Installing and configuring Exchange 2007 from the command line utility - Part 2

Installing and configuring Exchange 2007 from the command line utility - Part 2 Picture 1 Installing and configuring Exchange 2007 from the command line utility - Part 1

Nathan Winters

Introduce
In Part 1 of this series, I have discussed the prerequisites for installing Exchange and then installing Exchange and verifying that installation. In Part 2, I will show you some of the configuration steps needed to get the system up and running.

Client Access and Hub Transport configuration

After finishing installing Exchange 2007 in Part 1, the next step is to configure the server to use. All scripts are now run from Exchange that can be manipulated with PowerShell versions called Exchange Management Shell or EMS.

Registration code

The first step is to enter the registration code details for each server. This is done using the script below to allow you to specify an Exchange server to use the registration code with the identifier parameter.

 #Enter the License Key 
 Set-ExchangeServer -Identity Exch2007 -ProductKey 
 12345-12345-12345-12345-12345 
 #Restart the Information Store Service 
 Restart-Service msexchangeis 

Prepare Client Access and Hub Transport Role

Update DatabaseMaxCache setting in Transport service DB

Recently, there was an introduction in a blog about changing the DatabaseMaxCache value of Message Queue Database on Hub Transport servers. This issue involves editing the text file C: Program FilesMicrosoftExchange ServerBinEdgeTransport.exe.config and changing the following line in the section:

To read:

we can be done with the following script:

 (Get-Content "C: Program FilesMicrosoftExchange ServerBinEdgeTransport. 
 exe.config ") | Foreach-Object {$ _ -replace" 134217728 "," 536870912 "} | Set 
 -Content "C: Program FilesMicrosoftExchange ServerBin 
 EdgeTransport.exe.config " 

 Restart-Service MSExchangeTransport 

This script will load the entire file into an array, then execute the loop until the relevant content is found instead. After that, the changed content will be written to the file. There are many ways to do this, but this is the best way we want to do it!

Configure the Global Client Access and Hub Transport Server

Configure routing for large networks

Clearly, we are working in a server environment, although it is worth mentioning here that an important step for multi-site networks is routing setup. As part of the default installation process, a routing group connector is created between the Exchange 2003 routing group to keep the server specified during installation and the Exchange 2007 routing group. In larger organizations, we will use the following script to install other equivalent connectors:

 #Get đang được tạo đường dẫn nhóm đã tạo bởi đặt và xoá nó 

 Get-RoutingGroupConnector | where {($ _. sourceroutinggroup -eq "Exchange 
 Routing Group (DWBGZMFD01QNBJR) ") -or ($ _. Targetroutinggroup -eq" Exchange 
 Routing Group (DWBGZMFD01QNBJR) ")} | Remove-RoutingGroupConnector - 
 Confirm: $ false 

 #Create new routing group connectors 

 New-RoutingGroupConnector -Name "New York 2003-2007" -SourceTransportServers 
 "NYC-Exch2007.gaots.co.uk '-TargetTransportServers" NYC-Exch2003.gaots.co.uk " 
 -Bidirectional: $ true -Cost 10 

 New-RoutingGroupConnector -Name "London 2003-2007" -SourceTransportServers 
 "LDN-Exch2007.gaots.co.uk" -TargetTransportServers "LDN-Exch2003.gaots.co.uk" 
 -Bidirectional: $ true -Cost 10 

The first script will delete the default connector, then replace it with other connectors.

Set the number to store records for the mail check

Returning to a single server environment, there is a global setting that needs to be configured. First, let's set the maximum number that can store the message check logs up to 10GB.

 #Set amount of retained logs for Mailbox Servers 

 Get-MailboxServer | Set-MailboxServer 
 -MessageTrackingLogMaxDirectorySize 10GB 

 #Set số đã được lấy lại logs cho Transport Servers 

 Get-TransportServer | Set-TransportServer 
 -MessageTrackingLogMaxDirectorySize 10GB 

Set the maximum message size to 1GB

Next, we will configure the maximum size that Exchange will accept. The script below set the size to 50MB at the Global, Send and Receive Connector levels.

