Implementation of Microsoft Exchange Server 2007

Prepared For: I2 Technologies Bangalore

Submitted By: Wipro InfoTech # 30, Divya Sree, Mission Road Bangalore

WIPRO I2 Confidential

Page 1 of 123

Table of Contents
Architectural Overview ............................................................................................................................... 4 Active Directory & Exchange 2007 Implementation Summary............................................................... 9 I2 POC Architecture .................................................................................................................................. 10 Active Directory 2008 Implementation .................................................................................................... 12 Configure DNS for Active Directory ........................................................................................................ 19 Check the Health of the Domain Controller. ........................................................................................... 23 AD Sites & Subnets Management ........................................................................................................... 24 Additional Domain Controller Setup. ...................................................................................................... 28 Configure Failover Clustering in Windows 2008 ................................................................................... 35 Exchange 2007 implementation .............................................................................................................. 46 Installing Exchange server 2007 ............................................................................................................. 50 Exchange 2007 CCR Implementation ...................................................................................................... 55 Installation of Edge Transport Server Role ............................................................................................ 65 Installation and Configuration of Certificate Services .......................................................................... 74 ISA 2006 Installation and Configuration ................................................................................................. 96 Conclusion ............................................................................................................................................... 122

WIPRO I2 Confidential

Page 2 of 123

Document Management Information Document Title: Project Document for Implementation of Exchange Server 2007 Document Status: Approved Wipro/In Review- I2/Approved by Customer. Document Publication History
Version Number Date Author(s) Remark

1.0

25-Nov-2008

Binil

Project Document for Implementation of Exchange Server 2007

Document Review and Approval History

Version Number 1.0 05-Dec-2008 Date Reviewer and Approver Sathya Prakash Exchange Server 2007 Project Document reviewed Customer Review and Approval 1.0 Manoj Remarks

Document Distribution List

Sr. No. 1 Name and Company I2 Purpose Exchange Server 2007 Project Document

WIPRO I2 Confidential

Page 3 of 123

Architectural Overview
As a messaging system that is widely used in both large corporations and small businesses, Exchange Server has always been scalable in both directions. However, new demands on messaging such as compliance, security, and disaster recovery have created new challenges for delivering a messaging system that works great in small businesses and large enterprises alike. To rise to these new challenges, the architecture of Exchange Server 2007 has been updated to take advantage of 64-bit hardware, simplified administration and routing, and to enable an Exchange server to host one or more server roles.

WIPRO I2 Confidential

Page 4 of 123

Server Roles
The following figure shows the some of the features for each Exchange 2007 server role.

WIPRO I2 Confidential

Page 5 of 123

Exchange Server provides a complete messaging system that can run on a single server meaning that all Exchange services reside on one server, as with the Microsoft Small Business Server product. However, there are significant gains in deployment, management, and security that come from having a flexible, modular system that can be installed across more than one machine. This concept was first introduced in Exchange 2000 Server; where a frontend server could be configured to proxy inbound Internet client protocols to the appropriate mailbox server. Front-end servers are optional and can reduce the load on mailbox servers and simplify Microsoft Office Outlook Web Access (OWA) and Exchange ActiveSync (EAS) user access. Having front-end servers in medium-size and large organizations made Exchange more scalable by concentrating particular tasks on a limited number of servers. In Exchange Server 2007, role-based deployment has been expanded, allowing you to assign predefined roles to specific servers. These roles allow organizations to control mail flow, increase security, and distribute services, as shown in the following illustration.

Client Access role. Similar to the front-end server in earlier versions of Exchange, this server proxies Internet client traffic to the correct mailbox server. Mailbox role. This role hosts user mailboxes stored in databases that can be replicated or clustered. Hub Transport role. This role provides internal routing of all messages from Edge servers, Unified Messaging (UM) servers, or between two users on the same mailbox database. The Hub Transport role is also where messaging policy is enforced for messages moving within and outside the organization. Unified Messaging role. This role enables PBX integration to allow voice mail and fax messages delivered to Exchange mailboxes and provide voice dial-in capabilities to Exchange Server. This role and its services are explained in more detail later in this paper.
WIPRO I2 Confidential Page 6 of 123

 Edge Transport role. This server resides outside your internal network and provides onpremise e-mail security, antivirus, and anti-spam services for Exchange. Off-premise filtering can be provided by Exchange Hosted Filtering, discussed later.

