2007 Publishing Exchange 2007 With ISA 2006 Nguyen Quoc Huy Nguyen Van Du Email: [email protected] [email protected]
Contents
I. Topology and Description ................................................................................................................... 1
II. Installing and Configuring Exchange Server 2007 ............................................................................ 2
1. Hardware requirement................................................................................................................. 2
2. Software requirement .................................................................................................................. 2
3. Add Components to install Microsoft Exchange Server ............................................................. 3
4. Install prerequisite packets .......................................................................................................... 5
5. Install Microsoft Exchange Server 2007 ................................................................................... 12
6. Configure Exchange 2007 ......................................................................................................... 21
7. Insert Offline Address Book in Mail Database ......................................................................... 28
III. Installing ISA 2006 ......................................................................................................................... 30
IV. Publishing an Exchange Web Access (OWA) ................................................................................ 35
1. Install Certificate Service on domain controller VNFSDC001 ................................................. 35
2. Create certificate for Exchange web ......................................................................................... 37
a. Delete default existing certificate ......................................................................................... 37
b. Create certificate for default website .................................................................................... 41
c. Export certificate of OWA virtual directory ......................................................................... 45
3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) .................................... 52
4. Import certificate to ISA VNFSIS001 ...................................................................................... 56
5. Create Web Listening object on ISA ........................................................................................ 65
6. Create web publishing OWA rule ............................................................................................. 73
V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) ......................................... 78
1. Install network service RPC Over HTTP (on vnfsdc001) ........................................................ 78
2. Enable Outlook Anywhere of Exchange 2007 .......................................................................... 81
3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001 .............................................. 83
VI. Publishing an Exchange Server for SMTP, POP3 .......................................................................... 90
1. Install SMTP service on ISA relay connect to SMTP exchange 2007...................................... 90
2. Configuration SMTP relay on ISA server ................................................................................. 94
3. Create SMTP Server to SMTP Server Rule .............................................................................. 99
4. Create publishing SMTP and POP3 rule on ISA server ......................................................... 103
VII. Client test ..................................................................................................................................... 107
1. Login with web access OWA .................................................................................................. 107
2. Register Outlook Anywhere.................................................................................................... 108
3. Register POP3 & SMTP ......................................................................................................... 121
1
I. Topology and Description
This lab is to setup & configure Microsoft Exchange 2007 Enterprise X64. After that, the services
OWA, SMTP, POP3, MAPI are published to internet using Microsoft ISA 2006 Standard
The following is the configuration information of each device:
Computer Number 1 2 3
Computer Name VNFSDC001 VNFSIS001 CLIENT01
IP Address Information IP address:
192.168.1.2
DG:
192.168.1.1
DNS:
192.168.1.2
Internal:
IP address:
192.168.1.1
DNS:
192.168.1.2
External:
IP address:
172.16.1.2
DG:
172.16.1.1
IP address:
192.168.1.11
DG:
192.168.1.1
DNS:
192.168.1.2
OS Windows Server 2003
En R2 x64
Windows Server 2003
En R2 x86
Windows XP
Professional
Installed Services DHCP
DNS
WINS
Certificate Services
Exchange 2007 En
(All updates from
ISA 2006 Standard
Edition
(All updates from
Microsoft Update
installed)
None
(All updates from
Microsoft Update
installed)
2
