exchange deployment checklists

Exchange Server 2007 Deployment Checklists

Technical White PaperPublished: August 2007

CONTENTS

Executive Summary............................................................................3

Introduction.......................................................................................5

Exchange Server Deployment Process.................................................7

Pre-Installation Deployment Checklist

.........................................................................................................

10

Hub Transport Server Checklist

.........................................................................................................

13

Edge Transport Server Checklist

.........................................................................................................

16

Mailbox Server Checklist

.........................................................................................................

19

Client Access Server Checklist

.........................................................................................................

22

Unified Messaging Server Checklist

.........................................................................................................

23

Conclusion

.........................................................................................................

25

For More Information

.........................................................................................................

26

Appendix: Deployment Worksheets

.........................................................................................................

27

Exchange 2007 Pre-Installation Checklist 27

Exchange 2007 Hub Transport Server Installation and Configuration 29

Exchange 2007 Edge Transport Server Installation and Configuration 32

Exchange 2007 Client Access Servers 34

Exchange 2007 CCR Mailbox Server Installation and Configuration 36

Exchange 2007 UM Server Installation and Configuration 40

EXECUTIVE SUMMARY

The Exchange Messaging team within Microsoft Information Technology (Microsoft IT)

started the production rollout of Microsoft® Exchange Server 2007 at full scale in July 2006

using the beta 2 version of the product. For more than a year prior to this event, the

Exchange Messaging team had deployed Exchange Server 2007 in the pre-release

production environment to help the Exchange Server product group evaluate enterprise

readiness.

The first server installation took place in the pre-release production environment in February

2005, more than 22 months before the product shipped. To put this time frame into

perspective, Microsoft Exchange 2000 Server pre-release verification started three weeks

before the release to manufacturing (RTM) date and the Microsoft Exchange Server 2003

pre-release verification period was only six months. This shows how strong the relationship

between the Exchange Server Product group and the Exchange Messaging team has grown

over recent years. In fact, the Exchange Server Product group does not ship product versions

or service packs now until the Exchange Messaging team signs off on the enterprise

readiness. To demonstrate the enterprise readiness of the new Exchange Server version to

customers, the Exchange Messaging team committed to perform the transition of the entire

corporate production mailbox environment prior to the official RTM date. The team only had

five months to finish the deployment in a large enterprise messaging environment with

demanding power users.

The Exchange Messaging team deployed 61 Mailbox servers, 6 Edge Transport servers, 14

Hub Transport servers, 11 Unified Messaging (UM) servers with supporting Voice over

Internet Protocol (VoIP) gateways, and 30 Client Access servers. The Mailbox servers

correspond to 122 server computers because all Mailbox servers are clustered systems

based on Cluster Continuous Replication (CCR) to ensure high availability. There are

130,000 mailboxes in the corporate production environment, which means that during the

production rollout, the Exchange Messaging team moved between 1,000 and 1,500

mailboxes per server from Exchange Server 2003 to Exchange Server 2007 every day,

including weekends. In this fast-paced project, checklists represented an essential

deployment tool.

A deployment checklist is a catalog or a structured document with detailed instructions

outlining individual installation and configuration tasks to ensure deployment success. The

guiding principle is part of every Exchange Server 2007 deployment because the Setup

program includes readiness checks to guide administrators through a number of assessment

steps prior to the actual server installation. These readiness checks proactively cover the

most typical issues to help customers deploy Exchange Server 2007 successfully. In

addition, IT organizations can benefit from explicit checklists to coordinate and account for all

deployment steps and to apply them consistently.

This technical white paper discusses the deployment checklists that the Exchange

Messaging team created based on the Exchange Server 2007 architecture and design

specifications for the corporate production environment.

The first two sections briefly reiterate the reasons why the Exchange Messaging team uses

checklists, and the sections explain the Microsoft IT server life-cycle management process.

These sections also discuss the usefulness of checklists from a decision maker's point of


Situation

To drive excellence in server deployments, the Exchange Messaging team within Microsoft Information Technology (Microsoft IT) relies on checklists. Checklists help to ensure consistency and completeness when carrying out deployment tasks, and they minimize deployment risks and save time.

Solution

Microsoft IT transitioned the corporate production environment, with 150,000 mailboxes, to Exchange Server 2007 in less than six months, and decommissioned the last Exchange 2003 Mailbox server shortly after Exchange Server 2007 released to manufacturing. The deployment checklists discussed in this technical white paper are a cornerstone of this success.

Benefits

Strong project management

Improved IT staff productivity

Clear communication process

Accelerated deployment progress

Reduced deployment risks

Products & Technologies

Microsoft Windows Server 2003

Microsoft Exchange Server 2003

Microsoft Exchange Server 2007

Microsoft Systems Management Server 2003 Desired Configuration Monitoring v2.0

Clustered servers

Cluster Continuous Replication

view and highlight the responsibilities of the Exchange Messaging team within the overall

Microsoft IT organization.

The third section, "Pre-Installation Deployment Checklists," covers the tasks the Exchange

Messaging team performs to prepare servers for later installation of a specific server role. In

some cases, a server role requires additional configuration. These tasks are role-specific and

are listed in checklist form.

The next sections provide detailed discussions of the various checklists that the Exchange

Messaging team created for the individual server roles.

This technical white paper also includes an appendix titled "Deployment Worksheets," which

contains a set of worksheet templates that are derived from the Exchange Messaging team

checklists. These worksheet templates can serve as a starting point to create custom

checklists based on the specific needs of an IT organization.

This technical white paper contains information for technical decision makers and IT

implementers who are planning to deploy Exchange Server 2007. This paper assumes that

the audience is already familiar with the concepts of Windows Server® 2003 operating

system, the Active Directory® directory service, and previous versions of Exchange Server. A

high-level understanding of the new features and technologies that are included in Exchange

Server 2007 is also helpful. Detailed product information is available in the Microsoft

Exchange Server 2007 Technical Library at

http://www.microsoft.com/technet/prodtechnol/exchange/2007/library/default.mspx.

Note: For security reasons, the sample names of forests, domains, organizations, and other

internal resources mentioned in this paper do not represent real resource names used within

Microsoft and are for illustration purposes only.


http://www.microsoft.com/technet/prodtechnol/exchange/2007/library/default.mspx

INTRODUCTION

The Exchange Messaging team uses checklists for three important reasons:

They help the team to verify the architecture and design specifications

They outline the deployment steps in detail

They serve reporting purposes

The Systems Engineering group within the Exchange Messaging team creates the

architecture and design specifications for the messaging environment, which the systems

engineers validate in an engineering lab that closely mirrors the server configurations in the

production environment, yet without production users. After the systems engineers finalize

the specifications, the Systems Management group within the Exchange Messaging team

takes over to produce build documents and deployment checklists based on the chosen

architectures and designs.

Especially during the first server installations in the corporate production environment, the

Systems Engineering group and the Systems Management group collaborate very closely.

The Systems Management group reviews the design specifications for acceptance and

implementation, performs representative server installations with the help of the Systems

Engineering group, and creates the checklists that precisely outline the installation process.

The checklists also enable the Systems Management group to manage individual

assignments within the deployment project and to track progress. The Exchange Messaging

team not only uses the checklists to carry out installation and configuration tasks, it also uses

the checklists to document the work that is performed. In this way, the checklists are an

important project management tool.

The deployment checklists provide the Exchange Messaging team with the following benefits:

Strong project management. The Exchange Messaging team manages projects based

on the Microsoft Solutions Framework (MSF). To meet the goal of completing the

deployment within project constraints, the project manager uses checklists to track

progress, coordinate resources, and manage the overall budget.

Clear communication processes. According to the MSF team model, individual team

members communicate with the project manager. The project manager then

communicates progress to the project sponsor and other stakeholders. Checklists

facilitate these communication processes because they are a tool to report progress.

Improved IT staff productivity. Deploying Exchange Server 2007 is a team effort, and

checklists help to coordinate the team's activities. Checklists also help to ensure reliable

and consistent task completion.

Reduced deployment risks. Checklists are a means to identify potential issues during

the first server deployments and to avoid these issues in all subsequent installations.

When operators deploy servers in the corporate production environment based on the

checklists, they get it right the first time because all installation steps are tested and

proven.

Accelerated deployment progress. Less deployment risk directly translates into

accelerated deployment progress because the team spends less time troubleshooting

installation issues. In the event of an installation problem, such as a hardware

configuration issue, the checklists provide the necessary guidelines and contact

information to resolve issues.