Administrative Groups and Routing Groups

Administration is simplified and more flexible in Exchange Server 2007. In previous versions of Exchange, administrative groups were administrative boundaries that contained servers and other objects. While administrative groups could be created to segregate administration within your IT organization, once created they were not very flexible. (You cant move servers between administrative groups.) Exchange Server 2007 overcomes this limitation by eliminating administrative groups. Administrative rights can now be delegated from the organization down to the server. Whether your organization uses a centralized or decentralized administrative model, you can delegate permissions to more closely match that model and easily adapt to new models as your organization changes.

Routing groups have been integrated with Active Directory sites. Because the design criteria for Active Directory site boundaries are similar to the design criteria for routing groups, and are the same in most organizations, Exchange now assumes a routing topology based on Active Directory site lines. Maintaining a separate Exchange routing topology and Active Directory site topology is no longer necessary.

Storage Groups and Information Stores

Exchange Server 2007 Enterprise Edition supports up to 50 storage groups and 50 databases per server. You can configure up to five databases per storage group, up to a maximum of 50 databases. Now mailbox data can be distributed across more databases, and mailbox databases can be distributed across more storage groups, than in earlier versions of Exchange Server. Exchange Server Standard Edition supports up to five storage groups and five databases per server. Both Enterprise Edition and Standard Edition have an unlimited database size limit.

WIPRO I2 Confidential

Page 7 of 123

Exchange Management Console

WIPRO I2 Confidential

Page 8 of 123

Active Directory & Exchange 2007 Implementation Summary

The following is a high-level summary of the Exchange 2007 Server implementation for I2. The Summary is spelled out in detail in the rest of this document. Active Directory Topology: Windows Server 2008 based Single Forest, single Domain architecture Active Directory Sites Structure: Single Site named as Bangalore. Local Domain: jdatest.com Domain Controllers: POCJDARDC,POCJDAADC Exchange Organization: i2Exchange Exchange 2007 Architecture: Two Mailbox Servers Configured as Cluster Continuous Replication. Two HUB & CAS Servers on a F5 Load Balancer and one Edge Transport Server for Internet Mail Relay. SMTP Domain name: i2technologies.com Administrative Model: Centralized server management, distributed recipient management Administration Groups: Single Administrative Group. Routing Groups: Single Routing group. Storage Groups: Multiple storage groups are created in Exchange 2007. Database backup: CCR is configured for all the storage groups. SMTP Relay: Currently internet mails are getting relayed through Exchange 2007 Edge Transport Server. Reverse Proxy: ISA 2006 is configured to Publish Outlook Web Access. Client Support: Microsoft Office System Outlook 2007/2003 is installed as supported mail client. OWA Url: https://webmail.i2technologies.com Outlook Anywhere: Server is enabled for Outlook Anywhere.

WIPRO I2 Confidential

Page 9 of 123

I2 POC Architecture

WIPRO I2 Confidential

Page 10 of 123

I2 Domain Controllers
Server Name POCJDARDC POCJDAADC IP Address 10.156.220.100 10.156.220.101 Role RDC ADC FQDN POCJDARDC.JDATEST.COM POCJDAADC.JDATEST.COM

Exchange 2007 Servers

Server Name POCJDAEXGHC01 POCJDAEXGHC02 POCJDAEXGMBX01 POCJDAEXGMBX02 POCJDAEDG01 IP Address 10.156.220.102 10.156.220.103 10.156.220.102 10.156.220.102 10.157.34.13 Role HUB & CAS HUB & CAS Mailbox Mailbox Edge Transport FQDN POCJDAEXGHC01.JDATEST.COM POCJDAEXGHC02.JDATEST.COM POCJDAEXGMBX01.JDATEST.COM POCJDAEXGMBX02.JDATEST.COM POCJDAEDG01.JDATEST.COM

Windows 2008 Cluster

Name WINCLUSTER POCJDAMBX IP Address 10.156.220.200 10.156.220.210 Role Windows Cluster Exchange Virtual Server FQDN WINCLUSTER.JDATEST.COM POCJDAMBX.JDATEST.COM

ISA 2006 Servers

Server Name POCJDAISA IP Address 10.156.220.106 Role Reverse Proxy FQDN POCJDAISA.JDATEST.COM