Microsoft Update
installed)
Addition
Configurations
SP2 SP2, ISA Publishing
Pack Update
SP3
Domain Name glfs.myvnc.com
(domain functional
level windows 2003,
forest functional level
windows 2003)
glfs.myvnc.com glfs.myvnc.com
Domain Member Yes Yes Yes
Exchange Server Role Mailbox server
Hub Transport
Client Access Server
N/A N/A
Admin Account Administrator Administrator Administrator
Password 123qwe!@# 123qwe!@# 123qwe!@#
II. Installing and Configuring Exchange Server 2007
This section will show you how to install exchange 2007 server step by step. This process must be
done in sequence:
a. Hardware requirement
b. Software requirement
c. Add the necessary component
d. Install the perquisite packages
e. Install Exchange 2007 Enterprise
f. Configure Exchange 2007 Enterprise
1. Hardware requirement
The first step is to determine whether a computer is capable of running Exchange Server
2007. The following list details the hardware requirements of the computer that will host
Exchange Server 2007:
x64 architecture-base processor that supports the Intel EM64T or AMD64 instruction
set
2 GB of RAM plus 5 MB of RAM per mailbox
1.2 GB of disk space on the volume on which Exchange is installed plus 500 MB per
unified messaging language pack that is to be installed
200 MB of free disk space on the system volume
2. Software requirement
Prior to the installation of Exchange, the software environment should meet the following
requirements:
64-bit edition of Windows Server 2003 or Windows Server 2003 R2. If you plan to
use single-copy cluster or cluster continuous replication, the enterprise editions of
Windows Server 2003 and Windows Server 2003 R2 are required
The following volumes must be formatted with the NTFS file system:
3
o System volume
o Volumes that store Exchange program files, storage group files, transaction
log files, database files, and all other Exchange files
Microsoft .Net Framework 2.0 SP1
Microsoft Windows PowerShell. This can be downloaded from Microsoft’s Web site
MMC 3.0. This version of the MMC is included with Windows Server 2003 R2 but
not with Windows Server 2003. This MMC is installed when you apply SP2 to
Windows Server 2003 R2
Update for Windows Server 2003 x64 edition KB904639
Update for Windows Server 2003 x64 edition KB918980
The Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol
(NNTP) service must not be installed.
3. Add Components to install Microsoft Exchange Server
The service IIS with ASP.Net needs to install prior Exchange 2007 setup
Click Start, point to Control Panel.
Click Add or Remove Programs
4
Click Add/Remove Windows
Components.
In Windows Component Wizard, on the
Windows Components page, highlight
Application Server, and then click
Details.
In Application Server, select the
ASP.NET check box.
5
Click Next, and when the Windows
Components Wizard completes, click
Finish.
4. Install prerequisite packets
The following package will be installed as prerequisite packets:
a. ADAM
b. .Net Framework 2.0 SP1
c. Windows Power Shell
ADAM package
Open windows explorer and double click
on the package ADAM
6
Click Next on the Software Update
Installation Wizard dialog
Check Agree and click Next
Wait for the installation
7
The package is installed successfully
Click Finish
.Net Framwork 2.0
Open windows explorer and double click
on the package .Netx64
Click Next on the Microsoft .Net
Framework 2.0 (x64) Setup dialog
8
Check I accept the terms of the License
Agreement then click Next
Wait for the installation
9
Click Finish for successful installation
Go on installing the update of .Net
Framework.
Double click the update package
Click Ok to update the Microsoft .NET
Framework 2.0
10
Click on I accept button
Waiting for the installation
Click OK
Click Reboot Now and your computer is
going to restart
11
Windows PowerShell
Double click on the package Windows
PowerShell
Click Next on the Software Update
Installation Wizard
Check I Agree then click Next
Waiting for the Installation
12
Click OK to finish the installation of
Windows PowerShell
5. Install Microsoft Exchange Server 2007
The domain server will be also Exchange mail server. Its exchange roles are Client Access, Hub
Transport, Mailbox server.
Insert Exchange 2007 DVD into DVD
Rom
The Exchange 2007 Setup dialog shows
Click Next
13
Check I accept the items in the license
agreement
Click Next
Select Yes (Recommended) to enable Error
Reporting for improving the quality,
reliability, and performance of Microsoft
software
Click Next
Choose option Typical Exchange Server
Installation.
This option will install the mail server roles
: Hub Transport, Client Access, Mailbox
and Exchange Management Tools
You need to choose the location for
exchange files
Click Browse
14
Create the folders in which Exchange 2007
files store
Click OK
Continue setting up. Click Next
15
Enter the Exchange organization
Click Next
Note: the example organization is GLFS
If the clients in your company use Outlook
2003, choose Yes so that outlook 2003 is
compatible with exchange 2007
Click Next
Waiting for the Readiness Checks
16
All prerequisites are ok. You can go on
installing exchange 2007
Click Install
Waiting for the installation process
17
The installation is successful.
