Introduction - MRSUMON'S Wintel & Enterprise Messaging …



Contents TOC \o "1-3" \h \z \u 1.Introduction PAGEREF _Toc280684281 \h 32.Check Existing Topologies PAGEREF _Toc280684282 \h 62.1Active Directory Servers: PAGEREF _Toc280684283 \h 62.2Exchange 2003 Servers:- PAGEREF _Toc280684284 \h 73.Prepare for Exchange 2010 Servers PAGEREF _Toc280684285 \h 73.1Preparing Hardware to install Exchange 2010 PAGEREF _Toc280684286 \h 73.2Preparing Software to install Exchange Server 2010 PAGEREF _Toc280684287 \h 83.3Downloads: PAGEREF _Toc280684288 \h 114.Installing Exch2010 in Co-Existence with Exch2003 PAGEREF _Toc280684289 \h 124.1Preparing Active Directory PAGEREF _Toc280684290 \h 124.2Changing organisation mode and fictional level PAGEREF _Toc280684291 \h 124.3Disable the Link State update. PAGEREF _Toc280684292 \h 154.4Configure AD 2003 to Hold Server 2008 DC PAGEREF _Toc280684293 \h 164.5Configure AD DS on Server 2008: PAGEREF _Toc280684294 \h 194.6Preparing to install Exchange 2010 Client Access and HubTransport Server: PAGEREF _Toc280684295 \h 254.7Installing Exchange Server 2010 PAGEREF _Toc280684296 \h 304.8Verifying the Exchange Server 2010 Installation:- PAGEREF _Toc280684297 \h 324.9Enter the Product Key PAGEREF _Toc280684298 \h 324.10Installing the Mailbox Server Role PAGEREF _Toc280684299 \h 335.Configure Exchange Server 2010 PAGEREF _Toc280684300 \h 395.1Register Filter Pack IFilters with Exchange 2010: PAGEREF _Toc280684301 \h 395.2Configure Hub transport Server Role Settings: PAGEREF _Toc280684302 \h 415.3Configure Receive Connector. PAGEREF _Toc280684303 \h 415.4Configure Send Connector PAGEREF _Toc280684304 \h 425.5Configure Firewall to allow outbound/Inbound SMTP Traffic from HT Server: PAGEREF _Toc280684305 \h 466.Configure Client Access Server Role:- PAGEREF _Toc280684306 \h 476.1Configure Outlook Web App: PAGEREF _Toc280684307 \h 476.2Configure Exchange Control Panel (ECP) PAGEREF _Toc280684308 \h 496.3Configure Microsoft Exchange ActiveSync PAGEREF _Toc280684309 \h 506.4Configure Offline Address Book Distribution PAGEREF _Toc280684310 \h 516.5Configure Outlook Anywhere: PAGEREF _Toc280684311 \h 516.6Request, Download and Configure a SAN Certificate PAGEREF _Toc280684312 \h 527.Configure Mailbox Server Role:- PAGEREF _Toc280684313 \h 617.1Move the Exchange 2010 Database and Logs Locations: PAGEREF _Toc280684314 \h 618.Restart Services:- PAGEREF _Toc280684315 \h 628.1Restart IIS: PAGEREF _Toc280684316 \h 628.2Restart Exchange Information Store Service: PAGEREF _Toc280684317 \h 629.Moving Settings and Data to Exchange 2010:- PAGEREF _Toc280684318 \h 639.1Move Mailboxes: PAGEREF _Toc280684319 \h 639.2Move Public Folders PAGEREF _Toc280684320 \h 6910.Move Organization Settings:- PAGEREF _Toc280684321 \h 7410.1Move OAB Generation Server:- PAGEREF _Toc280684322 \h 7410.2Upgrade Address Lists: PAGEREF _Toc280684323 \h 7610.3Upgrade Email Address Policies: PAGEREF _Toc280684324 \h 7910.4Move the Public Folder Hierarchy PAGEREF _Toc280684325 \h 8411.Removing Exchange Server 2003:- PAGEREF _Toc280684326 \h 8511.1Removing mailbox and Public Folder Databases PAGEREF _Toc280684327 \h 8511.2Remove Routing Group Connector PAGEREF _Toc280684328 \h 8611.3Remove the exchange 2003 Front-End servers: PAGEREF _Toc280684329 \h 8711.4Remove Recipient Update Service PAGEREF _Toc280684330 \h 8811.5Remove Exchange Server 2003 Mailbox servers: PAGEREF _Toc280684331 \h 9012.Recommended Articles PAGEREF _Toc280684332 \h 9113.Need Any Help? PAGEREF _Toc280684333 \h 92 IntroductionThis Document will walk through the most important considerations and steps that need to perform before, during, and after the deployment of Exchange 2010 server.We will focuses on a typical transition of Exchange 2003 to Exchange 2010 environment which includes the transition of Exchange 2003 backend and front end servers to Exchange 2010 mailbox server role, client access server role and hub transport server role installed using the typical installation method. We will not discuss about implementation of Unified Messaging Server Role. To keep this whole document simple and compact we have used command line mode to setup Exchange Server 2010.Below is the test labs reference architecture, which will be transition to Exchange 2010. This lab contains the following server on Windows Server/exchange 2003 Platform for Site-A and Site-B. The server name and installed roles on 2003 platform as described below. All of services on exchange 2003 environment will be moved to exchange 2010 environment and will test the co-existence and finely if everything working smoothly, we will remove exchange 2003 from the organisation.The software we have used into this test exchange transitioning is:Windows Server 2003 R2 Standard Edition.Exchange Server 2003 SP2 Standard Edition.Windows Server 2008 R2 Standard EditionExchange Server 2010 SP1 Standard EditionTable SEQ Table \* ARABIC 1: Exchange 2003 Servers and RolesServer > Site-A & Site-BInstalled RolesW2K3DCA1 (Site-A)->192.168.65.16W2K3DCB1 (Site-B)->192.168.66.16Domain Controller (DC)Global Catalogue (GC)FSMO, DNS,Certificate Server (CA)W2K3EXA1 (Site-A)->192.168.65.17W2K3EXB1 (Site-B)->192.168.66.17Front-End Server (FE)Bridgeheads (BH)Outlook Web Access (OWA)Outlook Mobile Access (OMA)SSL EnabledIIS 6.0W2K3EXA3 (Site-A)->192.168.65.20W2K3EXB3 (Site-B)->192.168.66.20Back-End (BE)MailboxIIS 6.0Bddomain.labDomtech.labNow we are going to migrate above Exchange 2003 environment into Exchange 2010 Environment. The server name and assigned server rolls will be as on this table below:Table SEQ Table \* ARABIC 2: Exchange 2010 Servers and RolesServer > Site-A & Site-BInstalled RolesW2K3DCA2 (Site-A)->192.168.65.18W2K3DCB2 (Site-B)->192.168.66.18Active Directory Domain Service (AD DS)Global Catalogue (GC)Active Directory Certificate Cervices (AD CS)FSMODNSW2K3EXA2 (Site-A)->192.168.65.19W2K3EXB2 (Site-B)->192.168.66.19Client Access Server (CAS)Hub-Transport Server (HT)Outlook Web Application (OWApps.)Outlook Mobile Access (OMApps.)IIS 6.0 + IIS 7.0W2K3EXA4 (Site-A)->192.168.65.21W2K3EXB4 (Site-B)->192.168.66.21Mailbox Server (MBX)Unified MessagingIIS 6.0 + IIS 7.0The Migration process must be start from internet facing site. In this test lab, we will test and transition only from exchange 2003 Bridgeheads and mailbox servers to Exchange 2010 Environment. However migration procedure must be as below in any exchange infrastructure:Upgrade the internet facing site i.e. ISA, Client Access server.Transfer OWA, ActiveSync and Outlook anywhere traffic to new CAS/ISA Server.Install and configure Hub Transport server to process Inbound and outbound mail traffic.Install and configure Mailbox server and DAG if needed.Create public folder replicas on exchange 2010 and Transfer PF.Move mailbox to Exchange 2010Observe co-existence of 2003 and 2010Rename OAB and Public Folder.Delete Public and private IS, routing group connectors, RUS agreements.Uninstall all Exchange 2003 Servers. Check Existing TopologiesTo avoid any installation hassles or a run through a series or errors during installation; it is highly recommended to perform an assessment of existing AD and Exchange topology even before we start planning for Exchange 2010 servers. Exchange 2010 is packed with many new features and they require some additional resources on existing network which includes little more additional software as well as the some new hardware.A small but very important point that we should know is Exchange 2010 cannot be installed in co-existence with Exchange 2000 servers. To upgrade to Exchange 2010 we must move entire Exchange 2000 organization to Exchange Server 2003 organization.Active Directory Servers:Table SEQ Table \* ARABIC 3: Active Directory PrerequisitesComponentRequirementSchema masterThe schema master must be running any of the following:Windows Server 2003 Standard Edition with Service Pack1(SP1) or later (32/64-bit)Windows Server 2003 Enterprise Edition with SP1 or later (32-bit or 64-bit)Windows Server 2008 Standard or Enterprise (32-bit or 64-bit)Windows Server 2008 R2 Standard or EnterpriseGlobal CatalogEach Active Directory site where we plan to install Exchange 2010, we must have at least one global catalog server running any of the following:Windows Server 2003 Standard Edition with SP1 or later (32-bit or 64-bit)Windows Server 2003 Enterprise Edition with SP1 or later (32-bit or 64-bit)Windows Server 2008 Standard or Enterprise (32-bit or 64-bit)Windows Server 2008 R2 Standard or EnterpriseDomain controllerEach Active Directory site where we plan to install Exchange 2010, we must have at least one writeable domain controller running any of the following:Windows Server 2003 Standard Edition with SP1 or later (32-bit or 64-bit)Windows Server 2003 Enterprise Edition with SP1 or later (32-bit or 64-bit)Windows Server 2008 Standard or Enterprise (32-bit or 64-bit)Windows Server 2008 R2 Standard or Enterprise* AD replication plays a very important role during exchange installation so there should be no problems in replication.Exchange 2003 Servers:- Table SEQ Table \* ARABIC 4: Exchange 2003 PrerequisitesComponentRequirementService Pack LevelAll Exchange Servers running Exchange 2003 must be SP2 or higher see, Build numbers and release dates for Exchange Server Mode of operationExchange 2003 organization must be running in Native Mode. That means there should not be any Exchange 5.5 serves in the organization. If we have any of them we must migrate to Exchange 2003. RoutingLink state routing must be suppressed. Suppress Link State Updates Prepare for Exchange 2010 ServersTo prepare for exchange server 2010 we need to prepare our hardware and then software itself. The following two sections described this preparation.Preparing Hardware to install Exchange 2010Microsoft decided using 64 bit architecture for Exchange server since the release of Exchange 2007. Microsoft Exchange Server 2010 also follows the same stream and is available only in 64 bit. Considering this fact there may be a need of purchasing new hardware to run a 64 bit operating system to support Exchange 2010. Below table illustrates the