View
75
Download
5
Category
Tags:
Preview:
Citation preview
WIPRO – I2 Confidential Page 1 of 123
Implementation of Microsoft Exchange Server 2007
Prepared For:
I2 Technologies
Bangalore
Submitted By: Wipro InfoTech # 30, Divya Sree,
Mission Road Bangalore
WIPRO – I2 Confidential Page 2 of 123
Table of Contents
Architectural Overview ............................................................................................................................... 4
Active Directory & Exchange 2007 Implementation Summary............................................................... 9
I2 POC Architecture .................................................................................................................................. 10
Active Directory 2008 Implementation .................................................................................................... 12
Configure DNS for Active Directory ........................................................................................................ 19
Check the Health of the Domain Controller. ........................................................................................... 23
AD Sites & Subnets Management ........................................................................................................... 24
Additional Domain Controller Setup. ...................................................................................................... 28
Configure Failover Clustering in Windows 2008 ................................................................................... 35
Exchange 2007 implementation .............................................................................................................. 46
Installing Exchange server 2007 ............................................................................................................. 50
Exchange 2007 CCR Implementation ...................................................................................................... 55
Installation of Edge Transport Server Role ............................................................................................ 65
Installation and Configuration of Certificate Services .......................................................................... 74
ISA 2006 Installation and Configuration ................................................................................................. 96
Conclusion ............................................................................................................................................... 122
WIPRO – I2 Confidential Page 3 of 123
Document Management Information
Document Title: Project Document for Implementation of Exchange Server 2007
Document Status: Approved Wipro/In Review- I2/Approved by Customer.
Document Publication History
Version
Number
Date Author(s) Remark
1.0 25-Nov-2008 Binil Project Document for Implementation of Exchange Server
2007
Document Review and Approval History
Version
Number
Date Reviewer and
Approver
Remarks
1.0 05-Dec-2008 Sathya Prakash Exchange Server 2007 Project Document
reviewed
Customer Review and Approval
1.0 Manoj
Document Distribution List
Sr. No. Name and Company Purpose
1 I2 Exchange Server 2007 Project Document
WIPRO – I2 Confidential Page 4 of 123
Architectural Overview
As a messaging system that is widely used in both large corporations and small businesses,
Exchange Server has always been scalable in both directions. However, new demands on
messaging – such as compliance, security, and disaster recovery – have created new
challenges for delivering a messaging system that works great in small businesses and large
enterprises alike. To rise to these new challenges, the architecture of Exchange Server 2007
has been updated to take advantage of 64-bit hardware, simplified administration and
routing, and to enable an Exchange server to host one or more server roles.
WIPRO – I2 Confidential Page 5 of 123
Server Roles
The following figure shows the some of the features for each Exchange 2007 server
role.
WIPRO – I2 Confidential Page 6 of 123
Exchange Server provides a complete messaging system that can run on a single server –
meaning that all Exchange services reside on one server, as with the Microsoft Small Business
Server product. However, there are significant gains in deployment, management, and
security that come from having a flexible, modular system that can be installed across more
than one machine. This concept was first introduced in Exchange 2000 Server; where a front-
end server could be configured to proxy inbound Internet client protocols to the appropriate
mailbox server. Front-end servers are optional and can reduce the load on mailbox servers
and simplify Microsoft Office Outlook® Web Access (OWA) and Exchange ActiveSync (EAS) user
access. Having front-end servers in medium-size and large organizations made Exchange more
scalable by concentrating particular tasks on a limited number of servers.
In Exchange Server 2007, role-based deployment has been expanded, allowing you to assign
predefined roles to specific servers. These roles allow organizations to control mail flow,
increase security, and distribute services, as shown in the following illustration.
Client Access role. Similar to the front-end server in earlier versions of Exchange, this server proxies Internet client traffic to the correct mailbox server.
Mailbox role. This role hosts user mailboxes stored in databases that can be replicated or clustered.
Hub Transport role. This role provides internal routing of all messages – from Edge servers, Unified Messaging (UM) servers, or between two users on the same mailbox database. The Hub Transport role is also where messaging policy is enforced for messages moving within and outside the organization.
Unified Messaging role. This role enables PBX integration to allow voice mail and fax messages delivered to Exchange mailboxes and provide voice dial-in capabilities to Exchange Server. This role and its services are explained in more detail later in this paper.
