Publishing Exchange 2007 With Isa 2006
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Publishing Exchange 2007 With Isa 2006 as PDF for free.
More details
- Words: 3,817
- Pages: 128
Publishing Exchange 2007 With ISA 2006 Nguyen Quoc Huy Nguyen Van Du Email:
[email protected] [email protected]
2007
Contents I. Topology and Description ................................................................................................................... 1 II. Installing and Configuring Exchange Server 2007 ............................................................................ 2 1.
Hardware requirement................................................................................................................. 2
2.
Software requirement .................................................................................................................. 2
3.
Add Components to install Microsoft Exchange Server ............................................................. 3
4.
Install prerequisite packets .......................................................................................................... 5
5.
Install Microsoft Exchange Server 2007 ................................................................................... 12
6.
Configure Exchange 2007......................................................................................................... 21
7.
Insert Offline Address Book in Mail Database ......................................................................... 28
III. Installing ISA 2006 ......................................................................................................................... 30 IV. Publishing an Exchange Web Access (OWA) ................................................................................ 35 1.
Install Certificate Service on domain controller VNFSDC001 ................................................. 35
2.
Create certificate for Exchange web ......................................................................................... 37 a.
Delete default existing certificate ......................................................................................... 37
b.
Create certificate for default website .................................................................................... 41
c.
Export certificate of OWA virtual directory ......................................................................... 45
3.
Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) .................................... 52
4.
Import certificate to ISA VNFSIS001 ...................................................................................... 56
5.
Create Web Listening object on ISA ........................................................................................ 65
6.
Create web publishing OWA rule ............................................................................................. 73
V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) ......................................... 78 1.
Install network service RPC Over HTTP (on vnfsdc001) ........................................................ 78
2.
Enable Outlook Anywhere of Exchange 2007 .......................................................................... 81
3.
Create Outlook Anywhere Publishing rule on ISA VNFSIS001 .............................................. 83
VI. Publishing an Exchange Server for SMTP, POP3 .......................................................................... 90 1.
Install SMTP service on ISA relay connect to SMTP exchange 2007...................................... 90
2.
Configuration SMTP relay on ISA server ................................................................................. 94
3.
Create SMTP Server to SMTP Server Rule .............................................................................. 99
4.
Create publishing SMTP and POP3 rule on ISA server ......................................................... 103
VII. Client test..................................................................................................................................... 107 1.
Login with web access OWA.................................................................................................. 107
2.
Register Outlook Anywhere.................................................................................................... 108
3.
Register POP3 & SMTP ......................................................................................................... 121
I. Topology and Description
This lab is to setup & configure Microsoft Exchange 2007 Enterprise X64. After that, the services OWA, SMTP, POP3, MAPI are published to internet using Microsoft ISA 2006 Standard The following is the configuration information of each device: Computer Number Computer Name IP Address Information
1 VNFSDC001 IP address: 192.168.1.2 DG: 192.168.1.1 DNS: 192.168.1.2
OS
Windows Server 2003 En R2 x64 DHCP DNS WINS Certificate Services Exchange 2007 En (All updates from
Installed Services
2 VNFSIS001 Internal: IP address: 192.168.1.1 DNS: 192.168.1.2 External: IP address: 172.16.1.2 DG: 172.16.1.1 Windows Server 2003 En R2 x86 ISA 2006 Standard Edition (All updates from Microsoft Update installed)
3 CLIENT01 IP address: 192.168.1.11 DG: 192.168.1.1 DNS: 192.168.1.2
Windows XP Professional None (All updates from Microsoft Update installed)
1
Microsoft Update installed) SP2
Addition Configurations Domain Name
Domain Member Exchange Server Role
Admin Account Password
glfs.myvnc.com (domain functional level windows 2003, forest functional level windows 2003) Yes Mailbox server Hub Transport Client Access Server Administrator 123qwe!@#
SP2, ISA Publishing Pack Update glfs.myvnc.com
SP3
Yes N/A
Yes N/A
Administrator 123qwe!@#
Administrator 123qwe!@#
glfs.myvnc.com
II. Installing and Configuring Exchange Server 2007 This section will show you how to install exchange 2007 server step by step. This process must be done in sequence: a. b. c. d. e. f.
Hardware requirement Software requirement Add the necessary component Install the perquisite packages Install Exchange 2007 Enterprise Configure Exchange 2007 Enterprise
1. Hardware requirement The first step is to determine whether a computer is capable of running Exchange Server 2007. The following list details the hardware requirements of the computer that will host Exchange Server 2007:
x64 architecture-base processor that supports the Intel EM64T or AMD64 instruction set
2 GB of RAM plus 5 MB of RAM per mailbox
1.2 GB of disk space on the volume on which Exchange is installed plus 500 MB per unified messaging language pack that is to be installed
200 MB of free disk space on the system volume
2. Software requirement Prior to the installation of Exchange, the software environment should meet the following requirements:
64-bit edition of Windows Server 2003 or Windows Server 2003 R2. If you plan to use single-copy cluster or cluster continuous replication, the enterprise editions of Windows Server 2003 and Windows Server 2003 R2 are required
The following volumes must be formatted with the NTFS file system: 2
o
System volume
o
Volumes that store Exchange program files, storage group files, transaction log files, database files, and all other Exchange files
Microsoft .Net Framework 2.0 SP1
Microsoft Windows PowerShell. This can be downloaded from Microsoft’s Web site
MMC 3.0. This version of the MMC is included with Windows Server 2003 R2 but not with Windows Server 2003. This MMC is installed when you apply SP2 to Windows Server 2003 R2
Update for Windows Server 2003 x64 edition KB904639
Update for Windows Server 2003 x64 edition KB918980
The Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP) service must not be installed.
3. Add Components to install Microsoft Exchange Server The service IIS with ASP.Net needs to install prior Exchange 2007 setup
Click Start, point to Control Panel.
