Professional Documents
Culture Documents
Moshiur Rahman
Copyright 2012 Moshiur Rahman All rights reserved. ISBN-10: 1481895168 ISBN-13: 978-1481895163
DEDICATION
I dedicate this book to my wife, Dr.Farzana Ahmed, who has been my partner in life, since 2007
CONTENTS
Acknowledgments 1 Using this handbook you will know 2 Windows Server 2003 Installation (Step by Step) 3 Domain Controller Installation 4 Install the Exchange Server 2003 Enterprise 5 Exchange Server Configuration 5 7 17 33 36
45
52
ACKNOWLEDGMENT
First, I would like to express my eternal gratitude to the Almighty Allah for his blessings for the completion of this book. I am also thankful to the authority of Expolanka Group Bangladesh to give me information and infrastructure to implement the Microsoft exchange server. Without their full cooperation, it could not happen.
iv
Chapter-1
Chapter-2
Windows Server 2003 Installation (Step by Step) Step #1: Plan your installation
When you run the Windows Server 2003 Setup program, you must provide information about how to install and configure the operating system. Thorough planning can make your installation of Windows Server 2003 more efficient by helping you to avoid potential problems during installation. An understanding of the configuration options will also help to ensure that you have properly configured your system. I won't go into that part right now (I might later this month, no promises...) but here are some of the most important things you should take into consideration when planning for your Windows Server 2003 installation:
Check System Requirements Check Hardware and Software Compatibility Determine Disk Partitioning Options Choose the Appropriate File System: FAT, FAT32, NTFS Decide on a Workgroup or Domain Installation Complete a Pre-Installation Checklist
After you made sure you can go on, start the installation process.
It will then begin to load device drivers based upon what it finds on your computer. You don't need to do anything at this stage.
Current System Locale - Affects how programs display dates, times, currency, and numbers. Choose the locale that matches your location, for example, French (Canada). Current Keyboard Layout - Accommodates the special characters and symbols used in different languages. Your keyboard layout determines which characters appear when you press keys on the keyboard.
If you do need to make changes press Customize and add your System Locale etc.
10
Hand Note - Microsoft Exchange server 2003 Configuration Type your name and organization.
11
Hand Note - Microsoft Exchange server 2003 Configuration Type the product key.
12
Hand Note - Microsoft Exchange server 2003 Configuration Enter the appropriate license type and number of purchased licenses.
13
Hand Note - Microsoft Exchange server 2003 Configuration Type the computer name and a password for the local Administrator account. The local Administrator account resides in the SAM of the computer, not in Active Directory. If you will be installing in a domain, you need either a pre-assigned computer name for which a domain account has been created, or the right to create a computer account within the domain.
If you enter a password that is blank or does not match the required
14
Hand Note - Microsoft Exchange server 2003 Configuration complexity settings you will get a warning message.
15
Hand Note - Microsoft Exchange server 2003 Configuration Select the date, time, and time zone settings.
16
Hand Note - Microsoft Exchange server 2003 Configuration Setup will now install the networking components.
Press Next to accept the Typical settings option if you have one of the
17
following situations:
You have a functional DHCP on your network. You have a computer running Internet Connection Sharing (ICS). You're in a workgroup environment and do not plan to have any other servers or Active Directory at all, and all other workgroup members are configured in the same manner.
Otherwise select Custom Settings and press Next to customize your network settings.
18
Hand Note - Microsoft Exchange server 2003 Configuration Highlight the TCP/IP selection and press Properties.
In the General tab enter the required information. You must specify the IP address of the computer, and if you don't know what the Subnet Mask entry should be - you can simply place your mouse pointer over the empty area in the Subnet Mask box and click it. The OS will automatically select the value it thinks is good for the IP address you provided.
19
If you don't know what these values mean, or if you don't know what to write in them, press cancel and select the Typical Settings option. You can easily change these values later.
** After Installation of Windows server 2003 always Install latest Service pack. Windows Server 2003 Service Pack 2 (32-bit x86) Installation Guide: Download service 2 from this link and install on your server. http://www.microsoft.com/en-us/download/details.aspx?id=41
20
Chapter-3 Domain Controller Installation: Creating the first Windows Server 2003 Domain Controller in a domain
Method: Click Start -> Run...