minimum, recommended and supported hardware configurations for processor and memory for Exchange 2010.Exchange is a transaction based application and demands more memory, CPU and disk configuration. Based on Exchange server user load we can choose the suitable CPU for Exchange boxes. Table 3 contains the minimum, maximum and recommended configuration of CPUs for each server role. To choose a correct CPU for our needs we can consult the CPU manufacture’s website. Intel and AMD makes both are supported.Table SEQ Table \* ARABIC 5: Processor selectionServer RoleMinimumMaximumRecommendedEdge Transport1 x processor core12 x processor cores4 x processor coresHub Transport1 x processor core12 x processor cores4 x processor coresClient Access2 x processor core12 x processor cores8 x processor coresUnified Messaging2 x processor core12 x processor cores4 x processor coresMailbox2 x processor core12 x processor cores8 x processor coresMultiple server roles (combinations of Hub Transport, Client Access, and Mailbox server roles)2 x processor core16 x processor cores8 x processor cores* It is presumed that we already have the 1:4 AD-Exchange ratios maintained. For more information on planning AD for Exchange Server see, HYPERLINK "" Guidance on Active Directory design for Exchange Server 2007As stated above, exchange is a transaction based application and requires more memory to carry out the operations it follows a simple rule, more the memory better the performance. Table 4 consists of recommendations for memory as it plays very important role in the end user experience. To achieve better performance Microsoft recommends the following ratio of memory to processor per server role.Table SEQ Table \* ARABIC 6: Memory selection:Server role ratioProcessor core ratioMemory Per coreMailbox: Hub7:1 (no antivirus scanning on Hub)5:1 (with antivirus scanning on Hub)1 GB for each core on HTMailbox: Client Access4:32 GB for each core on CASNot applicable for Edge4:31 GB for each corePreparing Software to install Exchange Server 2010Though Windows 2003 has a 64 bit version available, MS seems to have left it behind as an OS platform for Exchange 2010. The only operating systems those can be used for installing Exchange Server 2010 are Windows Server 2008 SP2 and Windows Server 2008 R2. Selecting an operating system would depend on our organization’s policy completely yet we recommend going with Windows Server 2008 R2. Per the benchmark testing results and other factors; Windows Server 2008 R2 works as a better platform than Windows Server 2008 SP2. Apart from selecting the correct operating system; exchange needs some additional software prerequisites to be installed on each server. Table 5, 6 and 7 contain the required software components to be installed in different scenarios respectively before an exchange 2010 server can be installed.Table SEQ Table \* ARABIC 7: Supported Operating SystemsComponentRequirementOperating system on a computer that has a 64-bit processor One of the following: 64-bit edition of Windows Server 2008 Standard with Service Pack 2 (SP2) 64-bit edition of Windows Server 2008 Enterprise with SP2 64-bit edition of Windows Server 2008 R2 Standard 64-bit edition of Windows Server 2008 R2 Enterprise Operating system for installing the Exchange management tools on a computer that has a 64-bit processor One of the following: Windows Vista with SP2 for management tools only installation 64-bit edition of Windows Server 2008 Standard with SP2 64-bit edition of Windows Server 2008 Enterprise with SP2 64-bit edition of Windows Server 2008 R2 Standard 64-bit edition of Windows Server 2008 R2 Enterprise Windows 7 If Windows Server 2008 SP2 is used as a platform OS for all our Exchange 2010 server and a typical installation to be performed (contains installation of HT, CAS and MBX server roles by default) then following software components need to be installed on the server;Table SEQ Table \* ARABIC 8: Windows Server 2008 SP2 componentsComponentRequirementMicrosoft .Net Framework 3.5 SP1. .NET Framework 3.5 Family Update for Windows Vista x64, and Windows Server 2008 x64 updates. Windows Management FrameworkWinRM 2.0 Powershell V2. Hub and MBX role specificMicrosoft Filter Pack Service ConfigurationNet.Tcp Port Sharing Service in automatic start up type. Set-Service NetTcpPortSharing -StartupType AutomaticBuilt in OS ComponentsOpen an elevated command prompt, navigate to the Scripts folder on the Exchange 2010 installation media and use one of the following commands to install the necessary operating system components sc config NetTcpPortSharing start= auto ServerManagerCmd -ip Exchange-Typical.xml -Restart * For more information on installing role specific built in OS components, see Install the Windows Server 2008 SP2 operating system prerequisitesMicrosoft has deprecated the use of ServerMangerCmd.exe for installing the OS components via command prompt and the utility may not be supported in Windows Server 2008 R2. There are few more architectural changes in Windows Server 2008 R2 which affect the way prerequisites for exchange are installed on a Windows Server 2008 R2. Compared to installation of software prerequisites on a Windows Server 2008 SP2 server box it is little different with a Windows Server 2008 R2 box. Below table illustrates the requirements and the ways to install each component using PowerShell.Table SEQ Table \* ARABIC 9: Windows Server 2008 R2 componentsComponentRequirementHub and MBX role specific? Microsoft Filter Pack Service Configuration? Net.Tcp Port Sharing Service in automatic start up type. sc config NetTcpPortSharing start= auto ServerManagerCmd -ip Exchange-Typical.xml –Restart Built in OS ComponentsOpen Powershell on Windows Server 2008 R2 and follow step by step: 1. Import-Module ServerManager 2. Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart * For more information on installing role specific built in OS components, see Install the Windows Server 2008 R2 operating system prerequisites.Downloads:Microsoft .NET Framework 3.5 SP1. Microsoft .NET Framework 3.5 Family Update for Windows Vista x64, and Windows Server 2008 x64. An update for the .NET Framework 3.5 Service Pack 1 is available. Windows Management Framework. 2007 Office System Converter: Microsoft Filter PackInstalling Exch2010 in Co-Existence with Exch2003Now that all preparation for hardware and OS selection including installation of required OS components is done the next step is to start installation of Exchange Server 2010 in co-existence with Exchange Server 2003. Installation consists of following phases:Preparing Active DirectoryMicrosoft Exchange 2000 Server was the first version of Exchange which used Active Directory Database to store its configuration information in it. Later version followed the same technology. Like Exchange 2000 and Exchange 2003 need the forest and domain to be prepared; Exchange Server 2010 needs it as well. During the Active Directory preparation phase exchange 2010 inserts its schema extensions into Active Directory Schema Partition and creates the Exchange related objects in Active Directory Configuration partition as well as the Domain Partition. Active Directory replication should be examined for any replication problems even before starting the Active Directory Preparation. Below table shows what we need before we run the Active Directory preparationTable SEQ Table \* ARABIC 10: Prerequisites for AD preparationComponentRequirementPermissionsSchema Admins, Enterprise Admins, Exchange Full AdministratorSchema MasterAvailable and contactable from the Exchange server.Should be running the OS mentioned in Table 1Changing organisation mode and fictional levelPrior to installing Exchange 2010, we must have to raise domain functional level to windows 2003. If the domain is in windows 2000 Native mode then its needs to be raised, otherwise migration process could not be continued. Go to Active Directory Domains and Trust (ADDT), right click on domain and click properties. We will find domain functional level as mixed as like below:# To raise domain functional lever, right click and select Raise Domain functional level:# Select available domain functional level to Windows Server 2003 and click Raise: # Click ok to affect the changes in entire domain: To verify the changes have been made, we need to click on the raise domain functional level and then we will see the current domain functional level is server 2003. Now go back to ADDT and right click> Select forest functional level> Then select windows server 2003 and click Raise> Click ok to take affect the changes. It will remind us that, after raising the forest/domain functional level it cannot be reversed:Now we have to check and convert organisation mode. To convert from mixed mode to native mode in Exchange follow the steps below:Open Exchange System Manager.In the console tree, right-click the organization that we want to switch to native mode, and then click Properties.In <Organization Name> Properties, under Change operation mode, click Change Mode.In the warning dialog box, click "Yes" if we are sure that we want to permanently switch to native mode. Click Apply to accept our new Exchange mode.Disable the Link State update. The purpose of this procedure is to make sure that routing loops can't occur. Exchange 2010 doesn't use a link state routing table and doesn't support relay of link state information. If we don't suppress minor link state updates, routing loops may occur. The first routing group connector is created when the first Hub Transport server role is installed on a computer in the Exchange organization. Before we create additional routing group connectors, perform this procedure on every Exchange 2003 server in the organization. When we suppress minor link state updates, the servers running Exchange 2003 don't mark connectors as unavailable. This procedure makes sure that earlier versions of Exchange only use least cost routing and don't try to calculate an alternative route.To perform this procedure, we must log on to the Exchange 2003 server by using an account that is delegated membership in the