2007

Publishing Exchange 2007

With ISA 2006 Nguyen Quoc Huy

Nguyen Van Du

Email: nguyen.quoc.huy@hotmail.com

dunv@fpt.com.vn

Contents

I. Topology and Description ................................................................................................................... 1

II. Installing and Configuring Exchange Server 2007 ............................................................................ 2

1. Hardware requirement................................................................................................................. 2

2. Software requirement .................................................................................................................. 2

3. Add Components to install Microsoft Exchange Server ............................................................. 3

4. Install prerequisite packets .......................................................................................................... 5

5. Install Microsoft Exchange Server 2007 ................................................................................... 12

6. Configure Exchange 2007 ......................................................................................................... 21

7. Insert Offline Address Book in Mail Database ......................................................................... 28

III. Installing ISA 2006 ......................................................................................................................... 30

IV. Publishing an Exchange Web Access (OWA) ................................................................................ 35

1. Install Certificate Service on domain controller VNFSDC001 ................................................. 35

2. Create certificate for Exchange web ......................................................................................... 37

a. Delete default existing certificate ......................................................................................... 37

b. Create certificate for default website .................................................................................... 41

c. Export certificate of OWA virtual directory ......................................................................... 45

3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001) .................................... 52

4. Import certificate to ISA VNFSIS001 ...................................................................................... 56

5. Create Web Listening object on ISA ........................................................................................ 65

6. Create web publishing OWA rule ............................................................................................. 73

V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP) ......................................... 78

1. Install network service RPC Over HTTP (on vnfsdc001) ........................................................ 78

2. Enable Outlook Anywhere of Exchange 2007 .......................................................................... 81

3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001 .............................................. 83

VI. Publishing an Exchange Server for SMTP, POP3 .......................................................................... 90

1. Install SMTP service on ISA relay connect to SMTP exchange 2007...................................... 90

2. Configuration SMTP relay on ISA server ................................................................................. 94

3. Create SMTP Server to SMTP Server Rule .............................................................................. 99

4. Create publishing SMTP and POP3 rule on ISA server ......................................................... 103

VII. Client test ..................................................................................................................................... 107

1. Login with web access OWA .................................................................................................. 107

2. Register Outlook Anywhere.................................................................................................... 108

3. Register POP3 & SMTP ......................................................................................................... 121

1

I. Topology and Description

This lab is to setup & configure Microsoft Exchange 2007 Enterprise X64. After that, the services

OWA, SMTP, POP3, MAPI are published to internet using Microsoft ISA 2006 Standard

The following is the configuration information of each device:

Computer Number 1 2 3

Computer Name VNFSDC001 VNFSIS001 CLIENT01

IP Address Information IP address:

192.168.1.2

DG:

192.168.1.1

DNS:

192.168.1.2

Internal:

IP address:

192.168.1.1

DNS:

192.168.1.2

External:

IP address:

172.16.1.2

DG:

172.16.1.1

IP address:

192.168.1.11

DG:

192.168.1.1

DNS:

192.168.1.2

OS Windows Server 2003

En R2 x64

Windows Server 2003

En R2 x86

Windows XP

Professional

Installed Services DHCP

DNS

WINS

Certificate Services

Exchange 2007 En

(All updates from

ISA 2006 Standard

Edition

(All updates from

Microsoft Update

installed)

None

(All updates from

Microsoft Update

installed)

2

Microsoft Update

installed)

Addition

Configurations

SP2 SP2, ISA Publishing

Pack Update

SP3

Domain Name glfs.myvnc.com

(domain functional

level windows 2003,

forest functional level

windows 2003)

glfs.myvnc.com glfs.myvnc.com

Domain Member Yes Yes Yes

Exchange Server Role Mailbox server

Hub Transport

Client Access Server

N/A N/A

Admin Account Administrator Administrator Administrator

Password 123qwe!@# 123qwe!@# 123qwe!@#

II. Installing and Configuring Exchange Server 2007

This section will show you how to install exchange 2007 server step by step. This process must be

done in sequence:

a. Hardware requirement

b. Software requirement

c. Add the necessary component

d. Install the perquisite packages

e. Install Exchange 2007 Enterprise

f. Configure Exchange 2007 Enterprise

1. Hardware requirement

The first step is to determine whether a computer is capable of running Exchange Server

