Académique Documents
Professionnel Documents
Culture Documents
D E P L OY I N G A N D C O N F I G U R I N G
TABLE OF CONTENTS
Contents
Introduction _______________________________________________________________________________________________ 1
Purpose of this document _________________________________________________________________________________________1
Ashwin Venugopal __________________________________________________________________________________________________1
Prerequisites ______________________________________________________________________________________________ 5
Active Directory Prerequisite ______________________________________________________________________________________5
System Prerequisite ________________________________________________________________________________________________5
Exchange Server 2013 Prerequisite ________________________________________________________________________________5
Permissions to Install Exchange Server 2013 ______________________________________________________________________6
Permissions to Manage Exchange Server 2013 ____________________________________________________________________7
Assumptions ______________________________________________________________________________________________ 8
Insight to the Lab ___________________________________________________________________________________________________8
Details of these Servers ____________________________________________________________________________________________8
TABLE OF CONTENTS
Check for Updates Page __________________________________________________________________________________________ 11
Introduction Page ________________________________________________________________________________________________ 11
License Agreement Page _________________________________________________________________________________________ 11
Recommended settings Page ____________________________________________________________________________________ 11
Server Role Selection Page _______________________________________________________________________________________ 11
Installation Space and Location Page ____________________________________________________________________________ 12
Malware Protection Settings Page _______________________________________________________________________________ 12
Readiness Checks Page ___________________________________________________________________________________________ 12
Completion Page _________________________________________________________________________________________________ 12
TABLE OF CONTENTS
Configuring Accepted Domains __________________________________________________________________________ 16
Open the Exchange Admin Center _______________________________________________________________________________ 16
Accepted domains Page __________________________________________________________________________________________ 16
Specify the domain type _________________________________________________________________________________________ 16
Finally _____________________________________________________________________________________________________________ 16
TABLE OF CONTENTS
Certificates page _________________________________________________________________________________________________ 21
Select Internet-facing Client Access server to store the certificate _____________________________________________ 21
Add any additional domains you want include __________________________________________________________________ 21
Choose the common name ______________________________________________________________________________________ 21
Provide information about your organization ___________________________________________________________________ 22
Finally _____________________________________________________________________________________________________________ 22
Part 2 - submit the request to your certificate authority (CA) __________________________________________________ 22
Part 3 - Complete pending request ______________________________________________________________________________ 22
Open the Exchange Admin Center _______________________________________________________________________________ 22
Certificates page _________________________________________________________________________________________________ 22
Select the services you want to assign to this certificate ________________________________________________________ 22
Part 4 Verify the certificate_____________________________________________________________________________________ 22
Open the Exchange Admin Center _______________________________________________________________________________ 22
Certificates page _________________________________________________________________________________________________ 23
TABLE OF CONTENTS
Open the Exchange Admin Center ____________________________________________________________________________ 27
Unified Messaging _____________________________________________________________________________________________ 27
New UM Dial Plan page _______________________________________________________________________________________ 27
Part 5: Create a UM mailbox policy ______________________________________________________________________________ 29
Open the Exchange Admin Center ____________________________________________________________________________ 29
Unified Messaging _____________________________________________________________________________________________ 29
UM Dial Plan page _____________________________________________________________________________________________ 29
New UM Mailbox Policy page _________________________________________________________________________________ 29
Part 6: Enable users for UM ______________________________________________________________________________________ 29
Open the Exchange Admin Center ____________________________________________________________________________ 29
Recipients _____________________________________________________________________________________________________ 30
Enable UM Mailbox page _____________________________________________________________________________________ 30
UM Dial Plan page _____________________________________________________________________________________________ 30
INTRODUCTION
Introduction
PURPOSE OF THIS DOCUMENT
The purpose of this document is to help you for Microsoft Exchange Server 2013 Deployment.
The information and procedures included in this document focus on the deploying Exchange 2013
Server on a Test Lab, Intended for those who knows older versions of Exchange and are trying to check
out the latest and greatest Exchange.
ASHWIN VENUGOPAL
This is my Documentation focused on building an Exchange 2013 Test Environment.
My goal is to create relevant content that can be helpful in your Exchange 2013 Deployment and
Testing.
My past experience include working as Product Support Engineer, Technology Consultant, Architect
(Microsoft Exchange), Trainer and as a Migration Specialist.
I also conduct career oriented Events to help others in Learning Microsoft Products.