local Administrators group.Open Registry Editor.Locate HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters.Right-click Parameters and select New | DWORD value. Name the new DWORD value SuppressStateChanges.Double-click SuppressStateChanges.In the Value data field, enter 1.Close Registry Editor, and then restart the SMTP service, the Microsoft Exchange Routing Engine service, and the Microsoft Exchange MTA Stacks services for the change to take effect.Above steps has been completed into our exchange 2003 server’s W2K3EXA1, W2K3EXA3, W2K3EXB1, W2K3EXB3 respectively.Configure AD 2003 to Hold Server 2008 DCBefore we can begin to introduce the first Windows Server 2008 R2 Domain Controller into our existing Active Directory environment, we first have to prepare the Active Directory.Microsoft provides two tools to facilitate this preparation. Depending on our current Active Directory environment we need to use either one of them:Table 11: List of ToolsTool NameUsageadprep.exeUse adprep.exe to prepare our Active Directory environment for Windows Server 2008 R2 on 64bit (x64) Domain Controllers.adprep32.exeUse adprep.exe to prepare our Active Directory environment for Windows Server 2008 R2 on 32bit (x86) Domain Controllers.We need to run the following commands on the following Domain Controllers in our current Active Directory environment:Table SEQ Table \* ARABIC 12: List of CommandsCommandDomain Controlleradprep.exe /forestprep adprep32.exe /forestprepSchema Masteradprep.exe /domainprep adprep32.exe /domainprepInfrastructure Masteradprep.exe /domainprep /gpprep adprep32.exe /domainprep /gpprepInfrastructure Masteradprep.exe /rodcprep * adprep32.exe /rodcprepDomain Naming Master* Optional when we want to deploy Read Only Domain Controllers.After preparing our Active Directory for Windows Server 2008 R2 be sure to check the process. Breadcrumbs to failures may be found in the event viewer, but administrators will check the adprep.log files.Allow sufficient time for proper replication to all Domain Controllers. (In large environments with specific replication needs this might take hours.) When we feel all changes have been replicated use the HYPERLINK "" repadmin tool to check and optionally troubleshoot Active Directory replication. The following one-liner will show us the schema version per Domain Controller:repadmin /showattr * "cn=schema,cn=configuration,dc=dtl-my,dc=lab" /atts:objectVersionWhen all our Domain Controllers report Schema version 47, we’re good to go with the next steps.Let’s upgrade Domain Controllers (DC’s) into our lab:1. Log on to our first DC W2K3DCA1 which holding fsmo roles and GC on Windows 2003. 2. Enter into support\adprep on windows 2008 R2 CD Rom and issue this command below respectively. 3. Preparing forest by /forestprep: adprep32 /forestprep4. Preparing Domain by /domainprep :adprep32 /domainprep5. Preparing Group policy by /gpprep :adprep32 /domainprep /gpprepN.B. We will not apply this process into site-B DC W2K3DCB1, as it’s under same forest & domain. All the information has already been updated. Configure AD DS on Server 2008:Now it’s time to promote and declare windows server 2008 R2 as additional domain controller to our existing Active Directory Environment. After successfully moving the Flexible Single Master Operations (FSMO) roles, we can simply demote the previous windows 2003 DC, remove them from the domain and throw them out of the window.1. Log on the to the windows server 2008 R2, which is already member of 2003 domain and run dcpromo from run menu.2. Welcome page of AD DS installation wizard click next:3. Operating System Compatibility Page click next.4. On Deployment Configuration page – select add a domain controller to an existing domain into Existing forest and click next:5. On Network Credentials page- type the name of the domain. For our test lab, we type dtl-my.lab and specify user account which has the right to proceed with the installation. Click Next.6. Select dtl-my.lab as forest root domain and click next:7. Ignore RODC warning and click yes:8. Select a site and click next:9. Installation process will be started as is10. On Additional Domain Controller Options- Select DNS and Global Catalog. Click next.11. Click Yes to skip delegation authentication.12. Select Database, log files and SYSVOL on location page. Click next:13. Installation wizard will start installing AD DS on windows 2008 R2. Once it finished click on finish button and restart the server.After completion of this process above, we have added W2K8DCB2 as additional DC on site-B . So the server W2K3DCA1 & W2K3CB1 will be replace by W2K8DCA2 & W2K8DCB2 respectively.Preparing to install Exchange 2010 Client Access and HubTransport Server:Let’s configure our server W2K10EXA2 to install exchange server 2010. First of all we need to install Microsoft Filter Pack for exchange indexing service. Download the installer and double-click to run the .exe file. Follow the instruction to install it.1. Click next on welcome page:2. Accept the license agreement and click next:3. Click OK to complete the installation.After installing filer pack, we will install exchange prerequisite component. Just open the power shell console as administrator on W2K10EXA2 and follow step by step as described below:1. Apply this command: Import-Module ServerManager 2. Now Apply this:Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart Component installation will start and take some time to complete. Restart the server once completed:After installing all required component, next we need to configure Net.Tcp port sharing service start-up type to automatic. Open power shell and issue the command below:Set-Service NetTcpPortSharing -StartupType AutomaticCommand completed successfully.Finally we have all required component and services configured, so, after making sure that the account used to run the Exchange 2010 Schema preparation has all required permissions and Active Directory servers meet the minimum requirement criteria then Active Directory preparation can be started: 1. Insert the Exchange Server 2010 installation media into the CD Drive. 2. Open the Powershell window as Administrator and locate the path to file on the installation media. Drive:\3. Type /PrepareLegacyExchangePermissions or .\ /pl and press enter. Exchange Server 2003 uses the Recipient Update Service to stamp the user with the appropriate exchange attributes during provisioning. This is replaced in Exchange server 2010 by E-Mail Address Policies. The /PrepareLegacyExchangePermissions parameter changes security settings so that both the Recipient update service and E-mail address Policies can co-exist in the same Active Directory. For more information on Preparing Legacy Exchange Permissions see, Prepare Legacy Exchange Permissions, This Command will display the following output:-4. Next step is to prepare the Active Directory Schema. Follow step 2 and type /PrepareSchema. This command upgrades the Active Directory Schema to include the exchange server 2010 extensions. For more information on preparing Schema, refer to Prepare Active Directory & Domains. This Command will display following output:Note:-If we have skipped the step 2 and directly ran /PrepareSchema switch yet the exchange setup will prepare the legacy exchange permissions. The only benefit that running these command separately is that it gives granular control to manage the minimum permissions required to prepare active directory. If our active directory consists of more than one domain then our options for preparing AD will change accordingly. Read - Prepare Active Directory and Domains for more information. 5. Follow step 2 and run .\ /PrepareAD –this command upgrades the Exchange organization, which is stored in the configuration partition in Active Directory to support exchange 2010. In Exchange server 2003 information is stored in the “First Administrative Group” or perhaps more if we created additional Administrative Groups. The Exchange Server 2010 setup application will create a new Administrative Group called “Exchange Administrative Group (FYDIBOHF23SPDLT)” where all Exchange Server 2010 configuration information is stored. This will be visible in the Exchange Server 2003 System Manager:This command will display the following output:-6. Now run .\ /PrepareDomain -This is the last step in preparing the Active Directory and will create all necessary groups in the domain being prepared.This command will display the following output:Now our Active Directory is fully prepared, we can continue with installing the first Exchange Server 2010 in the environment. For our test lab server W2K10EXA2, this has to be combined Hub Transport and client Access Server. The installation process in command line has explained in next section.Installing Exchange Server 2010As the Active Directory Forest and Domains are prepared, we can simply go ahead and install the first Exchange Server 2010 server. Installing Exchange Server 2010 can be installed using the switches or the GUI directly. One of the benefits of using is we can automate our exchange installation and don’t need to provide manual inputs during the mand line (cmd.exe) on Windows 2008 R2:- .\ /m:Install /roles:”CA,HT,MT” /LegacyRoutingServer:w2k3exa1.dtl-my.lab /ExternalCASServerDomain:w2k10exa2.dtl-my.labAbove command line installs Mailbox Server role (MB), Client Access Server role (CA), Hub Transport Server role (HT) and Management tools (MT). If we have latest updates downloaded and want setup to install them during the installation itself, we can copy our exchange installation media to a local or network location and put the updates in the Updates folder.Note: - To get the list of available command-line parameters, type- .