2007. The following list details the hardware requirements of the computer that will host

Exchange Server 2007:

x64 architecture-base processor that supports the Intel EM64T or AMD64 instruction

set

2 GB of RAM plus 5 MB of RAM per mailbox

1.2 GB of disk space on the volume on which Exchange is installed plus 500 MB per

unified messaging language pack that is to be installed

200 MB of free disk space on the system volume

2. Software requirement

Prior to the installation of Exchange, the software environment should meet the following

requirements:

64-bit edition of Windows Server 2003 or Windows Server 2003 R2. If you plan to

use single-copy cluster or cluster continuous replication, the enterprise editions of

Windows Server 2003 and Windows Server 2003 R2 are required

The following volumes must be formatted with the NTFS file system:

3

o System volume

o Volumes that store Exchange program files, storage group files, transaction

log files, database files, and all other Exchange files

Microsoft .Net Framework 2.0 SP1

Microsoft Windows PowerShell. This can be downloaded from Microsoft’s Web site

MMC 3.0. This version of the MMC is included with Windows Server 2003 R2 but

not with Windows Server 2003. This MMC is installed when you apply SP2 to

Windows Server 2003 R2

Update for Windows Server 2003 x64 edition KB904639

Update for Windows Server 2003 x64 edition KB918980

The Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol

(NNTP) service must not be installed.

3. Add Components to install Microsoft Exchange Server

The service IIS with ASP.Net needs to install prior Exchange 2007 setup

Click Start, point to Control Panel.

Click Add or Remove Programs

4

Click Add/Remove Windows

Components.

In Windows Component Wizard, on the

Windows Components page, highlight

Application Server, and then click

Details.

In Application Server, select the

ASP.NET check box.

5

Click Next, and when the Windows

Components Wizard completes, click

Finish.

4. Install prerequisite packets

The following package will be installed as prerequisite packets:

a. ADAM

b. .Net Framework 2.0 SP1

c. Windows Power Shell

ADAM package

Open windows explorer and double click

on the package ADAM

6

Click Next on the Software Update

Installation Wizard dialog

Check Agree and click Next

Wait for the installation

7

The package is installed successfully

Click Finish

.Net Framwork 2.0

Open windows explorer and double click

on the package .Netx64

Click Next on the Microsoft .Net

Framework 2.0 (x64) Setup dialog

8

Check I accept the terms of the License

Agreement then click Next

Wait for the installation

9

Click Finish for successful installation

Go on installing the update of .Net

Framework.

Double click the update package

Click Ok to update the Microsoft .NET

Framework 2.0

10

Click on I accept button

Waiting for the installation

Click OK

Click Reboot Now and your computer is

going to restart

11

Windows PowerShell

Double click on the package Windows

PowerShell

Click Next on the Software Update

Installation Wizard

Check I Agree then click Next

Waiting for the Installation

12

Click OK to finish the installation of

Windows PowerShell

5. Install Microsoft Exchange Server 2007

The domain server will be also Exchange mail server. Its exchange roles are Client Access, Hub

Transport, Mailbox server.

Insert Exchange 2007 DVD into DVD

Rom

The Exchange 2007 Setup dialog shows

Click Next

13

Check I accept the items in the license

agreement

Click Next

Select Yes (Recommended) to enable Error

Reporting for improving the quality,

reliability, and performance of Microsoft

software

Click Next

Choose option Typical Exchange Server

Installation.

This option will install the mail server roles

: Hub Transport, Client Access, Mailbox

and Exchange Management Tools

You need to choose the location for

exchange files

Click Browse

14

Create the folders in which Exchange 2007

files store

Click OK

Continue setting up. Click Next

15

Enter the Exchange organization

Click Next

Note: the example organization is GLFS

If the clients in your company use Outlook

2003, choose Yes so that outlook 2003 is

compatible with exchange 2007

Click Next

Waiting for the Readiness Checks

16

All prerequisites are ok. You can go on

installing exchange 2007

Click Install

Waiting for the installation process

17

The installation is successful.

