ExDeploy2003_03

Contents

Navigate your checklist .................................................................................................................... 3

Confirm prerequisite steps are done ............................................................................................... 4

Configure disjoint namespace ......................................................................................................... 5

Install the Client Access server role ................................................................................................ 7

Add digital certificates on the Client Access server ....................................................................... 11

Enable Exchange 2010 Outlook Anywhere ................................................................................... 15

Configure OAB and Web Services virtual directories .................................................................... 17

Configure settings on virtual directories ........................................................................................ 18

Install the Hub Transport server role ............................................................................................. 19

Configure Exchange ActiveSync authentication ............................................................................ 23

Install the Unified Messaging server role ...................................................................................... 24

Configure and enable Unified Messaging ..................................................................................... 27

Install the Mailbox server role ........................................................................................................ 36

Change the OAB generation server .............................................................................................. 40

Install the Edge Transport server role ........................................................................................... 41

Subscribe the Edge Transport server ............................................................................................ 43

Move mailboxes to Exchange 2010............................................................................................... 45

Move public folder data to Exchange 2010 ................................................................................... 46

Create Send connectors ................................................................................................................ 47

Post-installation tasks .................................................................................................................... 49

Checklist complete......................................................................................................................... 51

3

Navigate your checklist

Now that we’ve asked you a few questions about your environment, it’s time to review how to use

your Exchange 2010 Deployment Checklist.

How can I see my answers to the environment questions? That's easy. There are two ways: Click the left arrow at the bottom of this page or, click Review

your answers at the top of the left pane. Then you can see a summary of how you answered the

questions.

How can I change my answers? Go to the Review your answers page. Right after the summary of your responses, you'll see

where you can click to make changes. You can also click Start Over at the top of any page.

When you change your answers, you'll get a whole new checklist that's tailored to those answers.

How can I move through the checklist? You can browse the checklist by clicking a step in the left pane or by using the right and left arrow

buttons. While you can browse in any order you want, you do need to complete the steps in the

order shown. If you try to jump ahead and complete a step, you'll find that you won't be able to

mark the step as complete. That's because the previous steps were skipped.

What do I do when I finish a step? Pat yourself on the back! Then, you can either click the check box to the left of the step or the

check box icon at the bottom of the screen. Then, you can move on to the next step. The

progress bar will change as you mark steps complete so you can easily track your progress.

What if I get interrupted? You can exit the Exchange Deployment Assistant at any time and return to the same computer

later to continue. Please be aware that if you access the Deployment Assistant from a different

computer, progress from your session on the original computer is not available.

Can I print this stuff? Yes! See the Print | Send | Download Checklist icons at the top of this page? They're on every

page of the checklist. You can print the step you're working on, and you can even download the

4

entire checklist. Also, if you'd like to send mail to someone about a step, click Send. A link to the

step is automatically included in the mail.

Confirm prerequisite steps are done

Before you go any further with the Exchange Deployment Assistant, make sure that your

organization's operating system, hardware, software, clients, and other elements meet the

requirements for Exchange 2010. If they don't, you won't be able to complete the steps in the

Deployment Assistant and you won't be able to deploy Exchange 2010.

We recommend that you run the Exchange Pre-Deployment Analyzer (ExPDA) to perform an

overall topology readiness scan of your environment. ExPDA provides a detailed report that will

alert you if there are any issues within your organization before you install Exchange 2010. If

ExPDA reports any warnings or errors, take care of those issues before you proceed any further.

To get ExPDA from the Microsoft Download Center, see: Exchange Pre-Deployment Analyzer

Learn more at: Understanding Exchange 2003 Upgrade Prerequisites

To successfully install Exchange 2010, the following components are required. If you run ExPDA,

it will check to make sure your environment has these components.

Directory Servers Schema master The latest 32-bit or 64-bit edition of the Windows Server 2003 SP1

Standard or Enterprise operating system or later or the latest 32-bit or 64-bit edition of the

Windows Server 2008 Standard or Enterprise operating system or later.

Global catalog server In every Active Directory site where you plan to install

Exchange 2010, you must have at least one global catalog server that is either the latest 32-

bit or 64-bit edition of Windows Server 2003 SP2 Standard or Enterprise, the latest 32-bit or

64-bit edition of Windows Server 2008 Standard or Enterprise, or the latest 32-bit or 64-bit

edition of Windows Server 2008 R2 Standard or Enterprise.

Active Directory Forest The Active Directory forest must be Windows Server 2003 forest

functional mode.

Domain Controller You must have the latest 32-bit or 64-bit

Windows Server 2003 Standard Edition or Enterprise Edition with Service Pack 1 (SP1)

operating system or the latest 32-bit or 64-bit edition of the Windows Server 2008 Standard

or Enterprise operating system or the Windows Server 2008 R2 Standard or Enterprise

operating system or the Windows Server 2008 Datacenter or Windows Server 2008 R2

Datacenter.

Operating Systems 64-bit edition of Windows Server 2008 Standard Service Pack 2

64-bit edition of Windows Server 2008 Enterprise Service Pack 2

http://go.microsoft.com/fwlink/?LinkId=184599

5

64-bit edition of Windows Server 2008 Standard R2

64-bit edition of Windows Server 2008 Enterprise R2

Operating System Components .NET Framework 3.5 SP1

Internet Information Services (IIS)

Windows Management Framework Windows PowerShell V2.0

Windows Remote Management V2.0

Configure disjoint namespace

By default, the primary Domain Name System (DNS) suffix portion of a computer's fully qualified

domain name (FQDN) is the same as the name of the Active Directory domain where the

computer is located. When the primary DNS suffix portion of a computer's FQDN is different from

the Active Directory domain where the computer is located, this is known as a disjoint

namespace.

To run Exchange 2010 in a disjoint namespace, there are two tasks you must perform:

Configure the DNS suffix search list.

Create a list of allowed suffixes by modifying the value for the msDS-AllowedDNSSuffixes

attribute of the domain object container. For more information about the msDS-

AllowedDNSSuffixes attribute, download this topic from the Windows Server Help and

Support Center: Domain Rename Procedure

How do I configure the DNS suffix search list? You'll use the Group Policy Management Console (GPMC) to get this task done. If you're running

Windows Server 2008, GPMC is installed by default. If you're running Windows Server 2003, you

can download GPMC from: Group Policy Management Console with Service Pack 1

1. Open the GPMC on a Windows directory server in your domain by clicking Start > Programs

> Administrative Tools > Group Policy Management.

2. In Group Policy Management, expand the forest and the domain in which you will apply

Group Policy. Right-click Group Policy Objects, and then click New.

3. In New GPO, type a name for the policy, and then click OK.

4. Right-click the new policy that you created in Step 3, and then click Edit.

5. In Group Policy Object Editor (Group Policy Management Editor in

Windows Server 2008) expand Computer Configuration, (expand Policies in


http://go.microsoft.com/fwlink/?linkid=100126

6

Windows Server 2008), expand Administrative Templates, expand Network, and then click

DNS Client.

6. Right-click DNS Suffix Search List, and then click Properties.

7. On the DNS Suffix Search List Properties page, select Enabled. In the DNS Suffixes box,

type the primary DNS suffix of the disjoint computer, the DNS domain name, and any

additional namespaces for other servers with which Exchange may interoperate, such as

monitoring servers or servers for third-party applications. Click OK.

8. In Group Policy Management, expand Group Policy Objects, and then select the policy

that you created in Step 3. On the Scope tab, in the Security Filtering area, click Add to

scope the policy so that it applies to only the computers that are disjoint.

Learn more about Group Policy at: Windows Server Group Policy

How do I modify the msDS-AllowedDNSSuffixes attribute? To do this procedure, you'll need to use an Active Directory editor such as Active Directory

Service Interfaces (ADSI) Edit or the LDP (Ldp.exe) tool.

Learn more at: XADM: Using the LDP Utility to Modify Active Directory Object Attributes

Caution:

Be careful! If you incorrectly modify the attributes of Active Directory objects, you may

cause serious problems that may require that you reinstall Windows Server.

1. Use the procedure above to ensure that the Change primary DNS suffix when domain

membership changes check box is clear.

2. Modify the msDS-AllowedDNSSuffixes Active Directory attribute on the domain object

container. You can do this with ADSI Edit:

a. Double-click the domain directory partition for the domain you want to modify.

b. Right-click the domain container object, and then click Properties.

c. On the Attribute Editor tab, in the Attributes box, double-click msDS-

AllowedDNSSuffixes.

d. In the Multi-valued String Editor dialog box, in the Value to add box, type a DNS suffix,

and then click Add.

e. When you have added all the DNS suffixes for the domain, click OK.

f. Click OK to close the Properties dialog box for that domain.

Repeat these steps if you have multiple domains you want to similarly configure.

How do I know this worked? To check that you have configured the DNS settings correctly, ping each server from each other

server using both server short names and server FQDNs. In addition, check the System event log


http://go.microsoft.com/fwlink/?linkid=3052&kbid=260745

7

on each server and verify there are no events that indicate problems related to name resolution,

directory lookups, or group policy.

Install the Client Access server role

The Client Access role is one of five server roles in Exchange 2010. It's also the first server role

that must be installed. The Client Access role enables access to mailbox data through a variety of

clients, such as Microsoft Office Outlook, Outlook Anywhere, Outlook Web App, POP3, and

IMAP4, and it also hosts Exchange Web services, such as the Autodiscover service and the

Availability service.

Learn more at: Understanding the Client Access Server Role

We recommend installing the latest update rollup for Exchange 2010 on all your servers.

Although you can install update rollups on a server after Exchange 2010 has been installed, it's

also possible and less time-consuming to incorporate the update rollup into the install server

installation process. To do this, copy the contents of the Exchange 2010 DVD to the file system,

and then copy or move the downloaded update rollup file to the Updates folder in the installation

tree. When you perform the procedure below, the update rollup will be installed as part of the

initial installation process.

To download the latest update rollup for Exchange 2010, visit: Microsoft Download Center

Important:

When you upgrade your organization to Exchange 2010, your clients

running Outlook 2003 don’t use RPC encryption, and RPC Client Access requires it by

default. You will either need to turn off the RPC encryption requirement or configure

Outlook 2003 to use RPC encryption. Outlook 2007 or later versions will automatically be

compatible with the change to RPC Client Access because they support RPC encryption

by default.

