Friday, November 7, 2008

Feedback on my 1st Exchange 2007 Install running on Windows 2008

Hello Everyone,

So, I decided to really challenge myself. Not only had I never used or installed Exchange 2007, but I decided to do it on an OS I have had no experience with, Windows 2008 Server (I have a test Vista laptop but rarely use it). So, this was a completely new beast to me. Overall, even though Exchange 2007 has a brand new interface, requires more work on user creation, more complicated install requirements, & Microsoft pushes for you to learn PowerShell scripting, Exchange 2007 has a well laid out interface for configuration and the use of wizards makes learning this product easier than Exchange 2003. Yes, you heard that right. This is easier to setup and manage than Exchange 2003 out of the box. Anyone who is familiar with Exchange 2003, should not have an issue learning Exchange 2007. The learning curve is a lot easier than expected. Remember, I've never seen Exchange 2007 nor have I used Windows 2008 and was able to get the Exchange Server functionality up and running fairly quickly. Good job Microsoft!

My complaints seeing it for the first time, are minor issues, such as copying text from dialog boxes is either not possible or limited, fancy GUI is a waste of CPU processing [View -> Visual Effects -> Never resolves that], and wizards take longer to execute than the old ESM or setting the configuration yourself. But Microsoft has made your life a lot easier with a one stop article (below) to install it. So, would I recommend everyone go out and upgrade, no. I'll address who should upgrade in a future post.

Well, it's taken me a while to finally get to the point of testing Exchange 2007 since performance has not been an issue so far with all the Exchange 2003 environments I've worked on (maybe after a hardware upgrade though). Which is a compliment to Exchange 2003. It's a great product since it's rock solid and scalable when you properly size your Exchange Server.

So, I'm testing Exchange 2007 SP1 (remember, SP1 is the full software code so you don't need to install the base and then SP1, just install the full version via SP1) on the following:
- Windows 2008 Server x64
- OS running under VMware ESx 3i 3.5
- VM configured for 2 CPUs (up to 3GHz/cpu, 8192MB, 30GB OS partition, 240GB Exchange install partition [not needed, but plan to deploy my "production" environment in this configuration].
- non-internet based network (in VMware speak, it's called a "virtual switch")

Recommend you read the following Microsoft article for pre-requisites for Windows 2008 or Vista. This article is excellent and includes the command line code needed to load the necessary software (e.g. Roles, Features, etc).

This URL is a gold mine of information. Save this!!!
http://technet.microsoft.com/en-us/library/bb691354.aspx


I ran the typical install (all roles minus Unified Messaging on a single server) of Exchange Server 2007 SP1 setup on a Windows 2008 Server after running the pre-requisites as per Microsoft above, I received the following error:

The Active Directory Schema is not up-to-date and Ldifde.exe is not installed on this computer. You must install Ldifde.exe by running 'ServerManagerCmd -i RSAT -ADDS' or restart setup on a domain controller.

Turns out I missed the following command (on the above URL) which I promptly ran on the planned Exchange server and rebooted. My AD is based on Windows 2003 Native Mode environment.

-------------------------
C:\Users\administrator.domaintest>ServerManagerCmd -i RSAT-ADDS
.

Start Installation...

[Installation] Succeeded: .
[Installation] Succeeded: [Remote Server Administration Tools] Active Directory
Domain Services Tools.
Warning: [Installation] Succeeded: [Remote Server Administration Tools] Active D
irectory Domain Controller Tools. You must restart this server to finish the ins
tallation process.

Warning: [Installation] Succeeded: [Remote Server Administration Tools] Server f
or NIS Tools. You must restart this server to finish the installation process.

<100/100>

Success: A restart is required to complete the installation.

C:\Users\administrator.domaintest>

------------------

Next issue was the following SMTP detection issue. The answer to create a "Send Connector" as per http://support.microsoft.com/kb/556055 .

---------------
Hub Transport Role Prerequisites
Completed

Warning:
Setup cannot detect an SMTP or Send connector with an address space of '*'. Mail flow to the Internet may not work properly.

Elapsed Time: 00:00:14

---------------

On to the install. When the Exchange setup runs the pre-requisites, it attempts to connect to Microsoft for the latest requirements. Since there is no internet, it fails but it's not reported. This is the setup dialog as it continues. Technically you could disable this auto-internet check using ExBPA and configuring some xml files, but I don't think it's worth the time.