Click Add or Remove Programs
3
Click Add/Remove Windows Components.
In Windows Component Wizard, on the Windows Components page, highlight Application Server, and then click Details.
In Application Server, select the ASP.NET check box.
4
Click Next, and when the Windows Components Wizard completes, click Finish.
4. Install prerequisite packets The following package will be installed as prerequisite packets: a. ADAM b. .Net Framework 2.0 SP1 c. Windows Power Shell ADAM package
Open windows explorer and double click on the package ADAM
5
Click Next on the Software Update Installation Wizard dialog
Check Agree and click Next
Wait for the installation
6
The package is installed successfully
Click Finish
.Net Framwork 2.0
Open windows explorer and double click on the package .Netx64
Click Next on the Microsoft .Net Framework 2.0 (x64) Setup dialog
7
Check I accept the terms of the License Agreement then click Next
Wait for the installation
8
Click Finish for successful installation
Go on installing the update of .Net Framework.
Double click the update package
Click Ok to update the Microsoft .NET Framework 2.0
9
Click on I accept button
Waiting for the installation
Click OK
Click Reboot Now and your computer is going to restart
10
Windows PowerShell
Double click on the package Windows PowerShell
Click Next on the Software Update Installation Wizard
Check I Agree then click Next
Waiting for the Installation
11
Click OK to finish the installation of Windows PowerShell
5. Install Microsoft Exchange Server 2007 The domain server will be also Exchange mail server. Its exchange roles are Client Access, Hub Transport, Mailbox server.
Insert Exchange 2007 DVD into DVD Rom
The Exchange 2007 Setup dialog shows
Click Next
12
Check I accept the items in the license agreement
Click Next
Select Yes (Recommended) to enable Error Reporting for improving the quality, reliability, and performance of Microsoft software
Click Next
Choose option Typical Exchange Server Installation.
This option will install the mail server roles : Hub Transport, Client Access, Mailbox and Exchange Management Tools
You need to choose the location for exchange files
Click Browse 13
Create the folders in which Exchange 2007 files store
Click OK
Continue setting up. Click Next
14
Enter the Exchange organization
Click Next
Note: the example organization is GLFS
If the clients in your company use Outlook 2003, choose Yes so that outlook 2003 is compatible with exchange 2007
Click Next
Waiting for the Readiness Checks
15
All prerequisites are ok. You can go on installing exchange 2007
Click Install
Waiting for the installation process
16
The installation is successful.
Check the Finalize installation using the Exchange Management Console
Click Finish
Exchange Management Console shows up. It instructs the finalize deployment
First, you need to supply the License Key of product.
On the left pane, expand Microsoft Exchange -> Server Configuration -> Hub Transport
On the Action pane, select Enter Product Key
17
Enter key on product key text box
Click Enter button
Congratulation, the wizard of Product key finish properly
Click Finish
Turn back the first dialog of Exchange
18
Second, the exchange 2007 needs to be updated
On the left pane, select Toolbox
On the right pane, select Best Practices Analyzer
The Microsoft Exchange Best Practices Analyzer appears
Check on Check for updates on startup (recommended) and Join the Microsoft Customer Experience Improvement Program
Select Check for updates now
The update is on progress for checking
19
Select Download the lasted updates
Updated packages are downloaded and installed
Finish updating product
20
6. Configure Exchange 2007 After setting up exchange, the basic configuration had better be configured for normal working.
On Exchange Management Consoles, Go to Server Configuration -> Hub transport. On the left pane, right click on Client VNFSDC001, select Properties
Enter mail.glfs.myvnc.com on the Specify the FQDN
21
Select tab Authentication, uncheck Offer Basic authentication only after starting TLS Select Permission Groups
Select tab Permission Groups, check Anonymous Users, Exchange Users Click Ok
Right click on Default VNFSDC001, select Properties
22
Enter mail.glfs.myvnc.com
On Authentication tab, uncheck Offer Basic authentication only after starting TLS Select Permission Groups
23
Check Anonymous users, Exchange Users, Exchange Servers & legacy Exchange Servers Click Ok
Go to Server Configuration - > Client Access On the right pane, right click on owa and select Properties
Input the external URL: https://mail.glfs.myvnc.com/owa Choose Authentication tab
24
Check Basic authentication (password is sent in clear text)
Click ok to finish changing
Go to Organization Configuration -> Hub Transport Select tab Send Connectors on the right pane Right click on this and select New send connector
25
Enter the name of Send Connector: Outbound to Internet Select the intended use “internet” for the send connector
On the New Send Connector dialog, Click Add and enter * on the Domain textbox Click Ok
Click Next
26
Click Next
Select Source Server and click Next
Click new to create send connector
27
Click Finish
7. Insert Offline Address Book in Mail Database The following steps help remove the error of the object missing in exchange cached mode.
Open Exchange Mangement Console Go to Microsoft Exchange -> Server Configures -> Mailbox
On the right pane, Right click on First Storage Group – Mailbox Database Select Properties
28
On Mailbox Database Properties, Go to tab Client Settings Click Browse
Select Default Offline Address Book Click OK
29
Click OK
Close the console
III. Installing ISA 2006 On the server VNFSIS001, you set IP address for internal & external interface properly. ISA 2006 Standard plays roles as gateway for internal, gateway for VPN at external and publishing owa, outlook anywhere, pop3, smtp.
