In Part-One we covered Exchange Pre-Install Tasks, in Part-Two we installed Exchange 2016, but it still won’t be working properly, so we need to carry out a few Post-Install Tasks.
Solution
Install Exchange 2016 Product Key
Log into Exchange Admin Center > Servers > Servers > Select the Server > Enter Product Key.
Manually enter your product key > Save.
Heed the warning > OK.
Open an administrative PowerShell window, and run the following command;
[box]Restart-Service MSexchangeIS[/box]
Now if you hit the refresh button it should say the product is licensed,
Exchange 2016 Install Certificate
As you can see (below) Exchange 2016, (like its predecessors) creates and installs a locally signed certificate. These days I just recommend that clients use wildcard certificates, they are much less hassle even if they are a bit more expensive.
To create the request > Servers > Certificated > Select the server > Add.
Create a request > Next > Give the request a sensible name > Next.
Don’t forget the asterisk i.e “*.publicly-addressable-domain.com” > Next > Add in the server > Next.
You need a “share” to save the certificate request in > Finish.
The request will be stored in PEM format, this is the information you will need to send to your certificate provider to obtain your wildcard certificate. Use the link below to get the correct certificate.
Once you have received your certificate back from your certificate vendor, then locate your request and ‘Complete’ it.
Browse to the certificate you have saved > OK.
Exchange 2016 Assigning Services to a Certificate
Now we have the certificate we need to enable it, select the new cert > Edit.
Select SMTP and IIS > Save > Yes.
Note: POP and IMAP will be disabled and don’t like using wildcard certificates!
Now navigate to https://{server-FQDN}/ecp and log back into Exchange Admin Center, to check it’s using the correct certificate.
Remember you need to use the FQDN, NOT the server name, or you will get certificate errors!
Exchange 2016 Create a Send Connector
Before you can send mail externally, you need to create a send-connector. Mail flow > Send Connectors > Add.
Give it a sensible name, select ‘Internet’ > Next > Unless you have a mail filtering appliance/server then you will want to use DNS/MX records to route mail > Next.
Add > Simply add an asterisk to the FQDN field (meaning all domains) > Save > Next.
Finish.
Beware: By default this connector has a 35Mb limit on it, for most people that will be fine, but you may need to change this.
Exchange 2016 Add An Accepted Domain
Freshly installed the Exchange server will only be serving email addresses for your internal domain, most people will need to add in their public domain name. See the following article;
Freshly installed your Exchange databases will be in the program install directory, I prefer to have the databases on their own volumes. See the following article;
Most people have a different domain name publicly to their internal domain name, if yours is the same then skip this section. The easiest way to address this is to use split DNS, see the following article;
Finally: Don’t forget to add your new Exchange servers into your backups! And install some AV (Note: Some AV providers have very specific settings that might need disabling, (I’m looking at you you McAfee). At the very least exclude the folders holding your data-stores, logs, and queue databases from AV scanning.
Related Articles, References, Credits, or External Links
Part Three – Deploying Exchange 2013 On a ‘Greenfield Site’
KB ID 0000730
Problem
In part one and part two we looked at what to consider, and what you need to be doing before you reach for the install DVD. Now we will run through a complete Exchange deployment on a fresh site with no existing mail system.
I’ve already written extensively about the hardware, software and environment requirements for Exchange 2013. Please run through the following article before you start.
With a fully updated Windows Server 2012, that is a domain member your main three pre deployment tasks are to install the following pieces of software.
9. Select the roles required, I’m just having one server so I’m selecting both > Next.
Note: Current Microsoft thinking is to NOT separate out roles like you did with Exchange 2007 and 2010, if you deploy multiple servers deploy multiple roles.
10. Set the install path for the Exchange program files. If you change form the default, and you are deploying multiple Exchange servers, try to keep the path the same for all > Next.
11. Select an Organization name > Next.
12. Select if you want to disable the built in malware protection or not.
Note: Malware protection is now based on Forefront. Only consider disabling this if you plan to deploy some third party malware/AV scanning software.
13. You should get a warning telling you that once complete you will not be able to install Exchange 2010 > Next.
14. Setup will progress (Approx 45 minutes).
15. When done > you can tick the box and launch the ‘Exchange Admin Center’. BUT At this point I would run a full Windows update and reboot the server.
Exchange 2013 Post Install Configuration Tasks
1. To launch the new ‘Exchange Admin Center’, navigate to https://localhost/ecp.
2. Sign in.
Enter the Exchange 2013 Server Product Key
3. Navigate to Server > {Server-Name} > Enter Product Key.
4. Type in your 25 character product key > Save.
5. Read the warning > OK.
6. Windows Key+R > services.msc {Enter} > Locate and restart the ‘Microsoft Exchange Information Store’ service.
Exchange 2013 Create a Default Send Connector
Without configuring a send connector, your outbound/internet destined mail will sit on the outbound queue with the following error.