Process took 50 minutes to complete. No errors reported. The next steps are presented by the Exchange Management Console. Here are the more important configuration steps to get up and running in order of importance.

- configure domains for which you will accept e-mail
- configure internet mail flow
- configure the E-mail Address Policies (formerly known as Recipient Update Policy) to automatically change all your users "from" address
[optional/recommended] - configure OAB public folder distribution for Outlook 2003 and earlier
[optional/recommended] - configure SSL for CAS (Client Access Server)
[optional] - configure ActiveSync
[optional] - configure offline address book (OAB) for Outlook 2007
[optional] configure an external postmaster recipient to receive mails from our systems (e.g. NDRs, etc)

I performed the following:

"Configure Domains for which You Will Accept E-mail"

Clicking on the link inside the wizard pointed me to the correct location and then I selected the Actions "New Accepted Domain". You type the "Accepted Domain" which is your emailed domain, and then you probably want to leave it as "Authoritative Domain". If you don't know what this means, this is most likely your correct setting. The other 2 options are Internal Relay Domain and External Relay Domain. Then you're done while you wait for the wizard to run the command which took 15 seconds on my server.

After completing the above, you probably want to make that domain your default. So, highlight the domain you added, and on the Actions, click "Set as Default".

Now, you can receive if you've configured your firewall and DNS for this domain, but you need to be able to send email.

Next step - configuring sending email. In Exchange 2007 speak, "Configure internet mail flow"

Exchange Management Console -> Organization Configuration -> Hub Transport -> Send Connectors tab -> click "New Send Connector..." Actions.

Now you have 4 options
Custom - for sending via non-Exchange servers (e.g. relay servers, your smtp gateway server, etc)
Internal - for sending email to other Exchange servers
Internet - use DNS to route email out. Connect to our domains servers directly.
Partner - for sending to domains with TLS encryption that are listed on the "domain-secure domains".

I selected custom, and for the Address space, listed the accepted domain as entered above, and left all settings as is. Network settings (Use domain name system) which means your Exchange Server will communicate to a variety of other servers on the internet or "Route mail through the following smart hosts". I selected a smart host and entered the LAN IP of it (I never allow my Exchange Server to communicate on the internet. All mail inbound and outbound is routed via another smtp server). Now, under "Configure smart host authentication settings", I left this to "None" since I whitelist the Exchange Server on the smtp relay server. "Source Server" lists this Exchange Server.

Configuring the E-mail Address Policies to change the "from" address
Organization Configuration -> Hub Transport -> E-mail Address Policies -> right-click Default Policy and select Edit.
- add an additional domain entry under "E-Mail Addresses". This is typically your new accepted domain.
- I left the default "E-mail address local part" to "Use alias"
- check "Select accepted domain for e-mail address:" and Browse and select domain used above for "new accepted domain"
- highlight newly added SMTP e-mail address, and select "Set as Reply". It should become bold now.

Adding your First Email User Account
- Now this is back to the good ol' days of Exchange 5.5, somewhat, but not as bad as when Exchange 2007 was first released. You can add the user account in AD, and then head over to the EMC (Exchange Management Console in 2007, formerly ESM in 2003, Exchange System Manager) and under Recipient Configuration -> Mailbox -> New Mailbox... under Actions. You want the basic User Mailbox (there are numerous other options). For User Type, select Existing Users, and select the user(s). Select the Mailbox database and "Exchange ActiveSync mailbox policy" if you plan to use that and then click Next. Or you can have EMC create the AD account and then go to the container called "Users" and move it to the correct OU. Hopefully SP2 or an update allows you to select the OU to place the user(s) being created.

And that's it. I logged into Outlook Web Access, and thanks to Microsoft for loading a SSL certificate so out of the box, OWA can be secure & support forms based authenication (major difference from 2003). Some screen shots of OWA and OWA Light. Enjoy.

Initial OWA Login Screen


Your 1st Login Screen and Prompt to Set Time Zone and Language - this is an improvement from Exchange 2003/2000 which the end user had to know to click Settings and set this information.


Logged in OWA on Exchange 2007 running IE 7


Logged in OWA Light on Exchange 2007 running IE 7. This would be similar to Firefox, Safari, and other non-IE browsers.


Comments, feedback, etc.
-Ben