30
Put the CD the the cdrom drive, the welcome of ISA appears Click on Install ISA Server 2006
Waiting for the preparation
Click Next the the welcome page
31
Select I accept the terms.. Click Next
Enter the name and Organization Click Next
Choose Typical Click Next
32
Choose the range of Internal Network Click Next
Click Next
Click Next
33
Click Install to start setting up
Waiting for the installation
Waiting…
34
Select Invoke ISA Server Management Click Finish
The interface of ISA 2006 turns out
IV. Publishing an Exchange Web Access (OWA) This section shows you how to publish OWA. Certificate of default web access need creating & exporting to ISA server. ISA server uses this certificate to create web listener & OWA publishing rule. 1. Install Certificate Service on domain controller VNFSDC001
On add or remove programs
35
Select certificate sevices
Select enterprise root CA
Enter mail on common name for this CA
36
Click Next
Waiting for installation
Click Finish
2. Create certificate for Exchange web a. Delete default existing certificate 37
Open Internet information service
Right click Default web site and select Properties
Select tab Directory Security, click Server Certificate
38
Click Next
Select Remove the current certificate and click Next
Click Next
39
Click Finish
On the Default Web Site, click Edit
Check Require secure channel (SSL) Click Ok
40
Click OK
b. Create certificate for default website
On the Internet Information Services Manager, right click on Default Web Site Select Properties
On tab Directory Security, click Server Certificate
41
Click Next
Choose Create a new certificate Click Next
Choose Send the request … Click Next
42
On the textbox name, enter mail.glfs.myvnc.com Click Next
Enter Organization, click Next
Input Country, State, city Click Next
43
Click Next
Click Next
Click Next for accepting confirmation
44
Click Finish
Click Ok
c. Export certificate of OWA virtual directory This section will export the certificate for OWA. As to implementation, Virtual directory RPC needs exporting for OWA & RPC over HTTP
45
Right click RPC and click properties
Select Directory Security tab, Click Edit in Authentication and access control
46
Check Integrated windows authentication and Basic authentication (password is send in clear text)
Click Edit on Secure communications
47
Check Require secure channel (ssl) and Require 128-bit encryption
Click View Certificate
48
Select Details tab and click Copy to file
Click Next
49
Select yes, export the private key and click Next
Select include all certificate in the …. Click Next
Enter password for file certificate. Note: keep it, when import on ISA we must enter this password
50
Browse to save file Click Next
Click Finish
Click OK for finishing exporting certificate
51
Click OK
Click OK
3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) Three CName (mail, pop, smtp) mapping to VNFSIS001.glfs.myvnc.com (192.168.1.1) are created on DNS of VNFSDC001. They are used for OWA, RPC publishing, pop3 and smtp.
52
Open DNS
On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…
Enter mail on Alias name Select vnfsis001.glfs.myvnc.com for FQDN Click OK
53
The DNS console appears like this
On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…
Enter mail on Alias name Select vnfsdc001.glfs.myvnc.com for FQDN Click OK
54
On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…
Enter mail on Alias name Select vnfsdc001.glfs.myvnc.com for FQDN Click OK
The DNS windows after create CName
55
4. Import certificate to ISA VNFSIS001 The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on Personal & Trusted Root Certificate store.
Copy file mycert.pxf from VNFSDC001 (this file exported in OWA of IIS)
Click Start, select Run….
Enter MMC and click OK
56
Click menu File, Add/ Remove ….
Click Add
57
Select Certificates and click Add
Select Computer account and click Next
Click Finish
58
Click Close
Click OK
59
Right click on Personal, select All Tasks Import
Click Next
Browse for the certificate file
60
Enter password of the certificate file you have set Click Next
Click Next
Click Finish
61
Click OK
The certificate has been imported
Go to Trusted Root Certificate, right click on Certificates, select All tasks -> Import
62
Click Next
Click Browse for the certificate file
Enter password of file Click Next
63
Click Next
Click Finish
Click OK
64
The certificate has been imported
5. Create Web Listening object on ISA
Open ISA
Move to firewall rule, on the right pane right click on Web Listener Select New Web Listener
65
Enter name for the web listener
Select Require SSL secure connections with clients Click Next
66
Select Internal, External Click on Select IP Addresses
Add IP address of external Click OK
Select internal, click Select IP Addresses
67
Add ip address of internal Click OK
Select IP address of external and click Select Certificate
Select certificate mail.glfs.myvnc.com Click Select
68
Select IP address of internal and lick select certificate
Select certificate mail.glfs.myvnc.com
69
Click Next
Select HTML From Authentication and LDAP (active directory)
70
On the textbox SSO, enter .glfs.myvnc.com
Select the LDAP Servers Click Add
71
Enter FQDN name of VNFSDC001 (domain controller) on Server name Click OK
Enter glfs.myvnc.com for type the Active Directory domain name Click Next
72
Click Finish
6. Create web publishing OWA rule
Right click Firewall Rule New Exchange Web Client Access Publish rule
73
Enter name for publishing rule. Please input Publishing OWA
Select exchange server 2007 and check Outlook Web Access Click Next
74
Select Use SSL to connect to the published web server or server farm Click Next
Enter mail.glfs.myvnc.com for internal site name Enter vnfsdc001.glfs.myvnc.com for Computer name or IP address
75
Enter mail.glfs.myvnc.com for Public name Click Next
Select Web listener which was created Click Next
76
Select Basic authentication Click Next
Click Next
77
Click Finish
Click Apply
V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) The RPC publishing rule is the same as OWA publishing rule. The web listener object is also used to make rule. 1. Install network service RPC Over HTTP (on vnfsdc001)
78
Open control panel and click Add or remove Programs
On left panel click Add/removes windows
Select role and move down
79
Select Network services and click Detail
Select RPC Over HTTP proxy and click OK
Click Next
80
Wait for installation
Click Finish
2. Enable Outlook Anywhere of Exchange 2007
Open Ms exchange 2007 console
81
Click Server configuration client access
On right panel click Enable outlook any where
Enter mail.glfs.myvnc.com for external host name Select basic authentication and click enable
82
Click Finish
The window after enabling Outlook Anywhere are shown
3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001
Open ISA windows, Right click Firewall rule, select new and exchange web client access publishing rule
83
Enter name for rule and click next
Select Exchange server 2007 and check Outlook anywhere
84
Select Publish a single web site or load balancer
Select Use ssl connect to the published web server or server fam
85
Enter mail.glfs.myvnc.com in internal site name and vnfsdc001.glfs.myvnc.com in computer name or IP address
Select this domain name and enter mail.glfs.myvnc.com
86
Select web listener is My listener
Select Basic authentication
87
Click Next
Click Finish
Select Publishing Outlook Anywhere rule
88
Right click and select Properties
Select To tab and select requests appear to come from the original client
89
Select Traffic tab and check Require 128bit encryption for HTTPs traffic
Click Apply
VI. Publishing an Exchange Server for SMTP, POP3 Two publishing rule need creating in order for the other mail server & client to communicate. First, the smtp service (in IIS) is installed on ISA Server. Second, making 2 smtp & pop3 rules.