WIPRO – I2 Confidential Page 7 of 123
Edge Transport role. This server resides outside your internal network and provides on-premise e-mail security, antivirus, and anti-spam services for Exchange. Off-premise filtering can be provided by Exchange Hosted Filtering, discussed later.
Administrative Groups and Routing Groups
Administration is simplified and more flexible in Exchange Server 2007. In previous versions of
Exchange, administrative groups were administrative boundaries that contained servers and
other objects. While administrative groups could be created to segregate administration
within your IT organization, once created they were not very flexible. (You can‟t move
servers between administrative groups.) Exchange Server 2007 overcomes this limitation by
eliminating administrative groups. Administrative rights can now be delegated from the
organization down to the server. Whether your organization uses a centralized or
decentralized administrative model, you can delegate permissions to more closely match that
model and easily adapt to new models as your organization changes.
Routing groups have been integrated with Active Directory sites. Because the design criteria
for Active Directory site boundaries are similar to the design criteria for routing groups, and
are the same in most organizations, Exchange now assumes a routing topology based on Active
Directory site lines. Maintaining a separate Exchange routing topology and Active Directory
site topology is no longer necessary.
Storage Groups and Information Stores
Exchange Server 2007 Enterprise Edition supports up to 50 storage groups and 50 databases
per server. You can configure up to five databases per storage group, up to a maximum of 50
databases. Now mailbox data can be distributed across more databases, and mailbox
databases can be distributed across more storage groups, than in earlier versions of Exchange
Server. Exchange Server Standard Edition supports up to five storage groups and five
databases per server. Both Enterprise Edition and Standard Edition have an unlimited
database size limit.
WIPRO – I2 Confidential Page 8 of 123
Exchange Management Console
WIPRO – I2 Confidential Page 9 of 123
Active Directory & Exchange 2007 Implementation Summary
The following is a high-level summary of the Exchange 2007 Server implementation for I2. The
Summary is spelled out in detail in the rest of this document.
Active Directory Topology: Windows Server 2008 based Single Forest, single Domain architecture–
Active Directory Sites Structure: Single Site named as Bangalore.
Local Domain: “ jdatest.com ”
Domain Controllers: POCJDARDC,POCJDAADC
Exchange Organization: “ i2Exchange ”
Exchange 2007 Architecture: Two Mailbox Servers Configured as Cluster Continuous Replication.
Two HUB & CAS Servers on a F5 Load Balancer and one Edge Transport Server for Internet Mail
Relay.
SMTP Domain name: i2technologies.com
Administrative Model: Centralized server management, distributed recipient management
Administration Groups: Single Administrative Group.
Routing Groups: Single Routing group.
Storage Groups: Multiple storage groups are created in Exchange 2007.
Database backup: CCR is configured for all the storage groups.
SMTP Relay: Currently internet mails are getting relayed through Exchange 2007 Edge Transport
Server.
Reverse Proxy: ISA 2006 is configured to Publish Outlook Web Access.
Client Support: Microsoft Office System Outlook 2007/2003 is installed as supported mail client.
OWA Url: https://webmail.i2technologies.com
Outlook Anywhere: Server is enabled for Outlook Anywhere.