Learn more at: Understanding RPC Client Access

Note:

Exchange 2010 uses the Autodiscover service to aid in the configuration of client

connections. In particular, Microsoft Office Outlook and some mobile phones use the

Autodiscover service to allow users to configure a connection with only their e-mail

address and password.

Learn more at: Understanding the Autodiscover Service

How do I do this? You'll use the Exchange Server 2010 Setup wizard to install the Client Access role:

1. Insert the Exchange 2010 DVD into the DVD drive. When the AutoPlay dialog appears, click

Run Setup.exe under Install or run program. If the AutoPlay dialog doesn't appear,


8

navigate to the root of the DVD and double-click Setup.exe. Alternatively, browse to the

location of your Exchange 2010 installation files and double-click Setup.exe.

2. TheExchange Server 2010 Setup welcome screen appears. In the Install section, the

software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites.

However, if these prerequisites aren't already installed, click the appropriate step to install

them.

3. When Steps 1 and 2 are listed as Installed, click Step 3 to expand the Exchange language

options, and then choose the appropriate option:

a. Install all languages from the language bundle This option installs all the

Exchange 2010 languages from an Exchange 2010 language bundle. You can connect to

the Internet to download the latest applicable language bundle or to use a previously

downloaded language bundle on a local drive or network share. Internet connectivity is

required for Exchange Setup to download the language pack bundle.

b. Install only languages from the DVD This option installs only the languages included

with the Setup DVD. The installation of additional languages support requires installing

the languages from the language bundle.

4. After Step 3 is complete, click Step 4: Install Microsoft Exchange.

5. On the Introduction page, click Next.

6. On the License Agreement page, review the software license terms. If you agree to the

terms, select I accept the terms in the license agreement, and click Next.

7. On the Error Reporting page, select Yes or No to enable the Exchange Error Reporting

feature, and click Next.

8. On the Installation Type page, select Custom Exchange Server Installation. To optionally

change the installation path for Exchange 2010, click Browse, locate the appropriate folder in

the folder tree, and then click OK. Click Next.

9. On the Server Role Selection page, select the Client Access Role, and click Next. The

Management Tools option, which installs the Exchange Management Console and the

Exchange Management Shell, will also be selected and installed.

9

10. Use the Configure Client Access Serverexternal domain page to configure an external

fully-qualified domain name (FQDN). This is the FQDN that you give to Outlook Web App,

Outlook Anywhere, and Exchange ActiveSync users to connect to Exchange 2010. Select the

check box, enter your FQDN, and then click Next.

11. On the Customer Experience Improvement Program page, optionally join in the Exchange

Customer Experience Improvement Program (CEIP). The CEIP collects anonymous

information about how you use Exchange 2010 and any problems that you encounter. To join

the CEIP, select Join the Customer Experience Improvement Program, choose the

industry that best represents your organization, and then click Next.

12. On the Readiness Checks page, review the Summary to determine if the system and server

are ready for the Client Access role to be installed. If all prerequisite checks completed

successfully, click Install. If any of the prerequisite checks failed, you must resolve the

displayed error before you can proceed with installing the Client Access role. In many cases,

you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry

to run the prerequisite check again. Also, be sure to review any warnings that are reported.

10

13. The Progress page displays the progress and elapsed time for each phase of the

installation. As each phase ends, it's marked completed and the next phase proceeds. If any

errors are encountered, the phase will end as incomplete and unsuccessful. If that happens,

you must exit Setup, resolve any errors, and then restart Setup.

14. When all phases have finished, the Completion page displays. Review the results, and verify

that each phase completed successfully. Clear the check box for Finalize this installation

using the Exchange Management Console, and then click Finish to exit Setup.

15. When you're returned to the Setup welcome screen, click Close. On the Confirm Exit prompt,

click Yes.

16. Restart the computer to complete the installation of the Client Access role.

Create a Client Access Server Array

If you're installing multiple Client Access servers in one Active Directory site, you can create a

Client Access server array. This is a load-balanced group of Client Access server computers that

can be accessed through a single URL. Creating a Client Access array reduces the number of

fully qualified domain names (FQDN) you need to have on your certificate, and it allows all users

in one Active Directory site to access Exchange 2010 through a single URL.

After you've completed the installation of your first Client Access server computer, you can start

building your Client Access server array.

To create a new Client Access server array, run the following command using the Exchange

Management Shell.

New-ClientAccessArray -FQDN ClientArray.contoso.com -Site "YourSite" -

Name "clientarray.contoso.com"

There can only be one Client Access array per Active Directory site. After you've created the

array, you can manage which Client Access server computers are part of the array through your

load balancer configuration.

Learn more at: Understanding RPC Client Access

If you're unfamiliar with the Shell, learn more at: Overview of Exchange Management Shell

How do I know this worked? The successful completion of the Exchange Setup wizard will be your first indication that the

installation process worked as expected. To further verify that the Client Access server

role installed successfully, you can run Get-ExchangeServer <server name> | format-

list in the Exchange Management Shell, which can be launched from the

Exchange Server 2010 program group on the Windows Start Menu. This cmdlet outputs a list of

the Exchange 2010 server roles that are installed on the specified server.

You can also check the Exchange setup log (ExchangeSetup.log), located in

<system drive>\ExchangeSetupLogs to verify that the Client Access role was installed as

expected.

Learn more at: Verifying an Exchange 2010 Installation

11

Add digital certificates on the Client Access server

For secure external access to Exchange, you'll need a digital certificate. This certificate will

include an exportable private key in X.509 format (DER encoded binary or Base-64 encoded). We

recommend you procure, import, and enable a Subject Alternative Name (SAN) certificate that

contains the names for the current namespace, a legacy namespace, and the Autodiscover

namespace.

The names you need to include in your Exchange certificate are the fully qualified domain

names (FQDNs) used by client applications to connect to Exchange. For example, a company

named Contoso that uses contoso.com can use just three hostnames for all client connectivity

within an Active Directory site:

mail.contoso.com This name can cover nearly all client connections to Exchange,

including Microsoft Office Outlook, Outlook Anywhere, offline address book (OAB) downloads

(by Outlook), Exchange Web Services (for Outlook 2007 and later, and Entourage 2008),

POP3, IMAP4, SMTP (both client and other SMTP server connections), Outlook Web App,

the Exchange Control Panel, Exchange ActiveSync, and Unified Messaging.

autodiscover.contoso.com This name is used for Autodiscover, which is used by

Outlook 2007 and later, Outlook Anywhere, Exchange ActiveSync, Exchange Web Services

clients, and Windows Mobile 6.1 and later.

legacy.contoso.com This name is used to maintain Internet access to an older version of

Exchange while you transition to Exchange 2010. This is necessary during transition because

some Exchange services (for example, Outlook Web App, Exchange ActiveSync, and

services that send configuration information through Autodiscover) tell clients to connect

directly with the old Exchange servers if they see requests to access a mailbox on an older

version of Exchange.

In addition to these three names, your root domain (for example, contoso.com) will also be added

as a name.

There are three steps to adding certificates to your Client Access server(s):

1. If you don't already have a digital certificate, you can use the New Certificate Request Wizard

in Exchange 2010 to generate a certificate request file, which you can then submit to your

selected Certification Authority.

2. After you have the digital certificate from your Certification Authority, you then complete the

certificate request process by importing the certificate into your Client Access server.

3. After the certificate has been imported, you assign one or more client access services to it.

Before proceeding with these steps, we recommend that you review this topic: Understanding

Digital Certificates and SSL

In addition, the configuration settings used in the Exchange Deployment Assistant assume that

you are using split DNS for client access.

To learn more, see: Understanding DNS Requirements

12

How do I create a certificate request file for a new certificate? You can use the New Exchange Certificate wizard to create your certificate request.

1. In the Console tree, click Server Configuration.

2. From the Actions pane, click New Exchange Certificate to open the New Exchange

Certificate wizard.

3. On the Introduction page, enter a friendly name for the certificate (for example,

Contoso.com Exchange certificate) and then click Next.

4. On the Domain Scope page, if you plan on using a wildcard certificate, check the box for

Enable wildcard certificate, enter the root portion of your domain (for example contoso.com

or *.contoso.com), and then click Next. If you're not using a wildcard certificate, just click

Next.

Note:

It's a best practice to not use wildcard certificates because they represent a potential

security risk. Like a SAN certificate, a wildcard certificate (for example,

*.contoso.com) can support multiple names. There are security implications to

consider because the certificate can be used for any sub-domain, including those

outside the control of the actual domain owner. A more secure alternative is to list

each of the required domains as Subject Alternative Names in the certificate. By

default, this approach is used when certificate requests are generated by Exchange.

5. On the Exchange Configuration page, expand and configure each area as follows:

a. Federated Sharing Federated Sharing allows you to enable users to share information

with recipients in external federated organizations by creating organization relationships

between two Exchange 2010 organizations, or using a sharing policy to allow users to

create sharing relationships on an individual basis. If you plan on using this feature,

expand Federated Sharing and select the Public certificate check box.

b. Client Access server (Outlook Web App) Expand this option and select the check

box(es) that are appropriate for your Outlook Web App usage (Intranet and/or Internet). If

you're using Outlook Web App internally, then in the Domain name you use to access

Outlook Web App internally field, remove the existing server names and enter the

FQDN you configured for external access to the Client Access server during Setup of the

Client Access server (for example, mail.contoso.com). This is the same FQDN that is

listed in the domain name field for Outlook Web App on the Internet.

c. Client Access server (Exchange ActiveSync) Exchange ActiveSync should already

be selected and the domain name field should be configured with the same FQDN used

for Outlook Web App.

d. Client Access server (Web Services, Outlook Anywhere, and

Autodiscover) Exchange Web Services, Outlook Anywhere, and Autodiscover on the

Internet should already be selected. Outlook Anywhere should already be configured to

use two FQDNs: one that is the same FQDN used by Outlook Web App (for example,

13

mail.contoso.com) and one that is the root domain for that FQDN (for example,

contoso.com). Autodiscover should already be configured to use a long URL, which

should automatically be configured as autodiscover.rootdomain (for example,

autodiscover.contoso.com).

e. Client Access server (POP/IMAP) If you plan on using secure POP or secure IMAP

internally or over the Internet, expand this option and select the appropriate check box. In

the domain name field for each protocol, remove the individual server names and enter

the same FQDN you're using for Outlook Web App.

f. Unified Messaging server If you plan on using Unified Messaging (UM) features, you

can use a certificate that is self-signed by an Exchange 2010 UM server (which is the

default option). If you're integrating UM with Office Communications Server (OCS), you'll

need to use a public certificate. We recommend using a separate certificate for UM and

OCS integration.

g. Hub Transport server Hub Transport servers can use certificates to secure Internet

mail, as well as POP and IMAP client submission. If you plan on using mutual TLS or if

you're using POP or IMAP clients and want to secure their SMTP submissions, select the

appropriate check box and in the FQDN field, enter the same FQDN you're using for

Outlook Web App.

h. Legacy Exchange Server This option is used to add the legacy namespace to the

certificate, which will be used only during the period of coexistence between

Exchange 2010 and the legacy version(s). Expand this option, select the Use legacy

domains check box, and in the FQDN field, enter the FQDN you are using for your

legacy namespace.