WIPRO I2 Confidential

Page 11 of 123

Active Directory 2008 Implementation

1. In Windows 2008 Server go to command prompt and type dcpromo.exe. 2. Click next on the welcome screen

WIPRO I2 Confidential

Page 12 of 123

3. Select Create new Domain in a new forest and click next.

WIPRO I2 Confidential

Page 13 of 123

4. Type the Domain name as JDATEST.COM and click next.

5. Select the forest functional Level as Windows Server 2003 and click next.

WIPRO I2 Confidential

Page 14 of 123

6. Select the Domain functional Level as Windows Server 2003 and click next.

7. Select DNS Server to be installed on the Server and click next.

WIPRO I2 Confidential

Page 15 of 123

8. Click yes on the delegation window and click next.

9. Select the Directory for storing the Active Directory Database files and click next.

WIPRO I2 Confidential

Page 16 of 123

10. Type the Recovery Mode Password and click next.

11. Review the Summary and click next to start the Active Directory installation.

WIPRO I2 Confidential

Page 17 of 123

12. Click finish and restart the Server.

WIPRO I2 Confidential

Page 18 of 123

Configure DNS for Active Directory

1. Open DNS Management console in the Domain Controller. 2. Right Click on the Reverse Lookup Zone and select new Zone.

3. Select Primary zone and click next, Store the zone in Active Directory must be selected to enable

WIPRO I2 Confidential

Page 19 of 123

4. Select the Replication to All the DNS Servers and click next.

WIPRO I2 Confidential

Page 20 of 123

5. Type the Subnet of the Domain Controller and click next.

WIPRO I2 Confidential

Page 21 of 123

6. Click finish to complete the zone creation.

7. Once the zone is created, open forward lookup zone and right click on the Host record of the Domain controller and select properties. Put the tick mark on the Update Associated Pointer option and click OK. This will automatically create a Pointer record in the reverse lookup zone.

WIPRO I2 Confidential

Page 22 of 123

Check the Health of the Domain Controller.

1. Verify all the Active Directory Roles are functioning properly by running the Netdom query.

2. Verify the SRV records in DNS.

WIPRO I2 Confidential

Page 23 of 123

AD Sites & Subnets Management

1. Open Sites and services in Active Directory. Right click the site and select new Site.

2. Name it as Bangalore and select the Default Site Link. Click OK and the site gets created.

WIPRO I2 Confidential

Page 24 of 123

3. Associate a subnet to the Bangalore Site. Right click on Subnets and select new Subnet.

WIPRO I2 Confidential

Page 25 of 123

4. Type the Subnet of the Domain Controllers with the Mask and associate it with Bangalore site and click OK.

WIPRO I2 Confidential

Page 26 of 123

5. Once the Subnet has been attached to the site, move the Domain Controller to the new Site. In the AD Sites and Services windows Right click on the Domain Controller and Select Move.

6. Select Bangalore site and click OK.

WIPRO I2 Confidential

Page 27 of 123

Additional Domain Controller Setup.

1. Run DCPROMO command in the Server designated to be promoted as ADC. 2. Click next in the welcome screen.

WIPRO I2 Confidential

Page 28 of 123

3. Select the option Add a Domain Controller in an existing Domain and click next.

4. Type the Domain and click next.

WIPRO I2 Confidential

Page 29 of 123

WIPRO I2 Confidential

Page 30 of 123

5. Select the Site to which the Domain Controller has to be installed.

6. Select the DNS and Global Catalog Roles and click next.

WIPRO I2 Confidential

Page 31 of 123

WIPRO I2 Confidential

Page 32 of 123

WIPRO I2 Confidential

Page 33 of 123

7. Click finish and restart the Server.

WIPRO I2 Confidential

Page 34 of 123

Configure Failover Clustering in Windows 2008

1. Before Configuring the Windows Cluster we need to configure the Network Adapters on the Server. 2. We need to have two Network Adapters in each Server. 3. One Network card must be configured as Internal Network. Second card must be configured with a Private rage of network. This card will be used for Heartbeat communication between the Servers. 4. Attach separate SAN storage to each Server for the Exchange Database. 5. Join the machines to jdatest.com Domain. 6. Open Failover Cluster Management in the first node. 7. Select create a cluster option in the Action pane.

