Exchange Server 2007 Deployment Checklists
Technical White Paper
Published: October 23, 2007
|
Situation
|
Solution
|
Benefits
|
Products & Technologies
|
|---|
|
To drive excellence in server deployments, the Exchange Messaging team within Microsoft
Information Technology (Microsoft IT) relies on checklists. Checklists help to ensure
consistency and completeness when carrying out deployment tasks, and they minimize
deployment risks and save time.
|
Microsoft IT transitioned the corporate production environment, with 150,000 mailboxes,
to Exchange Server 2007 in less than six months, and decommissioned the last
Exchange 2003 Mailbox server shortly after Exchange Server 2007 released
to manufacturing. The deployment checklists discussed in this technical white paper
are a cornerstone of this success.
|
- Strong project management
- Improved IT staff productivity
- Clear communication process
- Accelerated deployment progress
- Reduced deployment risks
|
- Microsoft Windows Server 2003
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2007
- Microsoft Systems Management Server 2003 Desired Configuration Monitoring
v2.0
- Clustered servers
- Cluster Continuous Replication
|
Executive Summary
The Exchange Messaging team within Microsoft Information Technology (Microsoft IT)
started the production rollout of Microsoft® Exchange Server 2007 at full
scale in July 2006 using the beta 2 version of the product. For more than a year
prior to this event, the Exchange Messaging team had deployed Exchange Server 2007
in the pre-release production environment to help the Exchange Server product group
evaluate enterprise readiness.
The first server installation took place in the pre-release production environment
in February 2005, more than 22 months before the product shipped. To put this time
frame into perspective, Microsoft Exchange 2000 Server pre-release verification
started three weeks before the release to manufacturing (RTM) date and the Microsoft
Exchange Server 2003 pre-release verification period was only six months. This
shows how strong the relationship between the Exchange Server Product group and
the Exchange Messaging team has grown over recent years. In fact, the Exchange Server
Product group does not ship product versions or service packs now until the Exchange
Messaging team signs off on the enterprise readiness. To demonstrate the enterprise
readiness of the new Exchange Server version to customers, the Exchange Messaging
team committed to perform the transition of the entire corporate production mailbox
environment prior to the official RTM date. The team only had five months to finish
the deployment in a large enterprise messaging environment with demanding power
users.
The Exchange Messaging team deployed 61 Mailbox servers, 6 Edge Transport servers,
14 Hub Transport servers, 11 Unified Messaging (UM) servers with supporting Voice
over Internet Protocol (VoIP) gateways, and 30 Client Access servers. The Mailbox
servers correspond to 122 server computers because all Mailbox servers are clustered
systems based on Cluster Continuous Replication (CCR) to ensure high availability.
There are 130,000 mailboxes in the corporate production environment, which means
that during the production rollout, the Exchange Messaging team moved between 1,000
and 1,500 mailboxes per server from Exchange Server 2003 to Exchange Server 2007
every day, including weekends. In this fast-paced project, checklists represented
an essential deployment tool.
A deployment checklist is a catalog or a structured document with detailed instructions
outlining individual installation and configuration tasks to ensure deployment success.
The guiding principle is part of every Exchange Server 2007 deployment because
the Setup program includes readiness checks to guide administrators through a number
of assessment steps prior to the actual server installation. These readiness checks
proactively cover the most typical issues to help customers deploy Exchange Server 2007
successfully. In addition, IT organizations can benefit from explicit checklists
to coordinate and account for all deployment steps and to apply them consistently.
This technical white paper discusses the deployment checklists that the Exchange
Messaging team created based on the Exchange Server 2007 architecture and design
specifications for the corporate production environment.
The first two sections briefly reiterate the reasons why the Exchange Messaging
team uses checklists, and the sections explain the Microsoft IT server life-cycle
management process. These sections also discuss the usefulness of checklists from
a decision maker's point of view and highlight the responsibilities of the Exchange
Messaging team within the overall Microsoft IT organization.
The third section, "Pre-Installation Deployment Checklists," covers the
tasks the Exchange Messaging team performs to prepare servers for later installation
of a specific server role. In some cases, a server role requires additional configuration.
These tasks are role-specific and are listed in checklist form.
The next sections provide detailed discussions of the various checklists that the
Exchange Messaging team created for the individual server roles.
This technical white paper also includes an appendix titled "Deployment Worksheets,"
which contains a set of worksheet templates that are derived from the Exchange Messaging
team checklists. These worksheet templates can serve as a starting point to create
custom checklists based on the specific needs of an IT organization.
This technical white paper contains information for technical decision makers and
IT implementers who are planning to deploy Exchange Server 2007. This paper
assumes that the audience is already familiar with the concepts of Windows Server® 2003
operating system, the Active Directory® directory service, and previous versions
of Exchange Server. A high-level understanding of the new features and technologies
that are included in Exchange Server 2007 is also helpful. Detailed product
information is available in the Microsoft Exchange Server 2007 Technical Library
at
http://www.microsoft.com/technet/prodtechnol/exchange/2007/library/default.mspx.
Note: For security reasons, the sample names of forests, domains, organizations,
and other internal resources mentioned in this paper do not represent real resource
names used within Microsoft and are for illustration purposes only.
Introduction
The Exchange Messaging team uses checklists for three important reasons:
- They help the team to verify the architecture and design specifications
- They outline the deployment steps in detail
- They serve reporting purposes
The Systems Engineering group within the Exchange Messaging team creates the architecture
and design specifications for the messaging environment, which the systems engineers
validate in an engineering lab that closely mirrors the server configurations in
the production environment, yet without production users. After the systems engineers
finalize the specifications, the Systems Management group within the Exchange Messaging
team takes over to produce build documents and deployment checklists based on the
chosen architectures and designs.
Especially during the first server installations in the corporate production environment,
the Systems Engineering group and the Systems Management group collaborate very
closely. The Systems Management group reviews the design specifications for acceptance
and implementation, performs representative server installations with the help of
the Systems Engineering group, and creates the checklists that precisely outline
the installation process.
The checklists also enable the Systems Management group to manage individual assignments
within the deployment project and to track progress. The Exchange Messaging team
not only uses the checklists to carry out installation and configuration tasks,
it also uses the checklists to document the work that is performed. In this way,
the checklists are an important project management tool.
The deployment checklists provide the Exchange Messaging team with the following
benefits:
- Strong project management. The Exchange Messaging team manages projects
based on the Microsoft Solutions Framework (MSF). To meet the goal of completing
the deployment within project constraints, the project manager uses checklists to
track progress, coordinate resources, and manage the overall budget.
- Clear communication processes. According to the MSF team model, individual
team members communicate with the project manager. The project manager then communicates
progress to the project sponsor and other stakeholders. Checklists facilitate these
communication processes because they are a tool to report progress.
- Improved IT staff productivity. Deploying Exchange Server 2007
is a team effort, and checklists help to coordinate the team's activities. Checklists
also help to ensure reliable and consistent task completion.
- Reduced deployment risks. Checklists are a means to identify potential
issues during the first server deployments and to avoid these issues in all subsequent
installations. When operators deploy servers in the corporate production environment
based on the checklists, they get it right the first time because all installation
steps are tested and proven.
- Accelerated deployment progress. Less deployment risk directly translates
into accelerated deployment progress because the team spends less time troubleshooting
installation issues. In the event of an installation problem, such as a hardware
configuration issue, the checklists provide the necessary guidelines and contact
information to resolve issues.
Exchange Server Deployment Process
Across the entire IT organization, Microsoft IT provisions approximately 200 servers
each month. Accordingly, Microsoft prefers to purchase hardware in bulk, requesting
bids from multiple vendors for the entire order volume to get the best price. This
process can take from 30 through 60 days to install an ordered server in a data
center. Only in urgent cases does Microsoft order directly from a supplier, accepting
additional expenses of from 6 through 8 percent to shorten the procurement process.
