hand note - microsoft exchange server 2003 configuration

7/30/2019 Hand Note - Microsoft Exchange Server 2003 Configuration

1/58

Hand Note - Microsoft ExchangeServer 2003 Configuration

Moshiur Rahman

Copyright 2012 Moshiur Rahman

All rights reserved.

ISBN-10:1481895168ISBN-13:978-1481895163


2/58

I dedicate this book to my wife, Dr.Farzana Ahmed, who has been my partner inlife, since 2007


3/58

CONTENTS

Acknowledgments

1 Using this handbook you will know 5

2 Windows Server 2003 Installation (Step by Step) 7

3 Domain Controller Installation 17

4 Install the Exchange Server 2003 Enterprise 33

5 Exchange Server Configuration 36

6 ISA Installation & Configuration 45

7 Publishing an Exchange Server with ISA Server 52


4/58

Hand Note - Microsoft Exchange server 2003 Configuration

iv

ACKNOWLEDGMENT

First, I would like to express my eternal gratitude to theAlmighty Allah for his blessings for the completion of this book.

I am also thankful to the authority of Expolanka GroupBangladesh to give me information and infrastructure toimplement the Microsoft exchange server. Without their fullcooperation, it could not happen.


5/58


5

Chapter-1

Using this Hand Note you will know-(Step by Step)

Installation & configuration of windows server2003 Enterprise Edition.

configure Active Directory and DNS serverHow to install & configure Microsoft exchange

server 2003.

How to publish your exchange server in ISAServer.


6/58


6

Chapter-2

Windows Server 2003 Installation (Step by Step)

Step #1: Plan your installation

When you run the Windows Server 2003 Setup program, you mustprovide information about how to install and configure the operatingsystem. Thorough planning can make your installation of Windows Server2003 more efficient by helping you to avoid potential problems duringinstallation. An understanding of the configuration options will also helpto ensure that you have properly configured your system.

I won't go into that part right now (I might later this month, no

promises...) but here are some of the most important things you shouldtake into consideration when planning for your Windows Server 2003installation:

Check System Requirements Check Hardware and Software Compatibility Determine Disk Partitioning Options Choose the Appropriate File System: FAT, FAT32, NTFS Decide on a Workgroup or Domain Installation Complete a Pre-Installation Checklist

After you made sure you can go on, start the installation process.

Step #2: Beginning the installation process

You can install Windows Server 2003 in several methods - all are validand good, it all depends upon your needs and your limitations.

For example, you can install directly from a CD by booting your computerwith the CD, or you can also copy the I386 folder from a CD and run the

setup process by going into the I386 folder and using the WINNT orWINNT32 command (depending upon your existing operating system).

It doesn't matter how you run the setup process, but the moment it runs- all setup methods look alike.


7/58


7

Step#3 Installation steps:


8/58


8

It will then begin to load device drivers based upon what it finds on yourcomputer. You don't need to do anything at this stage.


9/58


9

1. Click Customize to change regional settings, if necessary. Current System Locale - Affects how programs display dates, times, currency, and numbers.

Choose the locale that matches your location, for example, French (Canada).

Current Keyboard Layout - Accommodates the special characters and symbols used indifferent languages. Your keyboard layout determines which characters appear when you

press keys on the keyboard.

If you don't need to make any changes just press Next.


10/58


10

If you do need to make changes press Customize and add your System

Locale etc.


11/58


11

Type your name and organization.


12/58


12

Type the product key.


13/58


13

Enter the appropriate license type and number of purchased licenses.


14/58


14

Type the computer name and a password for the local Administrator

account. The local Administrator account resides in the SAM of thecomputer, not in Active Directory. If you will be installing in a domain, you

need either a pre-assigned computer name for which a domain account hasbeen created, or the right to create a computer account within the domain.

If you enter a password that is blank or does not match the required


15/58


15

complexity settings you will get a warning message.


16/58


16

Select the date, time, and time zone settings.


17/58


17

Setup will now install the networking components.