Note: For detailed information about MSF, see the Microsoft Solutions Framework section on

Microsoft TechNet, available at

http://www.microsoft.com/technet/solutionaccelerators/msf/default.mspx.


http://www.microsoft.com/technet/solutionaccelerators/msf/default.mspx

EXCHANGE SERVER DEPLOYMENT PROCESS

Across the entire IT organization, Microsoft IT provisions approximately 200 servers each

month. Accordingly, Microsoft prefers to purchase hardware in bulk, requesting bids from

multiple vendors for the entire order volume to get the best price. This process can take from

30 through 60 days to install an ordered server in a data center. Only in urgent cases does

Microsoft order directly from a supplier, accepting additional expenses of from 6 through 8

percent to shorten the procurement process.

Note: For detailed information about the Exchange Server 2007 deployment process and

options, see the Deployment section on Microsoft TechNet, available at

http://technet.microsoft.com/en-us/library/bb123895.aspx.

The Exchange Messaging team has implemented the following process to design and deploy

computers for Exchange Server 2007 in the data centers:

1. Server design. The Exchange Systems Engineering group creates the architectures

and designs for all Exchange Server–related components and technologies. This work

includes the server designs, which the systems engineers define based on a list of

approved hardware components that the Hardware Engineering team maintains. For

each individual server type, the systems engineers create stock keeping unit (SKU)

documents that precisely outline the hardware and storage configuration.

The SKU document is a Microsoft Office Excel® workbook. On separate worksheets, the

SKU document lists the hardware parts, memory configuration, physical disk

arrangement, and logical storage configuration. By default, SKU documents expire after

six months, yet systems engineers can extend this time or update the designs to keep

pace with evolving hardware technologies. The Exchange Messaging team maintains

the SKU documents in a document library based on Microsoft Office SharePoint®

Server 2007.

Note: The typical Microsoft IT server procurement process makes use of a standard

server configuration, which for most servers is a dual-core x64 system with 4 gigabytes

(GB) of memory and two 146 GB disks. This is a utility server, designed to be integrated

into a storage area network (SAN). Microsoft teams that need a file server or database

server can order this system without having to specify a custom design. Minor

modifications are possible, such as additional processors or memory, yet substantial

engineering exceptions, such as those required for Exchange Server 2007, go beyond

the scope of the standard configuration.

2. Server ordering. The Exchange Program Management team is responsible for

managing the server deployments. For each server role, an individual program manager

works with stakeholders to determine business and technical requirements, organize the

necessary resources, and guide the project to completion. It is the task of the Exchange

Program Management team to order new server hardware for deployment in the data

centers. To order a new server, the Exchange Program Management team informs a

release manager in the Infrastructure Management team, who then places a server

order. The server order includes a link to the corresponding SKU document with the

hardware configuration details.


http://technet.microsoft.com/en-us/library/bb123895.aspx

3. Lifecycle management. Within Microsoft IT, the Infrastructure Management team is

responsible for managing the entire server life cycle. This team coordinates the server

provisioning processes and maintains an internal line-of-business (LOB) application,

called the Microsoft Service Enterprise Change Tracking tool, to keep track of the

servers as they are purchased, moved between data centers, or decommissioned. For

new server orders, the release manager creates an ordering ticket in the change-

tracking tool. The ordering ticket includes among other information an internal order

number to track expenses against budgets, the name of the approving manager, and a

link to the SKU document.

4. Functional approval and right-sizing processes. Before the order reaches the

hardware-purchasing desk, the ordering ticket goes through functional approval and

right-sizing processes in the Data Center Operations group to ensure that the server

hardware is properly designed for the intended purposes. The Data Center Operations

group maintains all production servers worldwide, including physical hardware and

operating systems. A data center manager verifies the order ticket to ensure that the

purchase is justified and that rack space is available in the data center to accommodate

the new server.

5. Hardware purchasing. Upon approval through the Data Center Operations group, the

order reaches the hardware purchasing desk, which generates a purchasing order within

an internal LOB application, called MS Market. MS Market notifies a group manager in

the Exchange Messaging team for final approval.

6. Order and delivery confirmation. Approved purchase orders reach the vendor, who

informs the Microsoft release manager through e-mail about the exact costs of the

ordered server and the shipping date. MS Market only provides estimated information

regarding the costs. To help the Exchange Program Management team track exact

expenses, the release manager updates the cost information on the order ticket with the

actual amount that the vendor communicated. The release manager also handles data

center–related configurations, such as registering the new server in the IT configuration

(IT config) database. IT config is an internal configuration management solution to track

details about each server in the data centers, including server name, SKU, and other

configuration information.

7. Hardware and operating system installation. The Data Center Operations group uses

the IT configuration and SKU information to verify that the delivered hardware is correct.

The group mounts the hardware in the data center; configures the disks and partitions

the storage as outlined in the SKU document; connects the new server to the network;

installs the operating system, including all relevant updates; adds the new server to the

appropriate domain; and deploys any required management software. The Exchange

Messaging team uses the Standard Server Platform, which is a standard server

configuration that includes required service updates for applications and operating

systems, plus other Microsoft and third-party services or tools that are necessary to

manage servers in an enterprise environment. Following the installation of the operating

system and relevant updates through the Standard Server Platform, a second engineer

from the Data Center Operations group verifies the system configuration, and then

informs the backup team to start configuring the backup solution.

8. Exchange Server 2007 installation. Up to this point, the Exchange Messaging team

has not yet modified the server configuration. When the Data Center Operations group


marks the server installation as completed, the release manager informs the program

manager, who originally ordered the hardware, that the new server is ready for the

Exchange Messaging team to continue the server installation process. The program

manager, in turn, informs the Exchange Systems Management team to perform the

installation of Exchange Server 2007 and the latest security updates. All Exchange

Server administrators are located in Redmond, Washington. The Exchange Systems

Management team performs the Exchange Server 2007 deployment remotely, by using

a remote desktop connection.


PRE-INSTALLATION DEPLOYMENT CHECKLIST

Prior to performing the configuration tasks that are unique to each server role, the Exchange

Messaging team prepares servers by installing prerequisite components, making initial

configuration changes, and generally ensuring that servers are ready for installation of a

specific server role. For each server, the Exchange Messaging team follows a pre-

installation checklist that includes the following items:

1. Verify general server configuration. In a large-scale deployment with different teams

acquiring and installing the server hardware, it is important to check that the general

server configuration matches the Exchange Server 2007 requirements prior to installing

a server role. For example, the Exchange Messaging team checks CPU, memory,

network adapters, disk configuration, and drive letter assignments, as documented in

SKUs. The Exchange Messaging team runs a custom script to verify that the server

configuration matches SKU specifications.

Note: The Microsoft IT Showcase Note on IT "Going 64-bit with Microsoft Exchange

Server 2007" (http://www.microsoft.com/technet/itshowcase/exchange.mspx) provides

detailed information about the hardware configuration that the Exchange Messaging

team selected for each server type.

2. Configure the page file size. According to product recommendations, the page file size

on the C drive must be set to "total" amount of physical memory, plus 10 megabytes

(MB). For example, for servers with 8 GB of memory, the Exchange Messaging team

sets the size of the page file to 8,192 MB (8 GB + 10 MB).

3. Verify installation of current service pack. In addition to installing Windows

Server 2003 or Windows Server 2003 R2, the Exchange Messaging team installs the

latest service pack for Windows Server as a best practice. To verify the service pack

version, the Exchange Messaging team engineers log on to the server, click Start, click

Run, and then type Winver.

Note: The Exchange Messaging team uses the srvinfo tool from the Windows

Server 2003 Resource Kit to collect information about the service pack level.

4. Configure a static IP address. According to product documentation, Exchange servers

must be configured with a static IP address, subnet mask, and default gateway. In

addition, because Exchange Server 2007 is heavily dependent on Domain Name

System (DNS) functioning correctly, at least one valid DNS address and valid DNS suffix

must be specified. When configuring these network settings, the Exchange Messaging

team also verifies that both the network interface card (NIC) and the switch are enabled

for full duplex communication.

5. Verify domain and site. The Exchange Messaging team checks each server to verify

that the server is in the proper domain and site by entering the following commands in a

Command Prompt window: NLTEST /parentdomain and NLTEST /dsgetsite. This step

is critical to ensure proper Hub Transport routing.