1. Install SMTP service on ISA relay connect to SMTP exchange 2007
90
Go to Control panel, double click on Add or Remove Programs
On the left pane, click on Add/Remove Windows Components
Click on Accessories and Utilities and click the button Detail
91
Select Internet Information Services (IIS) Click Detail
Check SMTP Service Click OK
Click OK
92
Click Next to install SMTP services
Wait for installation
Click Finish
93
2.
Configuration SMTP relay on ISA server
Click Start on the below left corner Click on Programs -> Administrators Tools -> Internet Information Services (IIS) Manager
On the Internet Information Services Manager dialog, Right click Default SMTP Virtual Server Select Properties
94
On the tab General, select IP address 192.168.1.1 Go to Access tab
Click Authentication
95
Check Basic authentication and Integrated Windows Authentication Enter glfs.myvnc.com on Default domain textbox Click OK
Click OK
96
Go to Default SMTP Virtual Server -> Domains On the right pane, Right click and select New -> Domain…
Select Remote Click Next
Enter glfs.myvnc.com on Name textbox Click Finish
97
Right click glfs.myvnc.com Select Properties
Check Allow incoming mail to this domain On the Forward all mail to smart host, enter vnfsdc001.glfs.myvnc.com Click Apply
Close the IIS dialog
98
3. Create SMTP Server to SMTP Server Rule
Open ISA Console, Right click Firewall Rules Select New -> Mail server Publishing Rule…
On the Welcome dialog, Enter SMTP Server to on Rule name
Select Server-to-server communication :SMTP, NNTP Click Next
99
Check SMTP Click Next
Enter server IP address 192.168.1.2 Click Next
Select Internal, Click Address…
100
Specify IP address 172.16.1.2 click ADD Click OK
Check Internal Click Address…
Specify IP 192.168.1.1, click Add Click OK
101
Click Next
Click Finish
The rules show on ISA console
102
4. Create publishing SMTP and POP3 rule on ISA server
Open ISA Console, Right click Firewall Rules Select New -> Mail server Publishing Rule…
Enter Publishing on rule name textbox
Select Client access: RPC, IMAP, POP3, SMTP Click Next
103
Check POP3, SMTP Click Next
Enter Server IP address 192.168.1.2 Click Next
Check External Click Address…
104
Specify IP 172.16.1.2, click Add Click OK
Check Internal Click Address…
Select IP 192.168.1.1, click Add Click OK
105
Click Next
Click Finish
The rules show on ISA console
106
VII. Client test The final section is to test the work of above configurations.
1. Login with web access OWA
Open Internet browse Enter https://mail.glfs.myvnc.com/owa in address and enter
Enter username and password and click log on
Log on ok
107
2. Register Outlook Anywhere a. Import certificate The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on Personal & Trusted Root Certificate store.
Click start run
Enter MMC and click OK
Click menu File, Add/ Remove ….
108
Click Add
Select Certificates and click Add
109
Select Computer account and click Next
Click Finish
Click Close
110
Click OK
Right click on Personal, select All Tasks Import
Click Next
111
Browse for the certificate file
Enter password of the certificate file you have set Click Next
Click Next
112
Click Finish
Click OK
The certificate has been imported
113
Go to Trusted Root Certificate, right click on Certificates, select All tasks -> Import
Click Next
Click Browse for the certificate file
114
Enter password of file
Click Next
Click Finish
115
Click OK
The certificate has been imported
b. Register outlook any where
Open Control Panel and click Mail
116
Click E-mail Accounts
Click Next
Select Microsoft Exchange Server and click Next
117
Enter vnfsdc001.glfs.myvnc.com for Microsoft Exchange Server Enter username Click More settings
Select Connection tab
118
Check Connect ton my Exchange mailbox using HTTP and click Exchange Proxy Settings
Enter mail.glfs.myvnc.com for HTTPS:// Uncheck Manually authentication the session when connecting with SSL Check On fast network, connect using HTTP first, then connection using TCP/IP Select Basic Authentication for Proxy authentication settings Click OK
Click Check Name
119
Click Next
Click Finish
Click Close
120
Open MS Outlook and enter password for accounts Ex: username: glfs\huynq Password: 123qwe!@#
The outlook works with RPC ok
3. Register POP3 & SMTP
Open MS Outlook
121
Click Tool, Email-Accounts
Click Next
Select POP3 and click Next
122
Enter your name, email address. Enter pop.glfs.myvnc.com for Incoming mail server (POP3) Enter smtp.glfs.myvnc.com for Outgoing mail server (SMTP) Enter username and password Click more settings
Go to Outgoing Server tab
123
Check My outgoing server (SMTP) requires authentication Click OK
Click Test Accounts Settings…
124
Test ok and click Close
Click Next
Click Finish
125
The MS Outlook work ok with POP3 and SMTP
126
[email protected] [email protected]
2007
Contents I. Topology and Description ................................................................................................................... 1 II. Installing and Configuring Exchange Server 2007 ............................................................................ 2 1.
Hardware requirement................................................................................................................. 2
2.