\ /help:installIf everything goes fine the command will display the following output step by step or will stop with an error or a warning message. Also Note that I found there was a need for quotes “” around the roles to get them to be parsed correctly by .Command will display the following output:- Copy Exchange files:-Prerequisites checks with the help of exbpacmd.exe:-Installation of Exchange Server 2010:-Installation completed successfully and it’s requires a reboot. Let’s reboot the server to take effect the installation changes on server.Important:Exchange setup makes registry as well as WMI changes and requires a reboot of the server where it is installed. To ensure the functionality we should reboot the server before performing any other operation on it. Verifying the Exchange Server 2010 Installation:-After rebooting the server the next step is to verify the exchange server installation. To verify that the exchange installation was successful either or all of below steps can be used:Open Exchange Management Shell (EMS) and run Get-ExchangeServer cmdlet. Under normal circumstances and if the exchange setup was successful it should return the values as below: ??Review the Application log. During installation exchange setup logs entries in Application log. Make sure that the log doesn’t contain any warnings or error related to setup.Review setup log file. We can find the setup log at <systemdrive>\ExchangeSetupLogs\ExchangeSetup.log Enter the Product KeyExchange Server 2010 will allow we to use the trial version of 120 days however it is highly recommended that we enter the product license key as soon as possible and before the server is placed in production. 1. To enter the product key we can use EMS and EMC both. To enter the product key using EMC follow below steps: In the console tree, navigate to Server Configuration. In the action pane, click Enter Product Key Group. On the Enter Product Key page, enter the product key, and then click Enter. On the Completion page, review the following, and then click Finish to close the wizard. 2. To enter the product key using EMS we can simply open the EMS on the exchange server and run the following command:Set-ExchangeServer -Identity W2K10EXA2 -ProductKey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx Important:We may need to restart the Exchange Information store service to apply this change.Depending upon the product key we enter Exchange will determine which edition this key for. Installing the Mailbox Server RoleIn previous section we have installed our Client Access & Hub Transport server. Now it’s time to install our Mailbox server on W2K10EXA4 for Site-A. Before installing the Exchange Server 2010 Mailbox Server role a proper storage design has to be made. Microsoft has recently released the new storage calculator, which is now called the “Exchange 2010 Mailbox Server Role Requirements Calculator” and can be downloaded here.The Requirements Calculator needs to be used for a proper storage design. The following variables are used in the Requirements Calculator for our test lab:VariableValueNumber of Mailbox Servers Hosting Active Mailboxes / DAG2Total Number of Tier-1 User Mailboxes / Environment75Average Message Size (KB)75 KBPersonal Archive Mailbox Size Limit (MB)0 MBMailbox Size Limit (MB)2048Deleted Item Retention Window (Days)14Projected Mailbox Number Growth Percentage0%The Requirements Calculator will show the following results:VariableValueNumber of Database/Server2Number of Mailbox/Database75Log files Generated/day/mailbox20Mailbox Server Internal Memory8 GBDatabase Size Required/Database197 GBLog file Size7 GBTotal database Size394 GBTotal Log file Size14 GBTotal LUN size Databases560 GBTotal Database required IOPS/Server18Total LUN size Log files0Total Log required IOPS/Server4Mailbox server roles requirement has been calculated. Let us start to install mailbox server role on WK2103XA4. As we have prepared our Active directory and domain while installing our CAS server, so here we just need to install specific required windows component for Exchange 2010. Here are the steps:-Install Microsoft filter Pack from here.Set the NetTcpPortSharing service start-up type automatic by this command:Set-Service NetTcpPortSharing -StartupType AutomaticRight click on the power shell and select “Run as Administrator.”Apply this command on Power Shell: Import-Module ServerManager 2. Now Apply this:Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart Component installation will start and take some time to complete. Server will rebooted once completed and proceed with the installation during reboot.Now insert the exchange 2010 installation media into DVD-ROM. Change directory pointing Exchange 2010 installation media.Issue this command below on PowerShell to install Mailbox and unified messaging role into W2K10EXA4:.\ /m:Install /roles:”MB,UM,MT” Installation will start as below:Reboot server once the installation completed. Verify exchange installation as described here. Then we need to complete the licensing steps a described here. After licensing activation is completed we are ok to go for configuration.Now we have installed our Exchange 2010 server roles on Site-A, Lets go to install on Site-B, Just follow the same procedure from Step-04, install Client Access, Hub Transport, Management Tools roles into W2K10EXB2, then install Mailbox, Unified Messaging roles into W2K103XB4 respectively. Make sure we have put correct CAS server name and we must remove the Legacy routing parameter as this can only be specified for the first hub transport server installation in an organization. So the power shell command should be like this for W2K10EXB2:.\ /m:Install /roles:"CA,HT,MT" /ExternalCASServerDomain:w2k10exb2.dtl-my.labAnd the Power shell command for WK2K10EXB4 should be like same as before:.\ /m:Install /roles:”MB,UM,MT” We are done with the Exchange 2010 role installation into our Exchange 2003 Organization.Finally we have successfully installed our exchange 2010 required server roles on Site-A and Site-B. Next step is to configure exchange 2010 environment and complete the post installation task in order to co-exist with Exchange 2003. If there is no issue/error encountered during co-existence period, we will proceed to remove our exchange 2003 environment completely. Next section section-5 will cover all of this procedure. Please proceed to Next page.Configure Exchange Server 2010In previous section, we have successfully installed exchange 2010 Server roles, now it’s time to configure it. I will cover post installation task in this section. Follow the steps described below to prepare this exchange 2010:Register Filter Pack IFilters with Exchange 2010:The filter pack is a pre-requisite for Exchange 2010 installation. After we install the filter pack, the included IFilters are registered with Windows Search. To enable Exchange Search to index Office 2007 file formats, we must register the installed IFilters for Exchange 2010 by modifying the registry. And also, must perform this registration after we have installed Exchange 2010 on the server.The registry changes can either be made manually or running a script provided by Microsoft. Check this TechNet article for steps to modify the registry. Here I will use Script to register IFilters Automatically:Paste the following text into a Notepad file:# Copyright (c) 2009 Microsoft Corporation. All rights reserved.# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.# This is a filter registration script to configure Exchange Server 2010 to index Office 2007 file formats. $DLLPath = $env:CommonProgramFiles + "\Microsoft Shared\Filters"$CLSIDKey = "HKLM:\SOFTWARE\Microsoft\ExchangeServer\V14\MSSearch\CLSID"$FiltersKey = "HKLM:\SOFTWARE\Microsoft\ExchangeServer\v14\MSSearch\Filters"# Filter DLL Locations$officeFilterLocation = $DLLPath + "\offfiltx.dll"$onenoteFilterLocation = $DLLPath + "\ONIFilter.dll"$visioFilterLocation = $DLLPath + "\VISFilt.DLL"# Create Filter EntriesWrite-Host "Creating Filter Entries..."# Uncomment these if we wish to index these uncommonly exchanged formatsNew-Item -Path $FiltersKey -Name ".docm" -Value $docxGuid -Type StringNew-Item -Path $FiltersKey -Name ".pptm" -Value $pptxGuid -Type StringNew-Item -Path $FiltersKey -Name ".xlsm" -Value $xlsxGuid -Type StringNew-Item -Path $FiltersKey -Name ".vss" -Value $vsdGuid -Type StringNew-Item -Path $FiltersKey -Name ".vst" -Value $vsdGuid -Type StringNew-Item -Path $FiltersKey -Name ".vsx" -Value $vsdGuid -Type StringNew-Item -Path $FiltersKey -Name ".vtx" -Value $vsdGuid -Type StringNew-Item -Path $FiltersKey -Name ".vsd" -Value $vsdGuid -Type StringWrite-Host "Registry subkeys created."Write-Host "Please restart Microsoft Search (Exchange) service from the Services console, or by running stop-service msftesql-Exchange -Force ; start-service MSExchangeSearch "Name the file RegisterMicrosoftFilterPack.ps1, and then save it.Start Windows PowerShell or the Exchange Management Shell.Run the script RegisterMicrosoftFilterPack.ps1 like the following from its location..