Check the Finalize installation using the
Exchange Management Console
Click Finish
Exchange Management Console shows up.
It instructs the finalize deployment
First, you need to supply the License Key
of product.
On the left pane, expand Microsoft
Exchange -> Server Configuration -> Hub
Transport
On the Action pane, select Enter Product
Key
18
Enter key on product key text box
Click Enter button
Congratulation, the wizard of Product key
finish properly
Click Finish
Turn back the first dialog of Exchange
19
Second, the exchange 2007 needs to be
updated
On the left pane, select Toolbox
On the right pane, select Best Practices
Analyzer
The Microsoft Exchange Best Practices
Analyzer appears
Check on Check for updates on startup
(recommended) and Join the Microsoft
Customer Experience Improvement
Program
Select Check for updates now
The update is on progress for checking
20
Select Download the lasted updates
Updated packages are downloaded and
installed
Finish updating product
21
6. Configure Exchange 2007
After setting up exchange, the basic configuration had better be configured for normal working.
On Exchange Management Consoles,
Go to Server Configuration -> Hub
transport.
On the left pane, right click on Client
VNFSDC001, select Properties
Enter mail.glfs.myvnc.com on the Specify
the FQDN
22
Select tab Authentication, uncheck Offer
Basic authentication only after starting
TLS
Select Permission Groups
Select tab Permission Groups, check
Anonymous Users, Exchange Users
Click Ok
Right click on Default VNFSDC001, select
Properties
23
Enter mail.glfs.myvnc.com
On Authentication tab, uncheck Offer
Basic authentication only after starting
TLS
Select Permission Groups
24
Check Anonymous users, Exchange Users,
Exchange Servers & legacy Exchange
Servers
Click Ok
Go to Server Configuration - > Client
Access
On the right pane, right click on owa and
select Properties
Input the external URL:
https://mail.glfs.myvnc.com/owa
Choose Authentication tab
25
Check Basic authentication (password is
sent in clear text)
Click ok to finish changing
Go to Organization Configuration -> Hub
Transport
Select tab Send Connectors on the right
pane
Right click on this and select New send
connector
26
Enter the name of Send Connector:
Outbound to Internet
Select the intended use “internet” for the
send connector
On the New Send Connector dialog, Click
Add and enter * on the Domain textbox
Click Ok
Click Next
27
Click Next
Select Source Server and click Next
Click new to create send connector
28
Click Finish
7. Insert Offline Address Book in Mail Database
The following steps help remove the error of the object missing in exchange cached mode.
Open Exchange Mangement Console
Go to Microsoft Exchange -> Server
Configures -> Mailbox
On the right pane, Right click on First
Storage Group – Mailbox Database
Select Properties
29
On Mailbox Database Properties, Go to tab
Client Settings
Click Browse
Select Default Offline Address Book
Click OK
30
Click OK
Close the console
III. Installing ISA 2006 On the server VNFSIS001, you set IP address for internal & external interface properly. ISA
2006 Standard plays roles as gateway for internal, gateway for VPN at external and publishing owa,
outlook anywhere, pop3, smtp.
31
Put the CD the the cdrom drive, the
welcome of ISA appears
Click on Install ISA Server 2006
Waiting for the preparation
Click Next the the welcome page
32
Select I accept the terms..
Click Next
Enter the name and Organization
Click Next
Choose Typical
Click Next
33
Choose the range of Internal Network
Click Next
Click Next
Click Next
34
Click Install to start setting up
Waiting for the installation
Waiting…
35
Select Invoke ISA Server Management
Click Finish
The interface of ISA 2006 turns out
IV. Publishing an Exchange Web Access (OWA)
This section shows you how to publish OWA. Certificate of default web access need creating &
exporting to ISA server. ISA server uses this certificate to create web listener & OWA publishing rule.