WIPRO – I2 Confidential Page 10 of 123
I2 POC Architecture
WIPRO – I2 Confidential Page 11 of 123
I2 Domain Controllers
Server Name IP Address Role FQDN
POCJDARDC
POCJDAADC
10.156.220.100
10.156.220.101
RDC
ADC
POCJDARDC.JDATEST.COM
POCJDAADC.JDATEST.COM
Exchange 2007 Servers
Server Name IP Address Role FQDN
POCJDAEXGHC01
POCJDAEXGHC02
POCJDAEXGMBX01
POCJDAEXGMBX02
POCJDAEDG01
10.156.220.102
10.156.220.103
10.156.220.102
10.156.220.102
10.157.34.13
HUB & CAS
HUB & CAS
Mailbox
Mailbox
Edge Transport
POCJDAEXGHC01.JDATEST.COM
POCJDAEXGHC02.JDATEST.COM
POCJDAEXGMBX01.JDATEST.COM
POCJDAEXGMBX02.JDATEST.COM
POCJDAEDG01.JDATEST.COM
Windows 2008 Cluster
Name IP Address Role FQDN
WINCLUSTER
POCJDAMBX
10.156.220.200
10.156.220.210
Windows Cluster
Exchange Virtual Server
WINCLUSTER.JDATEST.COM
POCJDAMBX.JDATEST.COM
ISA 2006 Servers
Server Name IP Address Role FQDN
POCJDAISA 10.156.220.106 Reverse Proxy POCJDAISA.JDATEST.COM
WIPRO – I2 Confidential Page 12 of 123
Active Directory 2008 Implementation
1. In Windows 2008 Server go to command prompt and type “dcpromo.exe”.
2. Click next on the welcome screen
WIPRO – I2 Confidential Page 13 of 123
3. Select Create new Domain in a new forest and click next.
WIPRO – I2 Confidential Page 14 of 123
4. Type the Domain name as JDATEST.COM and click next.
5. Select the forest functional Level as Windows Server 2003 and click next.
WIPRO – I2 Confidential Page 15 of 123
6. Select the Domain functional Level as Windows Server 2003 and click next.
7. Select DNS Server to be installed on the Server and click next.
WIPRO – I2 Confidential Page 16 of 123
8. Click yes on the delegation window and click next.
9. Select the Directory for storing the Active Directory Database files and click next.
WIPRO – I2 Confidential Page 17 of 123
10. Type the Recovery Mode Password and click next.
11. Review the Summary and click next to start the Active Directory installation.
WIPRO – I2 Confidential Page 18 of 123
12. Click finish and restart the Server.
WIPRO – I2 Confidential Page 19 of 123
Configure DNS for Active Directory
1. Open DNS Management console in the Domain Controller.
2. Right Click on the Reverse Lookup Zone and select new Zone.
3. Select Primary zone and click next, Store the zone in Active Directory must be selected to enable
WIPRO – I2 Confidential Page 20 of 123
4. Select the Replication to All the DNS Servers and click next.
WIPRO – I2 Confidential Page 21 of 123
5. Type the Subnet of the Domain Controller and click next.
WIPRO – I2 Confidential Page 22 of 123
6. Click finish to complete the zone creation.
7. Once the zone is created, open forward lookup zone and right click on the Host record of the
Domain controller and select properties. Put the tick mark on the Update Associated Pointer
option and click OK. This will automatically create a Pointer record in the reverse lookup zone.
WIPRO – I2 Confidential Page 23 of 123
Check the Health of the Domain Controller.
1. Verify all the Active Directory Roles are functioning properly by running the „Netdom‟ query.
2. Verify the SRV records in DNS.
WIPRO – I2 Confidential Page 24 of 123
AD Sites & Subnets Management
1. Open Sites and services in Active Directory. Right click the site and select new Site.
2. Name it as Bangalore and select the Default Site Link. Click OK and the site gets created.
WIPRO – I2 Confidential Page 25 of 123
3. Associate a subnet to the Bangalore Site. Right click on Subnets and select new Subnet.
WIPRO – I2 Confidential Page 26 of 123
4. Type the Subnet of the Domain Controllers with the Mask and associate it with Bangalore site
and click OK.
WIPRO – I2 Confidential Page 27 of 123
5. Once the Subnet has been attached to the site, move the Domain Controller to the new Site. In
the AD Sites and Services windows Right click on the Domain Controller and Select Move.
6. Select Bangalore site and click OK.
WIPRO – I2 Confidential Page 28 of 123
Additional Domain Controller Setup.
1. Run DCPROMO command in the Server designated to be promoted as ADC.
2. Click next in the welcome screen.
WIPRO – I2 Confidential Page 29 of 123
3. Select the option Add a Domain Controller in an existing Domain and click next.
4. Type the Domain and click next.
WIPRO – I2 Confidential Page 30 of 123
WIPRO – I2 Confidential Page 31 of 123
5. Select the Site to which the Domain Controller has to be installed.
6. Select the DNS and Global Catalog Roles and click next.
WIPRO – I2 Confidential Page 32 of 123
WIPRO – I2 Confidential Page 33 of 123
WIPRO – I2 Confidential Page 34 of 123
7. Click finish and restart the Server.
WIPRO – I2 Confidential Page 35 of 123
Configure Failover Clustering in Windows 2008
1. Before Configuring the Windows Cluster we need to configure the Network Adapters on the
Server.
2. We need to have two Network Adapters in each Server.
3. One Network card must be configured as Internal Network. Second card must be configured
with a Private rage of network. This card will be used for Heartbeat communication between
the Servers.