Press Next to accept the Typical settings option if you have one of the


18/58


18

following situations:

You have a functional DHCP on your network. You have a computer running Internet Connection Sharing (ICS). You're in a workgroup environment and do not plan to have any other

servers or Active Directory at all, and all other workgroup members areconfigured in the same manner.

Otherwise select Custom Settings and press Next to customize yournetwork settings.


19/58


19

Highlight the TCP/IP selection and press Properties.

In the General tab enter the required information. You must specify theIP address of the computer, and if you don't know what the Subnet Maskentry should be - you can simply place your mouse pointer over theempty area in the Subnet Mask box and click it. The OS will automaticallyselect the value it thinks is good for the IP address you provided.


20/58


20

If you don't know what these values mean, or if you don't know what to

write in them, press cancel and select the Typical Settings option. Youcan easily change these values later.

** After Installation of Windows server 2003 always Install latest

Service pack.

Windows Server 2003 Service Pack 2 (32-bit x86) Installation Guide:

Download service 2 from this link and install on your server.

http://www.microsoft.com/en-us/download/details.aspx?id=41
http://www.microsoft.com/en-us/download/details.aspx?id=41http://www.microsoft.com/en-us/download/details.aspx?id=41http://www.microsoft.com/en-us/download/details.aspx?id=41


21/58


21

Chapter-3

Domain Controller Installation:

Creating the first Windows Server 2003 Domain Controller in a domain

Method:

Click Start -> Run...


22/58


22

Type "dcpromo" and click "OK"

You will see the first window of the wizard. As it suggests, I suggest reading the help

associated with Active Directory. After this, click "Next"

Click "Next" on the compatibility window, and in the next window keep the default

option of "Domain Controller for a new domain" selected, and click "Next"


23/58


23

In this tutorial we will create a domain in a new forest, because it is the first DC, so

keep that option selected


24/58


24

Now we have to think of a name for our domain. If you own a web domain like

"visualwin.com", you can use it, but it isn't suggested because computers inside of

your domain may not be able to reach the company website. Active Directory

domains don't need to be "real" domains like the one above - they can be anything you

wish. So here I will create "visualwin.testdomain"


25/58


25

Now in order to keep things simple, we will use the first part of our domain

("visualwin"), which is the default selection, as the NetBIOS name of the domain

The next dialog suggests storing the AD database and log on separate hard disks, and

so do I, but for this tutorial I'll just keep the defaults


26/58


26


27/58


27

The SYSVOL folder is a public share, where things like .MSI software packages can

be kept when you will distribute packages (as I said, AD has a lotof different

features). Once again, I will keep the default selection but it can be changed if you

wish to use the space of another drive


28/58


28

Now we will get a message that basically says that you will need a DNS server in

order for everything to work the way we want it (i.e., our "visualwin.testdomain" to be

reachable). As I mentioned earlier, we will install the DNS server on this machine as

well, but it can be installed elsewhere. So keep the default selection of "Install and

configure", and click "Next"


29/58


29

Because, after all, this is a Windows Server 2003 tutorial website, we'll assume there

are no pre-Windows 2000 servers that will be accessing this domain, so keep the

default of "Permissions compatible only with Windows 2000 or Windows Server

2003 operating systems" and click "Next"


30/58


30

The restore mode password is the single password that all administrators hope to

never use, however they should also never forget it because this is the single password

that might save a failed server. Make sure it's easy to remember but difficult to guess


31/58


31

Now we will see a summary of what will happen. Make sure it's all correct because

changing it afterwards can prove to be difficult

After the previous next was clicked, the actual process occurs. This can take several

minutes. It's likely that you will be prompted for your Windows Server 2003 CD (for

DNS) so have it handy

If your computer has a dynamically assigned address (from DHCP) you will be


32/58


32

prompted to give it a static IP address. Click ok, and then in the Local Area

Connection properties, click "Internet Protocol (TCP/IP)" and then "Properties"


33/58


33

In the next window select "Use the following IP address" and select the information

that you will use for your domain (and 127.0.0.1 for the primary DNS, because your

computer will host DNS. I still suggest setting up an alternate as well.) Click "OK"

and then "Close" on the next window


34/58


34

And after a while you will see

And we are finished.