\RegisterMicrosoftFilterPack.ps1Its completed:-Restart the Microsoft Search (Exchange) service using the Services console or by typing the following command in the Exchange Management Shell.Stop-Service msftesql-Exchange -Force; Start-Service msftesql-ExchangeImportant: Repeat this above process described on section 5.1 into the server W2K10EXA1, W2K10EXA4, W2K10EXB2, W2K10EXB4 respectively.Configure Hub transport Server Role Settings:During the exchange server 2010 installation exchange 2010 pulls most of the configuration information from an existing exchange organization which includes accepted domains as well. During installation Exchange 2010 will create a default receives connector which listens on port 25 and receives emails from all IP addresses. This allows the inbound mail flow. Yet, there are things to need to be configured manually. After we have updated the product key for each server that we have installed, next step is to go with step by step configuration per server role.Configure Receive Connector.Defaults receive connector need to be modified before it can receive emails from internet. To modify the settings on default receive connector we need to follow the steps below, Site-A, then on Site-B respectively):Open EMC and navigate to Hub Transport under the Server Configuration node. Right click on Default Server Name connector and select Properties. Select Permissions Groups tab and check Anonymous users permissions group, apply, OK- Important: Receive connector configured to accept messages from all remote IP addresses through port 25 This connector typically accepts connections from all IP address ranges. The usage type for this connector is Internal. This connector only accepts mail from other Exchange servers that are part of the same Exchange organization. By default, this connector doesn't accept anonymous submissions. See, Understanding Receive Connectors and Allow Anonymous Relay on a Receive ConnectorConfigure Send ConnectorExchange 2010 does not create a send connector by default and by extension is incapable of sending an email through any hub transport server role in its default configuration. If the organization contains a Hub Transport server role that already has a send connector configured the other Hub Transport server roles can use this connector to send emails to internet. However, if this is the first exchange 2010 Hub Transport server role in the organization then we must configure the send connector. To configure the send connector we can use EMS and EMC both, we will follow the below steps: To configure a Send Connector using EMC:Open EMC and navigate to Hub Transport under the Organizational Configuration node. Select Send Connectors tab. Right click in the result pane of EMC and select New Send Connector… Or we could select New Send Connector from the Action pan:The above step will bring up the New Send Connector Wizard. Enter a meaningful name for the connector and select Internet from the drop down Menu. For our test lab we will named it as Internet Connection Site-A and Internet Connection Site-B for our both side respectively.Click Next to continue. Click the Add button and add an SMTP address space of * to route all mail to external domains over this Send Connector. Click OK and Next to continue.If we route outgoing mail via an ISP smart host or email security service choose that option and enter the IP address or DNS name of the smart host. We can add more than one smart host if necessary. Otherwise leave it configured to use DNS to route mail directly to the destination.Click Next to continue.The Hub Transport server is automatically included as a source server for the Send Connector.Click Next to continue. Then New to create the Send Connector with the chosen settings. When the Send Connector has been created successfully, do not click finish, before hit on finish button, just hit Ctrl+C to copy the power shell command, which has just completed in the background. We will use this Shell command to create Sent connector in Site-B by EMS in our next step. This is the easiest way to learn Power shell if we wish to. Let’s get to it and enjoy.To configure a Send Connector using EMS:We will go to Site-B, Open EMS on WK210EXB2 and past the command below which we have copied on our previous steps. We will modify the connector name and Source server name accordingly. I have added another parameter to set the Maximum Message size 20 MB. The default value for exchange 2010 is 10MB. We can change it anytime from connector properties page:new-SendConnector -Name 'Internet Connector Site-B' -Usage 'Internet' -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $false -SourceTransportServers 'W2K10EXB2' -MaxMessageSize 20MBConnector should successfully create and we will see the output as below:Open the EMC to verify the connector is created. And we will find the connector is there:-It’s very easy, simple and time consuming to administer Exchange 2010 via Exchange Management shell (EMS). Shell command line mode is really much faster than GUI and it will do our task within a second. So we should try to familiar with it to enjoy the powerful advantages and more control over our organization. To understand the cmdlet New-SendConnector please refer this link- New-SendConnector: Exchange 2010 HelpConfigure Firewall to allow outbound/Inbound SMTP Traffic from HT Server:After we have finished creating and configuring the SMTP send connector on the Hub Transport Server role, the next step is to tell our network firewall that this sever will be sending outbound SMTP traffic.It would be really tough to explain the configuration part for each firewall device or the software firewall that we may have in our network but if we are using ISA or TMG as a firewall we can refer, Configuring SMTP routes – applies to TMG 2010.Important :If we are using a device firewall in our network please consult the firewall documentation for configuring the SMTP ports and routes. Configure Client Access Server Role:-Next step is to configure the CAS server role. CAS server role has replaced the concept of Front End servers in Exchange Server 2003 so this server role will be responsible for serving requests originated from exchange clients like Outlook Web App and Office Outlook as well the delivery of offline address book and Outlook Anywhere connectivity to the outlook clients. Outlook connecting to any mailbox connects to the mailbox server via the exchange server 2010 CAS server role. However, there are no specific configurations needed for this connectivity. Yet, other clients need specific configurations on the CAS server role to provide the connectivity. Below sub topics explain the steps to configure these connectivity options.Configure Outlook Web App:Outlook Web Application can be configured via EMS or EMC. To configure OUR outlook web app settings using EMS we will apply this command below according to our server settings. Below cmdlet will set the properties of OWA virtual directory. This cmdlet will configure the internal URL for OWA access as and external URL as -Identity "W2K10EXA2\owa (Default Web Site)" -ExternalUrl “" -InternalUrl “”The command output should be as below:Apply the same command into Site-B CAS server W2K10EXB2. But make sure we have changed the server name accordingly as below:Set-OwaVirtualDirectory -Identity "W2K10EXB2\owa (Default Web Site)" -ExternalUrl “" -InternalUrl do above changes using GUI/EMC, follow these steps below: Open EMC, locate and expand Server Configuration in navigation pane. Select Client Access from the list. In the result pane select the exchange 2010 server name. Select Outlook Web App from the work pane, right click and select properties. Enter the valid configuration information in Internal URL and External URL text boxes. Click Ok. And we’re done.To publish above changes on ISA or TMG 2010 or any other Gateway we need to enable additional logon methods. To enable additional logon methods using EMS:Set-OwaVirtualDirectory -Identity "W2K10EXA2\owa (Default Web Site)” -BasicAuthentication:$True -WindowsAuthentication:$TrueThe output of the command will be as below:Issue this command above for Site-B W2K10EXB2 as like below:Set-OwaVirtualDirectory -Identity "W2K10EXB2\owa (Default Web Site)” -BasicAuthentication:$True –WindowsAuthentication: $TrueTo do this changes using GUI/EMC follow this steps below:Open EMC, locate and expand Server Configuration in navigation pane. Select Client Access from the list. In the result pane select the exchange 2010 server name. Select Outlook Web App from the work pane, right click and select properties. Click on Authentication tab. Select Integrated Windows authentication and Basic Authentication Press Ok and another pop up will appear. Do not restart the IIS yet, simply click Ok. We can restart IIS once we are done with all other configurations on the CAS server role. Configure Exchange Control Panel (ECP) The URL and authentication settings changes on OWA virtual directory should also be made on ECP virtual directory too. To change the ECP virtual directory settings using EMS we will use this command below:Set-EcpVirtualDirectory -Identity "W2K10EXA2\ecp (Default Web Site)" -ExternalUrl "" -InternalUrl ""And for Site-B:Set-EcpVirtualDirectory -Identity "W2K10EXB2\ecp (Default Web Site)" -ExternalUrl "" -InternalUrl ""To do this using GUI/EMC:Open EMC, locate and expand Server Configuration in navigation pane. Select Client Access from the list. In the result pane select the exchange 2010 server name. Select Exchange Control Panel from the work pane, right click and select properties. Click on Authentication tab. As the authentication settings on the OWA virtual directory were changed to use the Integrated Windows Authentication and Basic Authentication settings on ECP virtual directory should also be changed.Set-EcpVirtualDirectory -Identity "W2K10EXA2\ecp (Default Web Site)” -BasicAuthentication:$True -WindowsAuthentication:$True For site-B just change the server name to W2K10EXB2.Configure Microsoft Exchange ActiveSyncLike OWA virtual directory needs the external and internal URL settings the EAS virtual directory should also be configured. The only key difference between both is OWA virtual directory needs additional authentication settings to be configured where EAS virtual directory can only be configured to use Basic Authentication.Again, the settings are configurable using EMS and EMC both. To simplify the documentation here I will show the EMS command only. To change the EAS virtual directory settings using EMS:Set-ActiveSyncVirtualDirectory -Identity "W2K10EXA2\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl "" -ExternalUrl ""For Site-B, we have changed the server name accordingly and output should be as below:Configure Offline Address Book DistributionNext step is to configure the Offline Address Book distribution settings. Configure the polling interval if we want to change it from default 480 minutes to our desired time. Exchange 2010 CAS server role will update the OAB every eight hours by default. Polling Interval is the duration that Exchange 2010 CAS uses to update the OAB per the defined value in minutes. If this setting needs to be changed depending upon our organizational requirements we can edit this entry on General tab of the properties of OAB. To configure Offline Address Book Distribution properties using EMS:Set-OabVirtualDirectory -Identity "W2K10EXA2\OAB (Default Web Site)" -PollInterval 720 -InternalUrl "" -ExternalUrl ""For Site-B, we have changed the server name