How to Use a Self Signed Certificate in Exchange 2010

Using a Self Sign Certificate can Manage OWA alone, but issuing an Internal Windows CA Certificate can serve all type of Clients

We can use a internal windows CA certificate with Exchange 2010 to avoid Cert Errors
Something which you need to know is , Using a Internal Windows CA Certificate you need to install the certificates on every machine you use and Mobile devices other wise you will end up in a certificate error in the IE
So that’s why people prefer going for a 3rd party certificate to overcome it.
In this article We Will Learn issuing a Internal Windows CA Certificate , for this to be used Externally you need to have a CNAME record in your public DNS pointing to your Public IP NAT to your CAS
First we will learn how to Export a Certificate request file from Exchange 2010 ,
Step 1:


Type a Friendly Name :




Wild Card is used if you are going to manage more URLs .For Example : *.Domain.com

Step 2:
Assign the required Services for your Exchange , Give a Tick Mark


You will opt for it if you are planning for Coexistence in OWA in Exchange 2003 and Exchange 2010

Step 3:
You will see the collection for URL’s

Step 4:
Fill out the Form – And set the location for the Cert Request file



Step 5:
Your request file would look like this


Open it via Notepad , because we need this content to generate a Certificate

Step 6:
You need to have this role installed to have a  Certificate Authority , It can be DC or Exchange it self
I have done this in the Exchange itself (No Harm)


Step 7:
Choose : Certification authority , Certification Authority Web Enrolment

Step 8:
Choose Enterprise

Step 9:
Choose Root CA



Step 10:
Create a new Private key


Step 11:
Have this Default with 2048 key Character length

Step 12:
Click Next


Step 13:
By Default Certificate is valid for 5 years , Don’t make any changes on it , Click next


Step 14:


Step 15:
Now if you Open IIS manager , you will see “CertSrv”  a Virtual Directory Created ,
Use the right side column “Browse *.443(https)


Step 16:
You would see a page like this , Choose Request a Certificate

Step 17:
Click on Advanced Certificate Request


Step 18:
Choose the Second one
Submit a certificate request by using a base-64-Encoded CMC

Step 19:
Now Copy the  Note pad  -
Choose Template : WebServer
NOTE _ BELOW SCREEN SHOT _ CHOOSE TEMPLATE _ WEB SERVER

Step 20:

Choose “Base 64 encoded”

Step 21:
Save the Certificate
 
Step 22:
Now go to your EMC
Server Configuration – Complete Pending request


Choose the Certificate :



Step 23:
Now Assign Services to the Certificate




Now the Server Part is ready

Step 24:

Now will learn how to install the Certificate in the Client End

Double Click on the Certificate
Click Install Certificate – Click Next –



Choose Personal -



Click Next And Import will be Successful
Now Do the Same Process
Double Click on the Certificate
Click Install Certificate – Click Next – Choose Trusted Root Certification Authorities

Double Click on the Certificate
Click Install Certificate – Click Next – Choose Intermediate Certification Authorities


Step 25:

Before


After installing the Certificate in the Client

How to Create a Public Folder Calendar in Exchange 2010

Use EMC to create Public Folder

1.       In the console tree, click Toolbox.

2.       In the result pane, double-click Public Folder Management Console.

3.       In the public folder tree of the Public Folder Management Console, navigate to Default Public Folders, and then select the parent public folder for the public folder you want to create.

4.       In the action pane, click New Public Folder.

5.        On the Introduction page, complete the following fields:

o    Name   Use this box to type the name of the new public folder.

o    Path   Use this read-only box to verify the path to the public folder. If this box displays a backslash (\), the public folder that you are creating will be a top-level public folder. 

Note:

To change the path, close the wizard, and then, in the Public Folder Management Console, select the public folder under which you want to create this public folder, and start the wizard again.

6.        On the Completion page, review the following, and then click Finish to close the wizard: 

o    A status of Completed indicates that the wizard completed the task successfully. 

o    A status of Failed indicates that the task wasn't completed. If the task fails, review the summary for an explanation, and then click Back to make any configuration changes.