1. Install Certificate Service on domain controller VNFSDC001
On add or remove programs
36
Select certificate sevices
Select enterprise root CA
Enter mail on common name for this CA
37
Click Next
Waiting for installation
Click Finish
2. Create certificate for Exchange web
a. Delete default existing certificate
38
Open Internet information service
Right click Default web site and select
Properties
Select tab Directory Security, click
Server Certificate
39
Click Next
Select Remove the current certificate and
click Next
Click Next
40
Click Finish
On the Default Web Site, click Edit
Check Require secure channel (SSL)
Click Ok
41
Click OK
b. Create certificate for default website
On the Internet Information Services
Manager, right click on Default Web Site
Select Properties
On tab Directory Security, click Server
Certificate
42
Click Next
Choose Create a new certificate
Click Next
Choose Send the request …
Click Next
43
On the textbox name, enter
mail.glfs.myvnc.com
Click Next
Enter Organization, click Next
Input Country, State, city
Click Next
44
Click Next
Click Next
Click Next for accepting confirmation
45
Click Finish
Click Ok
c. Export certificate of OWA virtual directory
This section will export the certificate for OWA. As to implementation, Virtual directory
RPC needs exporting for OWA & RPC over HTTP
46
Right click RPC and click properties
Select Directory Security tab, Click Edit
in Authentication and access control
47
Check Integrated windows
authentication and Basic authentication
(password is send in clear text)
Click Edit on Secure communications
48
Check Require secure channel (ssl) and
Require 128-bit encryption
Click View Certificate
49
Select Details tab and click Copy to file
Click Next
50
Select yes, export the private key and
click Next
Select include all certificate in the ….
Click Next
Enter password for file certificate.
Note: keep it, when import on ISA we
must enter this password
51
Browse to save file
Click Next
Click Finish
Click OK for finishing exporting certificate
52
Click OK
Click OK
3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001)
Three CName (mail, pop, smtp) mapping to VNFSIS001.glfs.myvnc.com (192.168.1.1) are
created on DNS of VNFSDC001. They are used for OWA, RPC publishing, pop3 and smtp.
53
Open DNS
On DNS console, right click on
glfs.myvnc.com
Select New Alias (CNAME)…
Enter mail on Alias name
Select vnfsis001.glfs.myvnc.com for
FQDN
Click OK
54
The DNS console appears like this
On DNS console, right click on
glfs.myvnc.com
Select New Alias (CNAME)…
Enter mail on Alias name
Select vnfsdc001.glfs.myvnc.com for
FQDN
Click OK
55
On DNS console, right click on
glfs.myvnc.com
Select New Alias (CNAME)…
Enter mail on Alias name
Select vnfsdc001.glfs.myvnc.com for
FQDN
Click OK
The DNS windows after create CName
56
4. Import certificate to ISA VNFSIS001
The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on
Personal & Trusted Root Certificate store.
Copy file mycert.pxf from VNFSDC001
(this file exported in OWA of IIS)
Click Start, select Run….
Enter MMC and click OK
57
Click menu File, Add/ Remove ….
Click Add
58
Select Certificates and click Add
Select Computer account and click Next
Click Finish
59
Click Close
Click OK
60
Right click on Personal, select All Tasks
Import
Click Next
Browse for the certificate file
61
Enter password of the certificate file you
have set
Click Next
Click Next
Click Finish
62
Click OK
The certificate has been imported
Go to Trusted Root Certificate, right click
on Certificates, select All tasks -> Import
63
Click Next
Click Browse for the certificate file
Enter password of file
Click Next
64
Click Next
Click Finish
Click OK
65
The certificate has been imported
5. Create Web Listening object on ISA
Open ISA
Move to firewall rule, on the right pane
right click on Web Listener
Select New Web Listener
66
Enter name for the web listener
Select Require SSL secure connections
with clients
Click Next
67
Select Internal, External
Click on Select IP Addresses
Add IP address of external
Click OK
Select internal, click Select IP Addresses
68
Add ip address of internal
Click OK
Select IP address of external and click
Select Certificate
Select certificate mail.glfs.myvnc.com
Click Select
69
Select IP address of internal and lick select
certificate
Select certificate mail.glfs.myvnc.com
70
Click Next
Select HTML From Authentication and
LDAP (active directory)
71
On the textbox SSO, enter
.glfs.myvnc.com
Select the LDAP Servers
Click Add
72
Enter FQDN name of VNFSDC001
(domain controller) on Server name
Click OK
Enter glfs.myvnc.com for type the Active
Directory domain name
Click Next
73
Click Finish
6. Create web publishing OWA rule
Right click Firewall Rule New
Exchange Web Client Access Publish rule
74
Enter name for publishing rule.