Note: The NLTEST tool is included in the Windows Server 2003 Support tools package

on the Windows Server 2003 media.


http://www.microsoft.com/technet/itshowcase/exchange.mspx

6. Verify security and organizational unit (OU) membership. After obtaining the proper

security groups that are developed during the permissions and administration model

design for the environment, the Exchange Messaging team adds security groups as

members of the local administrators group on the Exchange Server. Additionally, the

Exchange Messaging team verifies that the server is in the correct OU within the

Messaging path by checking the path in Active Directory Users and Computers.

7. Verify installation of .NET Framework version 2.0. According to the Exchange

Server 2007 requirements, Microsoft .NET Framework version 2.0 must be installed on

the server. Microsoft .NET Framework version 2.0 Redistributable Package can be

downloaded at the following URL: http://www.microsoft.com/downloads/details.aspx?

familyid=B44A0000-ACF8-4FA1-AFFB-40E78D788B00&displaylang=en. When .NET

Framework version 2.0 is installed, the hotfix that is mentioned in Microsoft Knowledge

Base (KB) article 924895 must also be applied.

Note: When using Windows Server 2003 R2, Microsoft .NET Framework version 2.0 can

be installed via Add/Remove Windows Components.

8. Verify installation of Microsoft Management Console (MMC) 3.0. Because the

Exchange Server 2007 Management Console relies on features that are specific to

MMC 3.0, MMC 3.0 must be installed on the server. To verify the installation of

MMC 3.0, Exchange Messaging team engineers click Start, click Run, and then type

MMC.exe. In the MMC window, they click Help, and then click About. If MMC 3.0 has

not been installed, you can download the required update at the following URL:

http://support.microsoft.com/kb/907265.

Note: When using Windows Server 2003 R2, MMC 3.0 is installed by default.

9. Install Windows PowerShell 1.0. Both the Exchange Server 2007 Management

Console and the Exchange Management Shell make extensive use of Windows

PowerShell, therefore Windows PowerShell must be installed on the server. You can

download Windows PowerShell from the following URL:

http://www.microsoft.com/downloads/details.aspx?familyid=22E607F4-F854-497F-9548-

770477E4B71D&displaylang=en.

10. Configure antivirus. To help protect the operating system, the Exchange Messaging

team uses an operating system antivirus solution that is configured through a script to

ensure that the antivirus program does not scan the Exchange extensions and

directories. After installing Exchange Server 2007, the Exchange Messaging team

installs, configures, and optimizes Microsoft Forefront Security for Exchange Server on

Edge Transport and Hub Transport servers to ensure messaging-level antivirus

protection.

11. Verify installation of regional code pages. The Exchange Messaging team verifies the

installation of all regional code pages in Windows in order to eliminate any potential

language issues with non-U.S. clients. Team members accomplish this verification by

clicking Start, clicking Control Panel, clicking Regional and Language Options, and

then verifying that all code page check boxes have been selected under the Advanced

and Language tabs.


http://www.microsoft.com/downloads/details.aspx?familyid=22E607F4-F854-497F-9548-770477E4B71D&displaylang=en

http://www.microsoft.com/downloads/details.aspx?familyid=22E607F4-F854-497F-9548-770477E4B71D&displaylang=en

http://support.microsoft.com/kb/907265

http://www.microsoft.com/downloads/details.aspx?familyid=B44A0000-ACF8-4FA1-AFFB-40E78D788B00&displaylang=en

http://www.microsoft.com/downloads/details.aspx?familyid=B44A0000-ACF8-4FA1-AFFB-40E78D788B00&displaylang=en

12. Install Internet Information Services (IIS) snap-in. In order for the Exchange

Management Console to work properly, the IIS snap-in should be installed on the

Mailbox, Client Access, Hub, and UM servers. For Mailbox and Client Access servers,

the Exchange Messaging team installs IIS with the World Wide Web Publishing Service,

whereas for Hub and UM servers the Exchange Messaging team installs IIS without the

World Wide Web Service.

13. Verify installation of mandatory security updates. The Exchange Messaging team

verifies that no mandatory post-SP2 security updates are still needed by using Microsoft

Windows Update or Windows Server Update Services (WSUS). For more information

about the required hotfixes per role, see the Exchange Server TechNet Library at

http://technet.microsoft.com/en-us/library/aa996719.aspx.

14. Enable monitoring. The Exchange Messaging team uses Microsoft Operations

Manager to monitor Exchange servers. Correspondingly, all Exchange servers are

enabled for Microsoft Operations Manager monitoring. To avoid false alerts, the

Exchange Messaging Team enables monitoring after placing each server in the

production environment.


http://technet.microsoft.com/en-us/library/aa996719.aspx

HUB TRANSPORT SERVER CHECKLIST

The installation checklist that the Exchange Messaging team developed for Hub Transport

server deployment includes the following items:

1. Verify that the Network News Transport Protocol (NNTP) and Simple Mail Transfer

Protocol (SMTP) services are not installed. According to product requirements, the

NNTP and SMTP services must not be installed on the server. The NNTP service has

been discontinued with Exchange Server 2007 and the product now includes its own

SMTP transport stack. This means Exchange Server 2007 is no longer dependent on the

Windows SMTP component.

2. Install the Hub Transport role by using Unattended Setup. Although the new

Exchange Server 2007 Installation wizard substantially simplifies the steps necessary to

install Exchange Server 2007, the Exchange Messaging team installed each of the

12 Hub Transport servers that are deployed at Microsoft by using Unattended Setup

through the following command:

Setup.com /m:install /r:h /targetdir:<drive\installation path>

/DoNotStartTransport

According to Exchange partitioning best practices, the Exchange Messaging team

installs the operating system and Exchange Server 2007 binaries on separate partitions.

This setup increases performance and reduces the data that have to be recovered, for

example, during a disk failure.

Note: The /DoNotStartTransport parameter ensures that the Microsoft Exchange

Transport Service is not started after the Hub Transport server role has been installed.

This makes sure the server does not accept e-mail messages, so any additional

configuration settings can be performed.

Delete the default Receive connectors. The Exchange Messaging team deletes the two

default Receive connectors that are created during the installation of the Exchange 2007 Hub

Transport server role. To delete the default Receive connectors, the Exchange Messaging

team opens the Exchange Management Shell by clicking Start, clicking All Programs,

clicking Microsoft Exchange, clicking Exchange Management Shell, and then runs the

Get-ReceiveConnector -server <server name> cmdlet to obtain the list of connectors. This

procedure produces an output similar to the following.

Identity Bindings Enabled

-------- -------- -------

<server name>\Default <server name> {0.0.0.0:25} True

<server name>\Client <server name> {0.0.0.0:587} True

To delete the two Receive connectors, Exchange Messaging team members run the

following command. It should be noted that if this command is improperly formed, the

command can remove all Receive connectors in the Exchange organization. Exercise

extreme care when executing this command.

Get-ReceiveConnector -server <server name> | Remove-ReceiveConnector


3. Create new Receive connector by using custom Windows PowerShell script. With

the two default Receive connectors deleted, the Exchange Messaging team runs a

custom Windows PowerShell script, which creates a new Receive connector with values

similar to those in Table 1, and configures the server settings of the Hub Transport

server with the values that are listed in Table 2.

Table 1. Receive Connector Configuration

Object property name Value

AuthMechanism ExchangeServer

Bindings 0.0.0.0:25

FQDN Server FQDN

MaxInboundConnection 5000

MaxMessagesPerConnection 50

MaxRecipientsPerMessage 10000

MaxHopCount 30

PermissionGroups ExchangeServers, ExchangeLegacyServers

RemoteIPRanges {0.0.0.0-255.255.255.255}

ProtocolLoggingLevel Verbose

Table 2. Hub Transport Server Configuration


MessageTrackingLogEnabled $true

MessageTracjingLogSubjectLoggingEnabled

$true

MaxOutboundConnections 1000

MessageTrackingLogMaxAge 10:00:00:00

MessageTrackingLogMaxDirectorySize 150 GB

MessageTrackingLogMaxFileSize 100 MB

MaxPerDomainOutboundConnections 50

ReceiveProtocolLogMaxAge 30:00:00:00 (Default)

ReceiveProtocolLogMaxDirectorySize 15 GB

ReceiveProtocolLogMaxFileSize 100 MB

SendProtocolLogMaxAge 30:00:00:00 (Default)

SendProtocolLogMaxDirectorySize 15 GB

SendProtocolLogMaxFileSize 100 MB

ExternalDsnReportingAuthority domain.com



ExternalPostmasterAddress [email protected]

InternalPostmasterAddress [email protected]

OutboundProtocolLoggingLevel Verbose

TotalQueuedMessagesEnableDehydration Default

PickupDirectoryMaxRecipientsPerMessage

10000

4. Change the location for the transaction logs. The Hub Transport servers deployed

across Microsoft handle approximately 2.5 million messages per day. To achieve optimal

performance on the Hub Transport servers, the Exchange Messaging team moved the

queue database transaction log files to a separate partition. The Exchange Messaging

team accomplished moving the transaction logs in conjunction with using the

/DonotstartTransport flag. Because the transport services do not start, the services do

not create the log files or database.