Check your domain controller:

You will find active directory users and computers in administrative

tools. To open active directory users and computers do the following-


35/58


35

Now you can create users and groups as per your requirement:

To create a new user, follow these steps:

a. Click Start, point to Administrative Tools, and then click Active Directory Usersand Computers to start the Active Directory Users and Computers console.

b. Click the domain name that you created, and then expand the contents.c. Right-click Users, point to New, and then click User.d. Type the first name, last name, and user logon name of the new user, and then

click Next.

e. Type a new password, confirm the password, and then click to select one of thefollowing check boxes:

o Users must change password at next logon (recommended for most users)o User cannot change password


36/58


36

o Password never expireso Account is disabled

Click Next.

Review the information that you provided, and if everything is correct, click Finish.


37/58


37

Understanding Domain, folder and organization unit:


38/58


38

Chapter-4

Install the Exchange Server 2003 Enterprise

Steps:

1. Autorun should launch a splash screen with options for Resources and Deployment Tools. (If

autorun does not work, select Start, Run. Then type CDDrive:\setup.exe and click OK.)

2. Click on Exchange Deployment Tools.

3. Deploy the first exchage 2003 Server

4. New Exchange 2003 server

5. Before installing exchange ..install IIS and install ASP.NET, NNTP, SMTP,From Control panelAddremove programs- Network Components

6. Select IIS and Details- select SMTP service ,ASP.NET,NNTP and WWW services.- 2003 CD

will be asked for further installation.

7. From exchange server Deployment tools- select 6.Run ForestPrep now.

8. Same as 8 Select Run DomainPrep Now

9. Atlast select 1,2,4,5,6,7 and press Run setup now from No:8 Install Exchange server 2003 on

the new server


39/58


39

NOTE: If Virtual Memory (RAM) is more than 3 GB some changes should be done in the

boot.ini file ..change as follows and save it as boot.ini file again.


40/58


40

Chapter-5

Exchange Server Configuration:-

1. Go to the exchange manager

2. Find recipient default recipient policy-right click-properties.

3.e-mail address policy. If DNS and active directory installed properly It will show the e-mail address

policy, If u want to add different domain to get mail please type the domain name by clicking new.

4.if everything ok u will receive the mail now.


41/58


41

SMTP connector Setup:

1.Connectors-right click-New-Connector

2.Type the smtp name like smtp-out


42/58


42

3. Add SMTP-ok. 4. click on Use DNS to route to each address space on the connector

( if E-Mail should Out from this directly )


43/58


43

5. Add bridgehead (mandatory) Add-select the hostname-ok.


44/58


44

6. Add address space(recommended) , Go to address space tab- Add SMTP-Automatic

selectes E-mail Domain * , Cost 1. Ok. Ok.


45/58


45

Server SMTP Properties Setup: ( Recommended).

1. Server-Porotocols-SMTP default SMTP virtual serverright click properties.

2. From General enable logging-properties-select log report folder-brows and select

the path- From Advance-select all to show its report.


46/58


46


47/58


47

3.Acces tab-authentication-keep as it is.

Connection- Add clicking only the list bellow. Add network and click Ok.


48/58


48

Creating a Mailbox

The easiest way to confirm whether Exchange is working properly is to create a mailbox and test

sending and receiving email. To create a mailbox, use the following steps:

1. Click on Start, All Programs, Microsoft Exchange, Active Directory Users andComputers.

2. Right-click on the user account you want to create a mailbox for, select All Tasks, andthen select Exchange Tasks.

3. At the Welcome to Exchange Tasks screen, click Next to bypass the welcome page. Youcan disable the welcome page by clicking on the box next to Do Not Show This Welcome

Page Again.

4. Verify that Create Mailbox is highlighted and click Next.5. Accept the default or type an alias name for the user, server name, and mailbox store

name.

6. Click Next to continue.7. Click Finish. (You can click on the box next to View detailed report when this wizard

closes if you want to see the full report of the mailbox creation.)