4. Attach separate SAN storage to each Server for the Exchange Database.
5. Join the machines to jdatest.com Domain.
6. Open Failover Cluster Management in the first node.
7. Select create a cluster option in the Action pane.
WIPRO – I2 Confidential Page 36 of 123
8. Click next to Continue.
9. Select both node1 and node2 to the cluster and click next.
WIPRO – I2 Confidential Page 37 of 123
10. Select yes to run the Cluster validation tests and click next.
WIPRO – I2 Confidential Page 38 of 123
WIPRO – I2 Confidential Page 39 of 123
11. Click finish to complete the Validation check.
12. Give a name and IP Address for the Cluster and click next.
WIPRO – I2 Confidential Page 40 of 123
WIPRO – I2 Confidential Page 41 of 123
13. Click finish to create the Windows Failover Cluster.
WIPRO – I2 Confidential Page 42 of 123
14. Once the Cluster is created, we need to configure the Quorum.
15. Exchange 2007 CCR supports File Witness Quorum.
16. Open the Failover Cluster Management; right click on the Windows Cluster we have created and
Select Configure Cluster Quorum settings in the More Actions.
WIPRO – I2 Confidential Page 43 of 123
17. Select Node and File Share Majority and click next.
WIPRO – I2 Confidential Page 44 of 123
18. We need to select a shared folder that will act as File Share Majority. Before selecting the
option create a folder in the Server where you will be installing the Exchange 2007 HUB
Transport Role.
WIPRO – I2 Confidential Page 45 of 123
19. Click finish to configure the Quorum settings.
WIPRO – I2 Confidential Page 46 of 123
Exchange 2007 implementation
INSTALLATION OF EXCHANGE 2007 SERVER System Wide Requirements
Exchange 2007 has a certain set of requirements that must be met before we proceed with the
installation and these requirements can be spilt into two types, system-wide and server-specific.
System-wide requirements ensure that your Active Directory is ready to accept Exchange 2007 servers
and server-specific requirements ensure that the server that Exchange 2007 will be installed on can
support.
One of the bigger requirements is that
1. Exchange 2007 requires the domain functional level to be at Windows 2000 native mode.
2. On top of that Exchange 2007 also requires that the Schema master and the Global Catalog
servers run Windows Server 2003 with SP1 applied.
3. It goes without saying that you also need a functional DNS infrastructure in place.
4. If you are installing Exchange 2007 into an existing organization, the Exchange mode must be
set to native-mode. This means no Exchange 5.5 servers anywhere in the Exchange
organization. If you still have any Exchange 5.5 servers, you will need to upgrade them to
Exchange 2000/2003 or remove them completely before proceeding with the installation of
Exchange 2007.
5. Exchange 2000 and 2003, the forest and domain needs to be prepared with schema
extensions. However, unlike the previous versions, Active Directory does not need to be
prepped beforehand, it is done automatically during setup, but the option does exist to allow
for manual schema upgrades.
6. During the setup process the server will connect to the Schema Master in an effort to update
the schema and this requires that the Schema Master is available and that the account you are
running setup with has permissions to modify the schema.
7. You can prep the domain manually with the /PrepareAD switch on any server in the same
domain that the Schema Master is in but it is recommended to do this on the Schema
Master. Once you have completed this, you will have to wait for the schema updates to
replicate throughout the forest before you install any additional Exchange 2007 servers in the
organization.
8. Finally, as with all Exchange installations, you require certain administrative rights in order to
install an Exchange 2007 server. The following is a list of required permissions required to
install an Exchange 2007 server into a new or existing organization.
a. Local Administrator on the server
WIPRO – I2 Confidential Page 47 of 123
b. Enterprise Administrator
c. Domain Administrator
d. Schema Administrator (only required to extend the Schema)
e. You complete Exchange 2007 installation by performing several tasks. You can complete all these tasks at the same time, or you can perform some of the tasks before you start Exchange 2007 server role installation. To complete installation, follow these steps
Pre-requisites for Exchange Server 2007 Hub/CAS/Mailbox Role
Microsoft .NET Framework 2.0 (x64 bit)
Microsoft Management Console 3.0 (x64 bit
Windows Power Shell V1.0
IIS 6.0
WIPRO – I2 Confidential Page 48 of 123
Prepare Active Directory for Exchange 2007
1. Run the following commands in the Domain controller where the schema master role is running.
WIPRO – I2 Confidential Page 49 of 123
2. Once it is completed successfully, we can start the Exchange setup. Note: If you have Large AD infrastructure, you need to wait until the schema changes are replicated to all the Domain Controllers.