Software requirement .................................................................................................................. 2
3.
Add Components to install Microsoft Exchange Server ............................................................. 3
4.
Install prerequisite packets .......................................................................................................... 5
5.
Install Microsoft Exchange Server 2007 ................................................................................... 12
6.
Configure Exchange 2007......................................................................................................... 21
7.
Insert Offline Address Book in Mail Database ......................................................................... 28
III. Installing ISA 2006 ......................................................................................................................... 30 IV. Publishing an Exchange Web Access (OWA) ................................................................................ 35 1.
Install Certificate Service on domain controller VNFSDC001 ................................................. 35
2.
Create certificate for Exchange web ......................................................................................... 37 a.
Delete default existing certificate ......................................................................................... 37
b.
Create certificate for default website .................................................................................... 41
c.
Export certificate of OWA virtual directory ......................................................................... 45
3.
Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) .................................... 52
4.
Import certificate to ISA VNFSIS001 ...................................................................................... 56
5.
Create Web Listening object on ISA ........................................................................................ 65
6.
Create web publishing OWA rule ............................................................................................. 73
V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) ......................................... 78 1.
Install network service RPC Over HTTP (on vnfsdc001) ........................................................ 78
2.
Enable Outlook Anywhere of Exchange 2007 .......................................................................... 81
3.
Create Outlook Anywhere Publishing rule on ISA VNFSIS001 .............................................. 83
VI. Publishing an Exchange Server for SMTP, POP3 .......................................................................... 90 1.
Install SMTP service on ISA relay connect to SMTP exchange 2007...................................... 90
2.
Configuration SMTP relay on ISA server ................................................................................. 94
3.
Create SMTP Server to SMTP Server Rule .............................................................................. 99
4.
Create publishing SMTP and POP3 rule on ISA server ......................................................... 103
VII. Client test..................................................................................................................................... 107 1.
Login with web access OWA.................................................................................................. 107
2.
Register Outlook Anywhere.................................................................................................... 108
3.
Register POP3 & SMTP ......................................................................................................... 121
I. Topology and Description
This lab is to setup & configure Microsoft Exchange 2007 Enterprise X64. After that, the services OWA, SMTP, POP3, MAPI are published to internet using Microsoft ISA 2006 Standard The following is the configuration information of each device: Computer Number Computer Name IP Address Information
1 VNFSDC001 IP address: 192.168.1.2 DG: 192.168.1.1 DNS: 192.168.1.2
OS
Windows Server 2003 En R2 x64 DHCP DNS WINS Certificate Services Exchange 2007 En (All updates from
Installed Services
2 VNFSIS001 Internal: IP address: 192.168.1.1 DNS: 192.168.1.2 External: IP address: 172.16.1.2 DG: 172.16.1.1 Windows Server 2003 En R2 x86 ISA 2006 Standard Edition (All updates from Microsoft Update installed)
3 CLIENT01 IP address: 192.168.1.11 DG: 192.168.1.1 DNS: 192.168.1.2
Windows XP Professional None (All updates from Microsoft Update installed)
1
Microsoft Update installed) SP2
Addition Configurations Domain Name
Domain Member Exchange Server Role
Admin Account Password
glfs.myvnc.com (domain functional level windows 2003, forest functional level windows 2003) Yes Mailbox server Hub Transport Client Access Server Administrator 123qwe!@#
SP2, ISA Publishing Pack Update glfs.myvnc.com
SP3
Yes N/A
Yes N/A
Administrator 123qwe!@#
Administrator 123qwe!@#
glfs.myvnc.com
II. Installing and Configuring Exchange Server 2007 This section will show you how to install exchange 2007 server step by step. This process must be done in sequence: a. b. c. d. e. f.
Hardware requirement Software requirement Add the necessary component Install the perquisite packages Install Exchange 2007 Enterprise Configure Exchange 2007 Enterprise
1. Hardware requirement The first step is to determine whether a computer is capable of running Exchange Server 2007. The following list details the hardware requirements of the computer that will host Exchange Server 2007:
x64 architecture-base processor that supports the Intel EM64T or AMD64 instruction set
2 GB of RAM plus 5 MB of RAM per mailbox
1.2 GB of disk space on the volume on which Exchange is installed plus 500 MB per unified messaging language pack that is to be installed
200 MB of free disk space on the system volume
2. Software requirement Prior to the installation of Exchange, the software environment should meet the following requirements:
64-bit edition of Windows Server 2003 or Windows Server 2003 R2. If you plan to use single-copy cluster or cluster continuous replication, the enterprise editions of Windows Server 2003 and Windows Server 2003 R2 are required
The following volumes must be formatted with the NTFS file system: 2
o
System volume
o
Volumes that store Exchange program files, storage group files, transaction log files, database files, and all other Exchange files
Microsoft .Net Framework 2.0 SP1
Microsoft Windows PowerShell. This can be downloaded from Microsoft’s Web site
MMC 3.0. This version of the MMC is included with Windows Server 2003 R2 but not with Windows Server 2003. This MMC is installed when you apply SP2 to Windows Server 2003 R2
Update for Windows Server 2003 x64 edition KB904639
Update for Windows Server 2003 x64 edition KB918980
The Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP) service must not be installed.
3. Add Components to install Microsoft Exchange Server The service IIS with ASP.Net needs to install prior Exchange 2007 setup
Click Start, point to Control Panel.
Click Add or Remove Programs
3
Click Add/Remove Windows Components.
In Windows Component Wizard, on the Windows Components page, highlight Application Server, and then click Details.
In Application Server, select the ASP.NET check box.
4
Click Next, and when the Windows Components Wizard completes, click Finish.