WIPRO I2 Confidential

Page 35 of 123

8. Click next to Continue.

9. Select both node1 and node2 to the cluster and click next.

WIPRO I2 Confidential

Page 36 of 123

10. Select yes to run the Cluster validation tests and click next.

WIPRO I2 Confidential

Page 37 of 123

WIPRO I2 Confidential

Page 38 of 123

11. Click finish to complete the Validation check.

12. Give a name and IP Address for the Cluster and click next.

WIPRO I2 Confidential

Page 39 of 123

WIPRO I2 Confidential

Page 40 of 123

13. Click finish to create the Windows Failover Cluster.

WIPRO I2 Confidential

Page 41 of 123

14. Once the Cluster is created, we need to configure the Quorum. 15. Exchange 2007 CCR supports File Witness Quorum. 16. Open the Failover Cluster Management; right click on the Windows Cluster we have created and Select Configure Cluster Quorum settings in the More Actions.

WIPRO I2 Confidential

Page 42 of 123

17. Select Node and File Share Majority and click next.

WIPRO I2 Confidential

Page 43 of 123

18. We need to select a shared folder that will act as File Share Majority. Before selecting the option create a folder in the Server where you will be installing the Exchange 2007 HUB Transport Role.

WIPRO I2 Confidential

Page 44 of 123

19. Click finish to configure the Quorum settings.

WIPRO I2 Confidential

Page 45 of 123

Exchange 2007 implementation

INSTALLATION OF EXCHANGE 2007 SERVER System Wide Requirements
Exchange 2007 has a certain set of requirements that must be met before we proceed with the installation and these requirements can be spilt into two types, system-wide and server-specific. System-wide requirements ensure that your Active Directory is ready to accept Exchange 2007 servers and server-specific requirements ensure that the server that Exchange 2007 will be installed on can support. One of the bigger requirements is that 1. Exchange 2007 requires the domain functional level to be at Windows 2000 native mode. 2. On top of that Exchange 2007 also requires that the Schema master and the Global Catalog servers run Windows Server 2003 with SP1 applied. 3. It goes without saying that you also need a functional DNS infrastructure in place. 4. If you are installing Exchange 2007 into an existing organization, the Exchange mode must be set to native-mode. This means no Exchange 5.5 servers anywhere in the Exchange organization. If you still have any Exchange 5.5 servers, you will need to upgrade them to Exchange 2000/2003 or remove them completely before proceeding with the installation of Exchange 2007. 5. Exchange 2000 and 2003, the forest and domain needs to be prepared with schema extensions. However, unlike the previous versions, Active Directory does not need to be prepped beforehand, it is done automatically during setup, but the option does exist to allow for manual schema upgrades. 6. During the setup process the server will connect to the Schema Master in an effort to update the schema and this requires that the Schema Master is available and that the account you are running setup with has permissions to modify the schema. 7. You can prep the domain manually with the /PrepareAD switch on any server in the same domain that the Schema Master is in but it is recommended to do this on the Schema Master. Once you have completed this, you will have to wait for the schema updates to replicate throughout the forest before you install any additional Exchange 2007 servers in the organization. 8. Finally, as with all Exchange installations, you require certain administrative rights in order to install an Exchange 2007 server. The following is a list of required permissions required to install an Exchange 2007 server into a new or existing organization. a. Local Administrator on the server WIPRO I2 Confidential Page 46 of 123

b. Enterprise Administrator c. Domain Administrator d. Schema Administrator (only required to extend the Schema) e. You complete Exchange 2007 installation by performing several tasks. You can complete all these tasks at the same time, or you can perform some of the tasks before you start Exchange 2007 server role installation. To complete installation, follow these steps

Pre-requisites for Exchange Server 2007 Hub/CAS/Mailbox Role Microsoft .NET Framework 2.0 (x64 bit) Microsoft Management Console 3.0 (x64 bit Windows Power Shell V1.0 IIS 6.0

WIPRO I2 Confidential

Page 47 of 123

Prepare Active Directory for Exchange 2007 1. Run the following commands in the Domain controller where the schema master role is running.

WIPRO I2 Confidential

Page 48 of 123

2. Once it is completed successfully, we can start the Exchange setup. Note: If you have Large AD infrastructure, you need to wait until the schema changes are replicated to all the Domain Controllers.