Please input Publishing OWA
Select exchange server 2007 and check
Outlook Web Access
Click Next
75
Select Use SSL to connect to the published
web server or server farm
Click Next
Enter mail.glfs.myvnc.com for internal
site name
Enter vnfsdc001.glfs.myvnc.com for
Computer name or IP address
76
Enter mail.glfs.myvnc.com for Public
name
Click Next
Select Web listener which was created
Click Next
77
Select Basic authentication
Click Next
Click Next
78
Click Finish
Click Apply
V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP)
The RPC publishing rule is the same as OWA publishing rule. The web listener object is also used
to make rule.
1. Install network service RPC Over HTTP (on vnfsdc001)
79
Open control panel and click Add or
remove Programs
On left panel click Add/removes windows
Select role and move down
80
Select Network services and click Detail
Select RPC Over HTTP proxy and click
OK
Click Next
81
Wait for installation
Click Finish
2. Enable Outlook Anywhere of Exchange 2007
Open Ms exchange 2007 console
82
Click Server configuration client
access
On right panel click Enable outlook any
where
Enter mail.glfs.myvnc.com for external
host name
Select basic authentication and click
enable
83
Click Finish
The window after enabling Outlook
Anywhere are shown
3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001
Open ISA windows, Right click Firewall
rule, select new and exchange web client
access publishing rule
84
Enter name for rule and click next
Select Exchange server 2007 and check
Outlook anywhere
85
Select Publish a single web site or load
balancer
Select Use ssl connect to the published
web server or server fam
86
Enter mail.glfs.myvnc.com in internal site
name and vnfsdc001.glfs.myvnc.com in
computer name or IP address
Select this domain name and enter
mail.glfs.myvnc.com
87
Select web listener is My listener
Select Basic authentication
88
Click Next
Click Finish
Select Publishing Outlook Anywhere rule
89
Right click and select Properties
Select To tab and select requests appear to
come from the original client
90
Select Traffic tab and check Require 128-
bit encryption for HTTPs traffic
Click Apply
VI. Publishing an Exchange Server for SMTP, POP3
Two publishing rule need creating in order for the other mail server & client to communicate.
First, the smtp service (in IIS) is installed on ISA Server. Second, making 2 smtp & pop3 rules.