4. Install prerequisite packets The following package will be installed as prerequisite packets: a. ADAM b. .Net Framework 2.0 SP1 c. Windows Power Shell ADAM package
Open windows explorer and double click on the package ADAM
5
Click Next on the Software Update Installation Wizard dialog
Check Agree and click Next
Wait for the installation
6
The package is installed successfully
Click Finish
.Net Framwork 2.0
Open windows explorer and double click on the package .Netx64
Click Next on the Microsoft .Net Framework 2.0 (x64) Setup dialog
7
Check I accept the terms of the License Agreement then click Next
Wait for the installation
8
Click Finish for successful installation
Go on installing the update of .Net Framework.
Double click the update package
Click Ok to update the Microsoft .NET Framework 2.0
9
Click on I accept button
Waiting for the installation
Click OK
Click Reboot Now and your computer is going to restart
10
Windows PowerShell
Double click on the package Windows PowerShell
Click Next on the Software Update Installation Wizard
Check I Agree then click Next
Waiting for the Installation
11
Click OK to finish the installation of Windows PowerShell
5. Install Microsoft Exchange Server 2007 The domain server will be also Exchange mail server. Its exchange roles are Client Access, Hub Transport, Mailbox server.
Insert Exchange 2007 DVD into DVD Rom
The Exchange 2007 Setup dialog shows
Click Next
12
Check I accept the items in the license agreement
Click Next
Select Yes (Recommended) to enable Error Reporting for improving the quality, reliability, and performance of Microsoft software
Click Next
Choose option Typical Exchange Server Installation.
This option will install the mail server roles : Hub Transport, Client Access, Mailbox and Exchange Management Tools
You need to choose the location for exchange files
Click Browse 13
Create the folders in which Exchange 2007 files store
Click OK
Continue setting up. Click Next
14
Enter the Exchange organization
Click Next
Note: the example organization is GLFS
If the clients in your company use Outlook 2003, choose Yes so that outlook 2003 is compatible with exchange 2007
Click Next
Waiting for the Readiness Checks
15
All prerequisites are ok. You can go on installing exchange 2007
Click Install
Waiting for the installation process
16
The installation is successful.
Check the Finalize installation using the Exchange Management Console
Click Finish
Exchange Management Console shows up. It instructs the finalize deployment
First, you need to supply the License Key of product.
On the left pane, expand Microsoft Exchange -> Server Configuration -> Hub Transport
On the Action pane, select Enter Product Key
17
Enter key on product key text box
Click Enter button
Congratulation, the wizard of Product key finish properly
Click Finish
Turn back the first dialog of Exchange
18
Second, the exchange 2007 needs to be updated
On the left pane, select Toolbox
On the right pane, select Best Practices Analyzer
The Microsoft Exchange Best Practices Analyzer appears
Check on Check for updates on startup (recommended) and Join the Microsoft Customer Experience Improvement Program
Select Check for updates now
The update is on progress for checking
19
Select Download the lasted updates
Updated packages are downloaded and installed
Finish updating product
20
6. Configure Exchange 2007 After setting up exchange, the basic configuration had better be configured for normal working.
On Exchange Management Consoles, Go to Server Configuration -> Hub transport. On the left pane, right click on Client VNFSDC001, select Properties
Enter mail.glfs.myvnc.com on the Specify the FQDN
21
Select tab Authentication, uncheck Offer Basic authentication only after starting TLS Select Permission Groups
Select tab Permission Groups, check Anonymous Users, Exchange Users Click Ok
Right click on Default VNFSDC001, select Properties
22
Enter mail.glfs.myvnc.com
On Authentication tab, uncheck Offer Basic authentication only after starting TLS Select Permission Groups
23
Check Anonymous users, Exchange Users, Exchange Servers & legacy Exchange Servers Click Ok
Go to Server Configuration - > Client Access On the right pane, right click on owa and select Properties
Input the external URL: https://mail.glfs.myvnc.com/owa Choose Authentication tab
24
Check Basic authentication (password is sent in clear text)
Click ok to finish changing
Go to Organization Configuration -> Hub Transport Select tab Send Connectors on the right pane Right click on this and select New send connector
25
Enter the name of Send Connector: Outbound to Internet Select the intended use “internet” for the send connector
On the New Send Connector dialog, Click Add and enter * on the Domain textbox Click Ok
Click Next
26
Click Next
Select Source Server and click Next
Click new to create send connector
27
Click Finish
7. Insert Offline Address Book in Mail Database The following steps help remove the error of the object missing in exchange cached mode.
Open Exchange Mangement Console Go to Microsoft Exchange -> Server Configures -> Mailbox
On the right pane, Right click on First Storage Group – Mailbox Database Select Properties
28
On Mailbox Database Properties, Go to tab Client Settings Click Browse
Select Default Offline Address Book Click OK
29
Click OK
Close the console
III. Installing ISA 2006 On the server VNFSIS001, you set IP address for internal & external interface properly. ISA 2006 Standard plays roles as gateway for internal, gateway for VPN at external and publishing owa, outlook anywhere, pop3, smtp.