WIPRO I2 Confidential

Page 49 of 123

Installing Exchange server 2007

Installation of Exchange 2007 HUB and CAS 1. Exchange 2007 Setup Splash Screen, click on Install Microsoft Exchange to start the setup.

WIPRO I2 Confidential

Page 50 of 123

3. Exchange Server 2007 Setup Wizard Introductory Page

4. Select I Accept License agreement then Click Next

WIPRO I2 Confidential

Page 51 of 123

5. Error Reporting Page click next.

6. Select Custom Exchange Server Installation and click next

WIPRO I2 Confidential

Page 52 of 123

7. Select Client Access Role and Hub Transport Role and click next

WIPRO I2 Confidential

Page 53 of 123

8. Click finish to complete the setup.

WIPRO I2 Confidential

Page 54 of 123

Exchange 2007 CCR Implementation

Active Clustered Mailbox role installation 1. Run the setup.exe in the first node

WIPRO I2 Confidential

Page 55 of 123

WIPRO I2 Confidential

Page 56 of 123

2. Select Custom installation and click next.

3. Select Active Clustered Mailbox role and click next.

WIPRO I2 Confidential

Page 57 of 123

4. Select Cluster Continuous Replication and type the Clustered Mailbox Server name as POCJDAMBX. This is the Virtual Exchange cluster name. Select Mailbox role location and click next.

5. Give an IP address for the Exchange Virtual Server and click next.

WIPRO I2 Confidential

Page 58 of 123

WIPRO I2 Confidential

Page 59 of 123

6. Click finish to complete the setup.

WIPRO I2 Confidential

Page 60 of 123

Passive Clustered Mailbox role installation 1. Run the Setup in the Passive node.

WIPRO I2 Confidential

Page 61 of 123

WIPRO I2 Confidential

Page 62 of 123

2. Select Passive Clustered Mailbox Role and click next.

WIPRO I2 Confidential

Page 63 of 123

3. Click finish to complete the setup.

WIPRO I2 Confidential

Page 64 of 123

Installation of Edge Transport Server Role

1. Prerequisites for installing Edge Transport Server. a. The Edge Trans port Server role must be installed in DMZ zone. b. The operating system must be configured in Workgroup environment. c. The DNS suffix must be added to the Network properties. Right click My computer->Properties->Change Settings->Change->More->Add JDATEST.COM in the primary DNS suffix d. Active Directory Application Mode must be installed. e. Host record of the HUB transport server must be added in the host file of the Edge Server. 2. Ports must be opened between Edge Transport Server and HUB Transport Servers.

Network interface Between Edge and Internet Between Edge and HUB Local only HUB to Edge

Open port 25/TCP

Protocol SMTP

Note This port must be open for mail flow to and from the Internet. This port must be open for mail flow to and from the Exchange organization. This port is used to make a local connection to ADAM. This port must be open for EdgeSync synchronization. Opening this port is optional. It provides more flexibility in managing the Edge Transport servers from inside the internal network by letting you use a remote desktop connection to manage the Edge Transport server. This port provides DNS communication between Edge and HUB transport Servers. This port is optional since you can have a host record for the communication This port provides DNS communication between Edge and internet.

25/TCP

SMTP

50389/TCP 50636/TCP

LDAP Secure LDAP RDP

Inbound from the internal network

3389/TCP

Edge to Internal DNS Servers Between Edge and internet

53/UDP

DNS

53/UDP

DNS

WIPRO I2 Confidential

Page 65 of 123

Install Edge transport Server 1. Run the Exchange 2007 setup.

WIPRO I2 Confidential

Page 66 of 123

WIPRO I2 Confidential

Page 67 of 123

2. Select Edge Transport server role and click next.

WIPRO I2 Confidential

Page 68 of 123

3. Click finish to complete the setup.

WIPRO I2 Confidential

Page 69 of 123

Configure Edge Subscription 1. Open the Exchange Management Shell in Edge transport Server and run the following command. New-EdgeSubscription -filename "C:\EdgeSubscriptionInfo.xml"

2. 3. 4. 5.

The file will get saved in c drive. Copy the file to HUB transport Server. After the file is copied, open Exchange management console in HUB transport Server. Under Organization configuration->Hub Transport->Edge Subscription. Click on new Edge Subscription.