6. On the Certificate Domains page, review the list of domains that will be added to the

certificate. If the names are correct, click Next. If any names are missing or incorrect, you can

click Add to add missing names, or select a name and click Edit to modify the name. Click

Next.

7. On the Organization and Location page, fill in the Organization, Organization unit,

Location, Country/region, City/locality, and State/province fields. Click Browse and

browse to the location where you want the certificate request file created. In the File name

field, enter a name for the request file (for example, Exchange Certificate Request.req) and

click Save. Click Next.

8. On the Certificate Configuration page, review the configuration summary. If any changes

need to be made, click Back, and make the necessary changes. If everything is correct, click

New to generate the certificate request file.

9. On the Completion page, review the output of the wizard. Click Finish to close the wizard.

10. Transmit the certificate request file to your selected Certification Authority, who will then

generate the certificate and transmit it to you. After you have the certificate file, you can use

the Complete Pending Request wizard to import the certificate file into Exchange 2010.


12. In the Work pane, right-click the certificate request you created and click Complete Pending

Request.

14

13. On the Introduction page, click Browse to select the certificate file provided to you by your

selected Certification Authority. Enter the private key password for the certificate, and then

click Complete.

14. On the Completion page, verify that the request completed successfully. Click Finish to

close the Complete Pending Request wizard.

How do I assign services to the certificate? You can use the Assign Services to Certificate wizard to assign the appropriate services to the

imported certificate.

1. After the certificate has been successfully imported, you can assign services to it. Select the

certificate in the Work pane, and then from the Actions pane, click Assign Services to

Certificate to open the Assign Services to Certificate wizard.

2. On the Select Servers page, the Exchange server into which you imported the certificate

is shown. Click Next.

3. On the Select Services page, select the check box for each service you want assigned to

the selected certificate and then click Next. For example, select the check box for Internet

Information Services (IIS) to assign services for Outlook Web App, Exchange ActiveSync,

and other Exchange services that are integrated with IIS.

4. On the Assign Services page, review the configuration summary. If any changes need to be

made, click Back. If the configuration summary is correct, click Assign to assign the

specified services to the selected certificate.

5. On the Completion page, verify that each step completed successfully. Click Finish to close

the wizard.

How do I install the certificate on the legacy Exchange Server? In addition to installing the SSL certificate on the Exchange 2010 Client Access server, you'll also

need to install the certificate on the Exchange 2007 Client Access server or the Exchange 2003

server so that users with mailboxes on Exchange 2007 or Exchange 2003 can use SSL to

connect to their mailboxes.

Note:

If you'll be moving all mailboxes from Exchange 2003 or Exchange 2007 to

Exchange 2010 over a short period of downtime, such as a weekend, you can skip these

steps.

Before you install the digital certificate on the legacy Exchange server you must first export it from

the Exchange 2010 Client Access server. To export your digital certificate, use the following

steps.

1. Export the digital certificate to the variable $file using the following command.

15

$file = Export-ExchangeCertificate -Thumbprint

5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -

Password (Get-Credential).password

2. The following command uses the Set-Content cmdlet to write data stored in the variable $file

to the file htcert.pfx.

Set-Content -Path "c:\certificates\htcert.pfx" -Value $file.FileData

-Encoding Byte

To install a digital certificate on an Exchange 2003 server, use the following steps.

1. Copy the exported certificate to a location that can be accessed from the Exchange 2003

server.

2. Right-click the .pfx file, and choose Install PFX.

3. After the Certificate Import Wizard launches, click Next twice to access the Password page.

4. Type the password for the private key in the Password field, and then click Next.

5. Select Automatically select the certificate store based on the type of certificate, click

Next, and then click Finish.

To install a digital certificate on an Exchange 2007 server, use the following steps.

1. Copy the exported certificate to a location that can be accessed from the Exchange 2007

server.

2. Using the Exchange Management Shell run the following command.

Import-ExchangeCertificate -Path c:\certificates\import.pfx -

Password:(Get-Credential).password

How do I know this worked? The successful completion of the New Exchange Certificate, Complete Pending Request, and

Assign Services to Certificate wizards will be your first indication that the certificate request,

import, and assignment worked as expected. To further verify that your certificate was imported

and assigned correctly, you can perform the following steps from the Exchange 2010 Client

Access server computer.


2. In the Result pane, select the server that contains the certificate, and then in the Work pane,

select the certificate you want to view.

3. From the Actions pane, click Open. You can view information about the certificate on the

General, Details, and Certification Path pages of the Exchange Certificate dialog box.

Enable Exchange 2010 Outlook Anywhere

Outlook Anywhere eliminates the need for users in remote offices or mobile users to have to use

a VPN to connect to their Exchange servers. Although Outlook Anywhere is an optional

16

component of Exchange 2010, we recommend its use if you have external clients that will

connect to Exchange 2010. Outlook Anywhere provides access to a user's mailbox via RPC over

HTTPS.

As with any external client access method, there are security implications to consider when

deploying Outlook Anywhere. Before making the decision to deploy Outlook Anywhere, you

should read: Understanding Security for Outlook Anywhere

Learn more at: Understanding Outlook Anywhere

How do I do this? The Enable Outlook Anywhere wizard helps you with this task.

1. In the console tree, navigate to Server Configuration > Client Access.

2. In the action pane, click Enable Outlook Anywhere.

3. Enable Outlook Anywhere page:

Type the external host name or URL for your organization in External host name. The

external host name should be the FQDN you entered when installing the Client Access

server role, which is the existing host name. For example, mail.contoso.com.

Select either Basic authentication or NTLM authentication.

If you're using an SSL accelerator and you want to use SSL offloading, select Allow

secure channel (SSL) offloading.

Important:

Don't use this option unless you're sure that you have an SSL accelerator that

can handle SSL offloading. If you don't have an SSL accelerator that can handle

SSL offloading, and you select this option, Outlook Anywhere won't function

correctly.

4. Click Enable to apply these settings and enable Outlook Anywhere.

How do I know this worked? Anywhere will be enabled on your Client Access server after a configuration period of

approximately 15 minutes. To verify that Outlook Anywhere has been enabled, check the

application event log on the Client Access server. The following events will be logged in the event

log.

EventID 3007 MSExchange RPC over HTTP Autoconfig




You can also use the Exchange Remote Connectivity Analyzer (ExRCA) to verify that Outlook

Anywhere has been enabled and configured correctly. ExRCA is a free Web-based tool provided

by Microsoft. You can find ExRCA at https://www.testexchangeconnectivity.com

https://www.testexchangeconnectivity.com/

17

Configure OAB and Web Services virtual directories

To enable Outlook Anywhere clients to discover and automatically connect to Exchange 2010,

you must configure the offline address book (OAB) and Exchange Web Services virtual

directories. This step is only necessary if you'll be using Exchange Web Services,

Outlook Anywhere, or the offline address book. If you haven't enabled Outlook Anywhere, and

you don't plan on using Exchange Web Services for programmatic access to Exchange mailbox

information, you can skip this step.

Learn more at: Understanding Offline Address Books, Configure External Client Access

Namespaces, and Configure the Autodiscover Service for Internet Access

How do I do this? You must use the Exchange Management Shell to configure OAB and Exchange Web Services

virtual directory settings. This step assumes that you have configured the Autodiscover service

for Internet access. This is standard practice in any Exchange organization with clients outside

the firewall.

If you're unfamiliar with the Shell, learn more at: Overview of Exchange Management Shell

1. Configure the external URL for the offline address book using the following syntax.

Set-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" -

ExternalUrl https://mail.contoso.com/OAB -RequireSSL:$true

2. Configure the external URL for Exchange Web Services using the following syntax.

Set-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web

Site)" -ExternalUrl https://mail.contoso.com/EWS/Exchange.asmx -

BasicAuthentication:$True

How do I know this worked? To verify that these steps were completed successfully, run the following commands to verify the

ExternalURL property is set correctly on both virtual directories.

Get-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" -

ExternalURL

Get-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web

Site)" -ExternalURL

18

Configure settings on virtual directories

During the installation of the Client Access server role, virtual directories are created for the

Autodiscover service, Exchange ActiveSync, Outlook Web App, the Exchange Control Panel,

PowerShell, Exchange Web Services, and public folders. Legacy virtual directories are also

created for coexistence. You can configure a variety of settings on those virtual directories,

including authentication and SSL. For Active Directory sites that are accessible from outside an

external firewall such as Internet Security and Acceleration Server (ISA), you'll also need to

configure publishing rules for the various virtual directories that are accessible from the Internet,

including the Exchange ActiveSync virtual directory, the Autodiscover service virtual directory,

and the Outlook Web App virtual directory.

Learn more at: Understanding Virtual Directories

How do I do this? Perform the following steps from the computer that has the Exchange 2010 Client Access server

role installed.

1. In the Console tree, navigate to Server Configuration > Client Access.

2. In the Result pane, select the Client Access server you want to configure.

3. In the Work pane, click the tab that corresponds to the virtual directory whose settings you

want to configure (Outlook Web App, Exchange Control Panel, Exchange ActiveSync), and

then click the virtual directory.