The Exchange Messaging team has implemented the following process to design and
deploy computers for Exchange Server 2007 in the data centers:
- Server design. The Exchange Systems Engineering group creates the architectures
and designs for all Exchange Server-related components and technologies. This work
includes the server designs, which the systems engineers define based on a list
of approved hardware components that the Hardware Engineering team maintains. For
each individual server type, the systems engineers create stock keeping unit (SKU)
documents that precisely outline the hardware and storage configuration.
The SKU document is a Microsoft Office Excel® workbook. On separate worksheets,
the SKU document lists the hardware parts, memory configuration, physical disk arrangement,
and logical storage configuration. By default, SKU documents expire after six months,
yet systems engineers can extend this time or update the designs to keep pace with
evolving hardware technologies. The Exchange Messaging team maintains the SKU documents
in a document library based on Microsoft Office SharePoint® Server 2007.
Note: The typical Microsoft IT server procurement process makes use of a
standard server configuration, which for most servers is a dual-core x64 system
with 4 gigabytes (GB) of memory and two 146 GB disks. This is a utility
server, designed to be integrated into a storage area network (SAN). Microsoft teams
that need a file server or database server can order this system without having
to specify a custom design. Minor modifications are possible, such as additional
processors or memory, yet substantial engineering exceptions, such as those required
for Exchange Server 2007, go beyond the scope of the standard configuration.
- Server ordering. The Exchange Program Management team is responsible
for managing the server deployments. For each server role, an individual program
manager works with stakeholders to determine business and technical requirements,
organize the necessary resources, and guide the project to completion. It is the
task of the Exchange Program Management team to order new server hardware for deployment
in the data centers. To order a new server, the Exchange Program Management team
informs a release manager in the Infrastructure Management team, who then places
a server order. The server order includes a link to the corresponding SKU document
with the hardware configuration details.
- Lifecycle management. Within Microsoft IT, the Infrastructure Management
team is responsible for managing the entire server life cycle. This team coordinates
the server provisioning processes and maintains an internal line-of-business (LOB)
application, called the Microsoft Service Enterprise Change Tracking tool, to keep
track of the servers as they are purchased, moved between data centers, or decommissioned.
For new server orders, the release manager creates an ordering ticket in the change-tracking
tool. The ordering ticket includes among other information an internal order number
to track expenses against budgets, the name of the approving manager, and a link
to the SKU document.
- Functional approval and right-sizing processes. Before the order reaches
the hardware-purchasing desk, the ordering ticket goes through functional approval
and right-sizing processes in the Data Center Operations group to ensure that the
server hardware is properly designed for the intended purposes. The Data Center
Operations group maintains all production servers worldwide, including physical
hardware and operating systems. A data center manager verifies the order ticket
to ensure that the purchase is justified and that rack space is available in the
data center to accommodate the new server.
- Hardware purchasing. Upon approval through the Data Center Operations
group, the order reaches the hardware purchasing desk, which generates a purchasing
order within an internal LOB application, called MS Market. MS Market notifies a
group manager in the Exchange Messaging team for final approval.
- Order and delivery confirmation. Approved purchase orders reach the
vendor, who informs the Microsoft release manager through e-mail about the exact
costs of the ordered server and the shipping date. MS Market only provides estimated
information regarding the costs. To help the Exchange Program Management team track
exact expenses, the release manager updates the cost information on the order ticket
with the actual amount that the vendor communicated. The release manager also handles
data center-related configurations, such as registering the new server in the IT
configuration (IT config) database. IT config is an internal configuration management
solution to track details about each server in the data centers, including server
name, SKU, and other configuration information.
- Hardware and operating system installation. The Data Center Operations
group uses the IT configuration and SKU information to verify that the delivered
hardware is correct. The group mounts the hardware in the data center; configures
the disks and partitions the storage as outlined in the SKU document; connects the
new server to the network; installs the operating system, including all relevant
updates; adds the new server to the appropriate domain; and deploys any required
management software. The Exchange Messaging team uses the Standard Server Platform,
which is a standard server configuration that includes required service updates
for applications and operating systems, plus other Microsoft and third-party services
or tools that are necessary to manage servers in an enterprise environment. Following
the installation of the operating system and relevant updates through the Standard
Server Platform, a second engineer from the Data Center Operations group verifies
the system configuration, and then informs the backup team to start configuring
the backup solution.
- Exchange Server 2007 installation. Up to this point, the Exchange
Messaging team has not yet modified the server configuration. When the Data Center
Operations group marks the server installation as completed, the release manager
informs the program manager, who originally ordered the hardware, that the new server
is ready for the Exchange Messaging team to continue the server installation process.
The program manager, in turn, informs the Exchange Systems Management team to perform
the installation of Exchange Server 2007 and the latest security updates. All
Exchange Server administrators are located in Redmond, Washington. The Exchange
Systems Management team performs the Exchange Server 2007 deployment remotely,
by using a remote desktop connection.
Pre-Installation Deployment Checklist
Prior to performing the configuration tasks that are unique to each server role,
the Exchange Messaging team prepares servers by installing prerequisite components,
making initial configuration changes, and generally ensuring that servers are ready
for installation of a specific server role. For each server, the Exchange Messaging
team follows a pre- installation checklist that includes the following items:
- Verify general server configuration. In a large-scale deployment with
different teams acquiring and installing the server hardware, it is important to
check that the general server configuration matches the Exchange Server 2007
requirements prior to installing a server role. For example, the Exchange Messaging
team checks CPU, memory, network adapters, disk configuration, and drive letter
assignments, as documented in SKUs. The Exchange Messaging team runs a custom script
to verify that the server configuration matches SKU specifications.
- Configure the page file size. According to product recommendations,
the page file size on the C drive must be set to "total" amount of physical
memory, plus 10 megabytes (MB). For example, for servers with 8 GB of
memory, the Exchange Messaging team sets the size of the page file to 8,192 MB
(8 GB + 10 MB).
- Verify installation of current service pack. In addition to installing
Windows Server 2003 or Windows Server 2003 R2, the Exchange Messaging
team installs the latest service pack for Windows Server as a best practice. To
verify the service pack version, the Exchange Messaging team engineers log on to
the server, click Start, click Run, and then type Winver.
Note: The Exchange Messaging team uses the srvinfo tool from the Windows
Server 2003 Resource Kit to collect information about the service pack level.
- Configure a static IP address. According to product documentation, Exchange
servers must be configured with a static IP address, subnet mask, and default gateway.
In addition, because Exchange Server 2007 is heavily dependent on Domain Name
System (DNS) functioning correctly, at least one valid DNS address and valid DNS
suffix must be specified. When configuring these network settings, the Exchange
Messaging team also verifies that both the network interface card (NIC) and the
switch are enabled for full duplex communication.
- Verify domain and site. The Exchange Messaging team checks each server
to verify that the server is in the proper domain and site by entering the following
commands in a Command Prompt window: NLTEST /parentdomain and NLTEST /dsgetsite.
This step is critical to ensure proper Hub Transport routing.
Note: The NLTEST tool is included in the Windows Server 2003 Support
tools package on the Windows Server 2003 media.
- Verify security and organizational unit (OU) membership. After obtaining
the proper security groups that are developed during the permissions and administration
model design for the environment, the Exchange Messaging team adds security groups
as members of the local administrators group on the Exchange Server. Additionally,
the Exchange Messaging team verifies that the server is in the correct OU within
the Messaging path by checking the path in Active Directory Users and Computers.
- Verify installation of .NET Framework version 2.0. According to the
Exchange Server 2007 requirements, Microsoft .NET Framework version 2.0 must
be installed on the server. Microsoft .NET Framework version 2.0 Redistributable
Package can be downloaded at the following URL:
http://www.microsoft.com/downloads/details.aspx?familyid=B44A0000-ACF8-4FA1-AFFB-40E78D788B00&displaylang=en.