Testing Mail Flow Using OWA

Another test can involve whether the user can log on to Outlook Web Access. Successful OWAaccess validates that the Web services are working properly, that the front-end and back-end

servers are communicating properly, and that the organizations firewall supports the passing ofOWA traffic. To test mail flow using Outlook Web Access, follow these steps:

1.

Open Internet Explorer and go tohttp://{servername}/exchange

.2. Log in as an Exchange user and send messages to another Exchange user.3. Open a second Internet Explorer window and log in as the other Exchange user.4. Verify that mail has been received by the second user.

Send a reply to the first user and confirm that the messages were successfully sent and received

Chapter-6


49/58


49

ISA Installation & Configuration

Installation Procedure:

To install ISA Server software, follow these steps:

1. Insert the ISA Server CD into the CD drive, or run ISAautorun.exe from

the shared network drive.

2. In Microsoft ISA Server Setup, click Install ISA Server.

3. After the setup program prompts that it has completed determining the

system configuration, on the Welcome page, click Next.

4. If you accept the terms and conditions stated in the user license

agreement, click I accept the terms in the license agreement, and

then click Next.

5. Type your customer details, and then click Next.

6. Click Typical Installation, Full Installation or Custom Installation.

There are four components that can be installed:

ISA Server Services. The services that comprise ISA Server.

ISA Server Management. The ISA Server Management user

interface.

Firewall Client Installation Share. A location from which client

computers can install the Firewall Client software. This is typically

installed on a computer other than the ISA Server computer, so it is

not part of the Typical Installation option. The Firewall Client Share

can be installed on computers running Windows Server 2003,

Windows 2000 Server, or

Windows XP.


50/58


50

Message Screener. A component that you configure to screen e-mail

messages for keywords and attachments. This component must be

installed on a Simple Mail Transfer Protocol (SMTP) server, which is

typically not your ISA Server computer.

Typical Installation installs ISA Server Services and ISA Server

Management. Full Installation installs all four components. Custom

Installation enables you to select which components you will install.

7. Click Next.

8. Configure the Internal network. Follow these steps:

1. Click Add.

2. Click Select Network Adapter.

3. Select Add address ranges based on the Windows Routing

Table.

4. Select one or more of the adapters that are connected to the

Internal network. These addresses will be included in the Internal

network that is defined by default for ISA Server.

5. Clear the selection ofAdd the following private IP ranges,

unless you want to add those ranges to your Internal network.

6. Click OK. Read the Setup Message, click OK, click OK again to

finish the Internal network configuration, and then click Next.

9. On the Firewall Client Connection Settings page, select whether you

want to allow nonencrypted connections between Firewall clients andthe ISA Server computer. The ISA Server 2004 Firewall Client software

uses encryption, but older versions do not. Also, some versions of

Windows do not support encryption. You can select to allow computers

running earlier version of Firewall client software to connect.


51/58


51

10. On the Services page, review the list of services that will be stopped or

disabled during installation of ISA Server. To continue the installation,

click Next.

11. Click Install.

12. After the installation is complete, if you want to invoke ISA Server

Management immediately, select the Invoke ISA Management check

box, and then click Finish.

ISA server Configuration:

Access the Internet from the Internal network

The following sections describe how to configure the solution:

4.2.1 Configure the Internal network

4.2.2 Create network rules

4.2.3 Create policy rules

4.2.4 Test the scenario

4.2.1 Configure the Internal network

As part of the setup process, you specified the address range in your Internal network, therebyconfiguring the Internal network. Verify that the configuration is valid, and that the Internal

network contains only addresses on Corpnet. On ISA_1, perform the following steps:

1. Open Microsoft ISA Server Management, expand ISA_1, expand the

Configuration node, and click Networks.

2. In the details pane, on the Networks tab, the address ranges included in

each network are shown.


52/58


52

3. Verify that only IP addresses of computers on your corporate network are

included in the Internal network.

Note

If necessary, you can reconfigure the Internal network by double-clickingInternal on the Networks tab to open the Internal Properties dialog box.

