Preparing Exchange 2007 SP1 in Windows Server 2003 SP2

There are steps to be done before installing Exchange 2007 SP1.

In Windows Server 2003. This is what I need to do:

  • I need to ensure it is upgraded to service pack 2 since I don’t have Windows Server 2003 R2. You can install service pack 2 right away without installing service pack 1
  • I Install .netframework 2.0 sp2 or above. I prefer to install .netframework 3.5
  • Microsoft Management Consosle (mmc) 2.0
  • Windows Server 2003 Power Shell 1.0  Knowledge Base KB KB926139
  • Cumulative Time Zone for windows server 2003 KB 931836
  • Joined Domain
  • ADAM for Edge Transport Server Exchange 2007 (Optional) (which is not in a domain member)

 

After that, extract the Exchange Server 2007 SP1 to local hard drive.

Run the setup to prepare the unattended installation

in Command Prompt:

– I sequently running the command

  • PrepareLegacy   – setup /PrepareLegacyExchangePermission
  • PrepareSchema – setup /PrepareSchema
  • PrepareAD        – setup /PrepareAD /OrganizationName:”netoverme”
Advertisements

Exchange Server 2007 SP1 and ISA Server 2006 SP1(Continued…)

Continuing the discussion on previous post https://netoverme.wordpress.com/2010/11/03/exchange-server-2007-sp1-on-isa-server-2006-architecture .

Other than publishing the firewall policy of SMTP 25, I need to configure Outlook Web Access 2007 (OWA) to be created using the Mail Publishing Wizard in ISA Server. This rule is staight forward. Before that, I must resolve the OWA url of internal network so that the users are easily to remember to browse or open their mail using OWA.  I prefer to use https://mail.netoverme.info/ . This domain https://mail.netoverme.info resolve my Client Access Server that runs OWA where I need to configure my internal DNS server. 

Then,  I need to create OWA certificate to be issued on the IIS of OWA 2007 which is at Client Access Server Role and make sure there is no security warning pop up when opening the OWA url (https://mail.netoverme.info/owa)

Example of Publish certificate request by power shell command:

Certificate Resquest Saving into text (txt file)

Note: You need to install Certificate Service in order to issue the certificate. Usually using browser http://yourCAserver/certsrv . Afer issuing certificate, where at the end you save, “certnew.cer”, you need to issue on your OWA website on IIS.

After that, I export the certificate as including the private key

you need to set the private key as you prefer and proceed next until finish wizard. This certificate is important where ISA Server would ask this later.

When Publishing Mail rule policy, it is really straight forward. You need to have the certificate above to export in Personal folder of certificate and as I say earlier, you need the private key to include during you creating this on web listener as you go along with the creation of OWA publishing rule.

After that, you test the firewall policy using The Test Rule button https://netoverme.wordpress.com/2010/02/18/isa-server-create-new-rule/

Finally, try to telnet port smtp 25 from public IP address.

Exchange Server 2007 SP1 on ISA Server 2006 architecture

Hi there, I would like to share my experience on setting up Exchange Server 2007 with the existing servers below:

  • ISA Server 2006 SP1
  • Edge Transport Server – Exchange Server 2007 SP1
  • Hub Transport, Mailbox, and Client Access Server – Exchange Server 2007 SP1
  • Active Directory
  • DNS Server

hoping the diagram looks like below:

 

 

Figure 1: Exchange 2007 & ISA Server 2006

Figure 2: DNS flow

 

Figure 1 and Figure 2 explained on which ports should be allowed to make the email is received and sent.

Ony my set up:

  • ISA Server is a member of a domain (joined domain)
  • Edge Server is NOT a domain member  – In Windows Server 2003, I used ADAM to connect to the LDAP. That’s why in figure 1, I open a port to allow the port 50636 and 50389 to connect Secure LDAPS.
  • DNS server integrated with Active Directory
  • Public DNS using the domain hosting providers – Creating MX Records and resolve domain for example, mail.netoverme.info
  • Publishing a Firewall Policy – SMTP port 25 between DMZ and Internal should be allowed where in figure it is between hub transport server (netoverme-exc) and edge server (netoverme-edge). Also, this port should be allowed from edge server to external network for outbound (by creating a a firewall rule) and from external to edge server for inbound the tcp 25 port smtp traffic (this is done by publishing SMTP server).