 Số đặt Global thông báo kích cỡ restrictions 

 Set-TransportConfig -MaxSendSize 50MB -MaxReceiveSize 50MB 

 #Get tất cả nhận kết nối và đặt thông báo tối đa kích cỡ để 50MB 

 Get-ReceiveConnector | Set-ReceiveConnector -MaxMessageSize 50MB 

 #Get all send connectors và đặt thông báo tối đa kích cỡ để 50MB 

 Get-SendConnector | Set-SendConnector -MaxMessageSize 50MB 

For more information on message size limits, see the section on Message size restrictions in Exchange 2007.

Enable OOF Internet connection from Exchange 2003 and Exchange 2007

Finally, we must ensure that Exchange 2007 will allow both Outlook 2003 and Outlook 2007 clients to send out of office format messages to the Internet with the following scenario:

 #Get tất cả các kiểu kiểu miền xa (bằng nhau các định dạng Internet Internet 
 từ #Exchange 2003 và đặt các sự allowedOOFType để ExternalLegacy mà 
 allow #both Outlook 2003 and 2007 clients to send OOF out 

 Get-RemoteDomain | Set-RemoteDomain -AllowedOOFType ExternalLegacy 

Configure Client Access server

After performing the above configuration tasks, we will perform the steps below to set up specific settings on the Client Access server.

Create, install and activate certificates

As you might know, Exchange uses certificates to secure access for Outlook Web Access. By default, it will use a self-signed certificate, but most require replacement with a certificate created from a separate certificate authority (CA) inside or from a public CA like VeriSign, otherwise users will be The reminder is that their certificate is invalid. To do that, we use the following commands:

 #Create a request for a certificate 

 New-ExchangeCertificate -GenerateRequest: $ True -SubjectName "c = US, o = Gaots, 
 cn = email.gaots.co.uk "-DomainName email.gaots.co.uk, autodiscover.gaots.co.uk, 
 exch2007, child.gaots.co.uk, exch2007.child.gaots.co.uk -FriendlyName 
 ExchOWACert -PrivateKeyExportable: $ True -Path C: ExchOWACert.req 

The above script will create a certificate request to the file that you will then use for the CA inside or a third-party public CA.

When the CA returns the certificate, the following scenarios will be used to install and activate the certificate.

 #Import the certificate and enable for services 

 Import-ExchangeCertificate -path c: ExchOWACert.cer | 
 Enable-ExchangeCertificate -Services "IIS, SMTP, POP, IMAP" 

The above script will import the certificate, then activate the related services. You should note that it may remind you of confirmation before activation.

Configure Client Access virtual directories and Autodiscover

When you have finished installing the certificate, the next step is to configure the virtual directories to provide access for Exchange. This process is done using the following scenario:

 # Configure Virtual Directories for the "Default Web Site" 

 Set-WebServicesVirtualDirectory -Identity Exch2007 "EWS (Default Web Site)" 
 -InternalUrl https://exch2007.child.gaots.co.uk/ews/exchange.asmx 
 -ExternalUrl https://email.gaots.co.uk/ews/exchange.asmx 

 Set-OabVirtualDirectory -Identity Exch2007 "OAB (Default Web Site)" 
 -InternalUrl https://exch2007.child.gaots.co.uk/OAB 
 -ExternalUrl https://email.gaots.co.uk/OAB -RequireSSL: $ True 

 Set-UMVirtualDirectory -Identity Exch2007 "UnifiedMessaging 
 (Default Web Site) "-InternalUrl https://exch2007.child.gaots.co.uk 
 /unifiedmessaging/service.asmx -ExternalUrl https://email.gaots.co.uk 
 /unifiedmessaging/service.asmx 

 Set-OWAVirtualDirectory -Identity Exch2007 "OWA (Default Web Site)" 
 -InternalURL https://exch2007.child.gaots.co.uk/owa 
 -ExternalUrl https://email.gaots.co.uk/owa -LogonFormat username 
 -DefaultDomain child.gaots.co.uk 

 # Set URL for AutoDiscover 

 Set-ClientAccessServer -Identity Exch2007 
 -AutodiscoverServiceInternalURI https://exch2007.child.gaots.co.uk 
 /autodiscover/autodiscover.xml -AutodiscoverSiteScope: $ null 

 Set-AutoDiscoverVirtualDirectory -identity Exch2007 "Autodiscover 
 (Default Web Site) "-InternalUrl https://exch2007.child.gaots.co.uk 
 /autodiscover/autodisover.xml -ExternalUrl https://email.gaots.co.uk 
 /autodiscover/autodisover.xml 

 # Reset IIS 

 IISRESET -NoForce 

When you are done with the steps above, your system is now ready to act as a Client Access server to provide Exchange access.