I can be reached on my personal mail id: Ashwin.techs@msn.com
Page 1
SERVER ROLES
Exchange 2013 has two Roles:
1) Mailbox Server Role
2) Client Access Server Role
Each organization requires minimum one Mailbox Server Role and Client Access
Server Role.
Transport Service
Mailbox Databases
Page 2
Authentication
Redirection (limited)
CERTIFICATES
SSL Certificates are required to protect communication between the Exchange Servers and Clients.
Certificate can be Third Party Certificates, Private Certificate or Self Signed Certificate.
1) Third Party Certificates
a. Issued by
i. GoDaddy
ii. Verisign
iii. Thawte
iv. Comodo
v. GlobalSign
vi. Etc.. etc..
b. Third Party Certificates are trusted by most operating Systems and browsers.
c. These certificates need to be purchased.
2) Private Certificates
a. Issued by Internal Private Certificate Authority
b. These certificates has no cost to issue.
c. Drawback is it only trusted internally inside your organization.
d. External networks should be manually configured to trust this certificate.
3) Self-Signed Certificates
a. Issued by Individual Computer and not by a Private Certificate Authority
b. These certificates has no cost to issue.
c. Drawback is it not trusted on any other computers, operating system or browsers.
d. Other computers should be manually configured to trust this certificate.
DNS
Microsoft recommends to use Split DNS.
Split DNS (Split horizon DNS/ Split-brain DNS / Split-view DNS) is a concept that allows you to
configure different IP Addresses for same hostname depending on where the DNS request came from.
For example:
Page 3
CLIENTS
Exchange 2013 supports the following clients:
1)
2)
3)
4)
5)
Outlook 2013
Outlook 2010 SP1 with April 2012 Cumulative Update (or Later)
Outlook 2007 Sp3 with July 2012 Cumulative Update (or Later)
Entourage 208 for Mac, Web Services Edition (Web DAV Editions are no longer supported)
Outlook for Mac 2011
Page 4
PREREQUISITES
Prerequisites
ACTIVE DIRECTORY PREREQUISITE
Schema master and Global Catalog is running Windows Server 2003 with Service Pack 2 or later.
SYSTEM PREREQUISITE
The full installation option of Windows Server 2012 and Windows Server 2008 R2 SP1.
You must first join the computer to the appropriate internal Active Directory domain.
If you're installing the Mailbox server role and you intend for the server to be a member of a
database availability group (DAG), you must be running Windows Server 2012 Standard or
Datacenter Edition or Windows Server 2008 R2 SP1 Enterprise Edition.
The prerequisites that are needed to install Exchange 2013 on a Windows Server 2012
computer depends on which Exchange roles you want to install. Read the section below that
matches the roles you want to install.
Mailbox server role or combined Mailbox and Client Access server roles
Page 5
After you've installed the operating system roles and features, install the following software in the
order shown:
PREREQUISITES
1) Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
2) Microsoft Office 2010 Filter Pack 64 bit
3) Microsoft Office 2010 Filter Pack SP1 64 bit
After you've installed the operating system roles and features, install the following software:
Permissions Required
Install the Mailbox Server Role ( First Exchange 2013 Server Local Administrator
Installation and where AD Preparation is not performed)
Enterprise Administrator
Schema Administrator
Install the Second Mailbox Server Role
Local Administrator
Organization Management
Task
Permissions Required
Install the Client Access Server Role
Local Administrator
Page 6
PREREQUISITES
PERMISSIONS TO MANAGE EXCHANGE SERVER 2013
Task
Permissions Required
Organization Management
Organization Management
Organization Management
Organization Management
or
Server Management
Organization Management
or
Server Management
Local Administrator
Organization Management
or
UM Management
Organization Management
or
Server Management
Configure Certificates
Page 7
ASSUMPTIONS
Assumptions
INSIGHT TO THE LAB
Servers are ready with following configuration. Make sure to Join them to Domain once ADDS is
installed.