When .NET Framework version 2.0 is installed, the hotfix that is mentioned in Microsoft
Knowledge Base (KB) article 924895 must also be applied.
Note: When using Windows Server 2003 R2, Microsoft .NET Framework version
2.0 can be installed via Add/Remove Windows Components.
- Verify installation of Microsoft Management Console (MMC) 3.0. Because
the Exchange Server 2007 Management Console relies on features that are specific
to MMC 3.0, MMC 3.0 must be installed on the server. To verify the installation
of MMC 3.0, Exchange Messaging team engineers click Start, click Run,
and then type MMC.exe. In the MMC window, they click Help, and then
click About. If MMC 3.0 has not been installed, you can download the
required update at the following URL:
http://support.microsoft.com/kb/907265.
Note: When using Windows Server 2003 R2, MMC 3.0 is installed by
default.
- Install Windows PowerShell 1.0. Both the Exchange Server 2007 Management
Console and the Exchange Management Shell make extensive use of Windows PowerShell,
therefore Windows PowerShell must be installed on the server. You can download Windows
PowerShell from the following URL:
http://www.microsoft.com/downloads/details.aspx?familyid=22E607F4-F854-497F-9548-770477E4B71D&displaylang=en.
- Configure antivirus. To help protect the operating system, the Exchange
Messaging team uses an operating system antivirus solution that is configured through
a script to ensure that the antivirus program does not scan the Exchange extensions
and directories. After installing Exchange Server 2007, the Exchange Messaging
team installs, configures, and optimizes Microsoft Forefront Security for Exchange
Server on Edge Transport and Hub Transport servers to ensure messaging-level antivirus
protection.
- Verify installation of regional code pages. The Exchange Messaging
team verifies the installation of all regional code pages in Windows in order to
eliminate any potential language issues with non-U.S. clients. Team members accomplish
this verification by clicking Start, clicking Control Panel, clicking
Regional and Language Options, and then verifying that all code page check
boxes have been selected under the Advanced and Language tabs.
- Install Internet Information Services (IIS) snap-in. In order for the
Exchange Management Console to work properly, the IIS snap-in should be installed
on the Mailbox, Client Access, Hub, and UM servers. For Mailbox and Client Access
servers, the Exchange Messaging team installs IIS with the World Wide Web Publishing
Service, whereas for Hub and UM servers the Exchange Messaging team installs IIS
without the World Wide Web Service.
- Verify installation of mandatory security updates. The Exchange Messaging
team verifies that no mandatory post-SP2 security updates are still needed by using
Microsoft Windows Update or Windows Server Update Services (WSUS). For more information
about the required hotfixes per role, see the Exchange Server TechNet Library at
http://technet.microsoft.com/en-us/library/aa996719.aspx.
- Enable monitoring. The Exchange Messaging team uses Microsoft Operations
Manager to monitor Exchange servers. Correspondingly, all Exchange servers are enabled
for Microsoft Operations Manager monitoring. To avoid false alerts, the Exchange
Messaging Team enables monitoring after placing each server in the production environment.
Hub Transport Server Checklist
The installation checklist that the Exchange Messaging team developed for Hub Transport
server deployment includes the following items:
- Verify that the Network News Transport Protocol (NNTP) and Simple Mail Transfer
Protocol (SMTP) services are not installed. According to product requirements,
the NNTP and SMTP services must not be installed on the server. The NNTP service
has been discontinued with Exchange Server 2007 and the product now includes its
own SMTP transport stack. This means Exchange Server 2007 is no longer dependent
on the Windows SMTP component.
- Install the Hub Transport role by using Unattended Setup. Although the
new Exchange Server 2007 Installation wizard substantially simplifies the steps
necessary to install Exchange Server 2007, the Exchange Messaging team installed
each of the 12 Hub Transport servers that are deployed at Microsoft by using
Unattended Setup through the following command:
Setup.com /m:install /r:h /targetdir:<drive\installation path> /DoNotStartTransport
According to Exchange partitioning best practices, the Exchange Messaging team installs
the operating system and Exchange Server 2007 binaries on separate partitions.
This setup increases performance and reduces the data that have to be recovered,
for example, during a disk failure.
Note: The /DoNotStartTransport parameter ensures that the Microsoft
Exchange Transport Service is not started after the Hub Transport server role has
been installed. This makes sure the server does not accept e-mail messages, so any
additional configuration settings can be performed.
Delete the default Receive connectors. The Exchange Messaging team deletes
the two default Receive connectors that are created during the installation of the
Exchange 2007 Hub Transport server role. To delete the default Receive connectors,
the Exchange Messaging team opens the Exchange Management Shell by clicking Start,
clicking All Programs, clicking Microsoft Exchange, clicking Exchange
Management Shell, and then runs the Get-ReceiveConnector -server <server name>
cmdlet to obtain the list of connectors. This procedure produces an output similar
to the following.
Identity
Bindings Enabled
--------
-------- -------
<server name>\Default <server name> {0.0.0.0:25} True
<server name>\Client <server name> {0.0.0.0:587} True
To delete the two Receive connectors, Exchange Messaging team members run the following
command. It should be noted that if this command is improperly formed, the command
can remove all Receive connectors in the Exchange organization. Exercise extreme
care when executing this command.
Get-ReceiveConnector -server <server name> | Remove-ReceiveConnector
- Create new Receive connector by using custom Windows PowerShell script. With
the two default Receive connectors deleted, the Exchange Messaging team runs a custom
Windows PowerShell script, which creates a new Receive connector with values similar
to those in Table 1, and configures the server settings of the Hub Transport server
with the values that are listed in Table 2.
Table 1. Receive Connector Configuration
|
Object property name
|
Value
|
|
AuthMechanism
|
ExchangeServer
|
|
Bindings
|
0.0.0.0:25
|
|
FQDN
|
Server FQDN
|
|
MaxInboundConnection
|
5000
|
|
MaxMessagesPerConnection
|
50
|
|
MaxRecipientsPerMessage
|
10000
|
|
MaxHopCount
|
30
|
|
PermissionGroups
|
ExchangeServers, ExchangeLegacyServers
|
|
RemoteIPRanges
|
{0.0.0.0-255.255.255.255}
|
|
ProtocolLoggingLevel
|
Verbose
|
Table 2. Hub Transport Server Configuration
|
Object property name
|
Value
|
|
MessageTrackingLogEnabled
|
$true
|
|
MessageTracjingLogSubjectLoggingEnabled
|
$true
|
|
MaxOutboundConnections
|
1000
|
|
MessageTrackingLogMaxAge
|
10:00:00:00
|
|
MessageTrackingLogMaxDirectorySize
|
150 GB
|
|
MessageTrackingLogMaxFileSize
|
100 MB
|
|
MaxPerDomainOutboundConnections
|
50
|
|
ReceiveProtocolLogMaxAge
|
30:00:00:00 (Default)
|
|
ReceiveProtocolLogMaxDirectorySize
|
15 GB
|
|
ReceiveProtocolLogMaxFileSize
|
100 MB
|
|
SendProtocolLogMaxAge
|
30:00:00:00 (Default)
|
|
SendProtocolLogMaxDirectorySize
|
15 GB
|
|
SendProtocolLogMaxFileSize
|
100 MB
|
|
ExternalDsnReportingAuthority
|
domain.com
|
|
ExternalPostmasterAddress
|
postmaster@domain.com
|
|
InternalPostmasterAddress
|
postmaster@domain.com
|
|
OutboundProtocolLoggingLevel
|
Verbose
|
|
TotalQueuedMessagesEnableDehydration
|
Default
|
|
PickupDirectoryMaxRecipientsPerMessage
|
10000
|
- Change the location for the transaction logs. The Hub Transport servers
deployed across Microsoft handle approximately 2.5 million messages per day. To
achieve optimal performance on the Hub Transport servers, the Exchange Messaging
team moved the queue database transaction log files to a separate partition. The
Exchange Messaging team accomplished moving the transaction logs in conjunction
with using the /DonotstartTransport flag. Because the transport services
do not start, the services do not create the log files or database.