7.       Click Finish to close the wizard.

To apply user permissions:

1. Right click the folder and choose Properties and click Permissions tab and add the user.

Drive Mapping - Logon Script

Logon3.vbs
' VBScript logon script program.
'


Option Explicit

Dim objNetwork, objSysInfo, strUserDN
Dim objGroupList, objUser, objFSO
Dim strComputerDN, objComputer

Set objNetwork = CreateObject("Wscript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.userName
strComputerDN = objSysInfo.computerName

' Escape any forward slash characters, "/", with the backslash
' escape character. All other characters that should be escaped are.
strUserDN = Replace(strUserDN, "/", "\/")
strComputerDN = Replace(strComputerDN, "/", "\/")

' Bind to the user and computer objects with the LDAP provider.
Set objUser = GetObject("LDAP://" & strUserDN)
Set objComputer = GetObject("LDAP://" & strComputerDN)

' Map a network drive if the user is a member of the group.
' Alert the user if the drive cannot be mapped.
If (IsMember(objUser, "Engineering") = True) Then
    If (MapDrive("M:", "\\FileServer\EngrShare") = False) Then
        MsgBox "Unable to Map M: to AdminShare"
    End If
End If

' Add a network printer if the computer is a member of the group.
' Make this printer the default.
If (IsMember(objComputer, "Front Office") = True) Then
    objNetwork.AddWindowsPrinterConnection "\\PrintServer\HPLaser2"
    objNetwork.SetDefaultPrinter "\\PrintServer\HPLaser2"
End If

Function IsMember(ByVal objADObject, ByVal strGroup)
    ' Function to test for group membership.
    ' objGroupList is a dictionary object with global scope.

    If (IsEmpty(objGroupList) = True) Then
        Set objGroupList = CreateObject("Scripting.Dictionary")
    End If
    If (objGroupList.Exists(objADObject.sAMAccountName & "\") = False) Then
        Call LoadGroups(objADObject, objADObject)
        objGroupList.Add objADObject.sAMAccountName & "\", True
    End If
    IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" _
        & strGroup)
End Function

Sub LoadGroups(ByVal objPriObject, ByVal objADSubObject)
    ' Recursive subroutine to populate dictionary object objGroupList.

    Dim colstrGroups, objGroup, j

    objGroupList.CompareMode = vbTextCompare
    colstrGroups = objADSubObject.memberOf
    If (IsEmpty(colstrGroups) = True) Then
        Exit Sub
    End If
    If (TypeName(colstrGroups) = "String") Then
        ' Escape any forward slash characters, "/", with the backslash
        ' escape character. All other characters that should be escaped are.
        colstrGroups = Replace(colstrGroups, "/", "\/")
        Set objGroup = GetObject("LDAP://" & colstrGroups)
        If (objGroupList.Exists(objPriObject.sAMAccountName & "\" _
                & objGroup.sAMAccountName) = False) Then
            objGroupList.Add objPriObject.sAMAccountName & "\" _
                & objGroup.sAMAccountName, True
            Call LoadGroups(objPriObject, objGroup)
        End If
        Exit Sub
    End If
    For j = 0 To UBound(colstrGroups)
        ' Escape any forward slash characters, "/", with the backslash
        ' escape character. All other characters that should be escaped are.
        colstrGroups(j) = Replace(colstrGroups(j), "/", "\/")
        Set objGroup = GetObject("LDAP://" & colstrGroups(j))
        If (objGroupList.Exists(objPriObject.sAMAccountName & "\" _
                & objGroup.sAMAccountName) = False) Then
            objGroupList.Add objPriObject.sAMAccountName & "\" _
                & objGroup.sAMAccountName, True
            Call LoadGroups(objPriObject, objGroup)
        End If
    Next
End Sub

Function MapDrive(ByVal strDrive, ByVal strShare)
    ' Function to map network share to a drive letter.
    ' If the drive letter specified is already in use, the function
    ' attempts to remove the network connection.
    ' objFSO is the File System Object, with global scope.
    ' objNetwork is the Network object, with global scope.
    ' Returns True if drive mapped, False otherwise.

    Dim objDrive

    On Error Resume Next
    If (objFSO.DriveExists(strDrive) = True) Then
        Set objDrive = objFSO.GetDrive(strDrive)
        If (Err.Number <> 0) Then
            On Error GoTo 0
            MapDrive = False
            Exit Function
        End If
        If (objDrive.DriveType = 3) Then
            objNetwork.RemoveNetworkDrive strDrive, True, True
        Else
            MapDrive = False
            Exit Function
        End If
    End If
    objNetwork.MapNetworkDrive strDrive, strShare
    If (Err.Number = 0) Then
        MapDrive = True
    Else
        Err.Clear
        MapDrive = False
    End If
    On Error GoTo 0
End Function

Exchange Server 2010 Database Availability Group Installation Step by Step

Microsoft Exchange Server 2010 introduced a new high availability feature called the Database Availability Group (DAG).