30
Put the CD the the cdrom drive, the welcome of ISA appears Click on Install ISA Server 2006
Waiting for the preparation
Click Next the the welcome page
31
Select I accept the terms.. Click Next
Enter the name and Organization Click Next
Choose Typical Click Next
32
Choose the range of Internal Network Click Next
Click Next
Click Next
33
Click Install to start setting up
Waiting for the installation
Waiting…
34
Select Invoke ISA Server Management Click Finish
The interface of ISA 2006 turns out
IV. Publishing an Exchange Web Access (OWA) This section shows you how to publish OWA. Certificate of default web access need creating & exporting to ISA server. ISA server uses this certificate to create web listener & OWA publishing rule. 1. Install Certificate Service on domain controller VNFSDC001
On add or remove programs
35
Select certificate sevices
Select enterprise root CA
Enter mail on common name for this CA
36
Click Next
Waiting for installation
Click Finish
2. Create certificate for Exchange web a. Delete default existing certificate 37
Open Internet information service
Right click Default web site and select Properties
Select tab Directory Security, click Server Certificate
38
Click Next
Select Remove the current certificate and click Next
Click Next
39
Click Finish
On the Default Web Site, click Edit
Check Require secure channel (SSL) Click Ok
40
Click OK
b. Create certificate for default website
On the Internet Information Services Manager, right click on Default Web Site Select Properties
On tab Directory Security, click Server Certificate
41
Click Next
Choose Create a new certificate Click Next
Choose Send the request … Click Next
42
On the textbox name, enter mail.glfs.myvnc.com Click Next
Enter Organization, click Next
Input Country, State, city Click Next
43
Click Next
Click Next
Click Next for accepting confirmation
44
Click Finish
Click Ok
c. Export certificate of OWA virtual directory This section will export the certificate for OWA. As to implementation, Virtual directory RPC needs exporting for OWA & RPC over HTTP
45
Right click RPC and click properties
Select Directory Security tab, Click Edit in Authentication and access control
46
Check Integrated windows authentication and Basic authentication (password is send in clear text)
Click Edit on Secure communications
47
Check Require secure channel (ssl) and Require 128-bit encryption
Click View Certificate
48
Select Details tab and click Copy to file
Click Next
49
Select yes, export the private key and click Next
Select include all certificate in the …. Click Next
Enter password for file certificate. Note: keep it, when import on ISA we must enter this password
50
Browse to save file Click Next
Click Finish
Click OK for finishing exporting certificate
51
Click OK
Click OK
3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) Three CName (mail, pop, smtp) mapping to VNFSIS001.glfs.myvnc.com (192.168.1.1) are created on DNS of VNFSDC001. They are used for OWA, RPC publishing, pop3 and smtp.
52
Open DNS
On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…
Enter mail on Alias name Select vnfsis001.glfs.myvnc.com for FQDN Click OK
53
The DNS console appears like this
On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…
Enter mail on Alias name Select vnfsdc001.glfs.myvnc.com for FQDN Click OK
54
On DNS console, right click on glfs.myvnc.com Select New Alias (CNAME)…
Enter mail on Alias name Select vnfsdc001.glfs.myvnc.com for FQDN Click OK
The DNS windows after create CName
55
4. Import certificate to ISA VNFSIS001 The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on Personal & Trusted Root Certificate store.
Copy file mycert.pxf from VNFSDC001 (this file exported in OWA of IIS)
Click Start, select Run….
Enter MMC and click OK
56
Click menu File, Add/ Remove ….
Click Add
57
Select Certificates and click Add
Select Computer account and click Next
Click Finish
58
Click Close
Click OK
59
Right click on Personal, select All Tasks Import
Click Next
Browse for the certificate file
60
Enter password of the certificate file you have set Click Next
Click Next
Click Finish
61
Click OK
The certificate has been imported
Go to Trusted Root Certificate, right click on Certificates, select All tasks -> Import
62
Click Next
Click Browse for the certificate file
Enter password of file Click Next
63
Click Next
Click Finish
Click OK
64
The certificate has been imported
5. Create Web Listening object on ISA
Open ISA
Move to firewall rule, on the right pane right click on Web Listener Select New Web Listener
65
Enter name for the web listener
Select Require SSL secure connections with clients Click Next
66
Select Internal, External Click on Select IP Addresses
Add IP address of external Click OK
Select internal, click Select IP Addresses
67
Add ip address of internal Click OK
Select IP address of external and click Select Certificate
Select certificate mail.glfs.myvnc.com Click Select
68
Select IP address of internal and lick select certificate
Select certificate mail.glfs.myvnc.com
69
Click Next
Select HTML From Authentication and LDAP (active directory)
70
On the textbox SSO, enter .glfs.myvnc.com
Select the LDAP Servers Click Add
71
Enter FQDN name of VNFSDC001 (domain controller) on Server name Click OK
Enter glfs.myvnc.com for type the Active Directory domain name Click Next
72
Click Finish
6. Create web publishing OWA rule
Right click Firewall Rule New Exchange Web Client Access Publish rule
73
Enter name for publishing rule. Please input Publishing OWA
Select exchange server 2007 and check Outlook Web Access Click Next
74
Select Use SSL to connect to the published web server or server farm Click Next
Enter mail.glfs.myvnc.com for internal site name Enter vnfsdc001.glfs.myvnc.com for Computer name or IP address
75
Enter mail.glfs.myvnc.com for Public name Click Next
Select Web listener which was created Click Next
76
Select Basic authentication Click Next
Click Next
77
Click Finish
Click Apply
V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) The RPC publishing rule is the same as OWA publishing rule. The web listener object is also used to make rule. 1. Install network service RPC Over HTTP (on vnfsdc001)
78
Open control panel and click Add or remove Programs
On left panel click Add/removes windows
Select role and move down
79
Select Network services and click Detail
Select RPC Over HTTP proxy and click OK
Click Next
80
Wait for installation
Click Finish
2. Enable Outlook Anywhere of Exchange 2007
Open Ms exchange 2007 console
81
Click Server configuration client access
On right panel click Enable outlook any where
Enter mail.glfs.myvnc.com for external host name Select basic authentication and click enable
82
Click Finish
The window after enabling Outlook Anywhere are shown
3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001
Open ISA windows, Right click Firewall rule, select new and exchange web client access publishing rule
83
Enter name for rule and click next
Select Exchange server 2007 and check Outlook anywhere
84
Select Publish a single web site or load balancer
Select Use ssl connect to the published web server or server fam
85
Enter mail.glfs.myvnc.com in internal site name and vnfsdc001.glfs.myvnc.com in computer name or IP address
Select this domain name and enter mail.glfs.myvnc.com
86
Select web listener is My listener
Select Basic authentication
87
Click Next
Click Finish
Select Publishing Outlook Anywhere rule
88
Right click and select Properties
Select To tab and select requests appear to come from the original client
89
Select Traffic tab and check Require 128bit encryption for HTTPs traffic
Click Apply
VI. Publishing an Exchange Server for SMTP, POP3 Two publishing rule need creating in order for the other mail server & client to communicate. First, the smtp service (in IIS) is installed on ISA Server. Second, making 2 smtp & pop3 rules.
