (CNAME)

Enter mail on Alias name

Select vnfsis001.glfs.myvnc.com for
FQDN
Click OK

53

The DNS console appears like this

On DNS console, right click on

glfs.myvnc.com
Select New Alias (CNAME)

Enter mail on Alias name

Select vnfsdc001.glfs.myvnc.com for
FQDN
Click OK

54

On DNS console, right click on

glfs.myvnc.com
Select New Alias (CNAME)

Enter mail on Alias name

Select vnfsdc001.glfs.myvnc.com for
FQDN
Click OK

The DNS windows after create CName

55

4. Import certificate to ISA VNFSIS001

The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on
Personal & Trusted Root Certificate store.

Copy file mycert.pxf from VNFSDC001

(this file exported in OWA of IIS)

Click Start, select Run.

Enter MMC and click OK

56

Click menu File, Add/ Remove .

Click Add

57

Select Certificates and click Add

Select Computer account and click Next

Click Finish

58

Click Close

Click OK

59

Right click on Personal, select All Tasks

Import

Click Next

Browse for the certificate file

60

Enter password of the certificate file you

have set
Click Next

Click Next

Click Finish

61

Click OK

The certificate has been imported

Go to Trusted Root Certificate, right click

on Certificates, select All tasks -> Import

62

Click Next

Click Browse for the certificate file

Enter password of file

Click Next

63

Click Next

Click Finish

Click OK

64

The certificate has been imported

5. Create Web Listening object on ISA

Open ISA

Move to firewall rule, on the right pane

right click on Web Listener
Select New Web Listener

65

Enter name for the web listener

Select Require SSL secure connections

with clients
Click Next

66

Select Internal, External

Click on Select IP Addresses

Add IP address of external

Click OK

Select internal, click Select IP Addresses

67

Add ip address of internal

Click OK

Select IP address of external and click

Select Certificate

Select certificate mail.glfs.myvnc.com

Click Select

68

Select IP address of internal and lick select

certificate

Select certificate mail.glfs.myvnc.com

69

Click Next

Select HTML From Authentication and

LDAP (active directory)

70

On the textbox SSO, enter

.glfs.myvnc.com

Select the LDAP Servers

Click Add

71

Enter FQDN name of VNFSDC001

(domain controller) on Server name
Click OK

Enter glfs.myvnc.com for type the Active

Directory domain name
Click Next

72

Click Finish

6. Create web publishing OWA rule

Right click Firewall Rule New

Exchange Web Client Access Publish rule

73

Enter name for publishing rule.

Please input Publishing OWA

Select exchange server 2007 and check

Outlook Web Access
Click Next

74

Select Use SSL to connect to the published

web server or server farm
Click Next

Enter mail.glfs.myvnc.com for internal

site name
Enter vnfsdc001.glfs.myvnc.com for
Computer name or IP address

75

Enter mail.glfs.myvnc.com for Public

name
Click Next

Select Web listener which was created

Click Next

76

Select Basic authentication

Click Next

Click Next

77

Click Finish

Click Apply

V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP)

The RPC publishing rule is the same as OWA publishing rule. The web listener object is also used
to make rule.
1. Install network service RPC Over HTTP (on vnfsdc001)

78

Open control panel and click Add or

remove Programs

On left panel click Add/removes windows

Select role and move down

79

Select Network services and click Detail

Select RPC Over HTTP proxy and click

OK

Click Next

80

Wait for installation

Click Finish

2. Enable Outlook Anywhere of Exchange 2007

Open Ms exchange 2007 console

81

Click Server configuration client

access

On right panel click Enable outlook any

where

Enter mail.glfs.myvnc.com for external

host name
Select basic authentication and click
enable

82

Click Finish

The window after enabling Outlook

Anywhere are shown

3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001

Open ISA windows, Right click Firewall

rule, select new and exchange web client
access publishing rule

83

Enter name for rule and click next

Select Exchange server 2007 and check

Outlook anywhere

84

Select Publish a single web site or load

balancer

Select Use ssl connect to the published

web server or server fam

85

Enter mail.glfs.myvnc.com in internal site

name and vnfsdc001.glfs.myvnc.com in
computer name or IP address

Select this domain name and enter

mail.glfs.myvnc.com

86

Select web listener is My listener

Select Basic authentication

87

Click Next

Click Finish

Select Publishing Outlook Anywhere rule

88

Right click and select Properties

Select To tab and select requests appear to

come from the original client

89

Select Traffic tab and check Require 128bit encryption for HTTPs traffic

Click Apply

VI. Publishing an Exchange Server for SMTP, POP3

Two publishing rule need creating in order for the other mail server & client to communicate.
First, the smtp service (in IIS) is installed on ISA Server. Second, making 2 smtp & pop3 rules.

