Friday, March 14, 2014

Building a mail infrastructure by using Windows Server 2008 R2 operating system and Exchange Server 2010 from Scratch

We will build a mail infrastructure by using Windows Server 2008 R2 operating system and Exchange Server 2010 products. Network infrastructure will be as simple as it can be. Therefore we decrease the possibility of getting error. For the mail infrastructure, we will use 2 servers in total. First one will be the DNS and Domain Controller server. The other one will be used to install Exchange Server 2010 with all Exchange Server roles (Figure 1).


Figure 1: Network topology

For our final goal, we have to have a perfectly working DNS infrastructure. Also we have to build an Active Directory on this DNS infrastructure. Firstly, we install Windows Server 2008 R2 Enterprise product on both servers. The purpose of using Enterprise edition is the new redundancy solution of Exchange Server 2010, DAG (Database Availability Group). We could not use DAG with a standard edition Windows Server, so we install the enterprise edition (DAG is another article’s subject).
Table 1: Network settings of servers
Server
MSTIPDC01
MSTIPEXC01
IP address
192.168.2.22
192.168.2.23
Subnet Mask
255.255.255.0
255.255.255.0
Default Gateway
192.168.2.1
192.168.2.1
Primary DNS server
192.168.2.22
192.168.2.22
After the installation and network settings configuration of Windows Server 2008 R2 servers (Table 1), we install all the latest patches from microsoft.com. After that, we install DNS on mstipdc01. For this purpose, we open Start -> Administrative Tools -> Server Manager. After selecting Roles on the left side, we click the Add Roles link on the right-hand side (Figure 2). We press the Next button on the first screen of the opened wizard and fill the DNS Server checkbox on the second screen and press the Next button (Figure 3). This presents us the first screen of Add DNS Server wizard and after pressing Next button, we press Install on the second screen. After sometime, the DNS Server role installation is finished. But we haven’t done yet because we have to configure the DNS server.

Figure 2: Server Manager – Roles interface

Figure 3: Installation of DNS role

For DNS server configuration, we open Start -> Administrative Tools -> DNS interface.We right click Forward Lookup Zones on the left-hand side and select New Zone… . New zone wizard is opened. We press Next button on the first screen and select Primary Zone on the second screen (Figure 4). After pressing Next button again, “Zone name” screen appears. We write mstip.com and press Next. We press Next again and this opens the “Dynamic Update” screen. We select Allow both nonsecure and secure dynamic updates and press Next (Figure 5). We press Finish button on the final screen and the configuration is done.

Figure 4: Zone type selection

Figure 5: Dynamic Update type selection

Now we define a DNS suffix for our server and restart it. The purpose for this action is to make the server write its name to the DNS server, which is itself. Therefore it creates a host record for itself and we test whether Dynamic Update is working or not. Also this host record will be important during Active Directory implementation. After opening Start -> Control Panel -> System -> Advanced System Settings, we press the Computer Name tab. After pressing Change… button, we press More… button. We write mstip.com to the “Primary DNS suffix of this computer” field and press OK button for three times. A warning message appears which says a restart is necessary and we do so.
After the restart, we check whether the name of server appears under mstip.com forward lookup zone or not, via DNS management interface. We see that the host record is created. Also we have to test whether DNS service is working or not. For this purpose we open a command prompt, and write nslookup mstipdc01.mstip.com . If the answer of DNS server is right, we have a working DNS server (Figure 6). Now the DNS server is active and working. Also it is configured as trusted and untrusted clients can register themselves to the mstip.com zone but we are going to change this setting after Active Directory implementation.
Figure 6: Testing DNS with nslookup

Now we can continue with the Active Directory installation. On the same server we open  Start -> Run and write dcpromo (Figure 7). The Active Directory promotion wizard is opened. We fill the “Use Advanced Mode Installation” checkbox on the first screen and press Next. The second screen is the “Operating System Compatibility” screen. After pressing Next, we select Create a new domain in a new forest on the next screen. Therefore we can create a brand new Active Directory domain.
Figure 7: dcpromo command


Figure 8: Create a new domain in a new forest


After pressing Next button, wizard asks for a domain name. We write mstip.com here and press Next (Figure 9). The next screen is  “Domain NetBIOS name” screen. We don’t touch anything and press Next. We select Windows Server 2003 forest level in “Set Forest Functional Level” screen (it can be upgraded later). For Exchange Server 2010 installation, this is the minimum requirement (Figure 10).