1. Install SMTP service on ISA relay connect to SMTP exchange 2007
90
Go to Control panel, double click on Add or Remove Programs
On the left pane, click on Add/Remove Windows Components
Click on Accessories and Utilities and click the button Detail
91
Select Internet Information Services (IIS) Click Detail
Check SMTP Service Click OK
Click OK
92
Click Next to install SMTP services
Wait for installation
Click Finish
93
2.
Configuration SMTP relay on ISA server
Click Start on the below left corner Click on Programs -> Administrators Tools -> Internet Information Services (IIS) Manager
On the Internet Information Services Manager dialog, Right click Default SMTP Virtual Server Select Properties
94
On the tab General, select IP address 192.168.1.1 Go to Access tab
Click Authentication
95
Check Basic authentication and Integrated Windows Authentication Enter glfs.myvnc.com on Default domain textbox Click OK
Click OK
96
Go to Default SMTP Virtual Server -> Domains On the right pane, Right click and select New -> Domain…
Select Remote Click Next
Enter glfs.myvnc.com on Name textbox Click Finish
97
Right click glfs.myvnc.com Select Properties
Check Allow incoming mail to this domain On the Forward all mail to smart host, enter vnfsdc001.glfs.myvnc.com Click Apply
Close the IIS dialog
98
3. Create SMTP Server to SMTP Server Rule
Open ISA Console, Right click Firewall Rules Select New -> Mail server Publishing Rule…
On the Welcome dialog, Enter SMTP Server to on Rule name
Select Server-to-server communication :SMTP, NNTP Click Next
99
Check SMTP Click Next
Enter server IP address 192.168.1.2 Click Next
Select Internal, Click Address…
100
Specify IP address 172.16.1.2 click ADD Click OK
Check Internal Click Address…
Specify IP 192.168.1.1, click Add Click OK
101
Click Next
Click Finish
The rules show on ISA console
102
4. Create publishing SMTP and POP3 rule on ISA server
Open ISA Console, Right click Firewall Rules Select New -> Mail server Publishing Rule…
Enter Publishing on rule name textbox
Select Client access: RPC, IMAP, POP3, SMTP Click Next
103
Check POP3, SMTP Click Next
Enter Server IP address 192.168.1.2 Click Next
Check External Click Address…
104
Specify IP 172.16.1.2, click Add Click OK
Check Internal Click Address…
Select IP 192.168.1.1, click Add Click OK
105
Click Next
Click Finish
The rules show on ISA console
106
VII. Client test The final section is to test the work of above configurations.
1. Login with web access OWA
Open Internet browse Enter https://mail.glfs.myvnc.com/owa in address and enter
Enter username and password and click log on
Log on ok
107
2. Register Outlook Anywhere a. Import certificate The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on Personal & Trusted Root Certificate store.
Click start run
Enter MMC and click OK
Click menu File, Add/ Remove ….
108
Click Add
Select Certificates and click Add
109
Select Computer account and click Next
Click Finish
Click Close
110
Click OK
Right click on Personal, select All Tasks Import
Click Next
111
Browse for the certificate file
Enter password of the certificate file you have set Click Next
Click Next
112
Click Finish
Click OK
The certificate has been imported
113
Go to Trusted Root Certificate, right click on Certificates, select All tasks -> Import
Click Next
Click Browse for the certificate file
114
Enter password of file
Click Next
Click Finish
115
Click OK
The certificate has been imported
b. Register outlook any where
Open Control Panel and click Mail
116
Click E-mail Accounts
Click Next
Select Microsoft Exchange Server and click Next
117
Enter vnfsdc001.glfs.myvnc.com for Microsoft Exchange Server Enter username Click More settings
Select Connection tab
118
Check Connect ton my Exchange mailbox using HTTP and click Exchange Proxy Settings
Enter mail.glfs.myvnc.com for HTTPS:// Uncheck Manually authentication the session when connecting with SSL Check On fast network, connect using HTTP first, then connection using TCP/IP Select Basic Authentication for Proxy authentication settings Click OK
Click Check Name
119
Click Next
Click Finish
Click Close
120
Open MS Outlook and enter password for accounts Ex: username: glfs\huynq Password: 123qwe!@#
The outlook works with RPC ok
3. Register POP3 & SMTP
Open MS Outlook
121
Click Tool, Email-Accounts
Click Next
Select POP3 and click Next
122
Enter your name, email address. Enter pop.glfs.myvnc.com for Incoming mail server (POP3) Enter smtp.glfs.myvnc.com for Outgoing mail server (SMTP) Enter username and password Click more settings
Go to Outgoing Server tab
123
Check My outgoing server (SMTP) requires authentication Click OK
Click Test Accounts Settings…
124
Test ok and click Close
Click Next
Click Finish
125
The MS Outlook work ok with POP3 and SMTP
126
Related Documents
Publishing Exchange 2007 With Isa 2006
December 2019 15
Publishing Exchange 2007 With Isa 2006
December 2019 34
Using Isa Server With Exchange 2003
November 2019 8
Isa Server 2006 Administration
June 2020 10
Indian Publishing Market 2007
October 2019 19
Tutorial Isa Server 2006
April 2020 13More Documents from "Rodo Herrera"
Installing Oracle Application Server 11g R1 On Centos
December 2019 28
Oracle Rac 11g R1 On Hp-ux
December 2019 41
Publishing Exchange 2007 With Isa 2006
December 2019 34
Publishing Exchange 2007 With Isa 2006
December 2019 15