In case the logs need to be moved later, the Exchange Messaging team first stops the

MSExchangeTransport service by running Stop MSExchangeTransport in the

Exchange Management Shell. Then, the team copies the trnxxxx.log and *jrs files from

C:\Program Files\Exchange Server\TransportRoles\data\queue to the new location on

the other partition, and then opens the EdgeTransport.exe.config file located in C:\

Program Files\Exchange Server\bin. In EdgeTransport.exe.config, Exchange Messaging

team members change the following key under <appSettings> so that the key refers to

the new path:

<add key="QueueDatabaseLoggingPath" value = "C:\Program Files\Microsoft\Exchange

Server\TransportRoles\data\Queue" />

After changing the path, the Exchange Messaging team saves the file, and then starts

the MSExchangeTransport service again by running the Start MSExchangeTransport

command in the Exchange Management Shell. Additionally, the Exchange Messaging

team grants the BuiltIn\Network Service account read and write permissions to the new

transaction log directory because the permissions are not granted by default.

5. Verify mail flow. When a Mailbox server has been deployed in the same Active

Directory site as the respective Hub Transport server, the Exchange Messaging team

tests the mail flow by running the Test-MailFlow command. The team also completes

the following tests:

A. Create a new test mailbox on the Mailbox server.

B. Send a few sample messages from a couple of test mailboxes to a few recipients

located on other Mailbox servers in the corporate production environment.

C. Verify successful delivery of the e-mail messages.

D. Send a few sample e-mail messages from test mailboxes to Internet e-mail

addresses and verify successful delivery.


EDGE TRANSPORT SERVER CHECKLIST

In the perimeter network, the Extranet Services team manages the underlying network and

related configuration, whereas the Exchange Messaging team manages the Edge Transport

servers. The Exchange Messaging team developed an installation checklist to ensure the

completion of all required steps. The installation checklist that the Exchange Messaging team

developed for Edge Transport server deployment includes the following items:

1. Verify the Edge Transport servers are deployed in the perimeter network and are

not part of an internal Active Directory domain. The Exchange Server 2007 Edge

Transport server is the only server role that must be deployed in the perimeter network,

not on the internal network like the rest of the Exchange 2007 server roles. The

Exchange Messaging team installs the Edge Transport role in the external Active

Directory domain to facilitate administration and monitoring.

2. Configure DNS suffix. The DNS suffix must be created on the server before the Edge

Transport server role is installed. To create the DNS suffix, the Exchange Messaging

team engineers click Start, click Control Panel, and then double-click System to open

the System Properties. Then, they click the Computer Name tab, and then Change.

On the Computer Name Changes page, the engineers click More. In the Primary DNS

suffix of this computer field, they type a DNS domain name and suffix for the server,

and then click OK three times.

3. Install the Edge Transport server role using Unattended Setup. The Exchange

Messaging team installed each of the six Edge Transport servers by using Unattended

Setup. To install the Edge Transport server role by using Unattended Setup, open a

Command Prompt window, navigate to the share or media that contains your Exchange

Server 2007 Setup files, and then run the following command:

Setup.com /m:install /r:e /targetdir:<drive\installation

<path>/DoNotStartTransport

The Exchange Messaging team uses the /DoNotStartTransport flag while installing the

Edge Transport server role in order to stop the Edge Transport server after the server is

installed. This procedure prevents the server from accepting e-mail messages in the

Active Directory site before the Exchange Messaging team completes configuring the

server.

4. Subscribe the Edge Transport server. The Exchange Messaging team subscribes an

Edge Transport server by creating an Edge subscription XML file on the Edge Transport

server through the following command:

New-EdgeSubscription -Filename <path to XML File> -

CreateInternetSendConnector $false -CreateInboundSendConnector

$false

Next, the Exchange Messaging team transfers the XML file to a Hub Transport server in

the organization and imports the XML file by running the following command:

New-EdgeSubscription -FileName <Path to local XML file> -

CreateInternetSendConnector $false -CreateInboundSendConnector

$false -Site <local AD Site>


5. Deleting the default Receive connector. The Exchange Messaging team deletes the

default Receive connectors that are created during the installation of the Exchange 2007

Edge Transport server role by first retrieving the current Receive connectors, and then

deleting them.

6. Create a new Receive connector by using a custom PowerShell script. With the two

default Receive connectors deleted, the Exchange Messaging team runs a custom

PowerShell script, which creates new Receive connectors with values similar to those in

Table 3, and configures the server settings of the Edge Transport server with the values

listed in Table 4.

Table 3. Receive Connector Configuration


Bindings 0.0.0.0:25

FQDN Server FQDN



MaxHopCount 30

RemoteIPRanges {192.168.0.1, 192.168.0.2, 192.168.0.3}


Usage Internal

Note: The Exchange Messaging team uses Verbose logging for troubleshooting. Verbose

logging requires significantly more disk space than other logging options. The logs in the

enterprise production environment reach approximately 70 GB for every two weeks of logging

per server.

Table 4. Edge Transport Server Configuration



MessageTrackingLogSubjectLoggingEnabled $true















PickupDirectoryMaxRecipientsPerMessage 10000


MAILBOX SERVER CHECKLIST

The Exchange Messaging team deployed Cluster Continuous Replication (CCR)-based

Mailbox servers in the production environment, which included installing and configuring

Exchange Server 2007 on both active and passive nodes. The installation checklist that the

Exchange Messaging team developed for Mailbox server deployment includes the following

items:

1. Gather prerequisites. Before installing clustered Mailbox servers, the Exchange

Messaging team gathers prerequisite details, such as the location of the share where the

Exchange Server 2007 installation file is located, as well as the name and IP address of

the clustered Mailbox server on which to install the CCR Mailbox server.

2. Install clustering services. Next, the Exchange Messaging team installs Windows

Clustering.

3. Set specific cluster settings. The Exchange Messaging team configures two settings

on the clustered servers, one for the cluster log size and one to disable event log

replication, as follows.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session

Manager\Environment]

"ClusterLogSize"="32"

C:\Documents and Settings\<localmachine>cluster /cluster:<server

name> /prop EnableEventLogReplication=0

4. Enable and configure Majority Node Set (MNS) quorum with file share

witness. After deploying Cluster Service, the Exchange Messaging team changes the

quorum to a MNS and sets a private property on the majority node set to access a file

share. This procedure is accomplished through the cluster res “Majority Node Set”

/priv MNSFileShare=\\Servername\Directory command.

5. Install the Mailbox server role on the active node. To install the Mailbox server role

first on the active node, the Exchange Messaging team uses the Exchange 2007

graphical user interface (GUI) setup, selects Custom Exchange Server Installation on

the Installation Type screen, and checks Active Clustered Mailbox Role on the

Server Role Selection screen. The setup requests the server name and IP address,

which the team retrieved in Step 1.

6. Install the Mailbox server role on the passive node. The passive node installation is

similar to the active server node installation. The Exchange Messaging team uses the

Exchange 2007 setup GUI, selects Custom Exchange Server Installation on the

Installation Type screen, and selects Passive Clustered Mailbox Role on the Server

Role Selection screen. The setup requests the server name and IP address, which the

team retrieved in Step 1.