Select the Addresses tab, and use the Add and Remove buttons to add or

remove address ranges from the network. You can also use the Add

Adapter button to add all of the IP ranges associated with a particular

network adapter, or the Add Private button to add private address

ranges.

4. Double-click Internal in the Networks tab to open the InternalProperties dialog box. On the Web Proxy tab, verify that Enable Web

Proxy client isselected, that Enable HTTP is selected, and that in

HTTP Port, 8080 is specified, and then click OK.

4.2.2 Create network rules

As part of the installation process, a default Internet Access network rule was created. This rule

defines a relationship between the Internal network and the External network. To verify the rule

configuration, perform the following steps:

1. Expand the Configuration node, and click Networks.

2. On the Network Rules tab, double-click the Internet Access rule to

display the Internet Access Properties dialog box.

3. On the Source Networks tab, verify that Internal is listed. If it is not,

do the following:

1. Click Add.

2. In Add Network Entities, click Networks, click Internal, click

Add, and then click Close.


53/58


53

4. On the Destination Networks tab, verify that External is listed. If it is

not, do the following:

1. Click Add.

2. In Add Network Entities, click Networks, click External, click

Add, and then click Close.

5. On the Network Relationship tab, select Network Address

Translation (NAT).

6. Click OK.

7. In the details pane, click Apply to apply changes, if you made any.

4.2.3 Create policy rules

To allow the internal client access to the Internet, you must create an access rule allowing the

internal clients to use HTTP and HTTPS protocols. Perform the following steps:

1. Click Firewall Policy. On the task pane, select the Tasks tab, and click

Create New Access Rule to start the New Access Rule Wizard.

2. On the Welcome page, type the name of the rule. For example, typeAllow Internal clients HTTP and HTTPS access to the Internet.

Then, click Next.

3. On the Rule Action page, select Allow, and then click Next.

4. On the Protocols page, in This rule applies to, select Selected

protocols, and then click Add.

5. In the Add Protocols dialog box, expand Common Protocols. ClickHTTP, click Add, click HTTPS, click Add, and then click Close. Then,

click Next.

6. On the Access Rule Sources page, click Add.


54/58


54

7. In the Add Network Entities dialog box, click Networks, and then

select Internal. Click Add, and then click Close. Then, click Next.

8. On the Access Rule Destinations page, click Add.

9. In the Add Network Entities dialog box, click Networks, and then

select External. Click Add, and then click Close. Then, click Next.

10. On the User Sets page, verify that All Users is specified. Then, click

Next.

11. Review the summary page, and then click Finish.

12. In the details pane, click Apply to apply the changes you made. Note

that it may be a few moments before the changes are applied.

4.2.4 Test the scenario

To verify that the scenario works, InternalClient1 will access ExternalWebServer on the Externalnetwork (MockInternet).

On InternalClient1, perform the following steps:

1. On InternalClient1, open Internet Explorer 6.0.

2. In Internet Explorer, click the Tools menu, and then click Internet

Options.

3. On the Connections tab, click LAN Settings.

4. In Proxy server, select the Use a proxy server for your LAN check

box.

5. In Address, type the computer name of ISA_1 and in Port, type 8080.

If there is no DNS server in your lab configuration, use the IP address of

ISA_1 rather than its name.

6. Verify that Automatically detect settings is not selected.


55/58


55

7. Close Internet Explorer. Then, reopen Internet Explorer.

8. In Internet Explorer, in Address, type the IP address of

ExternalWebServer.

Note that if a DNS server is available for name resolution on MockInternet, you can type the

fully qualified domain name (FQDN) of ExternalWebServer.

If your browser displays the Web page published on ExternalWebServer, InternalClient1

accessed ExternalWebServer, and you have successfully configured this scenario.


56/58

Handbook of Exchange Server 2003 and ISA Server configuration:

Moshiur Rahman

Chapter- 7

Publishing an Exchange Server with ISA Server 2004

ClickStart |All Programs | Microsoft ISA Server, and then clickISA ServerManagement.