1. Install SMTP service on ISA relay connect to SMTP exchange 2007

90

Go to Control panel, double click on Add

or Remove Programs

On the left pane, click on Add/Remove

Windows Components

Click on Accessories and Utilities and click

the button Detail

91

Select Internet Information Services (IIS)

Click Detail

Check SMTP Service

Click OK

Click OK

92

Click Next to install SMTP services

Wait for installation

Click Finish

93

2.

Configuration SMTP relay on ISA server

Click Start on the below left corner

Click on Programs -> Administrators Tools
-> Internet Information Services (IIS)
Manager

On the Internet Information Services

Manager dialog, Right click Default SMTP
Virtual Server
Select Properties

94

On the tab General, select IP address

192.168.1.1
Go to Access tab

Click Authentication

95

Check Basic authentication and Integrated

Windows Authentication
Enter glfs.myvnc.com on Default domain
textbox
Click OK

Click OK

96

Go to Default SMTP Virtual Server ->

Domains
On the right pane, Right click and select
New -> Domain

Select Remote
Click Next

Enter glfs.myvnc.com on Name textbox

Click Finish

97

Right click glfs.myvnc.com

Select Properties

Check Allow incoming mail to this domain

On the Forward all mail to smart host,
enter vnfsdc001.glfs.myvnc.com
Click Apply

Close the IIS dialog

98

3. Create SMTP Server to SMTP Server Rule

Open ISA Console, Right click Firewall

Rules
Select New -> Mail server Publishing
Rule

On the Welcome dialog, Enter SMTP

Server to on Rule name

Select Server-to-server communication

:SMTP, NNTP
Click Next

99

Check SMTP
Click Next

Enter server IP address 192.168.1.2

Click Next

Select Internal, Click Address

100

Specify IP address 172.16.1.2 click ADD

Click OK

Check Internal
Click Address

Specify IP 192.168.1.1, click Add

Click OK

101

Click Next

Click Finish

The rules show on ISA console

102

4. Create publishing SMTP and POP3 rule on ISA server

Open ISA Console, Right click Firewall

Rules
Select New -> Mail server Publishing
Rule

Enter Publishing on rule name textbox

Select Client access: RPC, IMAP, POP3,

SMTP
Click Next

103

Check POP3, SMTP

Click Next

Enter Server IP address 192.168.1.2

Click Next

Check External
Click Address

104

Specify IP 172.16.1.2, click Add

Click OK

Check Internal
Click Address

Select IP 192.168.1.1, click Add

Click OK

105

Click Next

Click Finish

The rules show on ISA console

106

VII. Client test

The final section is to test the work of above configurations.

1. Login with web access OWA

Open Internet browse

Enter https://mail.glfs.myvnc.com/owa in
address and enter

Enter username and password and click log

on

Log on ok

107

2. Register Outlook Anywhere

a. Import certificate
The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on
Personal & Trusted Root Certificate store.

Click start run

Enter MMC and click OK

Click menu File, Add/ Remove .

108

Click Add

Select Certificates and click Add

109

Select Computer account and click Next

Click Finish

Click Close

110

Click OK

Right click on Personal, select All Tasks

Import

Click Next

111

Browse for the certificate file

Enter password of the certificate file you

have set
Click Next

Click Next

112

Click Finish

Click OK

The certificate has been imported

113

Go to Trusted Root Certificate, right click

on Certificates, select All tasks -> Import

Click Next

Click Browse for the certificate file

114

Enter password of file

Click Next

Click Finish

115

Click OK

The certificate has been imported

b. Register outlook any where

Open Control Panel and click Mail

116

Click E-mail Accounts

Click Next

Select Microsoft Exchange Server and

click Next

117

Enter vnfsdc001.glfs.myvnc.com for

Microsoft Exchange Server
Enter username
Click More settings

Select Connection tab

118

Check Connect ton my Exchange

mailbox using HTTP and click Exchange
Proxy Settings

Enter mail.glfs.myvnc.com for HTTPS://

Uncheck Manually authentication the
session when connecting with SSL
Check On fast network, connect using
HTTP first, then connection using
TCP/IP
Select Basic Authentication for Proxy
authentication settings
Click OK

Click Check Name

119

Click Next

Click Finish

Click Close

120

Open MS Outlook and enter password for

accounts
Ex: username: glfs\huynq
Password: 123qwe!@#

The outlook works with RPC ok

3. Register POP3 & SMTP

Open MS Outlook

121

Click Tool, Email-Accounts

Click Next

Select POP3 and click Next

122

Enter your name, email address.

Enter pop.glfs.myvnc.com for Incoming
mail server (POP3)
Enter smtp.glfs.myvnc.com for Outgoing
mail server (SMTP)
Enter username and password
Click more settings

Go to Outgoing Server tab

123

Check My outgoing server (SMTP)

requires authentication
Click OK

Click Test Accounts Settings

124

Test ok and click Close

Click Next

Click Finish

125

The MS Outlook work ok with POP3 and

SMTP

126