Exchange Server 2010 Database Availability Group Overview

A Database Availability Group is a group of up to 16 Exchange Server 2010 servers that are installed with the Mailbox server role.  Each server that is a member of the DAG is capable of hosting active or passive copies of mailbox databases that reside on servers in the group.

For example, a Database Availability Group may consist of three Exchange Server 2010 Mailbox servers, each configured with a single Mailbox database.  Each server that is a member of the DAG can host either an active or passive copy of each of the three total mailbox databases.

Exchange Server 2010 Database Availability Group Example

The foundation of an Exchange Server 2010 Database Availability Group is Windows Failover Clustering.  However unlike traditional Exchange server clusters which existed in an active/passive state, and in which the entire cluster group needed to failover to an alternative node together, with Exchange 2010 DAGs each mailbox database can failover (or switchover, if it is a deliberate move) to another DAG member independent of the other mailbox databases in the DAG.

This means that any given Mailbox server in the DAG can host all, some or none of the active mailbox copies at any given time.  This capability provides two immediate advantages over previous clustering models:

• All of the Mailbox servers within the Exchange 2010 DAG can be active and in use at all times to some capacity
• Each mailbox database can failover/switchover when necessary without impacting the mailbox users connected to other mailbox databases within the DAG, for example when installing updates on DAG members

Understanding Quorum for Exchange Server 2010 Database Availability Groups

Because the Database Availability Group utilizes an underlying Windows Failover Cluster the concept of quorum applies.  If you are not familiar with quorum consider it as basically a voting process in which a majority of voting members must be present to make a decision.

For a cluster this means that an odd number of members must be involved in the voting process for a majority decision to be made.  How this applies to an Exchange Server 2010 DAG is that if you deploy a DAG with just two Mailbox servers as members (or any even number up to 16), then neither server is able to determine by majority vote whether it should make its own copy of a given mailbox database active.

To achieve quorum for a DAG with an even number of member servers another server in the same site is designated as a File Share Witness for the cluster.  This is typically a Hub Transport server though it can technically be any compatible Windows server.

Database Replication in Exchange Server 2010 Database Availability Groups

There are two ways that mailbox database replication occurs between Exchange Server 2010 DAG members.

In Exchange Server 2010 RTM “file mode” replication is used.  With file mode replication as each transaction log is written and then closed off (once it reaches 1Mb in size) it is then copied to each member of the DAG that also holds a copy of that mailbox database.  The other members receive the file into their replay queue, and then replay the transaction log file into their own passive copy of the database.

File mode replication works fine but has an obvious shortcoming in that any transaction logs that have not yet been shipped to other servers in the DAG can be lost if the Exchange server hosting the active database copy fails.  In those cases one of the other DAG members is able to bring their copy of the mailbox database online and then request missing emails be resent from the transport dumpster of Hub Transport servers within the site.

In Exchange Server 2010 SP1 file mode replication is used to bring mailbox database copies into sync with each other (eg during the initial sync process when a new database copy is added).  Once they are in sync the DAG members switch to “block mode” replication.  In block mode replication each database transaction is written to the log buffer on the active server and also sent to the log buffer of DAG members hosting passive copies of the database.

When the log buffer becomes full each DAG member then builds their own transaction log files from their own log buffer.  Block mode replication has an advantage over file mode replication in failure scenarios, because each DAG member is completely up to date with all changes to the active database.

Note that Public Folder databases can reside on Mailbox servers that are members of a Database Availability Group, however they are not replicated by the DAG itself.  Instead you must use Public Folder replication to provide redundant copies of Public Folder databases.

Other Advantages of Exchange Server 2010 Database Availability Groups

Before we proceed with an example of how to install an Exchange Server 2010 DAG I will also mention some of the other advantages of Database Availability Groups.