7. Navigate to > Mail flow > Send Connector > Add.
8. Give the connector a name and select ‘Internet’ as it’s use > Next.
9. By default it will select where to send the email based on the DNS name of the recipient, however some people route all their mail via a smart host, (this can be a server or IP address at your ISP or a mail filtering provider). If you use a smart host you will probably already know, in most cases you will want the default option of ‘MX record associated with recipient domain’ > Next.
Exchange 2013 Adding a Domain Name as an Accepted Domain
14. Whilst in the Mail Flow section > Accepted Domains > Add.
15. Give the entry a name > Type in your domain name > Save > Repeat for any additional domain names.
Adding New Email Addresses to the Default Email Address Policy.
16. Whilst in the Mail Flow section > email address policies > With the default policy selected > Edit (pencil icon).
17. Email address format.
18. Add.
19. Select the domain > Select the name format > If this email address will be the default/reply address then select the bottom tick box > Save > Repeat for each additional email address you want to apply to your users, but only one can be the reply address.
1. Create a folder on the destination drive/volume.
2. First see where the database is now. From within the Exchange admin center (https://localhost/ecp) > Servers > Databases > Select the database to be moved > Edit (pencil icon).
3. Take a note of the database path, and the database filename (filename.edb).
4. Launch the Exchange Management Shell.
5. Execute the the following PowerShell command;
Answer Y to the questions (or A for all).
6. Now you can check that the database has mounted, and is in its new location.
Exchange 2013 Apply for, and Install a Third Party Certificate
1. From within the Exchange admin center (https://localhost/ecp) > Certificates > Add.
2. Self signed certificates are literally more trouble than they are worth, you need to BUY A CERTIFICATE! > Next.
3. Give the request a name > Next.
4. We don’t want a wildcard certificate > Next.
Note: A wildcard certificate is a certificate that has a name like ‘*.domain.com’.
5. Select the Exchange Server > Next.
6. Select the internet Outlook Web App and Edit (pencil icon).
7. Type in the publicly addressable domain name of the Exchange Server > OK.
8. Set the public name of the Autodiscover service > OK > Next.
9. MAKE SURE that the OWA public name is IN BOLD as this will be set as the ‘common name’ on the certificate > Next.
10. Type in your details > Next.
11. Select a share to save the certificate request in > Finish.
Note: This share must already exist, with the correct permissions, if in doubt watch the video above.
12. Now you should have a pending request.
13. Take the certificate request that it has generated (in PIM format), and send that to your certification authority, the link below will take you straight to the correct certificate you need;
14. Once complete and you have received your new certificate back again > Select the pending request > Complete.
15. Supply the path to the certificate > OK.
16. Now you need to assign Exchange services to the certificate> with it selected > Edit (pencil icon).
17. I’m not using unified messaging or POP, so I’ve just selected SMTP, IMAP and IIS > Save.
18. Yes to overwrite the existing certificate.
19. Now lets make sure its worked, open https://localhost/owa > it will error because the URL is wrong > continue to this website.
20. Open the certificate and check it is correct. (here mine has a common name of mail.petenetlive.com).
Exchange 2013 Setting up ‘Split DNS’ for your Exchange Certificate
Note: You only need to set this up if your private/internal, and public/external domain names are different.
21. To avoid annoying DNS and certificate errors on your internal network, your best bet is to setup ‘Split DNS’. Create a forward lookup zone that matches your PUBLIC domain name. Then inside this zone create an A/Host record for mail that points to the internal IP of your Exchange Server. And another for Autodiscover that points to the same IP address.
WARNING: If you do this, and have a www.yourdomainname.com website hosted externally, you will find that your internal users can no longer get to it! If that happens create an additional A/Host record for a host called www and point its IP address to the publicIP address of your website (you may also need an FTP entry if you use that externally as well).
22. Now open a web browser and navigate to the public name of your mail sever, this time it SHOULD NOT ERROR.
Exchange 2013 Test Mail Flow
1. Log into OWA, and send a test email to an internal email address (on a new deployment you probably only have Administrator as a mailbox, so send yourself an email).
2. Then send a test email out to a public email address.
Note: If this fails, check it has left the Exchange Organization by looking at the Queue Viewer.
3. Once you know mail is flowing out test mail in, if this fails make sure you have an MX Record and an A/host record pointing to your Exchange 2013 Server.
Also ensure that TCP port 25 (SMTP) is open to the Exchange Server, (or ‘port forwarded’ to it). And if not add TCP 443 That’s HTTPS, so it is also open/forwarded for OWA, Outlook Anywhere and ActiveSync to work.
Related Articles, References, Credits, or External Links