4. In the Actions pane, under the virtual directory name, click Properties.

5. Edit any of the settings on the tabs. (If you need more information about the settings, click F1

while you're on a tab.) Common settings to be configured are:

a. External URL This is the URL used to access the Web site from the Internet. The value

for this URL should have been set during installation of the Client Access server role.

b. Authentication You can specify a variety of authentication options, as well as specify

the sign-in format and sign-in domain.

c. Public Computer File Access For Outlook Web App, you can configure direct file

access settings for users who choose the public or shared computer option when logging

in.

d. Private Computer File Access For Outlook Web App, you can configure direct file

access settings for users who choose the private option when logging in.

e. Exchange2003URL This parameter is only necessary when you have users with

mailboxes on Exchange 2003 at the same time as users with mailboxes on

Exchange 2010. In that case, set this parameter to the legacy DNS endpoint, for

example, http://legacy.contoso.com.

6. Click OK to confirm your changes.

19

Note:

To configure publishing rules for external access to virtual directories, see: Configure

External Client Access Namespaces

How do I know this worked? How you confirm whether your settings were applied varies by the setting.

To verify that the external URL has been configured correctly for Exchange ActiveSync or

Outlook Web App, you can use the Exchange Remote Connectivity Analyzer (ExRCA), a free

Web-based tool provided by Microsoft.

You can find ExRCA at https://www.testexchangeconnectivity.com

To verify that authentication has been configured correctly for Exchange ActiveSync or

Outlook Web App, you can also use ExRCA.

To verify that direct file access has been configured correctly for Outlook Web App, log on as

a user to Outlook Web App using the public computer option and then try to access and save

a file attached to an e-mail message.

Install the Hub Transport server role

The Hub Transport server role is responsible for internal mail flow for the Exchange organization.

It handles all mail flow inside the organization, applies transport rules, applies journaling policies,

and delivers messages to recipient mailboxes.

Learn more at: Overview of the Hub Transport Server Role

You can install the Hub Transport server role on dedicated hardware, or you can install it on the

same server where you installed the Client Access server role.









How do I install the Hub Transport server role on dedicated hardware? The Exchange Server 2010 Setup wizard helps you install the Hub Transport role:





20




software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites. If these

prerequisites are not already installed, click on the appropriate step to install them.



a. Install all languages from the language bundle This option installs all the Exchange

2010 languages from an Exchange 2010 language bundle. You can connect to the

Internet to download the latest applicable language bundle or to use a previously















9. On the Server Role Selection page, select the Hub Transport Role, and click Next. The



21


are ready for the Hub Transport role to be installed. If all prerequisite checks completed


displayed error before you can proceed with installing the Hub Transport role. In many cases,











click Yes.

14. Restart the computer to complete the installation of the Hub Transport role.

22

How do I add the Hub Transport server role to my Client Access server? You can also use the Exchange Server 2010 Setup wizard to add the Hub Transport role to your

existing Client Access server.

1. Open the Windows Control Panel and launch the Programs and Features applet.

2. Select Microsoft Exchange Server 2010 from the list of installed programs, and then click

Change.

3. The Exchange Server 2010 Setup wizard will start in Exchange Maintenance Mode. Click

Next.

4. On the Server Role Selection page, select the check box for Hub Transport Role and then

click Next.


are ready for the Hub Transport role to be installed. If all prerequisite checks completed


displayed error before you can proceed with installing the Hub Transport role. In many cases,



6. The Progress page will display the progress and elapsed time for each phase of the

installation. As each phase ends, it will be marked completed and the next phase will

proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful.

In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance

Mode.

7. When all phases have finished, the Completion page will be displayed. Review the results

and verify that each phase completed successfully. Click Finish to exit Setup.

8. Restart the computer to complete the installation of the Hub Transport role.


installation process worked as expected. To further verify that the Hub Transport server


list in the Exchange Management Shell, which can be launched from the Exchange Server

2010 program group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010

server roles that are installed on the specified server.

You can also review the contents of the Exchange setup log file (ExchangeSetup.log), located in

<system drive>\ExchangeSetupLogs to verify that the Hub Transport role was installed as

expected.


23

Configure Exchange ActiveSync authentication

For Exchange ActiveSync to function during Exchange 2003 and Exchange 2010 coexistence,

you must configure Integrated Windows authentication on the Microsoft-Server-ActiveSync virtual

directory on the Exchange 2003 server. During this procedure, services will be restarted on the

Exchange 2003 server, resulting in a brief interruption in service.

Learn more at: Understanding Exchange ActiveSync Coexistence

How do I do this? There are two methods you can use to complete this task. Here's one method:

1. Install this hotfix for the Exchange 2003 server: "Event ID 1036 is logged on an

Exchange 2007 server that is running the CAS role when mobile devices connect to the

Exchange 2007 server to access mailboxes on an Exchange 2003 back-end server."

Get the hotfix from: Microsoft Support site

2. Using Exchange System Manager on the Exchange 2003 server, adjust the authentication

settings of the Exchange ActiveSync virtual directory.

3. Repeat these steps for all Exchange 2003 servers in your organization that contain

mailboxes.

Alternatively, you can do the following:

Set to a value of 6 the msExchAuthenticationFlags attribute on the Microsoft-Server-

ActiveSync object within the configuration container on each Exchange 2003 server that

contains mailboxes.

To review sample scripts for this change, see: Server Build DVD Visual Basic Script

Examples

How do I know this worked? To verify that this worked, do the following in your capacity as a user with a mailbox on

Exchange 2003.

1. Using a mobile phone or mobile phone emulator, create an Exchange ActiveSync connection

to the Exchange 2010 server.

2. Verify that mail can be sent and received through Exchange ActiveSync.

You can also use the Exchange Remote Connectivity Analyzer (ExRCA) to verify authentication

has been configured correctly. ExRCA is a free Web-based tool provided by Microsoft.

You can find ExRCA at https://www.testexchangeconnectivity.com

http://go.microsoft.com/fwlink/?linkid=3052&kbid=937031




24

Install the Unified Messaging server role

The Unified Messaging server role provides connectivity between your internal telephony system

and Exchange. Clients can access their mailbox from a telephone and receive voice mail

messages in their mailbox, among other capabilities.

Learn more at: Overview of Unified Messaging

You can install the Unified Messaging server role on dedicated hardware, or you can install it on a

server that's already running Exchange 2010.









How do I install the Unified Messaging server role on dedicated hardware? The Exchange Server 2010 Setup wizard helps you install the Unified Messaging role.







prerequisites are not already installed, click on the appropriate step to install them.














25


software license terms, select I accept the terms in the license agreement, and click Next.






9. On the Server Role Selection page, select the Unified Messaging Role, and click Next.

The Management Tools option, which installs the Exchange Management Console and the



are ready for the Unified Messaging role to be installed. If all prerequisite checks completed


displayed error before you can proceed with installing the Unified Messaging role. In many

cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click

Retry to run the prerequisite check again. Also, be sure to review any warnings that are

reported.





26





click Yes.

14. Restart the computer to complete the installation of the Unified Messaging role.

How do I add the Unified Messaging server role to an existing Exchange 2010 server? You can also use the Exchange Server 2010 Setup wizard to add the Unified Messaging role to

an existing Exchange 2010 server.



Change.

3. The Exchange Server 2010 Setup wizard will launch in Exchange Maintenance Mode. Click

Next.

4. On the Server Role Selection page, select the check box for Unified Messaging Role and

then click Next.


are ready for the Unified Messaging role to be installed. If all prerequisite checks completed


displayed error before you can proceed with installing the Unified Messaging role. In many



reported.





Mode.



8. Restart the computer to complete the installation of the Unified Messaging role.


installation process worked as expected. To further verify that the Unified Messaging server



27




<system drive>\ExchangeSetupLogs to verify that the Unified Messaging role was installed as

expected.


Configure and enable Unified Messaging

After the Unified Messaging (UM) server role has been installed, your next step is to create and

configure the UM directory objects necessary for UM features and then enable your users for UM.

Specifically, you'll need to:

A: Create and configure a UM dial plan UM dial plans are integral to the operation of UM

servers and are required to successfully deploy UM in your organization.

B: Create and configure one or more UM gateways A UM IP gateway represents either

an IP gateway or an IP PBX. The combination of the UM IP gateway object and a UM hunt

group object establishes a logical link between an IP gateway hardware device and a UM dial

plan.

C: Create and configure one or more UM mailbox policies UM mailbox policies are

required when you enable users for Unified Messaging. The mailbox of each UM-enabled

user must be linked to a single UM mailbox policy. After you create a UM mailbox policy, you

link one or more UM-enabled mailboxes to the UM mailbox policy. This lets you control PIN

security settings such as the minimum number of digits in a PIN or the maximum number of

logon attempts for the UM-enabled users who are associated with the UM mailbox policy.

D: Add your Unified Messaging server to a dial plan Dial plans enable you stop call

processing so that a UM server can be taken offline in a controlled way. After you add a UM

server to a dial plan, the UM server can then start answering incoming calls that are

forwarded from an IP gateway.

E: Enable users for Unified Messaging When you enable a user for UM, a default set of

UM properties are applied to the user, and the user will be able to use UM features.

After these core tasks are done, you may also want to do some other things, such as:

Installing language packs on the UM server For a specific language that's supported, UM

language packs allow a UM server to speak additional languages to callers and recognize

other languages when callers use Automatic Speech Recognition (ASR) or when voice

messages are transcribed.

Creating and configuring auto attendants and UM hunt groups UM auto attendants can

be used to create a voice menu system for an organization that lets external and internal

callers move through the UM auto attendant menu system to locate and place or transfer

calls to company users or departments in an organization. Hunt group is a term that's used to

describe a group of PBX or IP PBX resources or extension numbers that are shared by

users. Hunt groups are used to efficiently distribute calls into or out of a given business unit.

28

Enabling Exchange 2010 for use with a Fax Partner server Exchange 2010 UM forwards

incoming fax calls to a dedicated partner fax solution, which then establishes the fax call with

the fax sender and receives the fax on behalf of the UM-enabled user. However, to allow UM-

enabled users to receive fax messages in their mailbox, you must configure the Fax Partner

server.

Learn more at: Deploying a New Unified Messaging Environment

How do I do this? You'll use several wizards in the Exchange Management Console to get these tasks done.