In case the logs need to be moved later, the Exchange Messaging team first stops
the MSExchangeTransport service by running Stop MSExchangeTransport in the
Exchange Management Shell. Then, the team copies the trnxxxx.log and *jrs files
from C:\Program Files\Exchange Server\TransportRoles\data\queue to the new location
on the other partition, and then opens the EdgeTransport.exe.config file located
in C:\Program Files\Exchange Server\bin. In EdgeTransport.exe.config, Exchange Messaging
team members change the following key under <appSettings> so that the
key refers to the new path:
<add key="QueueDatabaseLoggingPath" value = "C:\Program Files\Microsoft\Exchange
Server\TransportRoles\data\Queue" />
After changing the path, the Exchange Messaging team saves the file, and then starts
the MSExchangeTransport service again by running the Start MSExchangeTransport
command in the Exchange Management Shell. Additionally, the Exchange Messaging team
grants the BuiltIn\Network Service account read and write permissions to the new
transaction log directory because the permissions are not granted by default.
- Verify mail flow. When a Mailbox server has been deployed in the same
Active Directory site as the respective Hub Transport server, the Exchange Messaging
team tests the mail flow by running the Test-MailFlow command. The team also
completes the following tests:
A. Create
a new test mailbox on the Mailbox server.
B. Send
a few sample messages from a couple of test mailboxes to a few recipients located
on other Mailbox servers in the corporate production environment.
C. Verify successful
delivery of the e-mail messages.
D. Send a few sample e-mail messages from test mailboxes to Internet
e-mail addresses and verify successful delivery.
Edge Transport Server Checklist
In the perimeter network, the Extranet Services team manages the underlying network
and related configuration, whereas the Exchange Messaging team manages the Edge
Transport servers. The Exchange Messaging team developed an installation checklist
to ensure the completion of all required steps. The installation checklist that
the Exchange Messaging team developed for Edge Transport server deployment includes
the following items:
- Verify the Edge Transport servers are deployed in the perimeter network and are
not part of an internal Active Directory domain. The Exchange Server 2007
Edge Transport server is the only server role that must be deployed in the perimeter
network, not on the internal network like the rest of the Exchange 2007 server
roles. The Exchange Messaging team installs the Edge Transport role in the external
Active Directory domain to facilitate administration and monitoring.
- Configure DNS suffix. The DNS suffix must be created on the server before
the Edge Transport server role is installed. To create the DNS suffix, the Exchange
Messaging team engineers click Start, click Control Panel, and then
double-click System to open the System Properties. Then, they click
the Computer Name tab, and then Change. On the Computer Name Changes
page, the engineers click More. In the Primary DNS suffix of this computer
field, they type a DNS domain name and suffix for the server, and then click OK three times.
- Install the Edge Transport server role using Unattended Setup. The Exchange
Messaging team installed each of the six Edge Transport servers by using Unattended
Setup. To install the Edge Transport server role by using Unattended Setup, open
a Command Prompt window, navigate to the share or media that contains your Exchange
Server 2007 Setup files, and then run the following command:
Setup.com /m:install /r:e /targetdir:<drive\installation <path>/DoNotStartTransport
The Exchange Messaging team uses the /DoNotStartTransport flag while installing
the Edge Transport server role in order to stop the Edge Transport server after
the server is installed. This procedure prevents the server from accepting e-mail
messages in the Active Directory site before the Exchange Messaging team completes
configuring the server.
- Subscribe the Edge Transport server. The Exchange Messaging team subscribes
an Edge Transport server by creating an Edge subscription XML file on the Edge Transport
server through the following command:
New-EdgeSubscription -Filename <path to XML File> -CreateInternetSendConnector
$false -CreateInboundSendConnector $false
Next, the Exchange Messaging team transfers the XML file to a Hub Transport server
in the organization and imports the XML file by running the following command:
New-EdgeSubscription -FileName <Path
to local XML file> -CreateInternetSendConnector $false -CreateInboundSendConnector
$false -Site <local AD Site>
- Deleting the default Receive connector. The Exchange Messaging team deletes
the default Receive connectors that are created during the installation of the Exchange
2007 Edge Transport server role by first retrieving the current Receive connectors,
and then deleting them.
- Create a new Receive connector by using a custom PowerShell script. With
the two default Receive connectors deleted, the Exchange Messaging team runs a custom
PowerShell script, which creates new Receive connectors with values similar to those
in Table 3, and configures the server settings of the Edge Transport server with
the values listed in Table 4.
Table 3. Receive Connector Configuration
|
Object property name
|
Value
|
|
Bindings
|
0.0.0.0:25
|
|
FQDN
|
Server FQDN
|
|
MaxInboundConnection
|
5000
|
|
MaxRecipientsPerMessage
|
10000
|
|
MaxHopCount
|
30
|
|
RemoteIPRanges
|
{192.168.0.1, 192.168.0.2, 192.168.0.3}
|
|
ProtocolLoggingLevel
|
Verbose
|
|
Usage
|
Internal
|
Note: The Exchange Messaging team uses Verbose logging for troubleshooting.
Verbose logging requires significantly more disk space than other logging options.
The logs in the enterprise production environment reach approximately 70 GB
for every two weeks of logging per server.
Table 4. Edge Transport Server Configuration
|
Object property name
|
Value
|
|
MessageTrackingLogEnabled
|
$true
|
|
MessageTrackingLogSubjectLoggingEnabled
|
$true
|
|
MaxOutboundConnections
|
1000
|
|
MessageTrackingLogMaxAge
|
10:00:00:00
|
|
MessageTrackingLogMaxDirectorySize
|
100 GB
|
|
MessageTrackingLogMaxFileSize
|
10 MB
|
|
MaxPerDomainOutboundConnections
|
50
|
|
ReceiveProtocolLogMaxDirectorySize
|
15 GB
|
|
ReceiveProtocolLogMaxFileSize
|
10 MB
|
|
SendProtocolLogMaxDirectorySize
|
15 GB
|
|
SendProtocolLogMaxFileSize
|
10 MB
|
|
ExternalDsnReportingAuthority
|
domain.com
|
|
ExternalPostmasterAddress
|
postmaster@domain.com
|
|
OutboundProtocolLoggingLevel
|
Verbose
|
|
PickupDirectoryMaxRecipientsPerMessage
|
10000
|
Mailbox Server Checklist
The Exchange Messaging team deployed Cluster Continuous Replication (CCR)-based
Mailbox servers in the production environment, which included installing and configuring
Exchange Server 2007 on both active and passive nodes. The installation checklist
that the Exchange Messaging team developed for Mailbox server deployment includes
the following items:
- Gather prerequisites. Before installing clustered Mailbox servers, the Exchange
Messaging team gathers prerequisite details, such as the location of the share where
the Exchange Server 2007 installation file is located, as well as the name and IP
address of the clustered Mailbox server on which to install the CCR Mailbox server.
- Install clustering services. Next, the Exchange Messaging team installs Windows
Clustering.
- Set specific cluster settings. The Exchange Messaging team configures two
settings on the clustered servers, one for the cluster log size and one to disable
event log replication, as follows.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Environment] "ClusterLogSize"="32" C:\Documents and Settings\cluster /cluster:/prop
EnableEventLogReplication=0
- Enable and configure Majority Node Set (MNS) quorum with file share witness.