7. Delete the first storage group and mailbox database. When the Mailbox server role is

installed, the Exchange Messaging team deletes the first storage group and mailbox

database, in preparation for creating multiple storage groups and mailbox databases by

using a custom PowerShell script. To delete the Mailbox database, open the Exchange

Management Shell and run the following command:


Remove-MailboxDatabase -Identity "Mailbox Database"

To delete the Storage group, run the following command:

Remove-storagegroup -Identity "First Storage group"

8. Create storage groups and mailbox databases. The Exchange Messaging team uses

a custom PowerShell script to create storage groups and mailbox databases. The

Exchange Messaging team has three different types of Mailbox servers, each with its

own hardware specifications. The number of mailboxes that are to be stored on a

particular Mailbox server depends on the Mailbox server type. The Exchange Messaging

team creates either 28 or 42 storage groups (with 1 Mailbox database per storage group)

on a Mailbox server. The storage groups point to a Public Folder database on a

dedicated Public Folder server. The settings for a Mailbox server and the Mailbox

databases created on a Mailbox server type two, are listed in Table 5 and Table 6.

Note: For more information about the three different Mailbox server types that the

Exchange Messaging team uses, see the Microsoft IT Showcase Note on IT "Going 64-

bit with Microsoft Exchange Server 2007" at

http://www.microsoft.com/technet/itshowcase/exchange.mspx.

Table 5. Mailbox Database Settings on Mailbox Server Type Two


IssueWarningQuota 1700 MB

ProhibitSendReceiveQuota 2090 MB

ProhibitSendQuota 1900 MB

DeletedItemRetention 14.00:00:00

MailboxRetention 30.00:00:00

Table 6. Mailbox Server Settings on Mailbox Server Type Two


ManagedFolderAssistantSchedule "Sun.6:00 PM-Sun.8:00 PM,""Mon.6:00 PM-Mon.8:00 PM,""Tue.6:00 PM-Tue.8:00 PM,"

"Wed.6:00 PM-Wed.8:00 PM,""Thu.6:00 PM-Thu.8:00 PM,""Fri.6:00 PM-Fri.8:00 PM," "Sat.6:00 PM-Sat.8:00 PM."

MessageTrackingLogEnabled True

MessageTrackingLogMaxAge 10.00:00:00



MessageTrackingLogSubjectLoggingEnabled True


http://www.microsoft.com/technet/itshowcase/exchange.mspx


RetentionLogForManagedFoldersEnabled True

JournalingLogForManagedFoldersEnabled True

FolderLogForManagedFoldersEnabled True

SubjectLogForManagedFoldersEnabled True

LogFileAgeLimitForManagedFolders 7.00:00:00

LogDirectorySizeLimitForManagedFolders 1 GB

LogFileSizeLimitForManagedFolders 10 MB

AutoDatabaseMountDial BestAvailability

9. Create test mailboxes and verify mailbox functionality. The Exchange Messaging

team creates test mailboxes and verifies that the mailbox can be accessed by using the

different mail clients, such as Microsoft Office Outlook®, Microsoft Office Outlook Web

Access, and Exchange ActiveSync®.

10. Verify mail flow. The Exchange Messaging team also verifies that the test mailboxes

can send e-mail messages to other users on the Mailbox server in the same Active

Directory site, in other Active Directory sites in the Active Directory forest, and to and

from Internet hosts, and that the process works as expected.

11. Configure backup and Microsoft Operations Manager. As a last step, Microsoft

configures the server for backups and enables Microsoft Operations Manager clients to

monitor the server.


CLIENT ACCESS SERVER CHECKLIST

The installation checklists that the Exchange Messaging team developed for Client Access

server deployments include the following items:

1. Install RPC over HTTP Proxy component. Microsoft users have the option of

connecting to their mailboxes using Outlook Anywhere directly over the Internet, without

the need to establish a secure virtual private network (VPN) connection. Outlook

Anywhere relies on the Windows Server 2003 RPC over HTTP Proxy component;

therefore, the Exchange Messaging team installs the RPC over HTTP Proxy component,

Windows Components wizard.

2. Install Client Access server role using Unattended Setup. The Exchange Messaging

team installs each of the 30 Client Access servers by using the Unattended Setup

method by running the following command:

Setup.com /m:install /r:c /targetdir:<drive\installation path>

According to Exchange partitioning best practices, the Exchange Messaging team

installs the operating system and Exchange Server 2007 binaries on separate partitions.

This setup increases performance and reduces the data that has to be recovered, for

example, during a disk failure.

3. Customize Client Access server role by using a PowerShell script. When the Client

Access server role has been installed on the respective server, the Exchange Messaging

team runs a custom PowerShell script in order to configure Client Access services and to

fulfill the requirements that are specified in the Exchange Messaging team design

documents. For example, the Exchange Messaging team configures per-server specific

settings, such as Outlook Anywhere access, Outlook Web Access authentication

mechanisms, external URLs for Outlook Web Access, Exchange ActiveSync, Exchange

Web Services, UM IIS virtual directories, and the internal URL for the Autodiscover

service.

4. Restart server. After the Exchange Messaging team configures the Client Access

services by using a PowerShell script, the Exchange Messaging team restarts the server

in order to apply all changed configuration settings.

5. Verify Client Access server availability. When the Client Access server has been

configured according to the requirements that are specified in the messaging design

documents, the Exchange Messaging team verifies the availability of each service

provided by the Client Access. Among other things, the team verifies access to Outlook

Web Access, Exchange ActiveSync, Post Office Protocol 3 (POP3)/Internet Message

Access Protocol 4 (IMAP4), Outlook Voice Access, and Outlook Anywhere access.

6. Test cross-forest free/busy information. Because Microsoft consists of two Exchange

Server 2007 organizations (corporate and pre-release production), free/busy information

availability between users with mailboxes stored on a mailbox server in the site where

the Client Access server is deployed and users with mailboxes stored on mailbox

servers in the other forest are also verified. The Exchange Messaging team performs

this step for each server installation or upgrade. Testing free/busy information availability

entails logging in as a test user and verifying that calendar items and users from other

forests are available.


UNIFIED MESSAGING SERVER CHECKLIST

The checklist the Exchange Messaging team developed for Unified Messaging (UM) server

deployment includes the following items:

1. Install Windows Media® Encoder. Prior to installing the UM server roles, the Exchange

Messaging team installs the most recent version of Windows Media Encoder 9 on the

server. You can download the Windows Media Encoder at the following URL:

http://go.microsoft.com/fwlink/?LinkId=67406.

2. Install Windows Media Audio Codec update. Prior to installing the UM server roles,

the Exchange Messaging team installs the Windows Media Audio Codec update on the

server. You can download the fix at the following URL: http://support.microsoft.com/?

kbid=917312.

3. Install Microsoft XML (MSXML) Core Services 6.0. Prior to installing the UM server

roles, the Exchange Messaging team installs the MSXML Core Services 6.0. You can

download the MSXML Core Services 6.0 at the following URL:

http://go.microsoft.com/fwlink/?LinkId=70796.

4. Verify that mandatory security updates are installed. The Exchange Messaging team

ensures that no mandatory post-SP2 security updates are still needed by using Microsoft

Windows Update.

5. Restart server. The Exchange Messaging team restarts the server to apply all changed

configuration settings.

6. Install the UM server role by using Unattended Setup. The Exchange Messaging

team installed each of the 12 UM servers by using Unattended Setup. To install the UM

server role by using Unattended Setup, open a Command Prompt window and navigate

to the share or media containing your Exchange Server 2007 Setup files, and then run

the following command:

Setup.com /m:install /r:u /targetdir:<drive\installation path>

7. Generate speech grammars. UM servers use speech grammars to help recognize

speech commands and spoken voice. To generate the initial grammars, the Exchange

Messaging team runs the following commands from the exchsrvr\bin folder:

galgrammargenerator.exe -g -x speechgrammarfilterlist.xml

Galgrammargenerator.exe –d <dialplan1> -x

speechgrammarfilterlist.xml

8. Install UM language packs. When the UM server role is installed, only US-English text-

to-speech and Outlook Voice Access is supported by default. In order to support

additional languages, a UM language pack for each respective language must be

installed. UM language packs are offered in 16 different languages, and all 16 language

packs are included on the Exchange 2007 DVD.