1. Install SMTP service on ISA relay connect to SMTP exchange 2007
91
Go to Control panel, double click on Add
or Remove Programs
On the left pane, click on Add/Remove
Windows Components
Click on Accessories and Utilities and click
the button Detail
92
Select Internet Information Services (IIS)
Click Detail
Check SMTP Service
Click OK
Click OK
93
Click Next to install SMTP services
Wait for installation
Click Finish
94
2. Configuration SMTP relay on ISA server
Click Start on the below left corner
Click on Programs -> Administrators Tools
-> Internet Information Services (IIS)
Manager
On the Internet Information Services
Manager dialog, Right click Default SMTP
Virtual Server
Select Properties
95
On the tab General, select IP address
192.168.1.1
Go to Access tab
Click Authentication
96
Check Basic authentication and Integrated
Windows Authentication
Enter glfs.myvnc.com on Default domain
textbox
Click OK
Click OK
97
Go to Default SMTP Virtual Server ->
Domains
On the right pane, Right click and select
New -> Domain…
Select Remote
Click Next
Enter glfs.myvnc.com on Name textbox
Click Finish
98
Right click glfs.myvnc.com
Select Properties
Check Allow incoming mail to this domain
On the Forward all mail to smart host,
enter vnfsdc001.glfs.myvnc.com
Click Apply
Close the IIS dialog
99
3. Create SMTP Server to SMTP Server Rule
Open ISA Console, Right click Firewall
Rules
Select New -> Mail server Publishing
Rule…
On the Welcome dialog, Enter SMTP
Server to on Rule name
Select Server-to-server communication
:SMTP, NNTP
Click Next
100
Check SMTP
Click Next
Enter server IP address 192.168.1.2
Click Next
Select Internal, Click Address…
101
Specify IP address 172.16.1.2 click ADD
Click OK
Check Internal
Click Address…
Specify IP 192.168.1.1, click Add
Click OK
102
Click Next
Click Finish
The rules show on ISA console
103
4. Create publishing SMTP and POP3 rule on ISA server
Open ISA Console, Right click Firewall
Rules
Select New -> Mail server Publishing
Rule…
Enter Publishing on rule name textbox
Select Client access: RPC, IMAP, POP3,
SMTP
Click Next
104
Check POP3, SMTP
Click Next
Enter Server IP address 192.168.1.2
Click Next
Check External
Click Address…
105
Specify IP 172.16.1.2, click Add
Click OK
Check Internal
Click Address…
Select IP 192.168.1.1, click Add
Click OK
106
Click Next
Click Finish
The rules show on ISA console
107
VII. Client test The final section is to test the work of above configurations.
1. Login with web access OWA
Open Internet browse
Enter https://mail.glfs.myvnc.com/owa in
address and enter
Enter username and password and click log
on
Log on ok
108
2. Register Outlook Anywhere
a. Import certificate
The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on
Personal & Trusted Root Certificate store.
Click start run
Enter MMC and click OK
Click menu File, Add/ Remove ….
109
Click Add
Select Certificates and click Add
110
Select Computer account and click Next
Click Finish
Click Close
111
Click OK
Right click on Personal, select All Tasks
Import
Click Next
112
Browse for the certificate file
Enter password of the certificate file you
have set
Click Next
Click Next
113
Click Finish
Click OK
The certificate has been imported
114
Go to Trusted Root Certificate, right click
on Certificates, select All tasks -> Import
Click Next
Click Browse for the certificate file
115
Enter password of file
Click Next
Click Finish
116
Click OK
The certificate has been imported
b. Register outlook any where
Open Control Panel and click Mail
117
Click E-mail Accounts
Click Next
Select Microsoft Exchange Server and
click Next
118
Enter vnfsdc001.glfs.myvnc.com for
Microsoft Exchange Server
Enter username
Click More settings
Select Connection tab
119
Check Connect ton my Exchange
mailbox using HTTP and click Exchange
Proxy Settings
Enter mail.glfs.myvnc.com for HTTPS://
Uncheck Manually authentication the
session when connecting with SSL
Check On fast network, connect using
HTTP first, then connection using
TCP/IP
Select Basic Authentication for Proxy
authentication settings
Click OK
Click Check Name
120
Click Next
Click Finish
Click Close
121
Open MS Outlook and enter password for
accounts
Ex: username: glfs\huynq
Password: 123qwe!@#
The outlook works with RPC ok
3. Register POP3 & SMTP
Open MS Outlook
122
Click Tool, Email-Accounts
Click Next
Select POP3 and click Next
123
Enter your name, email address.
Enter pop.glfs.myvnc.com for Incoming
mail server (POP3)
Enter smtp.glfs.myvnc.com for Outgoing
mail server (SMTP)
Enter username and password
Click more settings
Go to Outgoing Server tab
124
Check My outgoing server (SMTP)
requires authentication
Click OK
Click Test Accounts Settings…
125
Test ok and click Close
Click Next
Click Finish
126
The MS Outlook work ok with POP3 and
SMTP