After deploying Cluster Service, the Exchange Messaging team changes the quorum
to a MNS and sets a private property on the majority node set to access a file share.
This procedure is accomplished through the cluster res “Majority Node Set” /priv
MNSFileShare=\\Servername\Directory command.
- Install the Mailbox server role on the active node. To install the Mailbox
server role first on the active node, the Exchange Messaging team uses the Exchange 2007
graphical user interface (GUI) setup, selects Custom Exchange Server Installation
on the Installation Type screen, and checks
Active Clustered Mailbox Role on the Server Role Selection screen.
The setup requests the server name and IP address, which the team retrieved in Step
1.
- Install the Mailbox server role on the passive node. The passive node
installation is similar to the active server node installation. The Exchange Messaging
team uses the Exchange 2007 setup GUI, selects Custom Exchange Server
Installation on the Installation Type screen, and selects Passive Clustered
Mailbox Role on the Server Role Selection screen. The setup requests
the server name and IP address, which the team retrieved in Step 1.
- Delete the first storage group and mailbox database. When the Mailbox
server role is installed, the Exchange Messaging team deletes the first storage
group and mailbox database, in preparation for creating multiple storage groups
and mailbox databases by using a custom PowerShell script. To delete the Mailbox
database, open the Exchange Management Shell and run the following command:
Remove-MailboxDatabase -Identity "Mailbox Database"
To delete the Storage group, run the following command:
Remove-storagegroup -Identity "First Storage group"
- Create storage groups and mailbox databases. The Exchange Messaging
team uses a custom PowerShell script to create storage groups and mailbox databases.
The Exchange Messaging team has three different types of Mailbox servers, each with
its own hardware specifications. The number of mailboxes that are to be stored on
a particular Mailbox server depends on the Mailbox server type. The Exchange Messaging
team creates either 28 or 42 storage groups (with 1 Mailbox database per storage
group) on a Mailbox server. The storage groups point to a Public Folder database
on a dedicated Public Folder server. The settings for a Mailbox server and the Mailbox
databases created on a Mailbox server type two, are listed in Table 5 and Table
6.
Table 5. Mailbox Database Settings on Mailbox Server Type Two
|
Object property name
|
Value
|
|
IssueWarningQuota
|
1700 MB
|
|
ProhibitSendReceiveQuota
|
2090 MB
|
|
ProhibitSendQuota
|
1900 MB
|
|
DeletedItemRetention
|
14.00:00:00
|
|
MailboxRetention
|
30.00:00:00
|
Table 6. Mailbox Server Settings on Mailbox Server Type Two
|
Object property name
|
Value
|
|
ManagedFolderAssistantSchedule
|
"Sun.6:00 PM-Sun.8:00 PM,"
"Mon.6:00 PM-Mon.8:00 PM,"
"Tue.6:00 PM-Tue.8:00 PM,"
"Wed.6:00 PM-Wed.8:00 PM,"
"Thu.6:00 PM-Thu.8:00 PM,"
"Fri.6:00 PM-Fri.8:00 PM,"
"Sat.6:00 PM-Sat.8:00 PM."
|
|
MessageTrackingLogEnabled
|
True
|
|
MessageTrackingLogMaxAge
|
10.00:00:00
|
|
MessageTrackingLogMaxDirectorySize
|
3 GB
|
|
MessageTrackingLogMaxFileSize
|
10 MB
|
|
MessageTrackingLogSubjectLoggingEnabled
|
True
|
|
RetentionLogForManagedFoldersEnabled
|
True
|
|
JournalingLogForManagedFoldersEnabled
|
True
|
|
FolderLogForManagedFoldersEnabled
|
True
|
|
SubjectLogForManagedFoldersEnabled
|
True
|
|
LogFileAgeLimitForManagedFolders
|
7.00:00:00
|
|
LogDirectorySizeLimitForManagedFolders
|
1 GB
|
|
LogFileSizeLimitForManagedFolders
|
10 MB
|
|
AutoDatabaseMountDial
|
BestAvailability
|
- Create test mailboxes and verify mailbox functionality. The Exchange
Messaging team creates test mailboxes and verifies that the mailbox can be accessed
by using the different mail clients, such as Microsoft Office Outlook®, Microsoft
Office Outlook Web Access, and Exchange ActiveSync®.
- Verify mail flow. The Exchange Messaging team also verifies that the test
mailboxes can send e-mail messages to other users on the Mailbox server in the same
Active Directory site, in other Active Directory sites in the Active Directory forest,
and to and from Internet hosts, and that the process works as expected.
- Configure backup and Microsoft Operations Manager. As a last step, Microsoft
configures the server for backups and enables Microsoft Operations Manager clients
to monitor the server.
Client Access Server Checklist
The installation checklists that the Exchange Messaging team developed for Client
Access server deployments include the following items:
- Install RPC over HTTP Proxy component. Microsoft users have the option of
connecting to their mailboxes using Outlook Anywhere directly over the Internet,
without the need to establish a secure virtual private network (VPN) connection.
Outlook Anywhere relies on the Windows Server 2003 RPC over HTTP Proxy component;
therefore, the Exchange Messaging team installs the RPC over HTTP Proxy component,
Windows Components wizard.
- Install Client Access server role using Unattended Setup. The Exchange
Messaging team installs each of the 30 Client Access servers by using the Unattended
Setup method by running the following command:
Setup.com /m:install /r:c /targetdir:<drive\installation path>
According to Exchange partitioning best practices, the Exchange Messaging team installs
the operating system and Exchange Server 2007 binaries on separate partitions.
This setup increases performance and reduces the data that has to be recovered,
for example, during a disk failure.
- Customize Client Access server role by using a PowerShell script. When
the Client Access server role has been installed on the respective server, the Exchange
Messaging team runs a custom PowerShell script in order to configure Client Access
services and to fulfill the requirements that are specified in the Exchange Messaging
team design documents. For example, the Exchange Messaging team configures per-server
specific settings, such as Outlook Anywhere access, Outlook Web Access authentication
mechanisms, external URLs for Outlook Web Access, Exchange ActiveSync, Exchange
Web Services, UM IIS virtual directories, and the internal URL for the Autodiscover
service.
- Restart server. After the Exchange Messaging team configures the Client
Access services by using a PowerShell script, the Exchange Messaging team restarts
the server in order to apply all changed configuration settings.
- Verify Client Access server availability. When the Client Access server
has been configured according to the requirements that are specified in the messaging
design documents, the Exchange Messaging team verifies the availability of each
service provided by the Client Access. Among other things, the team verifies access
to Outlook Web Access, Exchange ActiveSync, Post Office Protocol 3 (POP3)/Internet
Message Access Protocol 4 (IMAP4), Outlook Voice Access, and Outlook Anywhere access.
- Test cross-forest free/busy information. Because Microsoft consists
of two Exchange Server 2007 organizations (corporate and pre-release production),
free/busy information availability between users with mailboxes stored on a mailbox
server in the site where the Client Access server is deployed and users with mailboxes
stored on mailbox servers in the other forest are also verified. The Exchange Messaging
team performs this step for each server installation or upgrade. Testing free/busy
information availability entails logging in as a test user and verifying that calendar
items and users from other forests are available.
Unified Messaging Server Checklist
The checklist the Exchange Messaging team developed for Unified Messaging (UM) server
deployment includes the following items:
- Install Windows Media® Encoder. Prior to installing the UM server
roles, the Exchange Messaging team installs the most recent version of Windows Media
Encoder 9 on the server. You can download the Windows Media Encoder at the following
URL: http://go.microsoft.com/fwlink/?LinkId=67406.
- Install Windows Media Audio Codec update. Prior to installing the UM server
roles, the Exchange Messaging team installs the Windows Media Audio Codec update
on the server. You can download the fix at the following URL:
http://support.microsoft.com/?kbid=917312.
