Microsoft Exchange 2010 Installation Step-By-Step Part 4 (Server Configuration–Continued)

Now that we have installed Exchange 2010, Configured the Organization and installed and configured the Certificate we can move on to configuring the rest of the Server section.

The first section ‘Mailbox’ refers to the local Mailbox Database location. Since we are installing a single standalone Exchange server we can leave this section as is and move on to ‘Client Access’.

The ‘Client Access’ pane has a number of tabs on it and we will go through each one to ensure that the configuration is correct in order to allow your mail clients to connect correctly.

Let’s start with Outlook Web App.

Right-click on ‘owa (Default Web Site) and then click on properties.

Under the General Tab note the location of your internal and external URL’s for Web App access. You will need to pass these onto your users once your Exchange goes into production. You will note that Exchange has already configured the internal and external paths as specified by the certificate which was installed previously. The rest of the window’s tabs can be left in their default state as they inherit most of these properties from the Organization Configuration we did in a previous article. Close the window.

With ‘Client Access’ still being highlighted you will note on the 'Right-Hand action pane a task which states ‘Enable Outlook Anywhere…’

Click on the link.

In the Text Box provided type the Exchange Server’s External host name. This should be the mail.<external domain> which we set to the primary of the Exchange Certificate we configured. Leave authentication as ‘Basic Authentication’ and tick ‘Allow secure channel (SSL) offloading. Then click ‘Enable’.

The wizard will complete with information stating that ‘Outlook Anywhere’ will be enabled in approximately 15 minutes.

The rest of the ‘Server Configuration’ section can be left in its default state as these are inherited from the Organization Configuration and since this is a standalone Exchange Installation the defaults of the organisation apply to the server.

Your Exchange installation is now complete!

C

Microsoft Exchange 2010 Installation Step-By-Step Part 3 (Server Configuration–Certificate)

As per the previous article the Organization Configuration is now complete. The next step in the process is to configure the actual Server. In multi-server environments where the roles have been split this would need to take place on each server with the necessary configuration taking place at the required role level.

Let’s begin with the global Server Configuration by clicking on the Server Configuration node on the Exchange Management Console.

One of the parts that causes much frustration in modern Exchange installations is the configuration of Outlook Anywhere and ActiveSync which require the publishing of a Subject Alternate Name (SAN) Certificate. To save unnecessary frustration down the line it is recommended that this certificate be acquired from an Enterprise Root Certificate Authority e.g. VeriSign / Thawte / Go Daddy. The Go Daddy certificates are the most cost effective and their publishing process is much simpler so my personal recommendation is to use that service.

Let’s begin by creating the certificate request using the Exchange Management Console. On the right-hand action pane click on ‘New Exchange Certificate…’

In the window that opens type a ‘Friendly Name’ for the certificate and then click ‘Next’. The friendly name should be something you will be able to identify in a list full of certificates.

Next you will be prompted to define a Domain Scope for subdomains which will issue a ‘wildcard’ certificate request. As I am not configuring a domain with subdomains I am leaving this step out but you may need to use it should you require subdomains at any point. Click ‘Next’ when done.

You will now need to configure the actual services you will be using. By default I recommend that the following be enabled:

• Outlook Web App (internal and external)
• ActiveSync
• Web Services, Outlook Anywhere, and Autodiscover
• Hub Transport (Using TLS)

My examples are above. Click ‘Next’ once done.

Exchange will generate multiple domains for you. You need to modify these as follows:

• mail.<external domain> i.e. mail.domain.com, must be set to the common name
• you only require 3 more (Exchange will generate 6) these are:
  • <external domain> i.e. domain .com
  • autodiscover.<external domain> i.e. autodiscover.domain.com
  • Server Name in this instance it is SFTEXCH.sft.local

Click ‘Next’ once you have modified this.

You will now need to fill in the organisation’s details. Once completed click ‘Next’. You will be presented with a summary window… click ‘New’. The certificate request will be generated and the text-based file will be copied to the location you specified in the window above.

Open the text document and submit the generated ‘hash’ to the certificate authority. They will in due course issue you with a certificate which you will now need to install on your Exchange server as per the instructions you can find here on the GoDaddy community: http://community.godaddy.com/help/article/5863

Note if you are not using GoDaddy as your certificate provider then you will more than likely not need to do the import into the ‘Intermediate Certificate Authorities’ it refers to in the first few steps of the process.

Once complete your centre pane should look as follows:

Note the status of self-signed should be false.

We now need to assign  services to the newly installed certificate.

Right-Click on the Certificate and click on ‘Assign Services to Certificate…’

You will see a list of Exchange Servers… in this example there is only one. Click ‘Next’

Select your services… in this example I am not configuring Unified Messaging so I tick: IMAP, POP, IIS, SMTP. Click ‘Next’ and on the new screen click ‘Assign’ to assign the services to the certificate.

You will be prompted to overwrite the SMTP self-signed certificate service which Exchange created during the original installation. Click ‘Yes’ and once completed, click ‘Finish’.

Your certificate console should now look like this:

Note the services are now assigned to your newly installed certificate.

Your certificate installation is now complete. Note that you may need to export this certificate if the Firewall you are publishing this service through needs it e.g. Microsoft ISA / TMG.

C