A: Create the UM dial plan

1. In the Console tree, navigate to Organization Configuration > Unified Messaging.

2. In the Actions pane, click New UM Dial Plan.

3. In the New UM Dial Plan wizard, complete the following fields:

Name Type the name of the dial plan. A UM dial plan name is required and must be

unique. However, it's used only for display. If you want to change the display name of the

dial plan after it's been created, you must first delete the existing UM dial plan and then

create another dial plan that has the appropriate name. If your organization uses multiple

UM dial plans, we recommend that you use meaningful names for your UM dial plans.

The maximum length of a UM dial plan name is 64 characters, and it can include spaces.

However, it can't include any of the following characters: " / \ [ ] : ; | = , + * ? < >.

Important:

Although the field for the name of the dial plan can accept 64 characters, the

name of the dial plan can't be longer than 49 characters. This is the case

because when you create a dial plan, a default UM mailbox policy is also created

that has the name <DialPlanName> Default Policy. The name parameter for both

the UM dial plan and UM mailbox policy can be 64 characters.

Number of digits in extension numbers Enter the number of digits for the dial plan.

The number of digits for extension numbers is based on the telephony dial plan created

on a Private Branch eXchange (PBX). For example, if a user associated with a telephony

dial plan dials a four-digit extension to call another user in the same telephony dial plan,

you select 4 as the number of digits in the extension.

This is a required field that has a value range from 1 through 20. The typical extension

length is from 3 through 7. If your existing telephony environment includes extension

numbers, you must specify a number of digits that matches the number of digits in those

extensions.

When you create a Session Initiation Protocol (SIP) or an E.164 dial plan and associate a

UM-enabled user with the dial plan, you must still input an extension number to be used

by the user. This number is used by Outlook Voice Access users when they access their

Exchange 2010 mailbox.

29

URI Type Use this drop-down list to select the URI type for the UM dial plan. A URI is a

string of characters that identifies or names a resource. The main purpose of this

identification is to enable VoIP devices to communicate with other devices over a network

using specific protocols. URIs are defined in schemes that define a specific syntax,

format, and the protocols for the call.

You can select one of the following URI types for the dial plan:

Telephone extension This is the most common URI type. The calling and called party

information from the IP gateway or IP PBX will be listed in one of the following formats:

Tel:512345 or 512345@<IP address>. This is the default URI type for dial plans.

SIP URI Use this URI type if you need a SIP URI dial plan when an IP PBX supports

SIP routing or if you're integrating Microsoft Office Communications Server 2007 and

Exchange Unified Messaging. The calling and called party information from the IP

gateway or IP PBX will be listed as a SIP address in the following format:

sip:<username>@<domain or IP address>:Port.

E.164 E.164 is an international numbering plan for public telephone systems in which

each assigned number contains a country/region code, a national destination code, and a

subscriber number. The calling and called party information sent from the IP gateway is

listed in the following format: Tel:+14255550123.

Note:

After you create a dial plan, you will be unable to change the URI type without

deleting the dial plan, and then re-creating the dial plan to include the correct URI

type.

VoIP Security Use this drop-down list to select the VoIP security setting for the UM dial

plan. By default, when you create a UM dial plan, it communicates in unsecured mode. A

Unified Messaging server can operate in any mode configured on a dial plan because the

Unified Messaging server is configured to listen on TCP port 5060 for unsecured

requests and on TCP port 5061 for secured requests at the same time.

You can select one of the following security settings for the dial plan:

Unsecured By default, when you create a UM dial plan, it communicates in unsecured

mode, and the Unified Messaging servers associated with the UM dial plan send and

receive data from IP gateways, IP PBXs, and other Exchange 2010 computers using no

encryption. In unsecured mode, both the Realtime Transport Protocol (RTP) media

channel and SIP signaling information aren't encrypted.

SIP secured When you select SIP secured, only the SIP signaling traffic is encrypted,

and the RTP media channels still use TCP, which isn't encrypted. Mutual Transport Layer

Security (TLS) is used to encrypt the SIP signaling traffic.

Secured When you select Secured, both the SIP signaling traffic and the RTP media

channels are encrypted. An encrypted signaling media channel that uses Secure

Realtime Transport Protocol (SRTP) also uses mutual TLS to encrypt the VoIP data.

Country/Region code Use this field to type the country/region code number used for

outgoing calls. This number will precede the telephone number dialed. This field accepts

30

from 1 through 4 digits. For example, in the United States, the country/region code is 1. In

the United Kingdom, it's 44.

4. On the Completion page, confirm whether the dial plan was successfully created:

A status of Completed indicates that the wizard completed the task successfully.

A status of Failed indicates that the task wasn't completed. If the task fails, review the

summary for an explanation, and then click Back to make any configuration changes.

5. Click Finish to complete the New UM Dial Plan wizard.

B: Create a UM IP gateway

1. In the console tree, navigate to Organization Configuration > Unified Messaging.

2. In the Result pane, click the UM IP Gateways tab.

3. In the Actions pane, click New UM IP Gateway.

4. In the New UM IP Gateway wizard, in the Name section, type the name of the UM IP

gateway. This is the display name for the UM IP gateway.

5. In the IP Address section, type the IP address for the UM IP gateway, and then click New.

Note:

Alternatively, you can enter an FQDN for the UM IP gateway. If you choose to use an

FQDN, you must add the appropriate host records with the correct IP addresses to

the DNS zone. If you're configuring a UM IP gateway that will be associated with a

dial plan that's operating in secure mode, you must create the UM IP gateway with an

FQDN.

6. On the New UM IP Gateway page, click New.

7. On the Completion page, click Finish.

C: Create a UM mailbox policy


2. In the Work pane, click the UM Mailbox Policies tab.

3. In the Actions pane, click New UM Mailbox Policy.

4. In the New UM Mailbox Policy wizard, complete the following fields:

Name Use this text box to specify a unique name for the UM mailbox policy. This is a

display name that appears in the EMC. If you must change the display name of the UM

mailbox policy after it's been created, you must first delete the existing UM mailbox

policy, and then create another UM mailbox policy that has the appropriate name. To

delete the UM mailbox policy, there mustn't be any UM-enabled users who are

associated with the UM mailbox policy.

The UM mailbox policy name is required, but it's used for display purposes only. Because

your organization may use multiple UM mailbox policies, we recommend that you use

meaningful names for your UM mailbox policies. The maximum length of a UM mailbox

31

policy name is 64 characters, and it can include spaces. However, it cannot include any

of the following characters: " / \ [ ] : ; | = , + * ? < >.

Select associated dial plan Click Browse to select the UM dial plan that will be

associated with the UM mailbox policy. You must associate a UM mailbox policy with at

least one UM dial plan. A single UM mailbox policy must be associated with at least one

UM dial plan. However, you can also associate multiple UM mailbox policies with a single

dial plan.

5. On the Completion page, confirm whether the UM mailbox policy was successfully created.

6. Click Finish to complete the New UM Mailbox Policy wizard.

D: Add the UM server to the dial plan


2. In the Result pane, select the UM server.

3. In the Actions pane, click Properties.

4. On the UM Settings > Associated Dial Plans, click Add.

5. In the Select Dial Plan window, select the dial plan you want to add from the list of available

dial plans, and then click OK.

E: Enable users for UM

1. In the Console tree, click Recipient Configuration.

2. In the Result pane, select the user mailbox that you want to enable for Unified Messaging.

3. In the Actions pane, click Enable Unified Messaging.

4. In the Enable Unified Messaging wizard, on the Introduction page, complete the following

fields:

Unified Messaging Mailbox Policy Use this text field to select the UM mailbox policy

that you want to associate with a user's mailbox. UM mailbox policies define settings

such as PIN policies, dialing restrictions, and message text for Unified Messaging

messages sent to the user. Each UM-enabled user is required to be associated with at

least one UM mailbox policy. However, the UM-enabled user can be associated with only

one UM mailbox policy.

Automatically generate PIN to access Outlook Voice Access Click this button to

automatically generate a PIN for the UM-enabled user. This is the default setting. If this

option is selected, a PIN is automatically generated based on the PIN policies configured

on the UM mailbox policy associated with the recipient. We recommend that you use this

setting to help protect the user's PIN.

Manually specify PIN Click this button to manually specify a PIN that a recipient will

use to access the Unified Messaging system. The PIN must comply with the PIN policy

settings configured on the UM mailbox policy associated with this recipient. For example,

if the UM mailbox policy is configured to accept only PINs that contain seven or more

digits, the PIN you enter in this text box must be at least seven digits.

32

Require user to reset PIN on first telephone logon Select this check box to force the

user to reset a Unified Messaging PIN when the user accesses the Unified Messaging

system from a telephone. It's a security best practice to force UM-enabled users to

change their PIN at their first logon to help protect against unauthorized access to their

data and Inbox. This is the default setting.

5. In the Enable Unified Messaging wizard, on the Extension Configuration page, complete

the following fields:

Automatically generated mailbox extension Click this button if you want the

extension number for the user's mailbox to be automatically generated from the

telephone number specified in the Active Directory directory service and used to populate

the field. By default, this setting is enabled. This option will be unavailable if the user is

being associated with a SIP URI or E.164 dial plan.

For the user's extension number to populate this field, you can enter the telephone

number in the Business field on the Address and Phone tab in the user properties in

the Exchange Management Console. You can also configure a telephone number for a

user by configuring the Telephone number field on the General tab on the user account

using Active Directory Users and Computers.

If you select this option, the extension number generated automatically for the user will

comply with the number of digits specified for the dial plan with which the UM mailbox

policy that you selected is associated. For example, if the dial plan is configured to use 5-

digit extension numbers, the Unified Messaging server will take the last 5 digits of the

user's telephone number and use those digits to populate this field. UM dial plans are

typically configured to have extensions three through seven digits long.

Manually entered mailbox extension Click this button if you want to manually

configure the extension number for the user's mailbox.

If you select this option, you must provide a valid extension number for the user and must

match the number of digits specified on the dial plan. You can configure this field to

contain a value range of numeric characters or digits from 1 through 20. The typical

extension number is from 3 through 7 digits and is configured on the dial plan with which

the UM mailbox policy is associated.

If your existing telephony environment includes extension numbers, you must specify a

number of digits that matches the number of digits in those extensions. The number of

digits that you specify is the default setting after a UM mailbox policy is selected.

