Checking Exchange Server 2007 with MOM 2005 (Part 2)

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 1 Checking Exchange Server 2007 with MOM 2005 (Part 1)

Anderson Patricio

In part one, I showed you how to manage Exchange Server 2007 with Mom 2005. Also, you will be introduced to how to install Management Pack, MOM Agents and how to create a mailbox check procedure with The cmdlet is used by MOM 2005. In this article, you have an environment that has Exchange Server 2007 Management Pack installed and an internal Exchange Server 2007 that has an MOM Agent installed. Now we continue to consider how to install MOM Agent in the Edge Transport Server. To accomplish this task, three Microsoft products must be used: Exchange 2007, MOM and ISA Server.

Install MOM Agent in the Edge Transport Server

Now we install the MOM Agent in the Edge Transport Server. In design, Exchange 2007 is located outside the domain and needs to be placed in a DNZ. This means we need to use three other Microsoft products to accomplish this task. Products: Exchange Server Edge Transport Server with MOM Agent installed, ISA server allows MOM Agent to communicate with MOM in the local network and finally the MOM Server needs to be set up in a way that allows MOM Agent in DMZ.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 2 So let's start implementing MOM Agent in DMZ; The order of performing tasks is given below:

1. Disable the authentication of Mutual authentication in the MOM Server

2. Allow installing Agent in MOM Server

3. Activate ISA Server to allow exchange traffic between the DMZ and the local network

4. Install MOM Agent in the Edge Transport Server

5. Return to the MOM Server to finish deploying the MOM Agent

Below are the detailed instructions in each of the steps above:

Disable the Mutual Authentication authentication mechanism

Our first job was to disable the Mutual Authentication authentication mechanism in the MOM Server to install the MOM Agent in the DMZ.

Open the MOM Administration interface, open the Global Settings section, double-click Security, click the Security tab, uncheck the 'Mutual authentication required' option and click OK as shown in Figure 1.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 3
Figure 1: Disabling the Mutual Authentication authentication mechanism

A message box will appear indicating that communication will be locked between the management server and agents. Now we click OK to continue the process as shown in Figure 2.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 4
Figure 2: Warning message displayed when disabling Mutual Authentication

Allow installing agent

Still in the MOM admin window, expand the Global Settings section, double-click Agent Install. Then go to Agent Install tab and uncheck the option 'Reject new manual agent installations', click OK to finish, you can see Figure 3 for reference.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 5
Figure 3: Allow installing agents

At this point, we must first apply the changes (Figure 4) through the MOM administration interface.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 6
Figure 4: Apply configuration changes after disabling
Mutual appraisal mechanism and permission to install Agent.

Then we have to restart the MOM Service in each management server, to do so, open Services.msc (by clicking the Start button> Run and entering Services.msc, then click OK), find MOM service and click Restart.

Set up ISA Server 2006

We now configure ISA Server 2006 to allow traffic to be transferred between the MOM Agent in the DMZ and the MOM Server.

If you do not install ISA Server, you must make port 1270 (UDP / TCP) open from DMZ to the local network.

Open ISA Server Management , expand the section, right-click Firewall, click New , New Access Rule . , in the Welcome to the new Access Rule Wizard screen, find the rule name and click Next , in the Rule Action select Allow and click Next. , in Protocols select Microsoft Operations Manager Agent , as shown in Figure 5.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 7
Figure 5: Adding the Microsoft Operations Manager Agent Protocol in the Access Rule

In the Access Rule Sources section we need to create Computer Object for the Edge Transport Server and add this new object in the list, click Next . In the Destination Rule Destination , specify our MOM Server using Computer Object, click Next . In User Sets , simply click Next .

Install MOM Agent in the Edge Transport Server

We can use the MOM Remote Pre-requisite Checker tool (MOMNetChk.exe) to validate whether the server installed in the DMZ machines can receive an MOM Agent installation (Figure 6). This tool will scan the entire computer for the port status used by the MOM service and related services.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 8
Figure 6: Running the MOM Network Check to validate whether the server is inside
Whether or not the DMZ can communicate with the MOM server.

Now we have to insert MOM into the Edge Transport Server to start the installation.

With MOM 2005, we will see a welcome screen to install the product, we must click the Manual Agent Install tab, click Install MOM 2005 Agent Install as shown in Figure 7.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 9
Figure 7: Starting the installation of the MOM Agent

In the Welcome Screen screen , click Next . In the Destination Folder section, select the path to install the Agent and click Next . In Agent Configuration you can find information using MOM settings, such as Management Group Name , Management Server and Server Port . Select None and then click Next . (Figure 8)

Note :
When using a server name, make sure that the name is transferred from the DMZ server, we can do that by using a master file in the server or correct the DNS server.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 10
Figure 8: Specifying the MOM configuration in Agent.

At this point, we just need to go to the next screen with the default values ​​and click the Next button to complete the installation.

Now we return to the MOM Server, where we will see the Edge Transport Server on the Pending Actions, under Computers. We have to approve this new MOM Agent. To do so, right-click on the server and click Approve Manual Installation Agent Now, as shown in Figure 9.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 11
Figure 9: Approval of Agent

We will receive a message box asking if we are sure about the approval, just click Yes. Then we can see the properties of the Edge Transport Server in the MOM Administrator Console, and on the Computer Groups tab, we can see its exchange roles, see Figure 10.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 12
Figure 10: Computer Groups that the Edge Transport Server belongs to

After approving, we have to set 3 values ​​in the One Point database for the new MOM Agent installed in the Edge Transport Server as follows:

1. Open SQL Server Enterprise Manager

2. Go to the Microsoft SQL ServersSQL Server Group (local) section (Windows NT) Databases.

3. Go to OnePoint, then click Tables.

4. Right-click Computer table, point to Open Table, and then click Return all rows.

5. Find the computer name of the Agent installed in the Edge Transport Server

6. Change the value in the DNS column to the same domain, because the Edge Transport has the same domain

7. Change the value in the HostName column to the FQDN of the Edge Transport Server

8. Change the value in the FQDN column to the FQDN of the Edge Transport Server

We can now check the Edge Transport Server to locate the location in the DMZ through the MOM Operator Console as shown in Figure 11.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 13
Figure 11: Edge Transport Server belongs to a DMZ network in MOM Operator Console

Conclude

In the second part of this series we saw how to install MOM Agent in the Edge Transport Server. Although you don't have Exchange 2007 in the DMZ, this tutorial is also useful if you want to install MOM Agent in a DMZ environment. In the next article in this series, I will continue the discussion by showing you more details about Exchange Server 2007 and MOM 2005.

Checking Exchange Server 2007 with MOM 2005 (Part 2) Picture 14 Checking Exchange Server 2007 with MOM 2005 (Part 3)