Export SSL certificate to the second Client Access server

Before we move on to other sections, we think it is necessary to mention to you some of the issues that arise if you have some Client Access servers that will be used in the NLB configuration. In that case, you will need certificates on each server to match! First you must export the certificate from the first Client Access server using the script below:

 #Export and copy to second server 

 Get-ExchangeCertificate | where {$ _. services -eq "IMAP, POP, IIS, SMTP"} | 
 export-exchangecertificate -path SecondServerc $ OWAcas-cert.pfx 
 -binaryencoded: $ true -password: (Get-Credential) .password 

When you execute this command, it will prompt you to enter the password to protect the private key, and then export the certificate to the C: drive on the second server.

On the second server, you must import the certificate using the script below, which also prompts you for the password protected above:

 #Import and enable the certificate 

 Import-ExchangeCertificate -path c: DCcas-cert.pfx -Password: 
 (Get-Credential) .password | Enable-ExchangeCertificate 
 "IIS, SMTP, POP, IMAP" Services 

Here, you will configure virtual directories as the first server.

Outlook Anywhere

As mentioned above, we must install the client access server, although the most commonly used server access method is not yet available. That is Outlook Anywhere, the name previously known as RPC over HTTP. Before enabling Outlook Anywhere, you must ensure that the RPC Proxy component is installed on the Client Access server. It is also necessary to disable Kernel Mode Authentication when running the Client Access role on a Windows Server 2008 server if you use Outlook Anywhere with NTLM authentication options, the user will be prompted to repeat the login information. The script below will disable Kernel Mode Authentication then activate Outlook Anywhere with Basic Authentication mode enabled and SSL Offloading disabled:

 #Disable Kernel Mode Authentication for IIS7 

 C: WindowsSysWOW64inetsrvAppCmd.exe set config /section:system.webServer 
 / security / authentication / windowsAuthentication / useKernelMode: false 

 #Enable Outlook Anywhere with Basic Auth and SSL Offloading disabled 

 Enable-OutlookAnywhere -Server: Exch2007.child.gaots.co.uk 
 -ExternalHostname: email.gaots.co.uk -DefaultAuthenticationMethod: Basic 
 -SSLOffloading: $ false 

Install relay connectors

The final configuration step we need is to install a client connector to enable relay from an internal application.

Note:
Although in this environment we only have one server, if in case you have a load of Hub servers load balanced, then relay installation needs to be done on all Hub Transport servers. .

 #An example of a script để Setup relay để Hub 

 New-ReceiveConnector -Name 'Internal SMTP Relay' -Usage Custom 
 -Bindings 192.168.22.67:25, 192.168.22.67 m²87 
 -Fqdn exch2007.child.gaots.co.uk -RemoteIPRanges 192.168.22.60 
 -Server Exch2007 –AuthMechanism TLS, ExternalAuthoritative 
 –PermissionGroups ExchangeServers –MaxMessageSize 1GB 

The above scenario allows the hub transport server to listen for relay on IP 192.168.22.67 for both port 25 and 587. Port 587 is configured to complement port 25, which is the default port for SMTP traffic. between client and server, as opposed to traffic between servers as on port 25. The following scenario will allow communication from the server 192.168.22.60 and set the maximum message size to 1GB.

Conclude

So far we have completed the basic steps in configuring the client access server. We have not just introduced you enough, but also added some configuration steps for some of the major requirements in this area. In the third and final part of this series, we will configure the mailbox server role and summarize some of the processes we use when implementing an Exchange server.