• Unlike previous versions of Exchange Server (particularly Exchange Server 2007) Exchange Server 2010 has just one high availability feature for Mailbox servers for all high availability deployment scenarios
• When you create a Database Availability Group the underlying Windows Failover Cluster is automatically created and configured for you
• A Database Availability Group can be created at any time without requiring Exchange Server 2010 to be removed and reinstalled from the server, unlike previous versions that required that clusters be established first before Exchange was installed
• Exchange Server 2010 DAG members can host other server roles, unlike Exchange Server 2007 that prevented clustered Mailbox servers from hosting other roles

Exchange Server 2010 Installation Step by Step

In this tutorial I will demonstrate the installation of an Exchange Server 2010 Database Availability Group on Windows Server 2008 R2.

For this tutorial the following Exchange servers have already been installed.

• EX1 – Exchange Server 2010 SP1 Mailbox server
  • Primary interface: 192.168.0.32/24
  • Secondary interface: 10.0.5.1/30
• EX2 – Exchange Server 2010 SP1 Mailbox server
  • Primary interface: 192.168.0.33/24
  • Secondary interface: 10.0.5.2/30
• EX3 – Exchange Server 2010 SP1 Client Access and Hub Transport server
  • Primary interface: 192.168.0.34/24

Note: for details of how to deploy these server roles see Installing Exchange Server 2010 Pre-requisites on Windows Server 2008 R2 and Installing Exchange Server 2010.

Exchange Server 2010 DAG Tutorial Setup

Each of the Mailbox servers has been configured with its own mailbox database.

• EX1 – Mailbox Database 01
• EX2 – Mailbox Database 02

Note: in Exchange Server 2010 each mailbox database must have a unique name within the organization.

Because the Mailbox servers are configured with dual interfaces it is important to make sure that the secondary interface is not configured to register itself in DNS.  Open the TCP/IPv4 properties for the secondary interface one each server, click the Advanced button, navigate to the DNS tab and untick Register this connection’s address in DNS.

Open the Advanced TCP/IPv4 Properties

Disable DNS registration for the secondary interface

Creating the Database Availability Group

Log in to one of the Mailbox servers and launch the Exchange Management Console.  Navigate to Organization Config/Mailbox and choose New Database Availability Group from the action pane.

Create a new Exchange Server 2010 Database Availability Group

When the New Database Availability Group wizard starts give the DAG a name, specify the Witness server, and also specify the file path for the Witness server to use.

New Database Availability Group Wizard - Basic Info

Click on the New button to create the new Database Availability Group, and then click Finish to close the wizard.

Adding Database Availability Group Members

Right-click the newly created Database Availability Group and choose Manage Database Availability Group Membership.

Manage Database Availability Group Members

Click the Add button and select the Mailbox servers that you wish to make members of the DAG.

Select Mailbox Servers to become Database Availability Group Members

Click the Manage button to commence adding the Mailbox servers to the DAG.  This involves installation and configuration of Windows Failover Clustering on the servers, so it can take a few minutes to finish.

After it has finished the next step is to configure the DAG networking.

Configure Database Availability Group Networking

Right-click the newly created Database Availability Group and choose Properties.

Open the Properties of the Database Availability Group

Select the IP Addresses tab, click the Add button and add a static IP address for the Database Availability Group.

Adding IP addresses to an Exchange Server 2010 Database Availability Group

You will notice that the Database Availability Group has been automatically configured with DAG networks for the subnets that the DAG members have network interfaces connected to.

Exchange Server 2010 Database Availability Group Networks

Open the Properties of each DAG network and configure them with meaningful names.  If you have configured your network to have a dedicated replication network for the DAG then you should disable replication on the DAG network that is intended for MAPI communications (ie client connections).

Exchange Server 2010 Database Availability Group Networks Configured

Adding Mailbox Database Copies to DAG Members

With the Database Availability Group established and the networking configured you can now add mailbox database copies to other DAG members.

In the Exchange Management Console navigate to Organization Config/Mailbox and choose the Database Management tab.  Right-click a mailbox database and select Add Mailbox Database Copy.

Adding a Mailbox Database Copy in Exchange Server 2010

Click the Browse button and choose the Mailbox server to add the database copy to.

Add Mailbox Database Copies to an Exchange Server 2010 Mailbox Server

Click the Add button to add the mailbox database copy and then click Finish to close the wizard.

The Exchange servers will now commence seeding the replica servers with an up to date copy of the database and all of the current transaction log files.  Depending on the amount of data to be replicated this may take some time.

Status of the Database Copies for Exchange Server 2010

Repeat the same process for any other mailbox databases you wish to add database copies for.