Server Name
Operating System
Windows Server 2008 R2 SP1 +
EX2013DC1
Windows Update
Windows Server 2012 Standard Edition
EX2013MB1
+ Windows Update
EX2013MB2 (Required for Windows Server 2012 Standard Edition
Part 2)
+ Windows Update
Windows Server 2012 Standard Edition
EX2013CA1
+ Windows Update
IP Address
Subnet Mask
Primary DNS IP
192.168.1.50
255.255.255.0
192.168.1.50
192.168.1.51
255.255.255.0
192.168.1.50
192.168.1.52
255.255.255.0
192.168.1.50
192.168.1.53
255.255.255.0
192.168.1.50
Page 8
Value
contoso.local
EX2013DC1
EX2013MB1
EX2013MB2
EX2013CA1
mail.contoso.com
mail.contoso.local
mail.contoso.local
mail.contoso.local
mail.contoso.local
mail.contoso.com
mail.contoso.local
autodiscover.contoso.com
contoso.com
contoso.com
Prepare AD
Page 9
Page 10
/PrepareAllDomains or
setup
INTRODUCTION PAGE
This begins the process of installing Exchange into your organization.
This will give links to some helpful deployment content. Its recommended you visit these links prior to
continuing setup.
Click Next to continue.
COMPLETION PAGE
Click Finish. Restart the computer.
Page 12
INTRODUCTION PAGE
This begins the process of installing Exchange into your organization.
This will give links to some helpful deployment content. Its recommended you visit these links prior to
continuing setup.
Click Next to continue.
COMPLETION PAGE
Click Finish. Restart the computer.
Page 14
FINALLY
Click Finish.
Page 15
FINALLY
Click Save.
Page 16
FINALLY
In the Default Policy details pane, click Apply.
Page 17
Value
Mail.contoso.com
Your Exchange Public IP
Mail.contoso.com
Mail.contoso.com
Value
Internal FQDN of Client Access Server
Internal FQDN of Client Access Server
VIRTUAL DIRECTORIES
OPEN EXCHANGE MANAGEMENT SHELL
Start > All Programs > Microsoft Exchange Server 2013 > Exchange Management.
Page 18
EXCHANGE ACTIVESYNC
Run the below command on Exchange Management Shell (change the url as per your requirements).
Set-ActiveSyncVirtualDirectory -Identity "EX2013CA1\Microsoft-Server-ActiveSync (Default Web Site)"
-InternalUrl https://owa.contoso.local/Microsoft-Server-ActiveSync -ExternalUrl
https://owa.contoso.com/Microsoft-Server-ActiveSync
Site)"
-InternalUrl
AUTODISCOVER
Run the below command on Exchange Management Shell (change the url as per your requirements).
Set-ClientAccessServer -Identity EX2013CA1 -AutodiscoverServiceInternalUri
https://owa.contoso.com/Autodiscover/Autodiscover.xml
Page 19
RESTART IIS
Open Command Prompt and Type IISRESET /NOFORCE
Page 20
CONFIGURE CERTIFICATE
Configure Certificate
PART 1 - CREATE CERTIFICATE REQUEST
OPEN THE EXCHANGE ADMIN CENTER
Browse to the URL of your Client Access server. i.e, https://EX2013CA1/ECP.
Enter your username and password in Domain\user name and Password, and then click Sign in.
CERTIFICATES PAGE
Navigate - Servers > Certificates > Select Client Access server >New
This opens New Exchange certificate wizard, select Create a request for a certificate from a
certification authority and then click Next
Give a name for this certificate (you can provide any name) and then click Next.
This page is optional, If you want to request a wildcard certificate, select Request a wild-card
certificate and then specify the root domain of all subdomains in the Root domain field. If you don't
want to request a wildcard certificate leave this page blank and Click Next.
Page 21
CONFIGURE CERTIFICATE
PROVIDE INFORMATION ABOUT YOUR ORGANIZATION
Click Next.
FINALLY
Specify the network location where you want this certificate request to be saved.
Click Finish.
CERTIFICATES PAGE
Navigate - Servers > Certificates > select the certificate request you created in the previous steps.
In the certificate request details pane, click Complete under Status.
On the Complete pending request page, specify the path to the SSL certificate file and then click OK.
CONFIGURE CERTIFICATE
CERTIFICATES PAGE
Navigate - Servers > Certificates Select the new certificate
Check the certificate details pane, verify that status shows as valid and Assigned to services shows as
IIS and SMTP
Page 23
Unified Messaging
Navigate - Unified Messaging > UM dial plans > Add
Name
Type the name of the dial plan.
Dial Type
A Uniform Resource Identifier (URI)
There are three types of URIs
Page 24
SIP URI
This is used with IP PBX that supports SIP (Session Initiation Protocol) routing.