accordingly and output should be as below:As we said before, to simplify the documentation process, we are not going to discuss about GUI/EMC. Let’s proceed to next steps.Configure Outlook Anywhere:RPC over HTTPS functionality of Exchange 2003 is replaced by Exchange Outlook Anywhere in Exchange 2010. If we have users using RPC/HTTPS the Outlook Anywhere will be replacing it and need to be enabled either using EMS or EMC. Here we will apply this by EMS only.To enable Outlook Anywhere using EMS:Enable-OutlookAnywhere -Server 'W2K10EXA2' -ExternalHostname 'anywhere.dtl-my.lab' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $falseFor Site-B, we have changed the server name accordingly and output should be as below:Important :There are other settings to be done depending upon our requirement. Please refer following resources to configure the rest of the setting as per our need: ISA 2006 SP1 Configuration with Exchange 2010 Configure Public and Private Computer File Access Configure Segmentation in Outlook Web App Understanding Security for Outlook Web App Request, Download and Configure a SAN CertificateExchange 2010 creates a self-signed SAN certificate and assigns it to the services like IMAP, POP, IIS, and SMTP. The only drawback of this self-signed certificate is that it contains the server’s FQDN and NetBIOS names only. To avoid any certificate related errors and use it over the internet without any problems it is highly recommended that we request and assign a certificate from a Certification Authority that can be contacted from anywhere in the world and trusted by client.To request a new certificate from a trusted CA by using New Exchange Certificate Wizard just follow this steps below:Select server configuration from left hand side pane in EMC and exchange certificates tab in left hand paneRight click in free space in left hand side pane of Exchange Certificates tab and select New Exchange Certificate:Enter a friendly name of the certificate:Click next on Domain Scope. Once we have specified a friendly name for the certificate we are taken to the next screen upon clicking the Next button. This New Exchange Certificate screen will now gather the actual required information where we get a chance to choose among the options to use this certificate for various services. Services like IIS based web services including Auto discover, OWA EAS and other services like POP/IMAP, Outlook Anywhere and UM. We can observe the screenshot below and notice that we get an option to write the URL of the service locations for OWA, EAS, Federated Services, SMTP transport, Etc. These URLs will be used in the certificate request which will be further used to write the SAN certificate information:Here the wizard collects the Organization related information like company name, department, location, etc. At this stage the wizard has collected almost all the information it needed. We may notice that the path right beside the Browse button is the path to the certificate request file path.Click next and click on new. There we go with the final screen of the wizard where it displays the power shell command it will be attempting to generate the certificate request. Once we hit the Finish button the wizard completes the certificate request.Here a point to be noted is; the wizard does not create an actual certificate. It will simply generate the request and keep it accessible via EMC. So when we are done with the wizard we have to manually send this request to the online CA within our Exchange/AD premises. Let’s request our certificate from web enrolment. To obtain a certificate from a third party CA or our internal CA, our first need to copy the contents of the .req file and paste it to the web console of our certification authority. For our internal Enterprise CA the picture looked like below. Please see carefully that the Certificate Template used for this certificate request is Web Server. (We have log in and select advance certificate request>the “Submit a certificate request”> then we will get his page):We can now download the certificate in DER encoded format or Base 64 encoded format and save it to some location on our desktop or server. We will also need to download the whole certificate chain if the issuing authority is not a trusted CA by our server. Now, as we have downloaded the certificate to the server. We will need to complete the pending certificate request in our EMC. Select the complete pending request by right clicking on the pending certificate request in EMC.A new interface asking us the path to the certificate will pop up. These wizards will ask the location for newly downloaded certificate. Click on the Browse button, select the newly downloaded .cer file and click on complete button.We may recall Exchange 2007 to have the imported certificate to be enabled before it can be used actually used exchange services. E14 is not an exception to it but we don’t need to use Enable-Exchange Certificate this time. We can do it using GUI easily. Now that we know, we have a new certificate imported correctly. We need to assign it to the services those will be using it.Again, locate the new imported certificate in EMC and right click on it. Select Assign Services to Certificate… from the context menu.One quick difference we may notice between the step 3 and now. That is the certificate status. It changes from Pending to Valid and icon in front of the certificate gets blue colour check mark on it.Assign Services to Certificate… will list the services on a window those will be assigned to use this certificate. Select the services we want to use this certificate with and click on Assign button. In my case, I will not select Unified messaging server option as this is a Hub Transport server and UM is not installed on that:Click on Assign button: We may notice a pop up asking our consent to assign this certificate to SMTP service on the server as the default certificate will be replaced if we have selected Simple Mail Transport Protocol to use the new certificate in step 6. Click Yes and our default self signed certificate created and assigned to SMTP during server install will be replaced with new one.Click Finish and we are done. Now install certificate for other Exchange server accordingly in our organisation. For our test labs we have installed certificate on W2K10EXA2, W2K10EXB2, W2K10EXA4, and W2K10EXB4 respectively and obviously according to the server role. After successfully install and assigned the services to newly installed certificate just backup and remove the old exchange self signed certificate.Important: * We must make sure that we have chosen the option to use new certificate for TLS connections during the request generation. * We must have the root CA and the entire certificate chain installed our Exchange Server as well as clients if we are using our internal CA for new request processing. Outlook as well as Outlook Anywhere and other web based services may be affected otherwise. * We must back up the certificate as soon as it is enabled on the server. * I recommend backing up and removing any old certificate from the server as soon as the new certificate is active and fully functional.Configure Mailbox Server Role:-Mailbox Server Role is the typically the last server role to be configured. When mailbox server role is installed two information stores will be created depending upon the settings we choose at the time of installation. Normally, if we have chosen to use public folder database for legacy clients Free/Busy publishing or any other reason than just to publish Free/Busy information then a mailbox database and a public folder database will be created automatically. These databases are configured to use the installation directory by default. To obtain better performance and tolerance it is recommended that we use a separate disk configuration for databases and log files. Please keep in mind that the store architecture in Exchange 2010 has been changed. Storage Groups are gone and the Information Stores with separate set of log files each have taken their places.Move the Exchange 2010 Database and Logs Locations:To move exchange database we can use EMS or EMC. As stated earlier, we will only use EMS here to simplify the documentation. Now let’s Move our Exchange Database files to new location using EMS by this command below. We will do this into our mailbox server on both site (W2K10EXA4 and W2K10EXB4) respectively. Past this command and choose Y and enter two times:Move-DatabasePath -Identity 'Mailbox Database 0923891783' -EdbFilePath 'D:\Mailbox Database 0923891783\Mailbox Database 0923891783.edb' -LogFolderPath 'D:\Mailbox Database 0923891783\Logs'Restart Services:-At this point we can restart all required services. In previous steps there are two services need to be restarted, they are IIS and exchange IS. We need to restart services on the above exchange server’s respectively: Restart IIS:To restart IIS, Open command prompt and type:IISReset /NoForce Restart Exchange Information Store Service:To restart Exchange information store Service, open command prompt and type:Net Stop MSExchangeIS && Net Start MSExchangeIS Moving Settings and Data to Exchange 2010:-In this phase of transition we move all the organization settings from Exchange 2003 to Exchange 2010 server. This also includes the movement of mailboxes and public folders from Exchange 2003 servers to Exchange 2010 servers. So the term “Moving Date” includes moving mailboxes and public folders from existing servers to Exchange server 2010:Move Mailboxes:Moving mailboxes from Exchange 2003 to Exchange 2010 should be done using Exchange 2010 management tools. We can use either of the management tools of Exchange 2010 to complete the operation. Since we are moving all the mailboxes from Exchange 2003 there is no special requirement of using filters in power shell command. We can simplify our work by using EMC itself.To move mailboxes using EMC: Open EMC, locate and expand Recipient Configuration in navigation pane. Select Mailbox from the list. In the result pane select the Legacy Mailboxes you want to move from Exchange 