21
You will see the first window of the wizard. As it suggests, I suggest reading the help associated with Active Directory. After this, click "Next"
Click "Next" on the compatibility window, and in the next window keep the default option of "Domain Controller for a new domain" selected, and click "Next"
22
In this tutorial we will create a domain in a new forest, because it is the first DC, so keep that option selected
23
Now we have to think of a name for our domain. If you own a web domain like "visualwin.com", you can use it, but it isn't suggested because computers inside of your domain may not be able to reach the company website. Active Directory domains don't need to be "real" domains like the one above - they can be anything you wish. So here I will create "visualwin.testdomain"
24
Now in order to keep things simple, we will use the first part of our domain ("visualwin"), which is the default selection, as the NetBIOS name of the domain
The next dialog suggests storing the AD database and log on separate hard disks, and so do I, but for this tutorial I'll just keep the defaults
25
26
The SYSVOL folder is a public share, where things like .MSI software packages can be kept when you will distribute packages (as I said, AD has a lot of different features). Once again, I will keep the default selection but it can be changed if you wish to use the space of another drive
27
Now we will get a message that basically says that you will need a DNS server in order for everything to work the way we want it (i.e., our "visualwin.testdomain" to be reachable). As I mentioned earlier, we will install the DNS server on this machine as well, but it can be installed elsewhere. So keep the default selection of "Install and configure", and click "Next"
28
Because, after all, this is a Windows Server 2003 tutorial website, we'll assume there are no pre-Windows 2000 servers that will be accessing this domain, so keep the default of "Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems" and click "Next"
29
The restore mode password is the single password that all administrators hope to never use, however they should also never forget it because this is the single password that might save a failed server. Make sure it's easy to remember but difficult to guess
30
Now we will see a summary of what will happen. Make sure it's all correct because changing it afterwards can prove to be difficult
After the previous next was clicked, the actual process occurs. This can take several minutes. It's likely that you will be prompted for your Windows Server 2003 CD (for DNS) so have it handy
If your computer has a dynamically assigned address (from DHCP) you will be
31
prompted to give it a static IP address. Click ok, and then in the Local Area Connection properties, click "Internet Protocol (TCP/IP)" and then "Properties"
32
In the next window select "Use the following IP address" and select the information that you will use for your domain (and 127.0.0.1 for the primary DNS, because your computer will host DNS. I still suggest setting up an alternate as well.) Click "OK" and then "Close" on the next window
33
Check your domain controller: You will find active directory users and computers in administrative tools. To open active directory users and computers do the following-
34
Now you can create users and groups as per your requirement:
To create a new user, follow these steps: a. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers to start the Active Directory Users and Computers console. b. Click the domain name that you created, and then expand the contents. c. Right-click Users, point to New, and then click User. d. Type the first name, last name, and user logon name of the new user, and then click Next. e. Type a new password, confirm the password, and then click to select one of the following check boxes:
o o
Users must change password at next logon (recommended for most users) User cannot change password
35
Hand Note - Microsoft Exchange server 2003 Configuration Password never expires o Account is disabled Click Next. Review the information that you provided, and if everything is correct, click Finish.
o
36
37
38
Hand Note - Microsoft Exchange server 2003 Configuration NOTE: If Virtual Memory (RAM) is more than 3 GB some changes should be done in the boot.ini file ..change as follows and save it as boot.ini file again.
39
Chapter-5
Exchange Server Configuration:1. Go to the exchange manager 2. Find recipient default recipient policy-right click-properties. 3.e-mail address policy. If DNS and active directory installed properly It will show the e-mail address policy, If u want to add different domain to get mail please type the domain name by clicking new. 4.if everything ok u will receive the mail now.
40
1.Connectors-right click-New-Connector
41
3. Add SMTP-ok. 4. click on Use DNS to route to each address space on the connector ( if E-Mail should Out from this directly )
42
43
44
2. From General enable logging-properties-select log report folder-brows and select the path- From Advance-select all to show its report.
45
46
Connection- Add clicking only the list bellow. Add network and click Ok.