Note: The UM language packs can be downloaded at the following URL:

http://technet.microsoft.com/en-us/exchange/2007/bb330845.aspx.


http://technet.microsoft.com/en-us/exchange/2007/bb330845.aspx

http://go.microsoft.com/fwlink/?LinkId=70796

http://support.microsoft.com/?kbid=917312

http://support.microsoft.com/?kbid=917312

http://go.microsoft.com/fwlink/?LinkId=67406

In order to allow non-English Microsoft employees to use their mailboxes in their native

language, the Exchange Messaging team installs all 16 UM language packs. The

Exchange Messaging team installs the UM language packs using a custom batch file,

similar to the one shown in the following command:

exsetup /addumlanguagepack:<language> /s:\\<path>\umlangpacks\

<language>e\retail\amd64

Note: The Exchange Messaging team replaces <path> with the actual installation path

and <language> with the language descriptor. For a full list of the batch file commands,

see the appendix.

After the UM language packs have been installed, the Exchange Messaging team stops

and restarts the MSExchangeUM service.


CONCLUSION

In an Exchange environment, such as the one the Exchange Messaging team designed,

deployed, and maintains, with multiple types of servers, configurations, datacenters, teams,

connectivity links, business units, and Exchange forests, keeping track of activities,

components, and ensuring order and consistency is vital. For the Exchange Messaging team,

the process entails planning and designing server specifications and documenting the

specifications to use across the infrastructure. Server roles provide a convenient method to

separate specification documents—one set of documents per role.

The Exchange Messaging team continues the systematic process of deployment by creating

checklists for each server role that include specific guidance for configuration and settings.

Using these checklists for all teams across the enterprise production environment results in

tremendous time savings, increased productivity, and perhaps most importantly, helps

maintain order and organization for multiple teams through a complex deployment process.


FOR MORE INFORMATION

For more information about Microsoft products or services, call the Microsoft Sales

Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information

Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your

local Microsoft subsidiary. To access information through the World Wide Web, go to

http://www.microsoft.com

http://www.microsoft.com/technet/itshowcase .

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

2007 Microsoft Corporation. All rights reserved.

Microsoft Active Directory, ActiveSync, Excel, Outlook, SharePoint, Windows, Windows Media, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.


http://www.microsoft.com/technet/itshowcase

http://www.microsoft.com/

APPENDIX: DEPLOYMENT WORKSHEETS

The Exchange Messaging team follows a series of checklists and worksheets for gathering

the data necessary for deployment, as well as deploying and configuring Exchange

Server 2007 server roles. In most cases, the tasks in the worksheets can be completed

independently of one another; however, the pre-build worksheet is required in each case

before installation and configuration. This appendix includes the following worksheets:

Pre-installation checklist. The Exchange Messaging team completes the tasks in this

worksheet before installing and configuring each server role.

Hub Transport server. The tasks in this worksheet include instructions for installing and

configuring Hub Transport servers.

Edge Transport server. The tasks in this worksheet include instructions for installing

and configuring Edge Transport servers.

Client Access server. The tasks in this worksheet include instructions for installing and

configuring Client Access servers.

CCR Mailbox server. The Exchange Messaging team separates the Mailbox server

installation into two worksheets: one for installing passive and active node CCR clusters

and one for configuring mailbox servers. The first worksheet deals with installation. The

second worksheet includes post-installation tasks for CCR Mailbox servers.

UM server. The tasks in this worksheet include instructions for installing and configuring

UM servers.

IT Showcase: Exchange Server 2007 Deployment Checklists Technical White PaperThis worksheet provides an overview of deployment steps that the Exchange Messaging

team performs before installing and configuring an Exchange 2007 server for use in the

Microsoft IT environment.

Table 7. Pre-Installation Checklist Worksheet

Case Task Check

Initial

1 Verify that the server hardware, network, and drive configuration are correct for CPU, memory, logical disk, and so on.

2 Verify ILO and DCRA for the Mailbox server.

3 On the C drive, set pagefile equal to "total" amount of physical RAM, plus 10 MB. For example, with 8 GB of RAM, set the pagefile to 8 GB + 10 MB.

4 Clear the Automatic System Reboot (ASR) check box. Navigate to My Computer/Properties/Advanced/Startup and Recovery, and then clear the Automatically Restart check box.

5 Install the x64 Mission Critical Server Support (MCSS) hotfix on all CCR and SCC mailbox clusters.

6 Verify that Windows Server 2003 SP1 is installed with IPAK 5.26 (64-bit) and service packs. Run the following command:

Srvinfo


Case Task Check

Initial

7 Verify that the server has a static IP address assigned. If not assigned, request an IP address to be provisioned and assign it. There is no default gateway needed on the second NIC card.

8 Verify that the duplex speed settings on all Network Adapters that are installed in the server match the switch port settings. (These are typically set to auto.)

9 Send an e-mail message to notify the production team that the server will be going into production.

10 Verify that the server is in the correct domain and site. At a command prompt on the server, type the following:

C:\> nltest /parentdomain

C:\> nltest /dsgetsite

11 After obtaining the proper security groups that are developed during the permissions and administration model design for your environment, add security groups as members of the local administrators group on the Exchange Server.

12 Verify that the computer is in the correct OU within the Messaging path. Open Active Directory Users and Computers and browse through the list.

13 Set server principal names on the Hub Transport server by using the following command:

setspn -A servername

14 Add the server to the IPSec OU.

This change takes up to 12 hours to be applied, and requires that the computer is restarted.

15 Verify that all regional code pages are installed in Windows.

in Control Panel openRegional Options. Select both the Advanced tab and the Language tab (under Supplemental Language Support), and verify that all code page check boxes are selected. Do not restart the computer if prompted to do so.

16a Install IIS for Mailbox and Client Access servers.

16b Open Add/Remove Windows Components.

Double-click Application Server.

Double-click Internet Information Services (IIS). Click World Wide Web Service.

This will auto-select Internet Information Services Manager and Common Files.

Click Next to complete the installation.

17a Install IIS for Edge, Hub, and UM servers. The IIS snap-in must be installed for Exchange Management Console to work correctly.


Case Task Check

Initial

17b Open Add/Remove Windows Components.

Click Application Server.

Click Details.

Highlight to select Internet Information Services (IIS). Click Details.

Clear the World Wide Web Service check box.

Click OK.

Click OK.

Click Next to complete the installation.

18 Optimize and lock down ETrust AV Settings.

19 Send an e-mail message to notify appropriate team that the server is as an asset for tracking.

20 Send an e-mail message to mark the server in any routing or firewall policies.

21 Verify that .NET Framework 2.0 is installed by checking Add/Remove Programs.

22 Verify the MMC version by checking the version under Help/About. If the program is not installed, install MMC 3.0.

23 Install F1.

24a Enable Edge Transport cache scripts on Client Access, Edge Transport, and Hub Transport servers by adding Network Server permissions to the D drive.

24b Right-click D:\. Click the Security tab, and then add Network Service.

Highlight and select Full Control.

25 Stop and disable the Windows Firewall/Internet Connection Sharing (ICS) service.

26 Enable Microsoft Operations Manager monitoring of Watson.

27 Run the Disk Defragmenter program on the C drive.

28 Run HFinstaller and make sure that no mandatory security updates are needed.

29 Install hotfix MS06-033 - KB917283. This hotfix is for servers with ASP.NET 2.0, which includes all of the 64-bit systems.

30 Restart the server.

IT Showcase: Exchange Server 2007 Deployment Checklists Technical White PaperMicrosoft Exchange Server 2007 Hub Transport servers are deployed inside your

organization's Active Directory environment. Hub Transport servers handle all mail flow

inside the organization, apply organizational mail flow routing rules, and are responsible for

delivering messages to a recipient's mailbox.


This worksheet provides an overview of deployment steps for installing and configuring an

Exchange 2007 Hub Transport server for use in the Microsoft IT environment. The worksheet

provides a high-level overview of deployment steps and configuration settings for an

Exchange 2007 Hub Transport Server role in standalone mode. This worksheet does not

provide instructions for configuring routing group connectors or SMTP connectors to the

Internet or to other Microsoft IT-managed Exchange forests.

Table 8. Hub Server Worksheet

Check

Initial

Pre-installation tasks

1 Complete the pre-installation checklist.

2 Verify that the disk drives are configured as follows:

Disk 0 C drive 50 GB, E drive 18 GB

Disk 1 D drive, 270 GB

3 Verify that the NNTP and SMTP services are not installed.

4 Verify that the server is part of the correct Active Directory site by running the following command:

Nltest /SERVER:<server name> /DSGETSITE

5 Verify the specific build to install.

6 Verify whether the build has been staged to the appropriate region (if necessary).

7 Install and configure Powershell. When prompted with "Do you want to run software from the untrusted publisher?" select Always Run.