2003. Legacy mailboxes have a special icon as:Right click on selected mailboxes and select New Local Move Request… Select the database on Exchange Server 2010 where these mailboxes are to be moved. Click Next button. Select the Move Options from this page and click Next, then click new: Previous step will begin movement of selected mailboxes from Exchange 2003 to Exchange 2010 server. Watch for the progress of mailbox move. Once the move completed it will show us the status of the move in completion box. Click finish to complete the process.Once mailbox’s successfully moved to Exchange 2010, the mailbox icon will change as shown below. And the recipient type will change from Legacy Mailbox to User mailbox: As the mailbox’s has been moved from exchange 2003 to Exchange 2010 on both sites. We need to clear completed move request from Recipient configuration. Just navigate to Move Request from server configuration, we will see the move request been performed in above steps.Select all completed move request, right click and select clear move request. This will clear all the completed request.As we have moved our site-A mailbox’s, and site-B mailbox’s is still on Exchange 2003, so it’s time to check our mail routine and coexistences. Log on to Exchange 2003 mailbox and sent an email to Exchange 2010 MailboxNow check log on and check from Exchange 2010 Mailbox and it is there...Cheers!Lets track the routing to know how it’s routed:Seems, mail routed through the Interop RGC from Exchange 2003 (W2K3EXA1), and then delivered to Exchange 2010 environment. That’s it.Move Public FoldersSince launch of Exchange 2007 Microsoft has taken a deprecating stance for public folders yet they are not gone form Exchange 2010 as well. Though Exchange 2010 can still have public folders; the management tools for PFs have limited functionality for management purposes.To move public folders from Exchange 2003 to Exchange 2010 we can use Exchange System Manager, ExFolders.exe, and Exchange 2010 Management Shell Scripts. Before that we need to create public folder database into exchange 2010, as it was not created during setup. Just use the new public folder database wizard from Organization configuration settings.Open EMS and jump to path drive:\Program Files\Microsoft\Exchange Server\V14\Scripts and run the script AddReplicaToPFRecursive.ps1..\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\" -ServerToAdd "exchange2010" This will add replica of public folders on Exchange Server 2003 to Exchange Server 2010 (W2K10EXA4 & W2K10EXB4). This is the simplest way to add replica of all PFs to Exchange 2010 PF database.Once the replica is added, a next step is to replicate offline address book and free/Busy folders from exchange server 2003 to exchange server 2010:Open the Exchange System Manager on the Exchange Server 2003 server and navigate to the System Folders in the ‘Folders’ folder in the First Administrative Group Navigate to the first Offline Address Book folder, right click it and select “All Tasks…”. The next is to select “Manage Settings”.The “Manage Public Folder Settings wizard” will appear. Click Next on the Welcome page and select the “Modify lists of replica servers”. Follow the wizard and add the Exchange Server 2010 Mailbox Server role as a new replica. When finished, the folder and all its subfolders will be replicated to the Exchange Server 2010 Public Folder database. Repeat this step for the rest of the Offline Address Book folder and the Schedule+ Free Busy folder.Note: When the “Manage Settings” option is not available you can select “Properties” and select the replication tab to add the Exchange Server 2010 Public Folder Database. Replication of public folder can take quite some time.Now, the (default) Public Folder that are located on the Exchange Server 2010 Mailbox Server should be replicated to the Exchange Server 2003 Mailbox Server. To accomplish this logon to the Exchange Server 2010 Mailbox Server, open the Exchange Management Console and navigate to the Tools node. Under the Tools node open the Public Folder Management Console.Right click the Offline Address Book in the results pane, select Properties and click the Replication tab. Add the Exchange Server 2003 Mailbox Server to the replica list; the contents will now be replicated to the Exchange Server 2003 Mailbox Server. Be aware that Public Folder replication is a low priority mechanism, so it takes some time before both Public Folder databases are in sync.Repeat these steps for the Schedule+ Free/Busy folder. After adding replica to new server PFs may take 24-48 hours to complete the replication depending upon the PF database size on source database. Once the replica is added the next step is to move the replica from Exchange 2003 to Exchange 2010. To do this, jump to scripts directory and run following command.Scripts>.\MoveAllReplicas.ps1 -Server "Exchange2003" -NewServer "Exchange2010" This is in Site-AThis is in Site-B:Or Move Via GUI: You can do the above move via Exchange system manager. Just follow this:Logon to the Exchange Server 2003 server and open the Exchange System Manager. Navigate to the Exchange Server 2003 Mailbox Server, right click the Public Folder Database and select “Move All Replicas”. Select the Exchange Server 2010 Public Folder database in the drop down box and click OK.A warning message is displayed that the Public Folder Replicas will be move to the other Public Folder Database and that this can take 24-48 hours to complete the replication depending upon the PF database size on source database. Replication takes place using SMTP messages that are sent across the Interop Routing Group Connector to the Exchange Server 2010 Public Folder Database.Move Organization Settings:-Organization level settings in Exchange 2003 include settings related to OAB, Address Lists, etc. Exchange Server 2010 uses E-mail Address Policies, OAB but these are not compatible with the Recipient Policies used in Exchange Server 2003. The next step is to convert all of those organization settings from Exchange 2003 to Exchange 2010.There’s no way to achieve this using the Exchange Management Console so we need the Exchange Management Shell (EMS). When you try to edit a Recipient Policy in Exchange Server 2010 Management Console it gives a clue on how to convert the Recipient Policies to E-mail Address Policies: Move OAB Generation Server:-We can use both EMC and EMS to move OAB. To move using EMS use this command below:Move-OfflineAddressBook -Identity '\Default Offline Address List' -Server 'EXCHANGE2010'The entire address list Generation server has been moved to Exchange 2010 environment as verified below: Upgrade Address Lists:There is a major change in the way Address Lists were handled by Exchange 2003 and the way Exchange 2010 handles them. The most important thing that needs to be known, before migrating the Address Lists to the Exchange 2010 server is to know that Exchange 2010 does not support the LDAP filters. The LDAP filters must be converted to OPATH filters before the Address Lists can be moved. If you have custom LDAP filters implemented to configure Address Lists make sure that you prepare the corresponding OPATH filters as well. For more information on converting LDAP filters to OPATH please do refer, Need help converting your LDAP filters to OPATH? And Upgrade Custom LDAP Filters to OPATH Filters. Also, there is no GUI interface for upgrading or moving the Address Lists to Exchange 2010. This movement/upgrade has to be done using EMS. To move Address lists using EMS:To upgrade All Users default address list use this command:Set-AddressList "All Users" -IncludedRecipients MailboxUsers To upgrade All Groups default address list Set:Set-AddressList "All Groups" -IncludedRecipients MailGroups To upgrade All Contacts default address list Set:Set-AddressList "All Contacts" -IncludedRecipients MailContacts To upgrade Public Folders default address list:Set-AddressList "Public Folders" -RecipientFilter { RecipientType -eq 'PublicFolder' }To upgrade Default Global Address List:Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))} To upgrade our test lab global address list:Set-GlobalAddressList "DTLMY Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq 'user' -or ObjectClass -eq 'contact' -or ObjectClass -eq 'msExchSystemMailbox' -or ObjectClass -eq 'msExchDynamicDistributionList' -or ObjectClass -eq 'group' -or ObjectClass -eq 'publicFolder'))}Now let’s upgrade our test labs custom address list. We need to find the LDAP filter and convert it to OPATH filter to upgrade the custom address list.To upgrade our custom address list:Set-AddressList "BDDomain Local Address List" -IncludedRecipients AllRecipientsTo upgrade LDAP filter to OPATH filter:Set-AddressList "BDDomain Local Address List" -ConditionalCustomAttribute14 "bddomain"We have one address list with complex LDAP filter. Let’s see how we are converting it to OPAT filter:Address list filter rules:Address list Preview:This is our “Custom Filter” have been built for this address list:(&(&(&(mailNickname=*)(|(extensionattribute15=mkt)(&(objectClass=User)(extensionattribute13=mkt))))))Which means, all mail enable object containing extension attribute15=mkt and all user’s containing extension attribute13=mkt will be included into this address list. In OPATH filter we can replace with all recipient and custom attribute filtering. To upgrade Marketing Address list:Set-AddressList "Marketing Local Address List" -IncludedRecipients AllRecipientsTo upgrade to OPATH filter:Set-AddressList "Marketing Local Address List" -RecipientFilter {(Alias -ne $null -and (CustomAttribute13 -eq "mkt" -or CustomAttribute15 -eq "mkt"))} When finished you can open all Address Lists using the Exchange Management Console and using the Exchange 2003 System Manager for opening the Address Lists is no longer possible.For more detailed information regarding the upgrade of Recipient Policies and Address Lists visit the blog of the Microsoft Exchange product team: - Address List and EAP filter upgrades with Exchange Server 2007. This blog entry is for Exchange Server 2007, but it works