Check the Finalize installation using the

Exchange Management Console

Click Finish

Exchange Management Console shows up.

It instructs the finalize deployment

First, you need to supply the License Key

of product.

On the left pane, expand Microsoft

Exchange -> Server Configuration -> Hub

Transport

On the Action pane, select Enter Product

Key

18

Enter key on product key text box

Click Enter button

Congratulation, the wizard of Product key

finish properly

Click Finish

Turn back the first dialog of Exchange

19

Second, the exchange 2007 needs to be

updated

On the left pane, select Toolbox

On the right pane, select Best Practices

Analyzer

The Microsoft Exchange Best Practices

Analyzer appears

Check on Check for updates on startup

(recommended) and Join the Microsoft

Customer Experience Improvement

Program

Select Check for updates now

The update is on progress for checking

20

Select Download the lasted updates

Updated packages are downloaded and

installed

Finish updating product

21

6. Configure Exchange 2007

After setting up exchange, the basic configuration had better be configured for normal working.

On Exchange Management Consoles,

Go to Server Configuration -> Hub

transport.

On the left pane, right click on Client

VNFSDC001, select Properties

Enter mail.glfs.myvnc.com on the Specify

the FQDN

22

Select tab Authentication, uncheck Offer

Basic authentication only after starting

TLS

Select Permission Groups

Select tab Permission Groups, check

Anonymous Users, Exchange Users

Click Ok

Right click on Default VNFSDC001, select

Properties

23

Enter mail.glfs.myvnc.com

On Authentication tab, uncheck Offer

Basic authentication only after starting

TLS

Select Permission Groups

24

Check Anonymous users, Exchange Users,

Exchange Servers & legacy Exchange

Servers

Click Ok

Go to Server Configuration - > Client

Access

On the right pane, right click on owa and

select Properties

Input the external URL:

https://mail.glfs.myvnc.com/owa

Choose Authentication tab

25

Check Basic authentication (password is

sent in clear text)

Click ok to finish changing

Go to Organization Configuration -> Hub

Transport

Select tab Send Connectors on the right

pane

Right click on this and select New send

connector

26

Enter the name of Send Connector:

Outbound to Internet

Select the intended use “internet” for the

send connector

On the New Send Connector dialog, Click

Add and enter * on the Domain textbox

Click Ok

Click Next

27

Click Next

Select Source Server and click Next

Click new to create send connector

28

Click Finish

7. Insert Offline Address Book in Mail Database

The following steps help remove the error of the object missing in exchange cached mode.

Open Exchange Mangement Console

Go to Microsoft Exchange -> Server

Configures -> Mailbox

On the right pane, Right click on First

Storage Group – Mailbox Database

Select Properties

29

On Mailbox Database Properties, Go to tab

Client Settings

Click Browse

Select Default Offline Address Book

Click OK

30

Click OK

Close the console

III. Installing ISA 2006 On the server VNFSIS001, you set IP address for internal & external interface properly. ISA

2006 Standard plays roles as gateway for internal, gateway for VPN at external and publishing owa,

outlook anywhere, pop3, smtp.

31

Put the CD the the cdrom drive, the

welcome of ISA appears

Click on Install ISA Server 2006

Waiting for the preparation

Click Next the the welcome page

32

Select I accept the terms..

Click Next

Enter the name and Organization

Click Next

Choose Typical

Click Next

33

Choose the range of Internal Network

Click Next

Click Next

Click Next

34

Click Install to start setting up

Waiting for the installation

Waiting…

35

Select Invoke ISA Server Management

Click Finish

The interface of ISA 2006 turns out

IV. Publishing an Exchange Web Access (OWA)

This section shows you how to publish OWA. Certificate of default web access need creating &

exporting to ISA server. ISA server uses this certificate to create web listener & OWA publishing rule.