Installation and configuration tasks

1 Open a Command Prompt window and change the current directory to the setup directory of the current Exchange build.

2 Run the following command to install the server role:

setup.com /m:install /r:h /t:d:\exchsrvr

/DoNotStartTransport

3 Open the Exchange Management Shell from the Start menu. Click Start, click Programs, and then click Microsoft Exchange.

4a Delete the existing Receive connectors.

4b Get the current Receive connector information and verify that the following command returns only the Receive connectors for the server that is under consideration:

Get-ReceiveConnector -server <Server Name>


Check

Initial

4c Delete the Receive connector with the following command:

Get-ReceiveConnector -server <Server Name> |

remove-ReceiveConnector

You will be prompted to remove each connector. Enter Y to delete each connector. Make sure that you are only being asked to remove the two connectors that are specified by the previous Get-ReceiveConnector command. If you are being asked to delete additional connectors, enter L (No to All) and reenter the last command at the Exchange Management Shell prompt to attempt to delete the correct connectors.

5a Create the Receive connector and configure the TransportServer object according to the Exchange Messaging team standard configuration.

5b Receive connector configuration object property name and recommended value:








ReceiveProtocolLogMaxAge 30:00:00:00 (Default)



SendProtocolLogMaxAge 30:00:00:00 (Default)





InternalPostmasterAddress [email protected]

OutboundProtocolLoggingLevel Basic

TotalQueuedMessagesEnableDehydration Default



Check

Initial

5c Transport server configuration object property name and recommended value:

AuthMechanism ExchangeServer

Bindings 0.0.0.0:25

FQDN Server FQDN


MaxMessagesPerConnection 50


MaxHopCount 30

PermissionGroups ExchangeServers, ExchangeLegacyServers

ProtocolLoggingLevel Basic

RemoteIPRanges {0.0.0.0-255.255.255.255}

ProtocolLoggingLevel Basic

Post-installation tasks

1a Share the tracking log directory: (d:\exchsrvr\transportroles\logs\MessageTracking)

1b Remove all access granted to "Everyone."

1c Grant these groups read access to the share:

< Domain>\groupA

< Domain>\groupY

< Domain>\groupZ

< Domain>\groupX

Grant these same groups access via the Security tab.

2a Move transaction log queue database to E:\Data\QueueLog.

2b Create the folder E:\data\QueueLog. This is where you will move the database log.

2c Grant full access to this folder to the user Network Service via the Security tab.

2d If the MSExchangeTransport is not already stopped, stop the service with this command in the Exchange Management Console:

Stop MSExchangeTransport

2e Copy these files from D:\exchsrvr\TransportRoles\data\queue to the new location on the E drive:

trnxxxx.log

*.jrs files

2f Edit the file EdgeTransport.exe.config located in D:\exchsrvr\bin, and add or replace the following entry under <appsettings>:

<add key="QueueDatabaseLoggingPath"

value="e:\data\queuelog\" />


Check

Initial

2g Start the MSExchangeTransport service with this command in the Exchange Management Console:

Start MSExchangeTransport

3a After first mailbox server is installed in the same site as the Hub Transport server, complete following tests before moving production mailboxes to that server.

3b Create a new test mailbox on the mailbox server.

3c Send sample messages from test mailboxes to any user in the enterprise forest and verify successful e-mail message delivery.

3d Send sample e-mail messages from test mailboxes to an Internet e-mail address and verify successful e-mail message delivery.

Exchange 2007 Edge Transport Server Installation and ConfigurationThis worksheet provides an overview of deployment steps for installing and configuring an

Exchange 2007 Edge Transport server for use in the Microsoft IT environment. The

worksheet provides a high-level overview of deployment steps and configuration settings for

an Exchange 2007 Edge Transport server.

Table 9. Edge Transport Server Worksheet

Check

Initial


1 Verify the Edge Transport is deployed in perimeter network and is not part of an Active Directory domain.

2 Configure the DNS suffix.

3 Install the Edge Transport server role by running the following command:

Setup.com /m:install /r:e /targetdir:<drive\

installation path>

4 Subscribe the Edge Transport server by running the following command:

New-EdgeSubscription -file "C: \

EdgeSubscriptionExport.xml"

New-EdgeSubscription -FileName "C:\

EdgeServerSubscription.xml" -site "AD-

Site-Name"


Check

Initial

5 Delete the default Receive connector by running the following command:

Get-ReceiveConnector -server <server name> |

Remove-ReceiveConnector

6 Create new Receive connector with the following settings:

Bindings 0.0.0.0:25

FQDN Server FQDN



MaxHopCount 30

RemoteIPRanges {65.53.213.91,65.53.213.92,65.53.213.93}


Usage Internal
















IT Showcase: Exchange Server 2007 Deployment Checklists Technical White PaperThis worksheet provides an overview of deployment steps for installing and configuring an

Exchange 2007 client access server for use in the Microsoft IT environment.

Table 10. Client Access Server Worksheet

Check

Initial


1a Traffic to the Client Access server must be drainstopped before upgrading. To drainstop a Client Access server fronting, follow these steps:


Check

Initial

1b Connect via Terminal Server to the server to be upgraded.

Run the Network Load Balancing Manager and manually drainstop the server.

Create an e-mail message to the proper team requesting that the team drainstop the server by including the following information: Server name, IP address or farm name for the various services, and ISA array name.


1 Connect via Terminal Server to the server that is being upgraded.

2 Using Task Manager, log off any active users except for yourself.

3 Start the Exchange Management Shell in Windows PowerShell. Remove all virtual directories that are associated with mail.public by using these commands and typing Enter at each confirmation prompt:

Remove-OWAVirtualIDirectory

Remove-Exchange

Remove-ExchangeWeb

4 Run the following command:

exsetup.exe /m:uninstall

Note: The computer may restart at this point. If it does, reconnect via Terminal Server after the computer restarts.

5 Go to Add/Remove Programs in the Control Panel.

6 Remove the program Windows PowerShell.

7 At a Command Prompt window, map a drive to the install directory for the current build (see the following example):

net use * \\server\build

8 Connect to the newly mapped drive.

9 Navigate to the depapps directory:

cd depapps

10 Run msh_setup.msi to reinstall Windows PowerShell, accepting all defaults during installation.

11 Navigate back to the root directory:

cd \

12 Enter the following command:

setup.com /m:install /r:c /targetdir:d:\

exchsrvr


Check

Initial

13 Copy the custom script cas_config.ps1 and the file corp-params.xml to a local directory, and then run the following PowerShell command:

config_cas.ps1 -configfile corp-params.xml -

showusage $false

14 Restart the server.

Post-installation tasks

1a Check for the availability of Office Outlook Web Access on the server by navigating to the URL http://<server name>/owa.

1b Create a meeting request through OWA and try to view the free/busy information for another user, preferably one on a different forest than the current computer.

IT Showcase: Exchange Server 2007 Deployment Checklists Technical White PaperThis worksheet provides an overview of deployment steps for installing and configuring

Exchange 2007 clustered mailbox server for use in the Microsoft IT environment.

Table 11. Mailbox Server Worksheet

Check

Initial


1a Before beginning, gather the following:

The location of the share where the Exchange Server 2007 installation file is located.

The name and IP address of the clustered mailbox server where you will install the CCR Mailbox.

1b Establish a Terminal Server connection to the active node of the cluster where you want to install the CCR Mailbox.

1c When you have established the connection, do the following to verify that clustering is set up:

Click Start. Click Cluster Administrator.

In the Open Connector to Cluster box, type a period, and then press Enter.

1d If clustering is set up, the Cluster Administrator window will display information about the cluster, including cluster IP address, cluster name, and majority node set.

Installing on the active node

1 Run the Exchange 2007 setup, Setup.exe. The setup GUI opens.


Check

Initial

2 At the Security warning, click Run. On the following screen, click Step 4: Install Microsoft Exchange.

3 On the Introduction screen, click Next.

4 On the License Agreement screen, accept the license agreement, and then click Next.

5 On the Error Reporting screen, accept the default response of Yes (Recommended), and then click Next.

6 The Installation Type screen appears. On the Installation Type screen, click anywhere in the Custom Exchange Server Installation box.

7 To specify the path for the Exchange Server installation, click Browse.

8 In the Browse For Folder window, expand My Computer. Click D_Drive, then click Make New Folder. Name the folder Exchsrvr.