- Install Microsoft XML (MSXML) Core Services 6.0. Prior to installing the
UM server roles, the Exchange Messaging team installs the MSXML Core Services 6.0.
You can download the MSXML Core Services 6.0 at the following URL:
http://go.microsoft.com/fwlink/?LinkId=70796.
- Verify that mandatory security updates are installed. The Exchange Messaging
team ensures that no mandatory post-SP2 security updates are still needed by using
Microsoft Windows Update.
- Restart server. The Exchange Messaging team restarts the server to apply
all changed configuration settings.
- Install the UM server role by using Unattended Setup. The Exchange Messaging
team installed each of the 12 UM servers by using Unattended Setup. To install the
UM server role by using Unattended Setup, open a Command Prompt window and navigate
to the share or media containing your Exchange Server 2007 Setup files, and
then run the following command:
Setup.com /m:install /r:u /targetdir:<drive\installation path>
- Generate speech grammars. UM servers use speech grammars to help recognize
speech commands and spoken voice. To generate the initial grammars, the Exchange
Messaging team runs the following commands from the exchsrvr\bin folder:
galgrammargenerator.exe -g -x speechgrammarfilterlist.xml
Galgrammargenerator.exe -d <dialplan1> -x speechgrammarfilterlist.xml
- Install UM language packs. When the UM server role is installed, only
US-English text-to-speech and Outlook Voice Access is supported by default. In order
to support additional languages, a UM language pack for each respective language
must be installed. UM language packs are offered in 16 different languages, and
all 16 language packs are included on the Exchange 2007 DVD.
In order to allow non-English Microsoft employees to use their mailboxes in their
native language, the Exchange Messaging team installs all 16 UM language packs.
The Exchange Messaging team installs the UM language packs using a custom batch
file, similar to the one shown in the following command:
exsetup /addumlanguagepack:<language> /s:\\<path>\umlangpacks\<language>e\retail\amd64
Note: The Exchange Messaging team replaces <path> with the actual
installation path and <language> with the language descriptor. For a full
list of the batch file commands, see the appendix.
After the UM language packs have been installed, the Exchange Messaging team stops
and restarts the MSExchangeUM service.
Conclusion
In an Exchange environment, such as the one the Exchange Messaging team designed,
deployed, and maintains, with multiple types of servers, configurations, datacenters,
teams, connectivity links, business units, and Exchange forests, keeping track of
activities, components, and ensuring order and consistency is vital. For the Exchange
Messaging team, the process entails planning and designing server specifications
and documenting the specifications to use across the infrastructure. Server roles
provide a convenient method to separate specification documents—one set of documents
per role.
The Exchange Messaging team continues the systematic process of deployment by creating
checklists for each server role that include specific guidance for configuration
and settings. Using these checklists for all teams across the enterprise production
environment results in tremendous time savings, increased productivity, and perhaps
most importantly, helps maintain order and organization for multiple teams through
a complex deployment process.
For More Information
For more information about Microsoft products or services, call the Microsoft Sales
Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information
Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact
your local Microsoft subsidiary. To access information through the World Wide Web,
go to
http://www.microsoft.com
http://www.microsoft.com/technet/itshowcase.
Appendix: Deployment Worksheets
The Exchange Messaging team follows a series of checklists and worksheets for gathering
the data necessary for deployment, as well as deploying and configuring Exchange
Server 2007 server roles. In most cases, the tasks in the worksheets can be
completed independently of one another; however, the pre-build worksheet is required
in each case before installation and configuration. This appendix includes the following
worksheets:
- Pre-installation checklist. The Exchange Messaging team completes the
tasks in this worksheet before installing and configuring each server role.
- Hub Transport server. The tasks in this worksheet include instructions
for installing and configuring Hub Transport servers.
- Edge Transport server. The tasks in this worksheet include instructions
for installing and configuring Edge Transport servers.
- Client Access server. The tasks in this worksheet include instructions
for installing and configuring Client Access servers.
- CCR Mailbox server. The Exchange Messaging team separates the Mailbox
server installation into two worksheets: one for installing passive and active node
CCR clusters and one for configuring mailbox servers. The first worksheet deals
with installation. The second worksheet includes post-installation tasks for CCR
Mailbox servers.
- UM server. The tasks in this worksheet include instructions for installing
and configuring UM servers.
Exchange 2007 Pre-Installation Checklist
This worksheet provides an overview of deployment steps that the Exchange Messaging
team performs before installing and configuring an Exchange 2007 server for
use in the Microsoft IT environment.
Table 7. Pre-Installation Checklist Worksheet
|
Case
|
Task
|
Check
|
Initial
|
|
1
|
Verify that the server hardware, network, and drive configuration are correct for
CPU, memory, logical disk, and so on.
|
|
|
|
2
|
Verify ILO and DCRA for the Mailbox server.
|
|
|
|
3
|
On the C drive, set pagefile equal to "total" amount of physical RAM,
plus 10 MB. For example, with 8 GB of RAM, set the pagefile to 8 GB
+ 10 MB.
|
|
|
|
4
|
Clear the Automatic System Reboot (ASR) check box. Navigate to My Computer/Properties/Advanced/Startup
and Recovery, and then clear the Automatically Restart check box.
|
|
|
|
5
|
Install the x64 Mission Critical Server Support (MCSS) hotfix on all CCR and SCC
mailbox clusters.
|
|
|
|
6
|
Verify that Windows Server 2003 SP1 is installed with IPAK 5.26 (64-bit) and
service packs. Run the following command:
Srvinfo
|
|
|
|
7
|
Verify that the server has a static IP address assigned. If not assigned, request
an IP address to be provisioned and assign it. There is no default gateway needed
on the second NIC card.
|
|
|
|
8
|
Verify that the duplex speed settings on all Network Adapters that are installed
in the server match the switch port settings. (These are typically set to auto.)
|
|
|
|
9
|
Send an e-mail message to notify the production team that the server will be going
into production.
|
|
|
|
10
|
Verify that the server is in the correct domain and site. At a command prompt on
the server, type the following:
C:\> nltest /parentdomain
C:\> nltest /dsgetsite
|
|
|
|
11
|
After obtaining the proper security groups that are developed during the permissions
and administration model design for your environment, add security groups as members
of the local administrators group on the Exchange Server.
|
|
|
|
12
|
Verify that the computer is in the correct OU within the Messaging path. Open Active
Directory Users and Computers and browse through the list.
|
|
|
|
13
|
Set server principal names on the Hub Transport server by using the following command:
setspn -A servername
|
|
|
|
14
|
Add the server to the IPSec OU.
This change takes up to 12 hours to be applied, and requires that the computer is
restarted.
|
|
|
|
15
|
Verify that all regional code pages are installed in Windows.
in Control Panel openRegional Options. Select both the Advanced
tab and the Language tab (under Supplemental Language Support), and verify
that all code page check boxes are selected. Do not restart the computer if prompted
to do so.
|
|
|
|
16a
|
Install IIS for Mailbox and Client Access servers.
|
|
|
|
16b
|
- Open Add/Remove Windows Components.
- Double-click Application Server.
- Double-click Internet Information Services (IIS).
- Click World Wide Web Service.
This will auto-select Internet Information Services Manager and Common Files.
- Click Next to complete the installation.
|
|
|
|
17a
|
Install IIS for Edge, Hub, and UM servers. The IIS snap-in must be installed for
Exchange Management Console to work correctly.
|
|
|
|
17b
|
- Open Add/Remove Windows Components.
- Click Application Server.
- Click Details.
- Highlight to select Internet Information Services (IIS).
- Click Details.
- Clear the World Wide Web Service check box.
- Click OK.
- Click OK.
