Exchange 2010 Lab setup notes

Here are some quick notes from setting up exchange 2010 in my lab environment (upgrade from exchange 2007) – these are not complete install instructions… and should not be used to base anything on! But if it helps anyone with a small issue – cool!

Scenario:

Install Exchange 2010 into an Exchange 2007 environment

 Assumes Exchange 2010 servers are Windows 2008 R2 servers

 Servers:

EX01:                     Existing Exchange 2007 server, MB, HT, CA, UM (internal use)

IS01:                      Existing Exchange 2007 server, HT, CA (external use)

EX02:                     New exchange 2010 server, MB, HT, CA (internal use)

IS02:                      New exchange 2010 server, HT, CA (external use)

FW01:                   Existing ISA 2006 SP1

 

EX02:                     Install pre-reqs and MB, HT, CA roles

IS02:                      Install pre-reqs and HT, CA roles

 

Existing exchange 2007 servers:

Ensure each exchange 2007 server is at SP2 level before continuing

Add the group “Exchange Trusted Subsystem” to the local administrators group on each server

 

EX02 config:

• Configure new OAB and distribute via web distribution
• Configure databases
• Issue cert from internal CA

 IS02 config:

• Import certificate for external access (including private key)
• In EMC 2010
  • Server | Client Access
    • Select IS02, then owa, configure authentication as required (should be set to basic auth, assuming this machine will be used for OWA via ISA only)
• Select the server configuration object
  • Set the external certificate for use with IIS
  • Set the external URL
• Configure Outlook anywhere
  • Click “enable outlook anywhere” in the actions pane
  • Enter a host name and authentication type (go for basic)
• To set internal auto-discovery, to ensure that the external facing CAS doesn’t report the external dns address to internal clients
  • Open exchange powershell
  • Set-clientaccessServer –identity IS04 –AutodiscoverserviceInternalURI https://ex04.company.com/autodiscover/autodiscover.xml

 FW01 config:

• Use the Exchange 2007 publishing wizard
• Add the /ecp/* path to the OWA rule when complete
• To ensure authentication only occurs once
  • Set the listener to use forms based auth
  • Set the authentication delegation to be basic
  • On the Front end server  (IS02) set the auth for the OWA and ECP virtual directories to be basic
• Leave the outlook anywhere rule the same as for 2007

 IS02 – AntiSpam at the hub transport level:

http://technet.microsoft.com/en-us/library/bb201691(EXCHG.140).aspx

• Open the powershell console
• Go to %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts
• Run ./install-AntispamAgents.ps1
• Restart-Service MSExchangeTransport
• Set internal SMTP servers using the command
  • Set-TransportConfig -InternalSMTPServers 10.0.1.10,10.0.1.11
  • The hub transport is now enabled for anti-spam updates
  • Run windows update and anti-spam updates will download

 Spam mailbox

• create a spam mailbox
• from powershell: Set-ContentFilterConfig -QuarantineMailbox <SmtpAddress>

 Grant read access to administrator on all mailboxes in specific database

• Add-ADPermission -Identity “<database name>” -User “<username>” -ExtendedRights Receive-As

 Fix activesync error for domain admin user accounts

Taken from: http://www.expta.com/2009/10/exchange-server-2010-rtm-upgrade-and_22.html

• Open ADUC
• Ensure “advanced features” mode is turned on
• Go to the user properties | security
• Go to advanced
• Tick “include inheritable permissions from the parent object” and click ok

 Issues:

Move mailbox command does not show any progress

If ANY of your exchange 2007 or 2010 CAS servers are down, errors will show up when trying to open the properties of any of them!

 

Removing Exchange 2007:

 IS01 (front end)

• Remove server from all send connectors (organisation level | hub transport | send connectors)
• Run un-install
• Turn the server off

 Ex01 (back-end)

• Remove OAB from generating on this server
• Delete public folder database contents using powershell (assuming you don’t want anything out of the PF’s)
  • Get-PublicFolder -Server <server containing the public folder database> “\” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server <server containing the public folder database> -Recurse -ErrorAction:SilentlyContinue
  • Get-PublicFolder -Server <server containing the public folder database> “\Non_Ipm_Subtree” -Recurse -ResultSize:Unlimited | Remove-PublicFolder -Server <server containing the public folder database> -Recurse -ErrorAction:SilentlyContinue
  • Use ADSIedit to remove the database – (it will not remove correctly via the GUI)
    • http://www.proexchange.be/blogs/exchange2010/archive/2009/10/28/remove-exchange-2007-mailbox-role-fails-with-error-object-is-read-only-because-it-was-created-by-a-future-version-of-exchange-0-10-14-0-100-0-current-supported-version-is-0-1-8-0-535-0.aspx
    • Remove the PF Storage group via the UI
    • Remove any mailbox databases and their storage groups
    • Uninstall all exchange 2007 components
    • Shut down the server

 Configure Archiving

• Have found out that archiving is called “personal archiving” and it only archives in the SAME mailbox database as existing mailbox data
• Requires exchange 2010 or owa to access (rumoured that patch will be available for outlook 2007 to support this)
• Primary focus is to remove user capability to create new psts (once configured, user can only read existing psts, not create or add)
• Theory is that new storage improvements and DAG’s mean that all exchange databases can be stored on cheap disk
• http://blogs.technet.com/ucedsg/archive/2009/05/11/what-is-new-with-exchange-2010-storage.aspx