Automatically generated SIP resource identifier Click this button if you want the SIP

resource identifier or SIP address for the user's mailbox to be automatically generated. If

you have deployed Microsoft Office Communications Server 2007, the user's SIP

address is taken from the msRTCSIP-PrimaryUserAddress attribute in Active Directory.

If this attribute isn't populated, the user's primary SMTP address will be used for the SIP

address. By default, this setting is enabled, for example, [email protected].

This option is available only if the user that you enable for Unified Messaging is

associated with a SIP URI dial plan. This option will be unavailable if you configure a

user's mailbox to be associated with an E.164 dial plan.

33

If you associate a user with a SIP URI dial plan, you must also manually enter a mailbox

extension for the user. This extension number is used when users use Outlook Voice

Access to access their Exchange 2010 mailbox. The number of digits that you configure

in this field must match the number of digits configured on the SIP URI or E.164 dial plan.

This option will not be available if the user is being associated with a telephone extension

dial plan.

Manually entered SIP resource identifier Click this button if you want to manually

enter the SIP or E.164 address for the user. This option is available if the user that you

enable for Unified Messaging is associated with either a SIP URI or E.164 dial plan. If

you deployed Communications Server 2007, the user's SIP address is taken from the

msRTCSIP-PrimaryUserAddress attribute in Active Directory. If this attribute isn't

populated, the user's primary SMTP address is used for the SIP address, for example,

[email protected]. This option isn't available if the user is associated with a

telephone extension dial plan.

If you associate the user with an E.164 dial plan, you must manually enter an E.164

address for the user. The number entered must be in the correct E.164 format, for

example, +14255551234.

If you associate the user with a SIP or E.164 dial plan, you must also manually enter a

mailbox extension number for the user. This extension number is used when users use

Outlook Voice Access to access their Exchange 2010 mailbox. The number of digits that

you configure in this field must match the number of digits configured on the SIP URI or

E.164 dial plan.

6. On the Enable Unified Messaging page, review your configuration settings. Click Enable to

enable the user for Unified Messaging. Click Back to make configuration changes.

7. On the Completion page, confirm whether the user was successfully enabled for Unified

Messaging.

8. Click Finish to complete the Enable Unified Messaging wizard.

How do I know this worked? The successful completion of each wizard will be your first indication that the necessary UM

objects were created successfully. In addition, users with mailboxes on Exchange 2010 should

now be able to use UM functionality.

How do I do the optional tasks? Depending on the task, you'll use a wizard in the Exchange Management Console and you'll also

use the Exchange Management Shell.

Install a UM language pack

1. Download the language-specific UM language pack file into a local folder on the UM server.

Get the language pack here: Microsoft Download Center


34

2. Double-click the UMLanguagePack.<CultureCode>.exe file. For example, for the German UM

language pack, download the file named UMLanguagePack.de-DE.exe.

3. In the Setup wizard, on the License Agreement page, read the terms of the agreement,

select I accept the terms in the license agreement, and then click Next.

4. On the Unified Messaging Language Pack page, verify that the correct language is listed in

the The following Unified Messaging Language Pack(s) will be installed window, and

then click Install.

5. On the Completion page, confirm whether the UM language pack was successfully installed.

6. Click Finish to complete the installation of the UM language pack.

Create a UM hunt group


2. In the Work pane, click the UM IP Gateways tab.

3. In the Result pane, select a UM IP gateway.

4. In the Actions pane, click New UM Hunt Group.

5. In the New UM Hunt Group wizard, view or complete the following fields:

Associated UM IP gateway This display-only field shows the name of the UM IP

gateway that will be associated with the UM hunt group.

Name Use this text box to create the display name for the UM hunt group. A UM hunt

group name is required and must be unique, but it's used only for display purposes in the

EMC and the Shell.

Dial plan Click the Browse button to select the dial plan that will be associated with the

UM hunt group. Associating a hunt group with a dial plan is required. A UM hunt group

can be associated with only one UM IP gateway and one UM dial plan.

Pilot identifier Use this text box to specify a string that uniquely identifies the pilot

identifier or pilot ID configured on the PBX or IP PBX.

An extension number or a Session Initiated Protocol (SIP) Uniform Resource Identifier

(URI) can be used in this field. Alphanumeric characters are accepted in this field. For

legacy PBXs, a numeric value is used as a pilot identifier. However, some IP PBXs can

use SIP URIs.

6. On the Completion page, confirm whether the UM hunt group was successfully created.

7. Click Finish to complete the New UM Hunt Group wizard.

Create a UM auto attendant


2. In the Work pane, click the UM Auto Attendants tab.

3. In the Actions pane, click New UM Auto Attendant.

4. In the New UM Auto Attendant wizard, complete the following fields:

35

Name Use this text box to create the display name for the UM auto attendant. A UM

auto attendant name is required and must be unique. The maximum length of a UM auto

attendant name is 64 characters, and it can include spaces.

Select associated dial plan Click Browse to select the UM dial plan to associate with

this UM auto attendant. Selecting and associating a UM dial plan with the auto attendant

is required. A UM auto attendant can be associated with only one UM dial plan.

Extension numbers Use this field to enter the extension number that callers will use to

reach the auto attendant. Type an extension number in the box, and then click Add to

add the number to the list. The number of digits in the extension number that you provide

doesn't have to match the number of digits for an extension number configured on the

associated UM dial plan. This is because direct calls are allowed to UM auto attendants.

You can edit or remove an existing extension number. To edit an existing extension

number, click Edit. To remove an existing extension number from the list, click Remove.

Create auto attendant as enabled Select this option to enable the auto attendant to

answer incoming calls when you complete the New UM Auto Attendant wizard. By

default, a new auto attendant is created as disabled.

If you decide to create the UM auto attendant as disabled, you can use the EMC action

pane or the Shell to enable the auto attendant after you finish the wizard.

Create auto attendant as speech-enabled Select this check box to speech-enable the

UM auto attendant. By speech-enabling the auto attendant, callers can respond to the

system or custom prompts used by the UM auto attendant using touchtone or voice

inputs. By default, the auto attendant won't be speech-enabled when it's created.

For callers to use a speech-enabled auto attendant, you must install the appropriate

Unified Messaging language pack that contains Automatic Speech Recognition (ASR)

support and configure the properties of the auto attendant to use this language.

5. On the Completion page, confirm whether the UM auto attendant was successfully created.

6. Click Finish to complete the New UM Auto Attendant wizard.

Enable integration with a Fax Server partner

1. Install and configure the Fax Partner server or servers in your organization. There are

specific steps that you must take to successfully integrate the fax partner server with UM. The

steps you perform will vary based on the solution. For detailed information, refer to the

partner's Web site:

Concord Fax Online

Sagem-Interstar

2. Enable faxing on the UM server.

a. In the Console tree, navigate to Organization Configuration > Unified Messaging.

b. On the UM Dial Plans tab, select the UM dial plan for which you want to allow users

associated with the dial plan to receive fax messages, and then in the Actions pane, click

Properties.

http://www.concordfax.com/

http://www.sagem-interstar.com/

36

c. On the dial plan Properties page, on the General tab, select the check box for Allow

users to receive faxes.

d. Click OK to save the changes.

e. In the Exchange Management Shell, configure the UM mailbox policy for faxing. The UM

mailbox policy must be configured to allow incoming faxes, with the fax partner's URI,

and that the fax partner's server's name. The FaxServerURI must use the following form:

sip:<fax server URI>:<port>;<transport>, where FaxServerURI is either an FQDN or an

IP address of the partner fax server. Port is the port on which the fax server listens for

incoming fax calls and transport is the transport protocol that is used for the incoming fax

(UDP, TCP or TLS). For example, you might configure fax as follows:

Set-UMMailboxPolicy MyUMMailboxPolicy -AllowFax $true -

FaxServerURI "sip:faxserver.contoso.com:5060;transport=tcp"

3. Configure authentication between the UM server and the Fax Partner server. Fax messages

sent to a UM server from a fax partner server must be authenticated and any unauthenticated

messages claiming to have come from a fax partner server will not be processed by the UM

server. The receive connector should be deployed on the Hub Transport server used by the

fax partner fax server to submit SMTP fax messages and must be configured with the

following values:

AuthMechanism: ExternalAuthoritative

PermissionGroups: ExchangeServers, PartnersFax

RemoteIPRanges: {Fax server's IP address}

RequireTLS: False

EnableAuthGSSAPI: False

LiveCredentialEnabled: False

a. In the Console tree, navigate to Server Configuration > Hub Transport.

b. In the Work pane, select the Receive Connectors tab, and then double-click the Receive

connector you want to configure.

c. On the Permission Groups tab, make sure Exchange Servers and Partners are

checked.

d. On the Authentication tab, make sure that only Externally Secured (for example, with

IPSec) is checked.

e. Click OK to save the changes.

Install the Mailbox server role

The Mailbox server role hosts mailbox and public folder databases, and it generates the offline

address book (OAB). Mailbox servers also provide services that enforce e-mail address policies

and managed folders.

Learn more at: Understanding Mailbox

37

You can install the Mailbox server role on dedicated hardware, or you can install it on a server

that is already running Exchange 2010.









How do I install the Mailbox server role on dedicated hardware? The Exchange Server 2010 Setup wizard helps you install the Mailbox role.







prerequisites are not already installed, click the appropriate step to install them.





















38

9. On the Server Role Selection page, select the Mailbox Role, and click Next. The



10. On the Client Settings page, select Yes if your organization has client computers running

either Microsoft Outlook 2003 or Microsoft Entourage 2004 or earlier. Select No if you don't.


are ready for the Mailbox role to be installed. If all prerequisite checks completed


displayed error before you can proceed with installing the Mailbox role. In many cases, you

don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to

run the prerequisite check again. Also, be sure to review any warnings that are reported.








14. When you are returned to the Setup welcome screen, click Close. On the Confirm Exit

prompt, click Yes.

15. Restart the computer to complete the installation of the Mailbox role.

39

How do I add the Mailbox server role to an existing Exchange 2010 server? You can also use the Exchange Server 2010 Setup wizard to add the Mailbox role to an existing

Exchange 2010 server.



Change.

3. The Exchange Server 2010 Setup wizard will launch in Exchange Maintenance Mode. Click

Next.