WIPRO – I2 Confidential Page 50 of 123
Installing Exchange server 2007
Installation of Exchange 2007 HUB and CAS
1. Exchange 2007 Setup Splash Screen, click on Install Microsoft Exchange to start the
setup.
WIPRO – I2 Confidential Page 51 of 123
3. Exchange Server 2007 Setup Wizard Introductory Page
4. Select I Accept License agreement then Click Next
WIPRO – I2 Confidential Page 52 of 123
5. Error Reporting Page click next.
6. Select Custom Exchange Server Installation and click next
WIPRO – I2 Confidential Page 53 of 123
7. Select Client Access Role and Hub Transport Role and click next
WIPRO – I2 Confidential Page 54 of 123
8. Click finish to complete the setup.
WIPRO – I2 Confidential Page 55 of 123
Exchange 2007 CCR Implementation
Active Clustered Mailbox role installation
1. Run the setup.exe in the first node
WIPRO – I2 Confidential Page 56 of 123
WIPRO – I2 Confidential Page 57 of 123
2. Select Custom installation and click next.
3. Select Active Clustered Mailbox role and click next.
WIPRO – I2 Confidential Page 58 of 123
4. Select Cluster Continuous Replication and type the Clustered Mailbox Server name as POCJDAMBX. This is the Virtual Exchange cluster name. Select Mailbox role location and click next.
5. Give an IP address for the Exchange Virtual Server and click next.
WIPRO – I2 Confidential Page 59 of 123
WIPRO – I2 Confidential Page 60 of 123
6. Click finish to complete the setup.
WIPRO – I2 Confidential Page 61 of 123
Passive Clustered Mailbox role installation
1. Run the Setup in the Passive node.
WIPRO – I2 Confidential Page 62 of 123
WIPRO – I2 Confidential Page 63 of 123
2. Select Passive Clustered Mailbox Role and click next.
WIPRO – I2 Confidential Page 64 of 123
3. Click finish to complete the setup.
WIPRO – I2 Confidential Page 65 of 123
Installation of Edge Transport Server Role
1. Prerequisites for installing Edge Transport Server. a. The Edge Trans port Server role must be installed in DMZ zone. b. The operating system must be configured in Workgroup environment. c. The DNS suffix must be added to the Network properties. Right click
My computer->Properties->Change Settings->Change->More->Add JDATEST.COM in the primary DNS suffix
d. Active Directory Application Mode must be installed. e. Host record of the HUB transport server must be added in the host file of the Edge Server.
2. Ports must be opened between Edge Transport Server and HUB Transport Servers.
Network
interface Open port Protocol Note
Between Edge and Internet
25/TCP SMTP This port must be open for mail flow to and from the Internet.
Between Edge and HUB
25/TCP SMTP This port must be open for mail flow to and from the Exchange organization.
Local only 50389/TCP LDAP This port is used to make a local connection to ADAM.
HUB to Edge 50636/TCP Secure LDAP
This port must be open for EdgeSync synchronization.
Inbound from the internal
network
3389/TCP RDP Opening this port is optional. It provides more flexibility in managing the Edge Transport servers from inside the internal network by
letting you use a remote desktop connection to manage the Edge Transport server.
Edge to
Internal DNS Servers
53/UDP DNS This port provides DNS communication between
Edge and HUB transport Servers. This port is optional since you can have a host record for the communication
Between Edge and internet
53/UDP DNS This port provides DNS communication between Edge and internet.
WIPRO – I2 Confidential Page 66 of 123
Install Edge transport Server
1. Run the Exchange 2007 setup.
WIPRO – I2 Confidential Page 67 of 123
WIPRO – I2 Confidential Page 68 of 123
2. Select Edge Transport server role and click next.
WIPRO – I2 Confidential Page 69 of 123
3. Click finish to complete the setup.
WIPRO – I2 Confidential Page 70 of 123
Configure Edge Subscription 1. Open the Exchange Management Shell in Edge transport Server and run the following
command. “New-EdgeSubscription -filename "C:\EdgeSubscriptionInfo.xml"
2. The file will get saved in c drive. Copy the file to HUB transport Server. 3. After the file is copied, open Exchange management console in HUB transport Server. 4. Under Organization configuration->Hub Transport->Edge Subscription. 5. Click on new Edge Subscription.