IP PBX, or Communications Server 2007 R2 or Lync Server is listed as a SIP address in the following
format: sip:<username>@<domain or IP address>:Port.
E.164
E.164 is an international numbering plan for public telephone systems in which each assigned number
contains a country code, a national destination code, and a subscriber number.
For example: +1 425 xxx xxxx
Unsecured Mode
In unsecured mode, neither the Realtime Transport Protocol (RTP) media channel nor the SIP signaling
information is encrypted.
SIP secured
When you select SIP secured, only the SIP signaling traffic is encrypted, and the RTP media channels
still use TCP, which isn't encrypted.
Secured
When you select Secured, both the SIP signaling traffic and the RTP media channels are encrypted.
Note:
Client Access Server uses TCP Port 5060 for unsecure communication and TCP Port 5061 for secure
communication.
Page 25
Save
Click Save
Unified Messaging
Navigate - Unified Messaging > UM IP Gateways > Add
UM Dial Plan
Click Browse and select the UM dial plan that we just created.
Save
Click Save
Unified Messaging
Navigate - Unified Messaging > UM dial plans
Select the earlier created dial plan and Click Edit
Page 26
Access numbers
Enter the extension or telephone numbers that callers will use to reach the auto attendant.
Save
Click Save
Unified Messaging
Navigate - Unified Messaging > UM dial plans > Add
Name
Type the name of the dial plan.
Dial Type
A Uniform Resource Identifier (URI)
There are three types of URIs
Page 27
Telephone Extension
This is the most common URI type.
The calling and called party information from the VoIP gateway or IP Private Branch eXchange (PBX) is
listed in one of the following formats: Tel:512345 or 512345@<IP address>. This is the default URI
type for dial plans.
SIP URI
This is used with IP PBX that supports SIP (Session Initiation Protocol) routing.
IP PBX, or Communications Server 2007 R2 or Lync Server is listed as a SIP address in the following
format: sip:<username>@<domain or IP address>:Port.
E.164
E.164 is an international numbering plan for public telephone systems in which each assigned number
contains a country code, a national destination code, and a subscriber number.
For example: +1 425 xxx xxxx
Unsecured Mode
In unsecured mode, neither the Realtime Transport Protocol (RTP) media channel nor the SIP signaling
information is encrypted.
SIP secured
When you select SIP secured, only the SIP signaling traffic is encrypted, and the RTP media channels
still use TCP, which isn't encrypted.
Secured
When you select Secured, both the SIP signaling traffic and the RTP media channels are encrypted.
Note:
Client Access Server uses TCP Port 5060 for unsecure communication and TCP Port 5061 for secure
communication.
Page 28
Unified Messaging
Navigate - Unified Messaging > UM dial plans > Add
Name
Type the name of the UM Unified Mailbox Policy.
Note
UM Unified Mailbox Policy cannot be deleted if it is associated with any users.
Save
Click Save.
When you save the UM mailbox policy, all the default settings such as PIN policies, voice mail features,
and Protected Voice Mail settings are enabled.
If you want to customize or change these settings, use EAC to change the settings for the UM mailbox
policy.
Page 29
Extension Number
Please note that the number of digits in the extension is set on the dial plan thats linked to the UM
mailbox policy thats assigned to the user.
PIN Settings
You can choose from these three options
Type a PIN
Manually specify a PIN
Require the user to reset their PIN the first time they sign in
Select this check box to force the user to reset their voice mail PIN
Finish
Click finish to confirm the settings and enable UM for the recipient.
Configuring Lync settings are out of scope of this document. Separate documentation will be made on
the same.
Page 30
Page 31
1.2 TechNet
http://technet.microsoft.com/en-us/library/bb124558(v=exchg.150).aspx
1.3 Support
http://support.microsoft.com/ph/730/en-us
Page 32
CONTACT INFORMATION
Contact Information
ASHWIN VENUGOPAL
DISCLAIMER
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and
no association with any real company, organization, product, domain name, e-mail address, logo,
person, place or event is intended or should be inferred. Complying with all applicable copyright laws
is the responsibility of the user.
Without limiting the rights under copyright, no part of this document may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written
permission of the Author.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any written
license agreement from Microsoft, the furnishing of this document does not give you any license to
these patents, trademarks, copyrights, or other intellectual property.
Page 33
CONTACT INFORMATION
Page 34