4. On the Server Role Selection page, select the check box for Mailbox Role and then click

Next.


are ready for the Mailbox role to be installed. If all prerequisite checks completed


displayed error before you can proceed with installing the Mailbox role. In many cases, you

don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to

run the prerequisite check again. Also, be sure to review any warnings that are reported.

6. The Progress page will display the progress and elapsed time for each phase of the




Mode.



8. Restart the computer to complete the installation of the Mailbox role.


installation process worked as expected. To further verify that the Mailbox server role installed

successfully, you can run Get-ExchangeServer <server name> | format-list in the

Exchange Management Shell, which can be launched from the Exchange Server 2010 program

group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010 server roles

that are installed on the specified server.


<system drive>\ExchangeSetupLogs to verify that the Mailbox role was installed as expected.


40

Change the OAB generation server

Offline address book (OAB) generation is the process by which Exchange creates and updates

the OAB. To do that, an internal process called OABGen runs on a Mailbox server that has been

designated as the OAB generation server. When OAB generation occurs, Exchange generates

new OAB files, compresses the files, and then shares the files to client computers.

Outlook 2003 and earlier clients require OAB distribution to occur using public folders. In

Exchange 2010, OABs can be distributed using public folders to support Outlook 2003 clients.

OABs can also be distributed using Web services to support Outlook 2007 and Outlook 2010.

You can generate the OAB from an Exchange 2003 server provided that public folder distribution

is enabled in Exchange 2010. However, be aware that if you generate the OAB from an

Exchange 2003 server, you will lose the following functionality:

Japanese phonetic display name, phonetic surname, phonetic given name, phonetic

company name, and phonetic department name

PR_DISPLAY_TYPE_EX, which is used by Office Outlook 2007 and later to render the

correct icon for objects that are replicated across the forest.

To ensure full functionality with Exchange 2010 features, we recommend that you move the OAB

generation to an Exchange 2010 mailbox server. Moving the OAB generation to a new server will

result in a full OAB download for all clients.

Learn more at: Understanding Offline Address Books

How do I do this? You can use the Move Offline Address Book wizard in the Exchange Management Console to

perform this procedure.

1. In the Console tree, navigate to Organization Configuration > Mailbox.

2. In the Result pane, click the Offline Address Book tab, and then select the OAB for which

you want to move the generation to a new server.

3. In the Actions pane, click Properties. On the Distribution tab, select the Enable Web-

based distribution and the Enable public folder distribution check boxes and then click

OK.

4. In the Actions pane, click Move.

5. On the Move Offline Address Book page, click Browse to select the server to which you

want to move the OAB generation process, and then click OK.

6. Click Move to move the OAB generation process to the selected server.

7. On the Completion page, verify that the operation completed successfully. Click Finish to

close the Move Offline Address Book wizard.

41

How do I know this worked? The successful completion of the Move Offline Address Book wizard will indicate that the

command worked as expected. To further verify that the OAB generation server is the server

selected in Step 5 above, examine the value for Generation Server on the Offline Address

Book tab in the Exchange Management Console.

Install the Edge Transport server role

The Edge Transport server performs anti-spam and antivirus filtering, and it also applies

messaging and security policies to messages in transport. The Edge Transport server role can't

coexist on the same computer with any other Exchange server role. You must deploy the Edge

Transport server role in the perimeter network and outside the secure Active Directory forest.

Learn more at: Overview of the Edge Transport Server Role









How do I do this? The Exchange Server 2010 Setup wizard helps you install the Edge Transport role.







prerequisites are not already installed, click the appropriate step to install them.









42













9. On the Server Role Selection page, select the Edge Transport Role, and click Next. The



10. On the Customer Experience Improvement Program page, optionally join in the Exchange

Customer Experience Improvement Program (CEIP). The CEIP collects anonymous

information about how you use Exchange 2010 and any problems that you encounter. To join

the CEIP, select Join the Customer Experience Improvement Program, choose the

industry that best represents your organization, and then click Next.

43


are ready for the Edge Transport role to be installed. If all prerequisite checks completed


displayed error before you can proceed with installing the Edge Transport role. In many



reported.









click Yes.

15. Restart the computer to complete the installation of the Edge Transport role.


installation process worked as expected. To further verify that the Edge Transport server





You can also check the Exchange setup log (ExchangeSetup.log), located in

<system drive>\ExchangeSetupLogs to verify that the Edge Transport role was installed as

expected.


Subscribe the Edge Transport server

You can use the Exchange Management Shell or the Exchange Management Console on the

Hub Transport server to configure Internet mail flow when your organization sends and receives

Internet e-mail by using a subscribed Edge Transport server.

To establish Internet mail flow, you subscribe the Edge Transport server to an Active Directory

site. This process automatically creates the following Send connectors, which are required for

Internet mail flow:

A Send connector configured to send e-mail to all Internet domains.

44

A Send connector configured to send e-mail from the Edge Transport server to the Hub

Transport server.

Before you complete these steps, ensure that network communications over the secure LDAP

port 50636/TCP are enabled through the firewall that separates the perimeter network containing

the Edge Transport server from the internal Exchange organization.

Learn more at: Understanding Edge Subscriptions

How do I do this? Use the following steps to subscribe the Edge Transport server to an Active Directory site:

1. On the Edge Transport server, run the following command in the Exchange Management

Shell.

New-EdgeSubscription -FileName "C:\EdgeSubscriptionInfo.xml"

2. Copy the resulting XML file to a Hub Transport server in the Active Directory site to which you

want to subscribe the Edge Transport server.

3. On the Hub Transport server, open the Exchange Management Console, navigate to

Organization Configuration > Hub Transport, and select the Edge Subscriptions tab.

4. In the Actions pane, click New Edge Subscription to start the New Edge Subscription

wizard.

5. In the Active Directory site field on the New Edge Subscription page, click Browse to

select the Active Directory site to which you want to subscribe the Edge Transport server.

6. In the Subscription file field, click Browse to select the EdgeSubscriptionInfo.xml file that was

copied to the Hub Transport server in Step 2.

7. Leave as selected the Automatically create a Send connector for this Edge Subscription

check box, and click New to create the Edge Subscription.

8. On the Completion page, review the task results and verify that the subscription was

successfully created. The wizard will display a warning indicating that the Hub Transport

servers in the subscribed site must be able to resolve the IP address for the Edge Transport

server and to connect to TCP port 50636 on the Edge Transport server. Before proceeding

with the next step, we recommend you verify this connectivity.

9. On the Hub Transport server, run the following command in the Exchange Management

Shell.

Start-EdgeSynchronization

For more information, see: Create an Edge Subscription

For detailed syntax and parameter information, see: new-EdgeSubscription or start-

EdgeSynchronization

How do I know this worked? After you create a new Edge Subscription, the Edge Transport server referenced in the Edge

Subscription file is associated with the Hub Transport servers in an Active Directory site.

45

To verify that replication of the new Edge Subscription was successful, you can run Get-

EdgeSubscription in the Exchange Management Shell.

Move mailboxes to Exchange 2010

After you've deployed the Exchange 2010 Mailbox server role, you can move mailboxes from

Exchange 2003 to Exchange 2010. Be aware that during the move users will not be able to send

and receive messages. So, we recommend that you perform this step off-hours to minimize the

interruption in service.

Learn more at: Understanding Move Requests

In Exchange 2003, shared mailboxes are used to represent resources (for example, a conference

room, a piece of A/V equipment, etc.). Exchange 2010 introduces a new kind of mailbox called a

resource mailbox. When moving a shared mailbox from Exchange 2003 to Exchange 2010, the

move request creates the mailbox as a shared Exchange 2010 mailbox. After the move has been

completed, you can convert the shared mailbox to a resource mailbox.

Learn more at: Convert a Mailbox

How do I do this? You can use the Exchange Management Console and the New Local Move Request wizard to

perform this task.

1. In the Console tree, expand Recipient Configuration and then select Mailbox.

2. In the Result pane, select the mailbox(es) that you want to move.

3. In the Actions pane, click New Local Move Request.

4. On the Introduction page, configure the following settings, and then click Next:

a. A new move request will be placed for the following mailboxes This displays the

mailboxes being moved. To change this list, click Cancel, and make new selections in

the Result pane.

b. Target mailbox database Click Browse to open the Select Mailbox Database dialog

box and select the Exchange 2010 mailbox database to which you want to move the

mailboxes. Click OK to return to the wizard.

5. On the Move Options page, specify how you want to manage corrupted messages if any are

found and then click Next.

Skip the mailbox This option skips any mailbox that contains any corrupted messages.

We recommend selecting this option. Only select Skip the corrupted messages if the

move request failed in a previous attempt.

Skip the corrupted messages This option moves the mailbox, except for any

corrupted messages. If you select this option, you'll need to set the maximum number of

messages to skip.

46

Maximum number of messages to skip If you select Skip the corrupted messages,

specify a number between -1 and 2,147,483,647. Use -1 to skip an unlimited number of

corrupted messages.

6. On the New Local Move Request page, review the local move request to make sure it's

correct and then click New to create the move request. Click Back to make any changes.

7. On the Completion page, review the information shown, and then click Finish.

How do I know this worked? The successful completion of the New Local Move Request wizard will be your first indication that

the mailbox was moved successfully. You can further verify that the move operation was

successful by performing any of the following tasks:

Examine the properties of the mailbox in the recipients work pane. To do this, right-click the

mailbox and select Properties. The database hosting the mailbox is displayed in the Mailbox

database field on the General tab.

Run the Get-Mailbox cmdlet to view a list of all mailboxes on the Exchange 2010 database.

For example, you could run:

Get-Mailbox -Database DB1

Or, for example:

Get-Mailbox -Server EX2

Have each user whose mailbox was moved try to open their mailbox and verify the contents,

as well as try to send and receive messages.

Move public folder data to Exchange 2010

Public folders are an optional feature in Exchange 2010. If all client computers in your

organization are running Microsoft Office Outlook 2007 or later, then public folders are an optional

feature. However, if Outlook 2003 clients are in use, then public folders are required. In addition,

if you're currently using public folders for collecting, organizing, or sharing documents and other

information and you want to continue doing so, you can use public folder replication to move your

public folder data to Exchange 2010.

Learn more at: Understanding Public Folder Replication

How do I do this? You can use the Exchange Management Console to perform this task.