WIPRO – I2 Confidential Page 71 of 123
6. Select the Active Directory site and click on browse to select the Edge Subscription xml file created in the Edge Transport Server and click New.
WIPRO – I2 Confidential Page 72 of 123
7. Click finish to complete the subscription in HUB transport Server.
WIPRO – I2 Confidential Page 73 of 123
8. Once it is created we need to start the Edge Synchronization. Open Exchange Management shell in Hub Transport Server and execute the following command.
“Start-Edgesynchronization”
WIPRO – I2 Confidential Page 74 of 123
Installation and Configuration of Certificate Services 1. We will configure the Certificate Services in Additional Domain Controller. 2. Open Server Manager in ADC and click on ADD Roles.
WIPRO – I2 Confidential Page 75 of 123
3. Select Certificate Authority and click next.
4. Select Enterprise CA and click next.
WIPRO – I2 Confidential Page 76 of 123
5. Select Root CA since this is the first CA we are installing in the Domain.
WIPRO – I2 Confidential Page 77 of 123
6. Give a name for the Certificate Authority. We will give JDATEST CA
WIPRO – I2 Confidential Page 78 of 123
7. We can set the validity period for the certificates generated by this CA.
WIPRO – I2 Confidential Page 79 of 123
WIPRO – I2 Confidential Page 80 of 123
8. Click install to start the CA installation.
9. Close when the installation is complete.
WIPRO – I2 Confidential Page 81 of 123
10. Once the CA has been installed, open the IIS console in the Client Access Server and double click on Certificate option. Click on Create certificate request.
11. Give the common name as “webmail.i2technologies.com” and give other details.
WIPRO – I2 Confidential Page 82 of 123
12. Specify a location and give the file name to save the certificate request file.
WIPRO – I2 Confidential Page 83 of 123
WIPRO – I2 Confidential Page 84 of 123
13. Once completed connect to Certificate Authority by the following URL. http://pocjdaadc/certsrv
14. Click on Advanced certificate request.
WIPRO – I2 Confidential Page 85 of 123
15. Click on Submit a certificate request by using a base 64
WIPRO – I2 Confidential Page 86 of 123
16. Open the Certificate request text file which was created earlier.
17. Copy the entire contents of the file and paste it in the Saved request box in the Certificate request console. Select Web Server certificate.
WIPRO – I2 Confidential Page 87 of 123
18. Click on Download certificate to download the certificate generated by CA.
WIPRO – I2 Confidential Page 88 of 123
19. Once the certificate is downloaded. Open the IIS console in Exchange CAS Server. Open Server certificate option and click on Complete Certificate Request.
WIPRO – I2 Confidential Page 89 of 123
20. Select the Certificate downloaded from the CA and give any friendly name.
WIPRO – I2 Confidential Page 90 of 123
21. Click ok to install the certificate in CAS Server.
22. After the certificate is installed, we need to enable the certificate in Exchange. Open the certificates installed and copy the thumbprint from the certificate.
WIPRO – I2 Confidential Page 91 of 123
23. Remove the space between the numbers in the thumb print.
24. Open Exchange management console and run following command.
WIPRO – I2 Confidential Page 92 of 123
25. Give the Service name as IIS and press Enter.
WIPRO – I2 Confidential Page 93 of 123
26. Paste the thumb print which was copied earlier and press enter.
27. This will enable the Webmail certificate created in the Exchange.
WIPRO – I2 Confidential Page 94 of 123
Enable Outlook Anywhere in Client Access Server
1. To enable Outlook Anywhere in Client Access Server, we need to install the RPC over http proxy from the Server manager.
2. Open Server Manager in CAS Server->Add features->Select RPC over http proxy and click install.
3. After the RPC over http installation, open Exchange Management Console, under Server configuration->right click on the CAS Server and Select Enable Outlook Anywhere.
WIPRO – I2 Confidential Page 95 of 123
4. Type the external host name through which the Outlook Anywhere will be accessed. Usually it will be the same name you access OWA from internet. Select basic Authentication and click Enable.
5. This will enable the Outlook Anywhere in the CAS Server.
WIPRO – I2 Confidential Page 96 of 123
ISA 2006 Installation and Configuration 1. Following are the prerequisites for installing ISA Server 2006.
a. Windows 2003 with SP1 and above. b. Two network Adapters (Public and Private networks) c. Domain Membership (We will install the ISA Server as Member Server) d. Configure one adapter to Public Network IP and other one to internal network
IP. e. Join the machine to jdatest.com Domain.