for Exchange Server 2010 as well. Please follow this blog to upgrade your custom address list. Upgrade Email Address Policies:Again, upgrading Email Address Policies to Exchange 2010 includes the conversion to OPATH filters. Just like upgrading address lists the Email Address Polices can also be upgraded.Open the Exchange Management Shell and enter the following command. This will show a list of Recipient Policies that are available in your Exchange organization. We can use this output by piping it into the Set-EmailAddressPolicy cmdlet:To Upgrade Default Email Address Policies we will issue this command below:Set-EmailAddressPolicy "Default Policy" -IncludedRecipients AllRecipients To get a list of all custom Email Address Policy which needs to be upgraded, will Use this command below:Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”}Above list showing the recipient policy which needs to be upgraded to exchange 2010 environment. As this is our custom email address policy created via LDAP filter, which needs to be converted to OPATH filter for exchange 2010. As LDAP filter has been replaced by OPATH filter in Exchange 2010.We need to find the LDAP filter then convert it into OPATH filter. The key part of this exercise has two parts: 1) figure out what the filter is actually filtering, followed by 2) reconstruct the filter with PowerShell syntax as OPATH and set it on the object. If you have more complex custom LDAP filter setup, then Please follow this msexchange team blog article to upgrade them.Let’s start from the priority 1 policy G-Allow External Incoming mail domains:- As it’s shown, no filter rules applied. This is just a list of domain in our exchange environment. So, we will just update this for exchange 2010 but will not apply this policy. The domain list into generation rules also needs to be added manually after upgrade. And we need to make sure this will never apply after upgrade. The applied status should always be “False”.Note: I recommend not upgrading this policy, as the accepted domains is already listed into Exchange 2010 EMC (Below screenshot). If we wish, yes we can do it by the following way:Accepted domain:G-Allow status:To upgrade this policy use this command:Set-EmailAddressPolicy "G-Allow External Incoming Mail Domains" -IncludedRecipients AllRecipientsNow update the property LDAP filter by adding the OPATH filter to avoid conflict. No object is holding custom attribute “G-Allow”, so this will not apply to anyone.Set-EmailAddressPolicy "G-Allow External Incoming Mail Domains" -ConditionalCustomAttribute14 "G-Allow" -IncludedRecipients AllRecipientsWe have added those listed domain later on. Now let’s upgrade our others custom recipient policy one by one by this command:To upgrade the custom policy:Set-EmailAddressPolicy "<Policy Name>" -IncludedRecipients AllRecipientsTo upgrade LDAP filter to OPATH filter:Set-EmailAddressPolicy "<Policy Name>" -ConditionalCustomAttribute14 "<value>" -IncludedRecipients AllRecipientsHere is the status after upgrade in EMC:The Recipient Policies are now converted to Exchange Server 2010 Email Address Policies and we can open them in the Exchange Management Console. Please note that the examples mentioned above are pretty simple policies in our test lab. If you have more complex policies please test this thoroughly. If you have any Mailbox Manager policies, these have to be removed. Note: It is highly recommended that you read following articles before upgrading the address lists and recipient policies. Need help converting your LDAP filters to OPATH? Upgrade Custom LDAP Filters to OPATH Filters Creating Filters in Recipient Commands Move the Public Folder HierarchyThe Public Folder tree itself should also be moved to the new Exchange Server 2007 Public Folder database. Logon to the Exchange Server 2003 server and open the Exchange Service Manager. Expand the Administrative Groups and right click the “Exchange Administrative Group (FYDIBOHF23SPDLT)”, select “New” and select “Public Folders Container”.Then expand the old “First Administrative Group”, expand “Folders” and move the Public Folders tree to the Public Folders container you created in the previous step.Removing Exchange Server 2003:-Removal of Exchange 2003 servers from Exchange org is the last and final step. Before you remove Exchange 2003 Server you may want to shut down the server for few days to observe any kind of failures or errors reported by end users. Once you have made sure that everything has been migrated successfully, you can go ahead start removing Exchange 2003 servers. Removing mailbox and Public Folder DatabasesTo remove Mailbox database and Public folder database, we will use the Exchange System Manager in Exchange 2003:Open ESM on Exchange Server 2003. Navigate to Exchange 2003 server and remove mailbox databases and public folder databases along with the storage groups. We will remove this W2K3EXA1-SG1-MS1 database later, once we have removed the interop routing group connector. Mailbox database on other server has been removed now.When you delete the public folder database you may be prompted to use another database for storing the system folders. Click OK and select the PF database on Exchange Server 2010 click OK again. We have removed our entire public folder database accordingly from test lab. Remove Routing Group ConnectorWhen the Public Folder Database and the Mailbox Database are removed, and we’ve double checked to ensure that no other clients are using the Exchange 2003 Front-End server as an SMTP relay, the Interop Routing Group Connector can be removed. This can only be done using the Exchange Management Shell on an Exchange Server 2010 server by using the following command:To get the list of Routing Group: Get-RoutingGroupConnectorThe Get-RoutingGroupConnector will return both Interop Routing Group Connectors (one from Exchange Server 2003 to Exchange Server 2010 and the other one vice versa) and this output will be used as input for the Remove-RoutingGroupConnector command as below. We will remove our connector accordingly:Remove-RoutingGroupConnector w2k10exa2-w2k3exa1.dtl-my.lab -Confirm:$FalseRemove-RoutingGroupConnector w2k3exa1.dtl-my.lab-w2k10exa2 -Confirm:$FalseRemove-RoutingGroupConnector Site-A<>Site-B -Confirm:$FalseRemove-RoutingGroupConnector Site-B<>Site-A -Confirm:$FalseWe have to make sure that absolutely no messages are remaining to be sent across the Interop Routing Group Connector before deletion! Remove the exchange 2003 Front-End servers:Now that all services are not needed anymore on Exchange 2003 it’s time to remove the Exchange 2003 Front-End Server from our Exchange organization. We have to use the Add/Remove Programs option in the server’s control panel to remove Exchange Server 2003. We’ve seen it several times, that customers just turn off their Exchange 2003 Servers and start wondering why their environment became that unstable!Please note that for uninstalling the Exchange 2003 Front-End Server you’ll need the installation media so keep this around.Steps to remove:From Add or Remove programs in control panel, select Change/Remove.Select Remove from the list of actions during setup.After the setup completes restart the server. We have removed both of the front end servers from our test lab accordingly. Remove Recipient Update ServiceThe Recipient Update Service is the next to remove from the Exchange Server 2003 server. To do this, we have followed these steps below:Open the Exchange System Manager.In the Recipients Container select the Recipients Update Service (domain). Right click this Recipient Update Service and select “Delete”. Click yes to confirm deletion.To remove the Enterprise Recipient Update Service it’s not possible to use the Exchange System Manager. To remove this we have to use ADSIEdit and follow the steps below:Open ADSIEDIT.msc using Start ??Run. ADSIEDIT is available with Windows Support Tools. Navigate to CN=Recipient Update Service (Enterprise Configuration),CN=Recipient Update Services,CN=Address Lists Container,CN=Exchange,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange,DC=comFor our test lab the location is here:CN=Recipient Update Service (Enterprise Configuration),CN=Recipient Update Services,CN=Address Lists Container,CN=DTLMY,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=dtl-my,DC=labSelect the RUS and Delete it. Remember, Domain RUS and Enterprise RUS both should be deleted. Remove Exchange Server 2003 Mailbox servers:Exchange 2003 Mailbox server W2K3EXB3 is the last exchange 2003 server and is ready to be removed. As we have removed our front-end server by Add Remove program, we just need to follow the same steps to remove it but it might be better to check things on this link below before removing it.More information regarding the removal of the last legacy Exchange Server can be found on the Microsoft website:- How to Remove the Last Legacy Exchange Server from an Organization. Restart the server once the un-installation completed.Special Notes: When we check Active Directory with ADSIEdit we have notice that the old Exchange Server 2003 Administrative Group is still present, although empty. We will not remove this Administrative Group unless we’re absolutely sure there’s no object in Active Directory referencing this Administrative Group in the ExchangeLegacyDN attribute. For more information please check this Microsoft knowledgebase article: - Users who use Outlook 2003 cannot publish their free/busy data in Exchange Server 2007.The recommendation would be just to leave it there and not touch it. Nobody will see this Administrative Group and it will bother nothing else, so just don’t touch it.Recommended ArticlesUnderstanding Role Based Access Control Understanding Permissions Coexistence with Exchange 2003 Understanding File and Data Access for Outlook Web App Understanding the Auto discover Service Allow Anonymous Relay on a Receive Connector Configure Outlook Web App Virtual Directories to Use SSLNeed Any Help?Leave comments or send email to sumon.nt@. Or call me at +60169772644 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download