The ISA Server console opens.

f. Expand FLORENCE and clickFirewall Policy.

g. In the right pane, select the first rule (or Default rule if no other rules are defined) to

indicate where the new rule is added to the rule list.

h. In the task pane, on the Tasks tab, clickPublish a Mail Server.

The New Mail Server Publishing Rule Wizard opens. This is a specialized version of the

general New Server Publishing Rule Wizard and New Web Publishing Rule Wizard.

i. In the New Mail Server Publishing Rule Wizard dialog box, in the Mail ServerPublishing Rule name text box, type Publish mail, and then clickNext.

j. On the Select Access Type page, select Client access: RPC, IMAP, POP3, SMTPand clickNext.

k. On the Select Servicespage, complete the following information: POP3 - Standard

port: enable SMTP- Standard port: enable Leave all other check boxes disabled and thenclickNext.

l. On the Select Server page, in the Server IP address text box, type 10.2.1.2 and click

Next.

m. On the IP Addresses page, select External checkbox, and clickNext.

n. On the Completing the New Mail Server Publishing Rule Wizard page, clickFinish.

Two new server publishing rules are created: Publish mail POP3 Server, and Publish

mail SMTP Server.

o. ClickApply to apply the new rules, and then clickOK.

Web client access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server

a. In the right pane, select the first rule to indicate where the new rule is added to the rulelist.

b. In the task pane, on the Tasks tab, clickPublish a Mail Server.c. In the New Mail Server Publishing Rule Wizard dialog box, in the Mail Server

Publishing Rule name text box, type Publish mail (OWA), and then clickNext.

d. On the Select Access Type page, select Web client access: Outlook Web Access

(OWA), Outlook Mobile Access, Exchange Server ActiveSync and then clickNext.


57/58


Moshiur Rahman

The remainder of the wizard pages is a specialized version of the general SSL Web

Publishing Rule Wizard.

e. On the Select Servicespage, complete the following information: Outlook WebAccess: enable (is default) Outlook Mobile Access: disable (is default) ExchangeActiveSync: disable (is default) Enable high bit characters used by non-English character

sets: enable (is default) and then clickNext.f. On the Bridging Mode tab, click each of the three options, to see the different OWA

publishing scenarios.

The yellow lock icon represents an HTTPS (SSL) connection. No yellow lock icon

represents an HTTP connection.

g. On the Bridging Mode tab, select Secure connection to clients and mail server,

and then clickNext.

h. On the Specify the Web Mail Server page, in the Web mail server text box, type

denver.contoso.com and clickNext.

The specified name of the Web mail server must match exactly the name in the Web

Server certificate on Denver. Otherwise Internet Explorer on the client computers fails toconnect, and displays an error message (500 Internal Server Error - The target principal

name is incorrect).

i. On the Public Name Detailspage, complete the following information: Acceptrequests for: This domain name (type below): Public name: mail.contoso.com and then

clickNext.

The specified public domain must match exactly the name in the Web Server certificate

on Florence. Otherwise the connecting client computers will display a security alert message

(The name on the security certificate is invalid.).

j. On the Select Web Listener page, in the Web Listener list box, select External

Web 443 and clickNext.

k. On the User Sets page, clickNext.

l. On the Completing the New Mail Server Publishing Rule Wizard, clickFinish.

A new Web publishing rule is created which publishes the three OWA virtual directories

on the Web site denver.contoso.com as mail.contoso.com on the External network.


58/58


ABOUT THE AUTHOR

Moshiur Rahman is working as a System & Network administrator from past 10 years. He has worked

with CIMSOLUTIONS V.B- The Netherlands, Expolanka Group, Bangladesh and Proshika Computer

Systems. He has achieved Microsoft Certified IT professional (MCITP) certification and many other

certifications like CCNA, MCTS.

He has graduated from the Bangalore University, Bangalore, India and Completed M.Sc in ComputerScience & Engineering degree from the Stamford university, Bangladesh.

hand note - microsoft exchange server 2003 configuration

Documents