2. After completing the prerequisites, double click the ISA 2006 setup. 3. Click next to continue
WIPRO – I2 Confidential Page 97 of 123
WIPRO – I2 Confidential Page 98 of 123
4. Select Install both ISA Server services and Configuration Storage server and click next.
WIPRO – I2 Confidential Page 99 of 123
5. Select the installation directory and click next.
6. Select create a new ISA Server Enterprise and click next.
WIPRO – I2 Confidential Page 100 of 123
7. Click on Add to select the internal network and Add the IP address rages in the network.
WIPRO – I2 Confidential Page 101 of 123
8. Click next to continue.
WIPRO – I2 Confidential Page 102 of 123
WIPRO – I2 Confidential Page 103 of 123
9. Click install to start the installation.
WIPRO – I2 Confidential Page 104 of 123
Install the Webmail Certificate in ISA Server. 1. We need to install the Webmail Certificate issued to CAS server in ISA Server.
ISA will use this Certificate to authenticate the Client Requests. 2. Open MMC in ISA Server->Add Computer Certificates->Personal Certificate 3. Right click on the Certificates->All Tasks->Select Import.
WIPRO – I2 Confidential Page 105 of 123
4. Click browse and Select the Webmail certificate ( Export the Certificate from CAS server and copy it to ISA Server before this step)
WIPRO – I2 Confidential Page 106 of 123
WIPRO – I2 Confidential Page 107 of 123
5. Click finish to complete the Certificate import wizard.
WIPRO – I2 Confidential Page 108 of 123
ISA 2006 Configuration
1. By Default there will be one rule Deny any to any traffic rule will be created in
ISA Server.
WIPRO – I2 Confidential Page 109 of 123
Publish Outlook Web Access in ISA 2006
1. To Publish OWA, open ISA console->Firewall Policies->Click on Publish
Exchange Web Client Access. Give a name for the rule and click next.
2. In the Exchange Version select Exchange 2007 and select Outlook Web Access in the Web Client mail services.
WIPRO – I2 Confidential Page 110 of 123
3. Use Publish a single web site option and click next.
WIPRO – I2 Confidential Page 111 of 123
4. Type the name of the internal web site that is publishing and select the CAS server name and click next.
5. Type the external OWA url in the Public name and click next.
WIPRO – I2 Confidential Page 112 of 123
6. The Web Listener page appears. We need to create a new Listener for the OWA Publishing. Click on New in the Web Listener window.
7. Give the name as Exchange Listener.
WIPRO – I2 Confidential Page 113 of 123
8. We need to have SSL connection when clients connect to the Server. Select the
option and click next.
9. Select the External network and add the IP subnets for that.
WIPRO – I2 Confidential Page 114 of 123
10. Also select the internal network and add the IP subnets.
WIPRO – I2 Confidential Page 115 of 123
11. The Certificate screen appears. Select the webmail certificate for both the networks.
WIPRO – I2 Confidential Page 116 of 123
WIPRO – I2 Confidential Page 117 of 123
12. Select Form based authentication for the client communication and select Active Directory for the client credential verification.
13. Type the Public Domain name and click next.
WIPRO – I2 Confidential Page 118 of 123
14. This completes the Listener configuration. Click next
WIPRO – I2 Confidential Page 119 of 123
15. Select Basic Authentication and click next.
16. Select Authenticated Users and click next.
WIPRO – I2 Confidential Page 120 of 123
17. Click finish to complete the OWA publishing wizard.
18. Click Apply to affect the settings.
WIPRO – I2 Confidential Page 121 of 123
Redirect Http requests to Https in ISA 2006
1. Open the Web Listener properties and click on connections. 2. Select Redirect authenticated traffic from http to https.
WIPRO – I2 Confidential Page 122 of 123
Receive Connector Settings
1. Verify the receive connector settings.
Conclusion
Installation and configuration of Exchange 2007 has been completed successfully. Exchange mailbox Servers are installed on a CCR setup and client Access Server are configured on a Hardware Load balancer. Exchange Internet Access has been published through ISA 2006.
-----End of the Document-----
WIPRO – I2 Confidential Page 123 of 123
Recommended