Figure 9: Entering the domain name mstip.com


Figure 10: Decision of Forest Functional Level

The Next screen indicates that DNS server is installed on this server and also the Global Catalog feature will be activated after the promotion (Figure 11). We press Next and select  No, Do not create the DNS delegation on the “Create DNS Delegation” screen. We press Next button for three times and start the promotion process. Because of the DNS configuration is done before, a warning message is displayed as in Figure 12. It is not a problem. We press OK and after the promotion is finished we restart the server. After all these DNS configurations and domain controller promotion process, we have a brand new Active Directory Domain mstip.com and a responsible domain controller.
Figure 11: Additional Domain Controller Options


Figure 12: Warning message about the already configured DNS services 

After the restart, we have to control two things. Firstly, we open the DNS management interface and control whether Active Directory related service records were created or not (Figure 13). After that we right click the mstip.com forward lookup zone and open the properties of it. In “General” tab, we press the Change… button for Type field.  A new screen appears and we fill the Store the zone in Active Directory checkbox and Press OK button (we say YES to the warning message).
Figure 13: Controling the service records


Figure 14: Integration of DNS database into Active Directory

In “General” tab we select  Secure Only from Dynamic Updates list (Figure 15) and press the OK button. With these configuration changes, we secure the updates for DNS records. Also the DNS database will be replicated within the Active Directory database (if we have more than one DNS server in the future). As a final control, we open the Start -> Administrative Tools ->Share and Storage Management interface and check whether NETLOGON and SYSVOL shares are created or not (Figure 16). All of the configurations that we control seem perfect so we have a nicely working Active Directory Domain Controller. After all, we can start to install Exchange Server 2010.
Figure 15: To make DNS updates secure


Figure 16: Checking the NETLOGON and SYSVOL shares

Before Exchange Server 2010 installation, we have to prepare Active Directory for Exchange. This preparation process will write necessary Exchange Server related records to the Active Directory schema.For the preparation, we insert the Exchange Server 2010 DVD into the DVD-Rom drive of mstipdc01.mstip.com server. We open a command prompt and after get into the DVD drive at the command prompt, we write setup.com /prepareAD /OrganizationName:mstip. Just this one command will be sufficient for our Active Directory infrastructure because we have an Active Directory of only one domain and there haven’t been any Exchange organization in this infrastructure before. The reason to use /OrganizationName parameter is that we don’t have any Exchange organization container in AD Schema yet. If this is not the case for your environment, you have to run extra commands for Active Directory preparation. For a detailed explanation for Active Directory preparation, please see Microsoft link (http://technet.microsoft.com/en-us/library/bb125224.aspx).
Now it is time to install Exchange Server 2010 on the second server (mstipexc01.mstip.com). Firstly, we install the Microsoft Filter Pack  (http://www.microsoft.com/downloads/details.aspx?FamilyId=60C92A37-719C-4077-B5C6-CAC34F4227CC&displaylang=en) because it is a requirement for HubTransport and Mailbox server roles. We wil install all of the roles in one box, so we have to install this package. After the installation of Filter Pack, we open Start -> All Programs -> Accessories -> Windows PowerShell interface. We run the following command in the Windows Powershell. This command lets us to do ServerManager jobs in this shell:
Import-Module ServerManager
After running the command above, we install the necessary operating system files with Add-WindowsFeature command. The parameters that we use with Add-WindowsFeature command could be different according to the roles that we will install (for detailed explanation http://technet.microsoft.com/en-us/library/bb691354.aspx link can be seen). Because we are going to install all the roles (ClientAccess, HubTransport, Mailbox, Unified Messaging) on one box, we run the following command:
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart
After a restart of server, we have to run the following command for Client Access role:
Set-Service NetTcpPortSharing -StartupType Automatic
Although it was in the installation command, I realize Desktop-Experience feature is not installed. Therefore,  we have to install Desktop Experience feature for Unified Messaging role. We do it from the Features part of  Server Manager interface. This requires a restart of server. After doing this, we are finally :) ready to install Exchange Server 2010. We run the setup.com file on the Exchange DVD for this purpose. Under Step 3 field of the installation screen, we select “Install only languages from the DVD” . The next screen is the welcome screen. After pressing Next button, an aggrement screen is opened. We accept it and press Next (Figure 17). On “Error Reporting” screen, we select the appropriate one and press Next button again. This Next screen is the installation type selection screen. We choose “Custom Exchange Server Installation”  and press Next button (Figure 18). We fill all the checkboxes on the  next screen and press Next (Figure 19).
Figure 17: License Agreement page 


Figure 18: The selection screen of Exchange Server installation


Figure 19: Selection of Exchange Server roles to install 

“Client Settings” screen asks for the used Outlook clients for our organization (Figure 20). If we are using Office 2003 or Entourage in our organization, installation will create a Public Folders database (because these clients are using Public Folders to establish their Exchange 2010 connection). We select Yes here and press Next button.  The “Configure Client Access server external domain” screen is the one that we decide the domain name for external access (Figure 21). We write mail.mstip.com here and press the Next button.
Figure 20: Selection of e-mail client type


Figure 21: CAS server external domain name 

We pass the next screen and “Readiness Checks” screen controls whether there is problem about the installation or not (Figure 22). If everything is perfect, the Install button gets activated and pressing this button starts the installation process. Installation takes some time and it finishes without a problem (Figure 23). Now we have a new Exchange 2010 mail server and an Exchange 2010 organization.
Figure 22: Controlling the requirements for installation
Figure 23: End of installation

No comments:

Post a Comment