WIPRO I2 Confidential

Page 70 of 123

6. Select the Active Directory site and click on browse to select the Edge Subscription xml file created in the Edge Transport Server and click New.

WIPRO I2 Confidential

Page 71 of 123

7. Click finish to complete the subscription in HUB transport Server.

WIPRO I2 Confidential

Page 72 of 123

8. Once it is created we need to start the Edge Synchronization. Open Exchange Management shell in Hub Transport Server and execute the following command. Start-Edgesynchronization

WIPRO I2 Confidential

Page 73 of 123

Installation and Configuration of Certificate Services

1. We will configure the Certificate Services in Additional Domain Controller. 2. Open Server Manager in ADC and click on ADD Roles.

WIPRO I2 Confidential

Page 74 of 123

3. Select Certificate Authority and click next.

4. Select Enterprise CA and click next.

WIPRO I2 Confidential

Page 75 of 123

5. Select Root CA since this is the first CA we are installing in the Domain.

WIPRO I2 Confidential

Page 76 of 123

6. Give a name for the Certificate Authority. We will give JDATEST CA

WIPRO I2 Confidential

Page 77 of 123

7. We can set the validity period for the certificates generated by this CA.

WIPRO I2 Confidential

Page 78 of 123

WIPRO I2 Confidential

Page 79 of 123

8. Click install to start the CA installation.

9. Close when the installation is complete.

WIPRO I2 Confidential

Page 80 of 123

10. Once the CA has been installed, open the IIS console in the Client Access Server and double click on Certificate option. Click on Create certificate request.

11. Give the common name as webmail.i2technologies.com and give other details.

WIPRO I2 Confidential

Page 81 of 123

12. Specify a location and give the file name to save the certificate request file.

WIPRO I2 Confidential

Page 82 of 123

WIPRO I2 Confidential

Page 83 of 123

13. Once completed connect to Certificate Authority by the following URL. http://pocjdaadc/certsrv

14. Click on Advanced certificate request.

WIPRO I2 Confidential

Page 84 of 123

15. Click on Submit a certificate request by using a base 64

WIPRO I2 Confidential

Page 85 of 123

16. Open the Certificate request text file which was created earlier.

17. Copy the entire contents of the file and paste it in the Saved request box in the Certificate request console. Select Web Server certificate.

WIPRO I2 Confidential

Page 86 of 123

18. Click on Download certificate to download the certificate generated by CA.

WIPRO I2 Confidential

Page 87 of 123

19. Once the certificate is downloaded. Open the IIS console in Exchange CAS Server. Open Server certificate option and click on Complete Certificate Request.

WIPRO I2 Confidential

Page 88 of 123

20. Select the Certificate downloaded from the CA and give any friendly name.

WIPRO I2 Confidential

Page 89 of 123

21. Click ok to install the certificate in CAS Server.

22. After the certificate is installed, we need to enable the certificate in Exchange. Open the certificates installed and copy the thumbprint from the certificate.

WIPRO I2 Confidential

Page 90 of 123

23. Remove the space between the numbers in the thumb print.

24. Open Exchange management console and run following command.

WIPRO I2 Confidential

Page 91 of 123

25. Give the Service name as IIS and press Enter.

WIPRO I2 Confidential

Page 92 of 123

26. Paste the thumb print which was copied earlier and press enter.

27. This will enable the Webmail certificate created in the Exchange.

WIPRO I2 Confidential

Page 93 of 123

Enable Outlook Anywhere in Client Access Server

1. To enable Outlook Anywhere in Client Access Server, we need to install the RPC over http proxy from the Server manager. 2. Open Server Manager in CAS Server->Add features->Select RPC over http proxy and click install. 3. After the RPC over http installation, open Exchange Management Console, under Server configuration->right click on the CAS Server and Select Enable Outlook Anywhere.

WIPRO I2 Confidential

Page 94 of 123

4. Type the external host name through which the Outlook Anywhere will be accessed. Usually it will be the same name you access OWA from internet. Select basic Authentication and click Enable.