47
Creating a Mailbox
The easiest way to confirm whether Exchange is working properly is to create a mailbox and test sending and receiving email. To create a mailbox, use the following steps: 1. Click on Start, All Programs, Microsoft Exchange, Active Directory Users and Computers. 2. Right-click on the user account you want to create a mailbox for, select All Tasks, and then select Exchange Tasks. 3. At the Welcome to Exchange Tasks screen, click Next to bypass the welcome page. You can disable the welcome page by clicking on the box next to Do Not Show This Welcome Page Again. 4. Verify that Create Mailbox is highlighted and click Next. 5. Accept the default or type an alias name for the user, server name, and mailbox store name. 6. Click Next to continue. 7. Click Finish. (You can click on the box next to View detailed report when this wizard closes if you want to see the full report of the mailbox creation.)
Testing Mail Flow Using OWA
Another test can involve whether the user can log on to Outlook Web Access. Successful OWA access validates that the Web services are working properly, that the front-end and back-end servers are communicating properly, and that the organizations firewall supports the passing of OWA traffic. To test mail flow using Outlook Web Access, follow these steps: 1. 2. 3. 4. Open Internet Explorer and go to http://{servername}/exchange. Log in as an Exchange user and send messages to another Exchange user. Open a second Internet Explorer window and log in as the other Exchange user. Verify that mail has been received by the second user.
Send a reply to the first user and confirm that the messages were successfully sent and received
Chapter-6
48
Installation Procedure:
To install ISA Server software, follow these steps: 1. Insert the ISA Server CD into the CD drive, or run ISAautorun.exe from the shared network drive. 2. In Microsoft ISA Server Setup, click Install ISA Server. 3. After the setup program prompts that it has completed determining the system configuration, on the Welcome page, click Next. 4. If you accept the terms and conditions stated in the user license agreement, click I accept the terms in the license agreement, and then click Next. 5. Type your customer details, and then click Next. 6. Click Typical Installation, Full Installation or Custom Installation. There are four components that can be installed: ISA Server Services. The services that comprise ISA Server. ISA Server Management. The ISA Server Management user interface. Firewall Client Installation Share. A location from which client computers can install the Firewall Client software. This is typically installed on a computer other than the ISA Server computer, so it is not part of the Typical Installation option. The Firewall Client Share can be installed on computers running Windows Server 2003, Windows 2000 Server, or Windows XP.
49
Hand Note - Microsoft Exchange server 2003 Configuration Message Screener. A component that you configure to screen e-mail messages for keywords and attachments. This component must be installed on a Simple Mail Transfer Protocol (SMTP) server, which is typically not your ISA Server computer. Typical Installation installs ISA Server Services and ISA Server Management. Full Installation installs all four components. Custom Installation enables you to select which components you will install. 7. Click Next. 8. Configure the Internal network. Follow these steps: 1. Click Add. 2. Click Select Network Adapter. 3. Select Add address ranges based on the Windows Routing Table. 4. Select one or more of the adapters that are connected to the Internal network. These addresses will be included in the Internal network that is defined by default for ISA Server. 5. Clear the selection of Add the following private IP ranges, unless you want to add those ranges to your Internal network. 6. Click OK. Read the Setup Message, click OK, click OK again to finish the Internal network configuration, and then click Next. 9. On the Firewall Client Connection Settings page, select whether you want to allow nonencrypted connections between Firewall clients and the ISA Server computer. The ISA Server 2004 Firewall Client software uses encryption, but older versions do not. Also, some versions of Windows do not support encryption. You can select to allow computers running earlier version of Firewall client software to connect.
50
Hand Note - Microsoft Exchange server 2003 Configuration 10. On the Services page, review the list of services that will be stopped or disabled during installation of ISA Server. To continue the installation, click Next. 11. Click Install. 12. After the installation is complete, if you want to invoke ISA Server Management immediately, select the Invoke ISA Management check box, and then click Finish.