1. Install Certificate Service on domain controller VNFSDC001

On add or remove programs

36

Select certificate sevices

Select enterprise root CA

Enter mail on common name for this CA

37

Click Next

Waiting for installation

Click Finish

2. Create certificate for Exchange web

a. Delete default existing certificate

38

Open Internet information service

Right click Default web site and select

Properties

Select tab Directory Security, click

Server Certificate

39

Click Next

Select Remove the current certificate and

click Next

Click Next

40

Click Finish

On the Default Web Site, click Edit

Check Require secure channel (SSL)

Click Ok

41

Click OK

b. Create certificate for default website

On the Internet Information Services

Manager, right click on Default Web Site

Select Properties

On tab Directory Security, click Server

Certificate

42

Click Next

Choose Create a new certificate

Click Next

Choose Send the request …

Click Next

43

On the textbox name, enter

mail.glfs.myvnc.com

Click Next

Enter Organization, click Next

Input Country, State, city

Click Next

44

Click Next

Click Next

Click Next for accepting confirmation

45

Click Finish

Click Ok

c. Export certificate of OWA virtual directory

This section will export the certificate for OWA. As to implementation, Virtual directory

RPC needs exporting for OWA & RPC over HTTP

46

Right click RPC and click properties

Select Directory Security tab, Click Edit

in Authentication and access control

47

Check Integrated windows

authentication and Basic authentication

(password is send in clear text)

Click Edit on Secure communications

48

Check Require secure channel (ssl) and

Require 128-bit encryption

Click View Certificate

49

Select Details tab and click Copy to file

Click Next

50

Select yes, export the private key and

click Next

Select include all certificate in the ….

Click Next

Enter password for file certificate.

Note: keep it, when import on ISA we

must enter this password

51

Browse to save file

Click Next

Click Finish

Click OK for finishing exporting certificate

52

Click OK

Click OK

3. Create DNS CName mapping to ISA VNFSIS001 (on VNFSDC001)

Three CName (mail, pop, smtp) mapping to VNFSIS001.glfs.myvnc.com (192.168.1.1) are

created on DNS of VNFSDC001. They are used for OWA, RPC publishing, pop3 and smtp.

53

Open DNS

On DNS console, right click on

glfs.myvnc.com

Select New Alias (CNAME)…

Enter mail on Alias name

Select vnfsis001.glfs.myvnc.com for

FQDN

Click OK

54

The DNS console appears like this

On DNS console, right click on

glfs.myvnc.com

Select New Alias (CNAME)…

Enter mail on Alias name

Select vnfsdc001.glfs.myvnc.com for

FQDN

Click OK

55

On DNS console, right click on

glfs.myvnc.com

Select New Alias (CNAME)…

Enter mail on Alias name

Select vnfsdc001.glfs.myvnc.com for

FQDN

Click OK

The DNS windows after create CName

56

4. Import certificate to ISA VNFSIS001

The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on

Personal & Trusted Root Certificate store.

Copy file mycert.pxf from VNFSDC001

(this file exported in OWA of IIS)

Click Start, select Run….

Enter MMC and click OK

57

Click menu File, Add/ Remove ….

Click Add

58

Select Certificates and click Add

Select Computer account and click Next

Click Finish

59

Click Close

Click OK

60

Right click on Personal, select All Tasks

Import

Click Next

Browse for the certificate file

61

Enter password of the certificate file you

have set

Click Next

Click Next

Click Finish

62

Click OK

The certificate has been imported

Go to Trusted Root Certificate, right click

on Certificates, select All tasks -> Import

63

Click Next

Click Browse for the certificate file

Enter password of file

Click Next

64

Click Next

Click Finish

Click OK

65

The certificate has been imported

5. Create Web Listening object on ISA

Open ISA

Move to firewall rule, on the right pane

right click on Web Listener

Select New Web Listener

66

Enter name for the web listener

Select Require SSL secure connections

with clients

Click Next

67

Select Internal, External

Click on Select IP Addresses

Add IP address of external

Click OK

Select internal, click Select IP Addresses

68

Add ip address of internal

Click OK

Select IP address of external and click

Select Certificate

Select certificate mail.glfs.myvnc.com

Click Select

69

Select IP address of internal and lick select

certificate

Select certificate mail.glfs.myvnc.com

70

Click Next

Select HTML From Authentication and

LDAP (active directory)