9 Click OK.

10 On the Installation Type screen, verify that D:\Exchsrvr is entered in the Specify the path for the Exchange Server installation box, and then click Next. The Server Role Selection screen appears.

11 Select the Active Clustered Mailbox Role check box.

12 Click Next. The Cluster Settings screen appears.

13 Accept the default setting of Cluster Continuous Replication.

14 In the Clustered Mailbox Server Name box, enter the name of the clustered mailbox server.

15 In the Clustered Mailbox Server IP Address box, enter the IP address of the clustered mailbox server.

16 Click Next. The Readiness Checks screen appears. Note: You can ignore the warnings that appear on this screen.

17 When the screen indicates that prerequisites are complete, click Install. The Progress screen, which monitors the progress of your installation, appears. Note that installation may take several minutes, depending on the rate of Active Directory replication.

18 When the screen indicates that installation is complete, click Next. The Completion screen appears. The Completion screen confirms that the installation is complete.

19 Click Finish to exit the Exchange Server 2007 Setup program.

Installing on the passive node

1 Run the Exchange 2007 setup, Setup.exe. The setup GUI opens.

2 At the Security Warning, click Run. On the following screen, click Step 4: Install Microsoft Exchange.


Check

Initial

3 On the Introduction screen, click Next.

4 On the License Agreement screen, accept the license agreement, and then click Next.

5 On the Error Reporting screen, accept the default response of Yes (Recommended), and then click Next.

6 The Installation Type screen appears. On the Installation Type screen, click anywhere in the Custom Exchange Server Installation box.

7 To specify the path for the Exchange Server installation, click Browse.

8 In the Browse For Folder window, expand My Computer. Click D_Drive, and then click Make New Folder. Name the folder Exchsrvr.

9 Click OK.

10 On the Installation Type screen, verify that D:\Exchsrvr is entered in the Specify the path for the Exchange Server installation box, and then click Next. The Server Role Selection screen appears.

11 On the Server Role Selection screen, select the Passive Clustered Mailbox Role check box instead of the check box for the active clustered mailbox role.

12 Click Next. The Cluster Settings screen appears.

13 Accept the default setting of Cluster Continuous Replication.

14 In the Clustered Mailbox Server Name box, enter the name of the clustered mailbox server.

15 In the Clustered Mailbox Server IP Address box, enter the IP address of the clustered mailbox server.

16 Click Next. The Readiness Checks screen appears. Note: You can ignore the warnings that appear on this screen.

17 When the screen indicates that prerequisites are complete, click Install. The Progress screen, which monitors the progress of your installation, appears Note that the installation may take several minutes, depending on the rate of Active Directory replication.

18 When the screen indicates that the installation is complete, click Next. The Completion screen appears. The Completion screen confirms that the installation is complete.

19 Click Finish to exit the Exchange Server 2007 Setup program.


Check

Initial

CCR post-installation steps

1 Open Powershell. Delete the default first storage group and database by running the following commands:

Removemailboxdatabase -id:<database name>

Removestoragegroup -id:<storage group name>

2 Run the following Powershell script to create storage groups.

newStorageGroup Name:SG01 server:<server

name> logfolderpath:l:\LOG01

SystemFolderPath:l:\LOG01







Repeat this step sequentially for the number of storage groups you are creating.

3 Run the following Powershell script to create databases.

newmailboxdatabase Name:"<server name> MBX

Store 01" PublicFolderDatabase:"<database

location> PUB Store 1A"

OfflineAddressBook:"Default Offline

Address List <Location>"

StorageGroup:<name> EdbFilePath:e:\MDB01\

priv01.edb

newmailboxdatabase Name:"<server name> MBX

Store 02" PublicFolderDatabase:"<database

location> PUB Store 1A"

OfflineAddressBook:"Default Offline

Address List <Location>"

StorageGroup:<name> EdbFilePath:e:\MDB02\

priv02.edb

Repeat this step sequentially for the number of storage groups you are creating.


Check

Initial

4 Enable message tracking by running the following command:

set-transportserver <servername>

-MessageTrackingLogMaxAge:10.00:00:00

-MessageTrackingLogMaxDirectorySize:20GB

-MessageTrackingLogMaxFileSize:10MB

-MessageTrackingLogPath:d:\exchsrvr\

MessageTracking

-MessageTrackingLogEnabled:$true

-MessageTrackingLogSubjectLoggingEnabled:

$true

5 Set specific cluster settings.

[HKEY_LOCAL_MACHINE\SYSTEM\

CurrentControlSet\Control\Session

Manager\Environment]

"ClusterLogSize"="32"

C:\Documents and Settings\

<localmachine>cluster /cluster:<server

name> /prop EnableEventLogReplication=0

6 Enable LossLess.

7 Verify failover/back with the following move-clustered mailbox Powershell command.

move-clusteredmailboxserver -id <servername>

-targetmachine <servername> -movecomment

“test move for post install validation”

8 Run the following Powershell script to set mailbox limits.

get-MailboxDatabase -server:<server name> |

set-mailboxdatabase

-IssueWarningQuota:419840KB

-ProhibitSendReceiveQuota:512000KB

-ProhibitSendQuota:460800KB

-ItemRetention:14.00:00:00

-MailboxRetention:30.00:00:00

9 Request test accounts to be created.

10 Configure backups.

11 Configure Microsoft Operations Manager.


IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper Installation and ConfigurationThis worksheet provides an overview of deployment steps for installing and configuring an

Exchange 2007 UM server for use in the Microsoft IT environment.

Table 12. UM Server Worksheet

Check

Initial


1 Verify that the server you will be installing to resides in the appropriate Active Directory site.

2 Verify that the installation prerequisites in the pre-installation checklist have been completed.


1 Connect to the subject computer via Terminal Server.

2 Open a Command Prompt window.

3 Run the following command to start the setup program:

\\msgweb\e12\rtm\<df folder>\<build number>\

build\setup.com /mode:install

/roles:um /targetdir:d:\exchsrvr

Replace the values for <df folder> and <build number> based on the current build.

4 From another computer with a current UM server installation, obtain copies of the file speechgrammarfilterlist.xml from d:\exchsrvr\bin and the file gal.cfg from d:\exchsrvr\unifiedmessaging\grammars\en.

5 Place the copies of these files in the corresponding directories of the computer on which you are installing the new UM server.

6 From the folder d:\exchsrvr\bin, run the following command:

galgrammargenerator.exe -g -x


Then run galgrammargenerator.exe for each dial plan to which this server belongs:





And so on.


Check

Initial

7a Install the language packs by creating a batch file with the following commands:

exsetup /addumlanguagepack:de-DE /s:\\

<path>\umlangpacks\de\retail\amd64

exsetup /addumlanguagepack:en-AU /s:\\

<path>\umlangpacks\en-au\retail\amd64

exsetup /addumlanguagepack:en-GB /s:\\

<path>\umlangpacks\en-gb\retail\amd64

exsetup /addumlanguagepack:es-ES /s:\\

<path>\umlangpacks\es\retail\amd64

exsetup /addumlanguagepack:es-MX /s:\\

<path>\umlangpacks\es-mx\retail\amd64

exsetup /addumlanguagepack:fr-CA /s:\\

<path>\umlangpacks\fr-ca\retail\amd64

exsetup /addumlanguagepack:fr-FR /s:\\

<path>\umlangpacks\fr\retail\amd64

exsetup /addumlanguagepack:it-IT /s:\\

<path>\umlangpacks\it\retail\amd64

exsetup /addumlanguagepack:ja-JP /s:\\

<path>\umlangpacks\ja\retail\amd64

7b Continue adding language packs.

exsetup /addumlanguagepack:ko-KR /s:\\

<path>\umlangpacks\ko\retail\amd64

exsetup /addumlanguagepack:nl-NL /s:\\

<path>\umlangpacks\nl\retail\amd64

exsetup /addumlanguagepack:pt-BR /s:\\

<path>\umlangpacks\pt\retail\amd64

exsetup /addumlanguagepack:sv-SE /s:\\

<path>\umlangpacks\sv\retail\amd64

exsetup /addumlanguagepack:zh-CN /s:\\

<path>\umlangpacks\zh-chs\retail\amd64

exsetup /addumlanguagepack:zh-TW /s:\\

<path>\umlangpacks\zh-cht\retail\amd64

Replace <path> with the installation path for the current build.

8 Upon completion, restart the MSExchangeUM service in the Exchange Management Console.
