Exchange 2003

Introduction:
Exchange server 2003 is a total messaging solution and content management solution made for small and enterprise business.

Requirements:
  1. DC and Global Catalog server are running Windows 2000 SP3 or Windows Server 2003.
  2. DNS and WINS Configured
  3. NTFS File System

Components needed:
  • .Net Framework (built-in server 2003 add/remove prog)
  • ASP.Net (built-in server 2003 add/remove prog)
  • IIS
  • SMTP Service
  • NNTP Service

Create a service account and add the account to the following groups:
  • Enterprise admin, Schema admin and Domain admin

Run /ForestPrep switch
  • e.g. \setup\i386\setup.exe /ForestPrep
  • run this on the forest root domain as it needs to contact the First Domain Controller or the domain controller running the Schema Master Operation Role which is one of the FSMO roles.

Run /DomainPrep switch
  • e.g. \setup\i386\setup.exe /DomainPrep
  • run on all domain controllers that will contain exchange object and mailbox

Install Exchange and create the new organization.

Delegate Control
For enterprise company we can delegate control by opening system manager and right click on the domain and select delegate.


Administering from Client Workstation
  • Shouldn't administer via server console.
  • Limit logon locally rights.
  • Install Exchange System management tools
  • Workstation must be in the same forest/domain with operating system W2000 SP3, XP SP2, W2k Server SP3, W2k3 Server.
  1. Install adminpak.msi on workstation
  2. Install management support tools \setup\i386\setup.exe

Show Administrative Group
Open system manager > Right click on domain and tick on show administrative groups. Under administrative group we can now arrange sites of our exchange organization and delegate control. Below is a sample image.


Routing Groups Basics
  • Directly, tightly coupled to physical layout - like an AD site.
  • Connects multiple slow link locations.

TCP Port Filtering




Exchange RPC Over HTTP

1.Setup the front end server as the rpc proxy server. Open add/remove programs > networking services and tick on RPC over http.


2. Open IIS Manager > Websites > Default website > right click on rpc and select properties > directory security tab > authentication control.
  • Clear out enable anonymous access
  • Tick on Basic a warning message will appear just click on yes



3. Request and install SSL certificate. Under IIS > default website > directory security > server certificate. A log will be created copy and paste it to any 3rd party Certificate authority. It is recommended to purchase SSL Certificate to known CA such as comodo.com

4. It is recommended to require SSL. Under RPC virtual directory go to Directory security > Enable require SSL and 128-bit encryption.


5. Verify if your Exchange server 2003 is running SP1 or higher. This is needed to automatically configure special ports to make RPC over https work. Open system manager navigate to the administrative group > server name > properties > General Tab.


6. Enable RPC over HTTP/HTTPS by moving to RPC-HTTP Tab and click RPC-HTTP back-end server. A warning message will appear and will prompt to restart the server.


7. Configure your corporate firewall to port forward Https/http port to Exchange server.

8. Configure your outlook to use HTTPS/HTTP. The outlook need to connect to Exchange local network at least once in order for rpc over https to work. Configure your outlook the usual way upon reaching Microsoft Exchange server name click on more settings > Tab to connection > Connect to my Exchange mailbox using HTTP. Specify your FQDN.


HTTPS/HTTP should now work.

Configure Connection Filtering
1. Open System manager > Global Settings > Message Delivery > Connection Filtering > Add a new RBL List like the image below. A warning message will appear saying you need to change something on your virtual smtp server.


To complete the process navigate to smtp virtual server > properties > advanced > tick on apply connection filter.


To block certain e-mail address that is known as spam under properties of Message Delivery tab to Sender filtering and input the e-mail address and tick on drop connection.



Troubleshooting Outbound E-mail
  1. Check whether the anti-virus program is blocking outgoing mail. This happens to Symantec Endpoint Protection Anti-virus.
  2. Check your ISP if they are blocking SMTP. A successful telnet to an outside SMTP server does not mean your connection is allowed to send SMTP. My ISP provider blocks all smtp request and this is resolve by using the ISP SMTP server.
  3. If you have a missing MX record this can also be a cause of preventing outside mail. Bayantel ISP smtp server verifies mx record before allowing a successful e-mail.
  4. Unable to send mail thru webmail, - download Exchange2003-KB911829-v3-x86-ENU.exe patch from microsoft to solve this problem.

Configure Exchange to use ISP SMTP Server

1. Open System Manager > Navigate to the Administrative Group > Server > Protocol > SMTP. Right click and open properties of Default SMTP. Tab to delivery and click on Advanced.


2. In smart host specify the name of the ISP SMTP Server.



Message Tracking
As administrator we will always be ask often by users if their e-mail reach the recipient. Message tracking is disabled by default. To enable message tracking:
  • System Manager > Administrative Group > Server name > General properties tab. Tick to enable subject logging and display, Enable message tracking.



Using Message Tracking Center under Tools we can check e-mail status by specifying the sender, recipient or server.

Below is a sample of undelivered outbound failed/queued mail.


Below is a sample of successful outbound mail using an SMTP relay.


Successful outbound mail to yahoo mail.


Below is a sample of successful inbound mail


Backup Strategy
  • The following are the files needed to be backup for an Exchange Server.
  • IIS System Metabase (holds configuration data of IIS.) Located at %windows%\system32\inetsrv\MetaBack Folder
  • Information Store which holds mailboxes and public folder.
  • System State

Best Practices
  • IIBackup.vbs a script to automate IIS System Metabase backup.
  • The circullar logging should be disabled if wanted to have differential and incremental backup. To enable/disable open properties of the storage group.
  • Modify the keep deleted items & mailboxes for 30 days, and check the box do not delete files until store has been backed up. Do this also for the public folder store.





Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)