Exchange and Firewall Notes ************************************* Use these with caution.

They were written on the fly while he was talking. Not 100% sure the information is correct. ************************************************************** test exchange connectivity tool mxtoolbox.com command prompt nslookup set type=mx company12.noslab.ca -should come back as mail.company12.noslab.ca

10.10.12.1

If it doesnt come back your transport service might not be installed or running on the edge. If it is installed, but still not working, recieve connectors need to be e nabled. To see if the connector is in a recieving state go to a command prompt and typ netstat -an findstr :25 0.0.0.0:25. If you create an email in telnet and it hits the edge, and it doesnt show up in your mailbox your edge sync connectors (send and recieve connectors) are having a problem (test-edgesync). If all this is working and configured correctly (double check connectors) make s ure you disable inspection (antivirus),aka content filtering. On the Exchange Server disable TLS (Transport Layer Security -Aka certificates) - You can find TLS in exchange on the edge. telnet 10.10.12.1 25 -should come back as EHLO (you can actually generate email from here) ------------------------------------------------------confirm that there arent any existing profiles control panel - mail (There should be no profiles, you can add one here) You can also add a mail profile if you open outlook, when you are prompted to si gn in For your simulated client have two network adapters (Internal and external). Tur n on the one that corresponds with what you are testing. Check MS exchange connection status in the task pane (CTRl-RightClick on exchang e icon in task pane) Simulate your connection by shutting off the internal connection Open exchange server(EX1) - Server Configuration - client access

Enable outlook anywhere (Right hand task pane) -mail.company49.noslab.ca -auth matching firwall rule (Basic Auth) (Dont enable allow secure channel) -Enable ** From the exchange management shell test if it worked** Get-OutlookAnywhere When it comes back it should have the proper name of the exchange server, the auth is the same as the firewall rule, IIS is running, valid is true. Now go to tmg to create a rule and publish outlook anywhere. Go to firewall policy OWA (not sure you need to have this selected) Publish exchange web client access -Outlook Anywhere -selct echange server 2010 -outlook anywhere (if you want to support 2007 select publsih additional folder. ..) -use ssl (First) -Van-EX1 (name of exchange server) -ip 192.168.0.42 -the domain name -mail.company12.noslab.ca -web lsitner (HTTPS listener) Should already have this created -Basic Authentication (Should be matching OWA configuration on EX1) -Default users -Finish and Apply **Test the rule by right clicking the rule you just created and testing** This might have errors, but you need the auto discov link and RPC link need to b e green, thats it. - You only need to do this if you want to fix some of the errors from the test b ut as long as those two are green you dont need to do this.(Exchange server EX1 - Server Config - cl iant access offline address book distribution) In IIS, expand Default web sites in the left pane, and you will see the folders that had errors; just enbable these. The true test is to go to the VAN-CLI and open exchange. Can you connect and aut henticate control pannel mail properties email account settings echange server settings more settings connection tab - default is connect using lan enabl outlook anywhere go into proxy settings https://mail.company12.noslab.ca on fast networks,connect using HTTP ..... OFF on slow networks, connect using HTTP .... ON basic authentication (has to match the firewall rule you created. If you ever ha ve an issue where

the test show up read its probably a missmatch in authentication.) Now you should be able to connect from any network that isnt your internal netwo rk. In the task pane, ctrl-right click the outlook icon, and the connections should all be established. If you are using mobile, all your information (Contacts, emails Etc.) will be pu shed to your phone through outlook. If you lose your phone, you can have outlook push all that information to the ne w phone. -----------------------------------------------------Now lets automate the process of changing the proxy settings, for end users. Aut o-discovery?? Go to exchange server EX1 Go into exchange management shell Get-AutodiscoveryVirtualDirectory Should show you Autodiscover (Defualt Web Site) VAN-EX1 how to veryfy that auto discovery has an external url Get-AutodiscoveryVirtualDirectory | fl identitiy, externalurl -It wont show an external URL until we enable this. Set-Autodiscovery -identity *-externalurl https://mail.company12.noslab.ca/autod iscover/autodiscover.xml (If you go in IIS in the exchange server, the auto discover folder is already th ere.) Get-AutodiscoveryVirtualDirectory | fl identitiy, externalurl -Now the external url should show up. go to the tmg rule right click rule properties test rule Now if you go on the client PC and blow away the exchange profile in the control panel you should be able to use auto to get it back. go to outlook and when propeted for a profile, configure auto discovery by enter ing the email and password. go to tmg, and go into dns (comapny12.noslab.ca) right click new other new record, new resource record -service _autodiscover -protocol _tcp -Port 443 -host mail.company12.noslab.ca

create and new host record autodiscover external ip of firewall You can CTRL-rightclick the Exchange Icon in the tesk pane, and selct test autoc onfiguration