The following sections describe how to configure the solution: 4.2.1 Configure the Internal network 4.2.2 Create network rules 4.2.3 Create policy rules 4.2.4 Test the scenario 4.2.1 Configure the Internal network As part of the setup process, you specified the address range in your Internal network, thereby configuring the Internal network. Verify that the configuration is valid, and that the Internal network contains only addresses on Corpnet. On ISA_1, perform the following steps: 1. Open Microsoft ISA Server Management, expand ISA_1, expand the Configuration node, and click Networks. 2. In the details pane, on the Networks tab, the address ranges included in each network are shown.
51
Hand Note - Microsoft Exchange server 2003 Configuration 3. Verify that only IP addresses of computers on your corporate network are included in the Internal network. Note If necessary, you can reconfigure the Internal network by double-clicking Internal on the Networks tab to open the Internal Properties dialog box. Select the Addresses tab, and use the Add and Remove buttons to add or remove address ranges from the network. You can also use the Add Adapter button to add all of the IP ranges associated with a particular network adapter, or the Add Private button to add private address ranges. 4. Double-click Internal in the Networks tab to open the Internal Properties dialog box. On the Web Proxy tab, verify that Enable Web Proxy client is selected, that Enable HTTP is selected, and that in HTTP Port, 8080 is specified, and then click OK. 4.2.2 Create network rules As part of the installation process, a default Internet Access network rule was created. This rule defines a relationship between the Internal network and the External network. To verify the rule configuration, perform the following steps: 1. Expand the Configuration node, and click Networks. 2. On the Network Rules tab, double-click the Internet Access rule to display the Internet Access Properties dialog box. 3. On the Source Networks tab, verify that Internal is listed. If it is not, do the following: 1. Click Add. 2. In Add Network Entities, click Networks, click Internal, click Add, and then click Close.
52
Hand Note - Microsoft Exchange server 2003 Configuration 4. On the Destination Networks tab, verify that External is listed. If it is not, do the following: 1. Click Add. 2. In Add Network Entities, click Networks, click External, click Add, and then click Close. 5. On the Network Relationship tab, select Network Address Translation (NAT). 6. Click OK. 7. In the details pane, click Apply to apply changes, if you made any. 4.2.3 Create policy rules To allow the internal client access to the Internet, you must create an access rule allowing the internal clients to use HTTP and HTTPS protocols. Perform the following steps: 1. Click Firewall Policy. On the task pane, select the Tasks tab, and click Create New Access Rule to start the New Access Rule Wizard. 2. On the Welcome page, type the name of the rule. For example, type Allow Internal clients HTTP and HTTPS access to the Internet. Then, click Next. 3. On the Rule Action page, select Allow, and then click Next. 4. On the Protocols page, in This rule applies to, select Selected protocols, and then click Add. 5. In the Add Protocols dialog box, expand Common Protocols. Click HTTP, click Add, click HTTPS, click Add, and then click Close. Then, click Next. 6. On the Access Rule Sources page, click Add.
53
Hand Note - Microsoft Exchange server 2003 Configuration 7. In the Add Network Entities dialog box, click Networks, and then select Internal. Click Add, and then click Close. Then, click Next. 8. On the Access Rule Destinations page, click Add. 9. In the Add Network Entities dialog box, click Networks, and then select External. Click Add, and then click Close. Then, click Next. 10. On the User Sets page, verify that All Users is specified. Then, click Next. 11. Review the summary page, and then click Finish. 12. In the details pane, click Apply to apply the changes you made. Note that it may be a few moments before the changes are applied. 4.2.4 Test the scenario To verify that the scenario works, InternalClient1 will access ExternalWebServer on the External network (MockInternet). On InternalClient1, perform the following steps: 1. On InternalClient1, open Internet Explorer 6.0. 2. In Internet Explorer, click the Tools menu, and then click Internet Options. 3. On the Connections tab, click LAN Settings. 4. In Proxy server, select the Use a proxy server for your LAN check box. 5. In Address, type the computer name of ISA_1 and in Port, type 8080. If there is no DNS server in your lab configuration, use the IP address of ISA_1 rather than its name. 6. Verify that Automatically detect settings is not selected.
54
Hand Note - Microsoft Exchange server 2003 Configuration 7. Close Internet Explorer. Then, reopen Internet Explorer. 8. In Internet Explorer, in Address, type the IP address of ExternalWebServer.