1. In the Console tree, click Toolbox.

2. In the Result pane, double-click Public Folder Management Console. The Public Folder

Management Console appears.

47

3. In the public folder tree, click or expand Default Public Folders, and then select the parent

public folder of the public folder that you want to move to Exchange 2010.

Note:

To configure replication for the offline address book (OAB) or for Schedule+ free/

busy information, expand System Public Folders, and then click OFFLINE

ADDRESS BOOK or SCHEDULE+ FREE BUSY.

4. In the Result pane, right-click the public folder you want to replicate to Exchange 2010 and

select Properties.

5. On the Replication tab, click Add to select an Exchange 2010 public folder database and

then click OK.

6. By default, Exchange uses the replication schedule configured for the public folder database.

To create a custom replication schedule for the public folder, clear the Use public folder

database replication schedule check box and select one of the settings in the list.

7. To create a customized schedule, click Customize.

8. To set the schedule, click the time grid in the Schedule dialog box. Public folder replication

will run during the time slots that you specify.

9. Click OK to close the Schedule dialog box.

10. To specify the age limit for items in this public folder, type the number of days in the Local

replica age limit (days) box. Items that have reached the age limit are deleted.

Note:

Age limits should be used for public folders only. They should not be used for System

Folders, such as OFFLINE ADDRESS BOOK or SCHEDULE+ FREE BUSY.

11. Click OK to close the Properties dialog and to save your changes.

12. Repeat Steps 4-11 for each public folder you want to move to Exchange 2010.

How do I know this worked? You can use the Get-PublicFolder cmdlet in the Exchange Management Shell to verify replicas on

the Exchange 2010 public folder database. For example, to determine the replicas for all public

folders in the public folder tree, run the following command:

Get-PublicFolder -Recurse | Format-List Name,Replicas

To determine the replicas for all system folders, run the following command:

Get-PublicFolder \NON_IPM_SUBTREE | Format-List Name,Replicas

Learn more about the cmdlet at: Get-PublicFolder

Create Send connectors

During your upgrade from Exchange 2003 to Exchange 2010 you will move outbound Internet

mail flow from Exchange 2003 to 2010. If you are using an Edge Transport server and have

48

completed the steps described in this tool for installing the Edge Transport server role and

subscribing the Edge Transport server, then outbound Internet mail flow is already configured in

Exchange 2010, and all you will need to do is delete the Exchange 2003 SMTP Connector.

If you are not using an Edge Transport server, then you must create at least one Send connector

configured with the appropriate address space, and then delete the existing Exchange 2003

SMTP connector(s).

Learn more at: SMTP Send Connectors

How do I create a Send connector? You can use the New Send Connector wizard in the Exchange Management Console to perform

this procedure.

1. In the Console tree, expand Organization Configuration and select Hub Transport.

2. In the result pane, click the Send Connectors tab.

3. In the Actions pane, click New Send Connector. The New SMTP Send Connector wizard

starts.

4. On the Introduction page, follow these steps:

a. In the Name field, type a meaningful name for this connector. Specify a name for the

Send connector that helps you distinguish this Send connector from other Send

connectors in your configuration.

b. In the Select the intended use for this connector field, select Internet and click Next.

5. On the Address space page, click Add.

6. In the Address field, enter * and click OK. Click Next.

7. On the Network settings page, review the available options and select how to send e-mail

with the Send connector. (If you need more information about the settings, click F1.)

Select the Use the External DNS Lookup settings on the transport server check box if

you want to use a specific list of DNS servers instead of the DNS server(s) configured for the

Hub Transport server's network adapter. After you finish, click Next.

Important:

Verify that you have configured the external DNS servers list by using the Set-

TransportServer cmdlet, or by using the External DNS Lookups tab in the

properties of the Hub Transport server.

If you're using a smart host, the Configure smart host authentication settings page

appears. By default, no authentication is used. To configure the smart host authentication

settings, click Change. Select the method you want to use to authenticate to the smart host,

and then click Next.

Note:

Here are some things to be aware of if the smart host requires Basic authentication.

Basic authentication requires that you provide a user name and password. We

strongly recommend that you use an encrypted connection if you're using Basic

49

authentication because the user name and password are sent in clear text. Select the

Basic Authentication over TLS check box to enable encryption on the connection.

Also, if you specify more than one smart host for this Send connector, all the

specified smart hosts must accept the same user name and password.

How do I delete an Exchange 2003 SMTP connector? 1. When each Send connector is created and verified, the corresponding SMTP connector can

be deleted.

2. In Exchange System Manager, expand the Organization node, expand Administrative

Groups, expand <AdministrativeGroupName>, expand Routing Groups, expand

<RoutingGroupName>, and then select Connector.

3. In the right-hand pane, right-click the connector you want to delete and select Delete.

4. Click OK to confirm the deletion.

How do I know this worked? The successful completion of the New Send Connector wizard will be your first indication that the

configuration changes were made as expected. You can perform additional tests to further verify

that the configuration changes are operational:

You can use the Exchange Remote Connectivity Analyzer (ExRCA), a free Web-based tool

provided by Microsoft, to verify that your outbound SMTP email settings are configured

correctly by running the Outbound SMTP Email tests.

You can access ExRCA at: https://www.testexchangeconnectivity.com

You can send a message to a recipient on the Internet to verify that your Send connector is

configured correctly.

Post-installation tasks

After you complete a new installation of Exchange 2010 or after you add an additional

Exchange 2010 server role to an existing Exchange 2010 server, you should complete the post-

installation tasks. The post-installation tasks will help you verify the installation and configure the

components that you have just installed.

Tasks to complete on all server roles For all server roles, we recommend that you verify the installation immediately after you install

Exchange 2010. If you install the Hub Transport or Edge Transport server roles, you should also

verify the agent configuration. For more information, see the following topics:

Verifying an Exchange 2010 Installation


50

Enter Product Key

Transport Server Post-Deployment Tasks

Finalize Deployment Tasks

End-to-End Scenario Tasks

Additional Post-Installation Tasks

If you're upgrading from an Exchange 2003 or a mixed Exchange 2003 and Exchange 2007

organization, see: Upgrade Custom LDAP Filters to OPATH Filters

Optional tasks to complete on the Mailbox server role After deploying and verifying the successful installation of at least two Mailbox servers, you can

configure your Mailbox servers and mailbox databases for high availability and site resilience.

Exchange 2010 uses the concept of incremental deployment, which is the ability to configure high

availability and site resilience for Mailbox servers after the servers have been deployed. Service

and data redundancy is achieved by using new features in Exchange 2010 such as database

availability groups and database copies.

For more information about configuring your Mailbox servers for high availability or site resilience,

see: Managing High Availability and Site Resilience

Optional tasks to complete on the Hub Transport server role After deploying and verifying the installation of the Hub Transport server role, you might be

interested in enabling anti-spam functionality on your Hub Transport server. In some small

organizations, it may make sense to run Exchange 2010 anti-spam features on Hub Transport

servers. For example, some organizations may not have enough e-mail volume to justify the cost

of installing and maintaining a full perimeter network together with an Edge Transport server.

Learn more at: Enable Anti-Spam Functionality on a Hub Transport Server

Optional tasks to complete on the Unified Messaging server role After deploying and verifying the installation of your Unified Messaging (UM) server(s), you might

be interested in integrating UM services with Microsoft Office Communications Server (OCS)

2007 R2. Exchange 2010 UM combines voice messaging and e-mail messaging into a single

messaging infrastructure. Enterprise Voice in OCS 2007 R2 makes use of the UM infrastructure

to provide call answering, subscriber access, call notification, and auto attendant services.

Implementing these services requires integrating Exchange UM and OCS in a shared

Active Directory topology, careful planning, and a clear understanding of the technologies

51

involved, the features you want to enable, and important configuration details that you must be

aware of to successfully complete your deployment.

For more information about integrating UM with OCS, see: Enterprise Voice and Unified

Communications

Permissions configuration For the purposes of the Exchange Deployment Assistant, your administrator account was granted

permissions that you might not need going forward. You should verify that this account doesn't

have more permissions than required to configure and manage your Exchange 2010

environment.

Role Based Access Control (RBAC), the new permissions model in Exchange 2010, is extremely

flexible. The built-in role groups are probably sufficient to manage most of your Exchange 2010

organization. You can simply add and remove members from the existing role groups to control

permissions. The following topics will provide more information and help you configure the

appropriate permissions for your Exchange 2010 tasks:

Understanding Permissions

Understanding Role Based Access Control

Understanding Management Role Groups

Understanding Management Scopes

Built-in Role Groups

Built-in Management Roles

Understanding Permissions Coexistence with Exchange 2003

Remove legacy Exchange versions After you have completed deploying Exchange 2010 into your organization, you may be ready to

remove previous versions of Exchange 2010. For more information about removing legacy

Exchange servers, see the following topics:

How to Uninstall Exchange Server 2003

How to Completely Remove Exchange 2007 from a Server

Checklist complete

Congratulations on successfully completing your checklist in the Exchange Deployment Assistant!

Tools you can use To determine the overall health of your Exchange servers and topology, you can use the

Microsoft Exchange Best Practices Analyzer (ExBPA). The tool scans Exchange servers and

identifies items that don't conform to Microsoft best practices. After the data is collected, ExBPA





52

compares what it finds on your system with Exchange best practice rules and then provides a

detailed report. The report lists recommendations that you can consider to achieve greater

performance, scalability, and uptime. You can find ExBPA in the Toolbox in the Exchange

Management Console.

The Exchange Remote Connectivity Analyzer Tool is a Web-based tool that helps you

troubleshoot connectivity issues. The tool simulates several client logon and mail flow scenarios.

When a test fails, many of the errors have troubleshooting tips to assist you in correcting the

problem.

Take a look at: Exchange Remote Connectivity Analyzer Tool

And, for more information about Exchange planning and deployment, you can always review the

related content in the Exchange TechCenter Library.

Find it all at: Planning and Deployment

Give us feedback please We would really appreciate your feedback about the Exchange Deployment Assistant. What

worked for you? What could we have done better? What do you recommend we change for the

next version?

Tell us what you think at: EDA Exchange 2003 Feedback Topic


Date post:	28-Nov-2014
Category:	Documents
Upload:	rahulscm
View:	551 times
Download:	0 times

ExDeploy2003_03

Documents