71

On the textbox SSO, enter

.glfs.myvnc.com

Select the LDAP Servers

Click Add

72

Enter FQDN name of VNFSDC001

(domain controller) on Server name

Click OK

Enter glfs.myvnc.com for type the Active

Directory domain name

Click Next

73

Click Finish

6. Create web publishing OWA rule

Right click Firewall Rule New

Exchange Web Client Access Publish rule

74

Enter name for publishing rule.

Please input Publishing OWA

Select exchange server 2007 and check

Outlook Web Access

Click Next

75

Select Use SSL to connect to the published

web server or server farm

Click Next

Enter mail.glfs.myvnc.com for internal

site name

Enter vnfsdc001.glfs.myvnc.com for

Computer name or IP address

76

Enter mail.glfs.myvnc.com for Public

name

Click Next

Select Web listener which was created

Click Next

77

Select Basic authentication

Click Next

Click Next

78

Click Finish

Click Apply

V. Publishing an Exchange Server Outlook Anywhere (RPC Over HTTP)

The RPC publishing rule is the same as OWA publishing rule. The web listener object is also used

to make rule.

1. Install network service RPC Over HTTP (on vnfsdc001)

79

Open control panel and click Add or

remove Programs

On left panel click Add/removes windows

Select role and move down

80

Select Network services and click Detail

Select RPC Over HTTP proxy and click

OK

Click Next

81

Wait for installation

Click Finish

2. Enable Outlook Anywhere of Exchange 2007

Open Ms exchange 2007 console

82

Click Server configuration client

access

On right panel click Enable outlook any

where

Enter mail.glfs.myvnc.com for external

host name

Select basic authentication and click

enable

83

Click Finish

The window after enabling Outlook

Anywhere are shown

3. Create Outlook Anywhere Publishing rule on ISA VNFSIS001

Open ISA windows, Right click Firewall

rule, select new and exchange web client

access publishing rule

84

Enter name for rule and click next

Select Exchange server 2007 and check

Outlook anywhere

85

Select Publish a single web site or load

balancer

Select Use ssl connect to the published

web server or server fam

86

Enter mail.glfs.myvnc.com in internal site

name and vnfsdc001.glfs.myvnc.com in

computer name or IP address

Select this domain name and enter

mail.glfs.myvnc.com

87

Select web listener is My listener

Select Basic authentication

88

Click Next

Click Finish

Select Publishing Outlook Anywhere rule

89

Right click and select Properties

Select To tab and select requests appear to

come from the original client

90

Select Traffic tab and check Require 128-

bit encryption for HTTPs traffic

Click Apply

VI. Publishing an Exchange Server for SMTP, POP3

Two publishing rule need creating in order for the other mail server & client to communicate.

First, the smtp service (in IIS) is installed on ISA Server. Second, making 2 smtp & pop3 rules.

1. Install SMTP service on ISA relay connect to SMTP exchange 2007

91

Go to Control panel, double click on Add

or Remove Programs

On the left pane, click on Add/Remove

Windows Components

Click on Accessories and Utilities and click

the button Detail

92

Select Internet Information Services (IIS)

Click Detail

Check SMTP Service

Click OK

Click OK

93

Click Next to install SMTP services

Wait for installation

Click Finish

94

2. Configuration SMTP relay on ISA server

Click Start on the below left corner

Click on Programs -> Administrators Tools

-> Internet Information Services (IIS)