- Click Next to complete the installation.
|
|
|
|
18
|
Optimize and lock down ETrust AV Settings.
|
|
|
|
19
|
Send an e-mail message to notify appropriate team that the server is as an asset
for tracking.
|
|
|
|
20
|
Send an e-mail message to mark the server in any routing or firewall policies.
|
|
|
|
21
|
Verify that .NET Framework 2.0 is installed by checking Add/Remove Programs.
|
|
|
|
22
|
Verify the MMC version by checking the version under Help/About. If the program
is not installed, install MMC 3.0.
|
|
|
|
23
|
Install F1.
|
|
|
|
24a
|
Enable Edge Transport cache scripts on Client Access, Edge Transport, and Hub Transport
servers by adding Network Server permissions to the D drive.
|
|
|
|
24b
|
- Right-click D:\.
- Click the Security tab, and then add Network Service.
- Highlight and select Full Control.
|
|
|
|
25
|
Stop and disable the Windows Firewall/Internet Connection Sharing (ICS) service.
|
|
|
|
26
|
Enable Microsoft Operations Manager monitoring of Watson.
|
|
|
|
27
|
Run the Disk Defragmenter program on the C drive.
|
|
|
|
28
|
Run HFinstaller and make sure that no mandatory security updates are needed.
|
|
|
|
29
|
Install hotfix MS06-033 - KB917283. This hotfix is for servers with ASP.NET 2.0,
which includes all of the 64-bit systems.
|
|
|
|
30
|
Restart the server.
|
|
|
Exchange 2007 Hub Transport Server Installation and Configuration
Microsoft Exchange Server 2007 Hub Transport servers are deployed inside your
organization's Active Directory environment. Hub Transport servers handle all mail
flow inside the organization, apply organizational mail flow routing rules, and
are responsible for delivering messages to a recipient's mailbox.
This worksheet provides an overview of deployment steps for installing and configuring
an Exchange 2007 Hub Transport server for use in the Microsoft IT environment.
The worksheet provides a high-level overview of deployment steps and configuration
settings for an Exchange 2007 Hub Transport Server role in standalone mode.
This worksheet does not provide instructions for configuring routing group connectors
or SMTP connectors to the Internet or to other Microsoft IT-managed Exchange forests.
Table 8. Hub Server Worksheet
|
|
|
Check
|
Initial
|
Pre-installation tasks
|
|
1
|
Complete the pre-installation checklist.
|
|
|
|
2
|
Verify that the disk drives are configured as follows:
Disk 0 C drive 50 GB, E drive 18 GB
Disk 1 D drive, 270 GB
|
|
|
|
3
|
Verify that the NNTP and SMTP services are not installed.
|
|
|
|
4
|
Verify that the server is part of the correct Active Directory site by running the
following command:
Nltest /SERVER:<server name> /DSGETSITE
|
|
|
|
5
|
Verify the specific build to install.
|
|
|
|
6
|
Verify whether the build has been staged to the appropriate region (if necessary).
|
|
|
|
7
|
Install and configure Powershell. When prompted with "Do you want to run software
from the untrusted publisher?" select Always Run.
|
|
|
Installation and configuration tasks
|
|
1
|
Open a Command Prompt window and change the current directory to the setup directory
of the current Exchange build.
|
|
|
|
2
|
Run the following command to install the server role:
setup.com /m:install /r:h /t:d:\exchsrvr /DoNotStartTransport
|
|
|
|
3
|
Open the Exchange Management Shell from the Start menu. Click Start, click
Programs , and then click Microsoft Exchange.
|
|
|
|
4a
|
Delete the existing Receive connectors.
|
|
|
|
4b
|
Get the current Receive connector information and verify that the following command
returns only the Receive connectors for the server that is under consideration:
Get-ReceiveConnector -server <Server Name>
|
|
|
|
4c
|
Delete the Receive connector with the following command:
Get-ReceiveConnector -server <Server Name> | remove-ReceiveConnector
You will be prompted to remove each connector. Enter Y to delete each connector.
Make sure that you are only being asked to remove the two connectors that are specified
by the previous Get-ReceiveConnector command. If you are being asked to delete
additional connectors, enter L (No to All) and reenter the last command at
the Exchange Management Shell prompt to attempt to delete the correct connectors.
|
|
|
|
5a
|
Create the Receive connector and configure the TransportServer object according
to the Exchange Messaging team standard configuration.
|
|
|
|
5b
|
Receive connector configuration object property name and recommended value:
- MessageTrackingLogEnabled $true
- MessageTrackingLogSubjectLoggingEnabled $true
- MaxOutboundConnections 1000
- MessageTrackingLogMaxAge 10:00:00:00
- MessageTrackingLogMaxDirectorySize 150 GB
- MessageTrackingLogMaxFileSize 100 MB
- MaxPerDomainOutboundConnections 50
- ReceiveProtocolLogMaxAge 30:00:00:00 (Default)
- ReceiveProtocolLogMaxDirectorySize 15 GB
- ReceiveProtocolLogMaxFileSize 100 MB
- SendProtocolLogMaxAge 30:00:00:00 (Default)
- SendProtocolLogMaxDirectorySize 15 GB
- SendProtocolLogMaxFileSize 100 MB
- ExternalDsnReportingAuthority domain.com
- ExternalPostmasterAddress postmaster@domain.com
- InternalPostmasterAddress postmaster@domain.com
- OutboundProtocolLoggingLevel Basic
- TotalQueuedMessagesEnableDehydration Default
- PickupDirectoryMaxRecipientsPerMessage 10000
|
|
|
|
5c
|
Transport server configuration object property name and recommended value:
- AuthMechanism ExchangeServer
- Bindings 0.0.0.0:25
- FQDN Server FQDN
- MaxInboundConnection 5000
- MaxMessagesPerConnection 50
- MaxRecipientsPerMessage 10000
- MaxHopCount 30
- PermissionGroups ExchangeServers, ExchangeLegacyServers
- ProtocolLoggingLevel Basic
- RemoteIPRanges {0.0.0.0-255.255.255.255}
- ProtocolLoggingLevel Basic
|
|
|
Post-installation tasks
|
|
1a
|
Share the tracking log directory: (d:\exchsrvr\transportroles\logs\MessageTracking)
|
|
|
|
1b
|
Remove all access granted to "Everyone."
|
|
|
|
1c
|
Grant these groups read access to the share:
- < Domain>\groupA
- < Domain>\groupY
- < Domain>\groupZ
- < Domain>\groupX
Grant these same groups access via the Security tab.
|
|
|
|
2a
|
Move transaction log queue database to E:\Data\QueueLog.
|
|
|
|
2b
|
Create the folder E:\data\QueueLog. This is where you will move the database log.
|
|
|
|
2c
|
Grant full access to this folder to the user Network Service via the Security
tab.
|
|
|
|
2d
|
If the MSExchangeTransport is not already stopped, stop the service with this command
in the Exchange Management Console:
Stop MSExchangeTransport
|
|
|
|
2e
|
Copy these files from D:\exchsrvr\TransportRoles\data\queue to the new location
on the E drive:
|
|
|
|
2f
|
Edit the file EdgeTransport.exe.config located in D:\exchsrvr\bin, and add or replace
the following entry under <appsettings>:
<add key="QueueDatabaseLoggingPath" value="e:\data\queuelog\"
/>
|
|
|
|
2g
|
Start the MSExchangeTransport service with this command in the Exchange Management
Console:
Start MSExchangeTransport
|
|
|
|
3a
|
After first mailbox server is installed in the same site as the Hub Transport server,
complete following tests before moving production mailboxes to that server.
|
|
|
|
3b
|
Create a new test mailbox on the mailbox server.
|
|
|
|
3c
|
Send sample messages from test mailboxes to any user in the enterprise forest and
verify successful e-mail message delivery.
|
|
|
|
3d
|
Send sample e-mail messages from test mailboxes to an Internet e-mail address and
verify successful e-mail message delivery.
|
|
|
Exchange 2007 Edge Transport Server Installation and Configuration
This worksheet provides an overview of deployment steps for installing and configuring
an Exchange 2007 Edge Transport server for use in the Microsoft IT environment.