5. This will enable the Outlook Anywhere in the CAS Server.

WIPRO I2 Confidential

Page 95 of 123

ISA 2006 Installation and Configuration

1. Following are the prerequisites for installing ISA Server 2006. a. Windows 2003 with SP1 and above. b. Two network Adapters (Public and Private networks) c. Domain Membership (We will install the ISA Server as Member Server) d. Configure one adapter to Public Network IP and other one to internal network IP. e. Join the machine to jdatest.com Domain. 2. After completing the prerequisites, double click the ISA 2006 setup. 3. Click next to continue

WIPRO I2 Confidential

Page 96 of 123

WIPRO I2 Confidential

Page 97 of 123

4. Select Install both ISA Server services and Configuration Storage server and click next.

WIPRO I2 Confidential

Page 98 of 123

5. Select the installation directory and click next.

6. Select create a new ISA Server Enterprise and click next.

WIPRO I2 Confidential

Page 99 of 123

7. Click on Add to select the internal network and Add the IP address rages in the network.

WIPRO I2 Confidential

Page 100 of 123

8. Click next to continue.

WIPRO I2 Confidential

Page 101 of 123

WIPRO I2 Confidential

Page 102 of 123

9. Click install to start the installation.

WIPRO I2 Confidential

Page 103 of 123

Install the Webmail Certificate in ISA Server. 1. We need to install the Webmail Certificate issued to CAS server in ISA Server. ISA will use this Certificate to authenticate the Client Requests. 2. Open MMC in ISA Server->Add Computer Certificates->Personal Certificate 3. Right click on the Certificates->All Tasks->Select Import.

WIPRO I2 Confidential

Page 104 of 123

4. Click browse and Select the Webmail certificate ( Export the Certificate from CAS server and copy it to ISA Server before this step)

WIPRO I2 Confidential

Page 105 of 123

WIPRO I2 Confidential

Page 106 of 123

5. Click finish to complete the Certificate import wizard.

WIPRO I2 Confidential

Page 107 of 123

ISA 2006 Configuration 1. By Default there will be one rule Deny any to any traffic rule will be created in ISA Server.

WIPRO I2 Confidential

Page 108 of 123

Publish Outlook Web Access in ISA 2006 1. To Publish OWA, open ISA console->Firewall Policies->Click on Publish Exchange Web Client Access. Give a name for the rule and click next.

2. In the Exchange Version select Exchange 2007 and select Outlook Web Access in the Web Client mail services.

WIPRO I2 Confidential

Page 109 of 123

3. Use Publish a single web site option and click next.

WIPRO I2 Confidential

Page 110 of 123

4. Type the name of the internal web site that is publishing and select the CAS server name and click next.

5. Type the external OWA url in the Public name and click next.

WIPRO I2 Confidential

Page 111 of 123

6. The Web Listener page appears. We need to create a new Listener for the OWA Publishing. Click on New in the Web Listener window.

7. Give the name as Exchange Listener.

WIPRO I2 Confidential

Page 112 of 123

8. We need to have SSL connection when clients connect to the Server. Select the option and click next.

9. Select the External network and add the IP subnets for that.

WIPRO I2 Confidential

Page 113 of 123

10. Also select the internal network and add the IP subnets.

WIPRO I2 Confidential

Page 114 of 123

11. The Certificate screen appears. Select the webmail certificate for both the networks.

WIPRO I2 Confidential

Page 115 of 123

WIPRO I2 Confidential

Page 116 of 123

12. Select Form based authentication for the client communication and select Active Directory for the client credential verification.

13. Type the Public Domain name and click next.

WIPRO I2 Confidential

Page 117 of 123

14. This completes the Listener configuration. Click next

WIPRO I2 Confidential

Page 118 of 123

15. Select Basic Authentication and click next.

16. Select Authenticated Users and click next.

WIPRO I2 Confidential

Page 119 of 123

17. Click finish to complete the OWA publishing wizard.

18. Click Apply to affect the settings.

WIPRO I2 Confidential

Page 120 of 123

Redirect Http requests to Https in ISA 2006 1. Open the Web Listener properties and click on connections. 2. Select Redirect authenticated traffic from http to https.

WIPRO I2 Confidential

Page 121 of 123

Receive Connector Settings 1. Verify the receive connector settings.

Conclusion
Installation and configuration of Exchange 2007 has been completed successfully. Exchange mailbox Servers are installed on a CCR setup and client Access Server are configured on a Hardware Load balancer. Exchange Internet Access has been published through ISA 2006.

-----End of the Document-----

WIPRO I2 Confidential

Page 122 of 123

WIPRO I2 Confidential

Page 123 of 123