Manager

On the Internet Information Services

Manager dialog, Right click Default SMTP

Virtual Server

Select Properties

95

On the tab General, select IP address

192.168.1.1

Go to Access tab

Click Authentication

96

Check Basic authentication and Integrated

Windows Authentication

Enter glfs.myvnc.com on Default domain

textbox

Click OK

Click OK

97

Go to Default SMTP Virtual Server ->

Domains

On the right pane, Right click and select

New -> Domain…

Select Remote

Click Next

Enter glfs.myvnc.com on Name textbox

Click Finish

98

Right click glfs.myvnc.com

Select Properties

Check Allow incoming mail to this domain

On the Forward all mail to smart host,

enter vnfsdc001.glfs.myvnc.com

Click Apply

Close the IIS dialog

99

3. Create SMTP Server to SMTP Server Rule

Open ISA Console, Right click Firewall

Rules

Select New -> Mail server Publishing

Rule…

On the Welcome dialog, Enter SMTP

Server to on Rule name

Select Server-to-server communication

:SMTP, NNTP

Click Next

100

Check SMTP

Click Next

Enter server IP address 192.168.1.2

Click Next

Select Internal, Click Address…

101

Specify IP address 172.16.1.2 click ADD

Click OK

Check Internal

Click Address…

Specify IP 192.168.1.1, click Add

Click OK

102

Click Next

Click Finish

The rules show on ISA console

103

4. Create publishing SMTP and POP3 rule on ISA server

Open ISA Console, Right click Firewall

Rules

Select New -> Mail server Publishing

Rule…

Enter Publishing on rule name textbox

Select Client access: RPC, IMAP, POP3,

SMTP

Click Next

104

Check POP3, SMTP

Click Next

Enter Server IP address 192.168.1.2

Click Next

Check External

Click Address…

105

Specify IP 172.16.1.2, click Add

Click OK

Check Internal

Click Address…

Select IP 192.168.1.1, click Add

Click OK

106

Click Next

Click Finish

The rules show on ISA console

107

VII. Client test The final section is to test the work of above configurations.

1. Login with web access OWA

Open Internet browse

Enter https://mail.glfs.myvnc.com/owa in

address and enter

Enter username and password and click log

on

Log on ok

108

2. Register Outlook Anywhere

a. Import certificate

The certificate of OWA or RPC exported above need importing to ISA VNFSIS001 on

Personal & Trusted Root Certificate store.

Click start run

Enter MMC and click OK

Click menu File, Add/ Remove ….

109

Click Add

Select Certificates and click Add

110

Select Computer account and click Next

Click Finish

Click Close

111

Click OK

Right click on Personal, select All Tasks

Import

Click Next

112

Browse for the certificate file

Enter password of the certificate file you

have set

Click Next

Click Next

113

Click Finish

Click OK

The certificate has been imported

114

Go to Trusted Root Certificate, right click

on Certificates, select All tasks -> Import

Click Next

Click Browse for the certificate file

115

Enter password of file

Click Next

Click Finish

116

Click OK

The certificate has been imported

b. Register outlook any where

Open Control Panel and click Mail

117

Click E-mail Accounts

Click Next

Select Microsoft Exchange Server and

click Next

118

Enter vnfsdc001.glfs.myvnc.com for

Microsoft Exchange Server

Enter username

Click More settings

Select Connection tab

119

Check Connect ton my Exchange

mailbox using HTTP and click Exchange

Proxy Settings

Enter mail.glfs.myvnc.com for HTTPS://

Uncheck Manually authentication the

session when connecting with SSL

Check On fast network, connect using

HTTP first, then connection using

TCP/IP

Select Basic Authentication for Proxy

authentication settings

Click OK

Click Check Name

120

Click Next

Click Finish

Click Close

121

Open MS Outlook and enter password for

accounts

Ex: username: glfs\huynq

Password: 123qwe!@#

The outlook works with RPC ok

3. Register POP3 & SMTP

Open MS Outlook

122

Click Tool, Email-Accounts

Click Next

Select POP3 and click Next

123

Enter your name, email address.

Enter pop.glfs.myvnc.com for Incoming

mail server (POP3)

Enter smtp.glfs.myvnc.com for Outgoing

mail server (SMTP)

Enter username and password

Click more settings

Go to Outgoing Server tab

124

Check My outgoing server (SMTP)

requires authentication

Click OK

Click Test Accounts Settings…

125

Test ok and click Close

Click Next

Click Finish

126

The MS Outlook work ok with POP3 and

SMTP