Note that if a DNS server is available for name resolution on MockInternet, you can type the fully qualified domain name (FQDN) of ExternalWebServer. If your browser displays the Web page published on ExternalWebServer, InternalClient1 accessed ExternalWebServer, and you have successfully configured this scenario.
55
Chapter- 7
Publishing an Exchange Server with ISA Server 2004
Click Start |All Programs | Microsoft ISA Server, and then click ISA Server Management. The ISA Server console opens. f. Expand FLORENCE and click Firewall Policy. g. In the right pane, select the first rule (or Default rule if no other rules are defined) to indicate where the new rule is added to the rule list. h. In the task pane, on the Tasks tab, click Publish a Mail Server. The New Mail Server Publishing Rule Wizard opens. This is a specialized version of the general New Server Publishing Rule Wizard and New Web Publishing Rule Wizard. i. In the New Mail Server Publishing Rule Wizard dialog box, in the Mail Server Publishing Rule name text box, type Publish mail, and then click Next. j. On the Select Access Type page, select Client access: RPC, IMAP, POP3, SMTP and click Next. k. On the Select Services page, complete the following information: POP3 - Standard port: enable SMTP- Standard port: enable Leave all other check boxes disabled and then click Next. l. On the Select Server page, in the Server IP address text box, type 10.2.1.2 and click Next. m. On the IP Addresses page, select External checkbox, and click Next. n. On the Completing the New Mail Server Publishing Rule Wizard page, click Finish. Two new server publishing rules are created: Publish mail POP3 Server, and Publish mail SMTP Server. o. Click Apply to apply the new rules, and then click OK. Web client access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server a. In the right pane, select the first rule to indicate where the new rule is added to the rule list. b. In the task pane, on the Tasks tab, click Publish a Mail Server. c. In the New Mail Server Publishing Rule Wizard dialog box, in the Mail Server Publishing Rule name text box, type Publish mail (OWA), and then click Next.
d. On the Select Access Type page, select Web client access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync and then click Next.
Moshiur Rahman
Handbook of Exchange Server 2003 and ISA Server configuration: The remainder of the wizard pages is a specialized version of the general SSL Web Publishing Rule Wizard. e. On the Select Services page, complete the following information: Outlook Web Access: enable (is default) Outlook Mobile Access: disable (is default) Exchange ActiveSync: disable (is default) Enable high bit characters used by non-English character sets: enable (is default) and then click Next. f. On the Bridging Mode tab, click each of the three options, to see the different OWA publishing scenarios. The yellow lock icon represents an HTTPS (SSL) connection. No yellow lock icon represents an HTTP connection. g. On the Bridging Mode tab, select Secure connection to clients and mail server, and then click Next. h. On the Specify the Web Mail Server page, in the Web mail server text box, type denver.contoso.com and click Next. The specified name of the Web mail server must match exactly the name in the Web Server certificate on Denver. Otherwise Internet Explorer on the client computers fails to connect, and displays an error message (500 Internal Server Error - The target principal name is incorrect). i. On the Public Name Details page, complete the following information: Accept requests for: This domain name (type below): Public name: mail.contoso.com and then click Next. The specified public domain must match exactly the name in the Web Server certificate on Florence. Otherwise the connecting client computers will display a security alert message (The name on the security certificate is invalid.). j. On the Select Web Listener page, in the Web Listener list box, select External Web 443 and click Next. k. On the User Sets page, click Next. l. On the Completing the New Mail Server Publishing Rule Wizard, click Finish. A new Web publishing rule is created which publishes the three OWA virtual directories on the Web site denver.contoso.com as mail.contoso.com on the External network.
Moshiur Rahman
Moshiur Rahman is working as a System & Network administrator from past 10 years. He has worked with CIMSOLUTIONS V.B- The Netherlands, Expolanka Group, Bangladesh and Proshika Computer Systems. He has achieved Microsoft Certified IT professional (MCITP) certification and many other certifications like CCNA, MCTS. He has graduated from the Bangalore University, Bangalore, India and Completed M.Sc in Computer Science & Engineering degree from the Stamford university, Bangladesh.
Moshiur Rahman