The worksheet provides a high-level overview of deployment steps and configuration
settings for an Exchange 2007 Edge Transport server.
Table 9. Edge Transport Server Worksheet
|
|
|
Check
|
Initial
|
Installation and configuration tasks
|
|
1
|
Verify the Edge Transport is deployed in perimeter network and is not part of an
Active Directory domain.
|
|
|
|
2
|
Configure the DNS suffix.
|
|
|
|
3
|
Install the Edge Transport server role by running the following command:
Setup.com /m:install /r:e /targetdir:<drive\installation path>
|
|
|
|
4
|
Subscribe the Edge Transport server by running the following command:
New-EdgeSubscription -file "C: \EdgeSubscriptionExport.xml"
New-EdgeSubscription -FileName "C:\EdgeServerSubscription.xml" -site "AD-Site-Name"
|
|
|
|
5
|
Delete the default Receive connector by running the following command:
Get-ReceiveConnector -server <server name> | Remove-ReceiveConnector
|
|
|
|
6
|
Create new Receive connector with the following settings:
- Bindings 0.0.0.0:25
- FQDN Server FQDN
- MaxInboundConnection 5000
- MaxRecipientsPerMessage 10000
- MaxHopCount 30
- RemoteIPRanges {65.53.213.91,65.53.213.92,65.53.213.93}
- ProtocolLoggingLevel Verbose
- Usage Internal
- MessageTrackingLogEnabled $true
- MessageTrackingLogSubjectLoggingEnabled $true
- MaxOutboundConnections 1000
- MessageTrackingLogMaxAge 10:00:00:00
- MessageTrackingLogMaxDirectorySize 100 GB
- MessageTrackingLogMaxFileSize 10 MB
- MaxPerDomainOutboundConnections 50
- ReceiveProtocolLogMaxDirectorySize 15 GB
- ReceiveProtocolLogMaxFileSize 10 MB
- SendProtocolLogMaxDirectorySize 15 GB
- SendProtocolLogMaxFileSize 10 MB
- ExternalDsnReportingAuthority domain.com
- ExternalPostmasterAddress postmaster@domain.com
- OutboundProtocolLoggingLevel Verbose
- PickupDirectoryMaxRecipientsPerMessage 10000
|
|
|
Exchange 2007 Client Access Servers
This worksheet provides an overview of deployment steps for installing and configuring
an Exchange 2007 client access server for use in the Microsoft IT environment.
Table 10. Client Access Server Worksheet
|
|
|
Check
|
Initial
|
Pre-installation tasks
|
|
1a
|
Traffic to the Client Access server must be drainstopped before upgrading. To drainstop
a Client Access server fronting, follow these steps:
|
|
|
|
1b
|
- Connect via Terminal Server to the server to be upgraded.
- Run the Network Load Balancing Manager and manually drainstop the server.
- Create an e-mail message to the proper team requesting that the team drainstop the
server by including the following information: Server name, IP address or farm name
for the various services, and ISA array name.
|
|
|
Installation and configuration tasks
|
|
1
|
Connect via Terminal Server to the server that is being upgraded.
|
|
|
|
2
|
Using Task Manager, log off any active users except for yourself.
|
|
|
|
3
|
Start the Exchange Management Shell in Windows PowerShell. Remove all virtual directories
that are associated with mail.public by using these commands and typing Enter
at each confirmation prompt:
Remove-OWAVirtualIDirectory
Remove-Exchange
Remove-ExchangeWeb
|
|
|
|
4
|
Run the following command:
exsetup.exe /m:uninstall
Note: The computer may restart at this point. If it does, reconnect via Terminal
Server after the computer restarts.
|
|
|
|
5
|
Go to Add/Remove Programs in the Control Panel.
|
|
|
|
6
|
Remove the program Windows PowerShell.
|
|
|
|
7
|
At a Command Prompt window, map a drive to the install directory for the current
build (see the following example):
net use * \\server\build
|
|
|
|
8
|
Connect to the newly mapped drive.
|
|
|
|
9
|
Navigate to the depapps directory:
cd depapps
|
|
|
|
10
|
Run msh_setup.msi to reinstall Windows PowerShell, accepting all defaults during
installation.
|
|
|
|
11
|
Navigate back to the root directory:
cd \
|
|
|
|
12
|
Enter the following command:
setup.com /m:install /r:c /targetdir:d:\exchsrvr
|
|
|
|
13
|
Copy the custom script cas_config.ps1 and the file corp-params.xml to a local directory,
and then run the following PowerShell command:
config_cas.ps1 -configfile corp-params.xml -showusage $false
|
|
|
|
14
|
Restart the server.
|
|
|
Post-installation tasks
|
|
1a
|
Check for the availability of Office Outlook Web Access on the server by navigating
to the URL http://<server name>/owa.
|
|
|
|
1b
|
Create a meeting request through OWA and try to view the free/busy information for
another user, preferably one on a different forest than the current computer.
|
|
|
Exchange 2007 CCR Mailbox Server Installation and Configuration
This worksheet provides an overview of deployment steps for installing and configuring
Exchange 2007 clustered mailbox server for use in the Microsoft IT environment.
Table 11. Mailbox Server Worksheet
|
|
|
Check
|
Initial
|
Pre-installation tasks
|
|
1a
|
Before beginning, gather the following:
- The location of the share where the Exchange Server 2007 installation file
is located.
- The name and IP address of the clustered mailbox server where you will install the
CCR Mailbox.
|
|
|
|
1b
|
Establish a Terminal Server connection to the active node of the cluster where you
want to install the CCR Mailbox.
|
|
|
|
1c
|
When you have established the connection, do the following to verify that clustering
is set up:
- Click Start.
- Click Cluster Administrator.
- In the Open Connector to Cluster box, type a period, and then press Enter.
|
|
|
|
1d
|
If clustering is set up, the Cluster Administrator window will display information
about the cluster, including cluster IP address, cluster name, and majority node
set.
|
|
|
Installing on the active node
|
|
1
|
Run the Exchange 2007 setup, Setup.exe. The setup GUI opens.
|
|
|
|
2
|
At the Security warning, click Run. On the following screen, click Step 4:
Install Microsoft Exchange.
|
|
|
|
3
|
On the Introduction screen, click Next.
|
|
|
|
4
|
On the License Agreement screen, accept the license agreement, and then click
Next.
|
|
|
|
5
|
On the Error Reporting screen, accept the default response of Yes (Recommended),
and then click Next.
|
|
|
|
6
|
The Installation Type screen appears. On the Installation Type screen, click anywhere
in the Custom Exchange Server Installation box.
|
|
|
|
7
|
To specify the path for the Exchange Server installation, click Browse.
|
|
|
|
8
|
In the Browse For Folder window, expand My Computer. Click D_Drive, then click Make
New Folder. Name the folder Exchsrvr.
|
|
|
|
9
|
Click OK.
|
|
|
|
10
|
On the Installation Type screen, verify that D:\Exchsrvr is entered in the Specify
the path for the Exchange Server installation box, and then click Next. The Server
Role Selection screen appears.
|
|
|
|
11
|
Select the Active Clustered Mailbox Role check box.
|
|
|
|
12
|
Click Next. The Cluster Settings screen appears.
|
|
|
|
13
|
Accept the default setting of Cluster Continuous Replication.
|
|
|
|
14
|
In the Clustered Mailbox Server Name box, enter the name of the clustered mailbox
server.
|
|
|
|
15
|
In the Clustered Mailbox Server IP Address box, enter the IP address of the
clustered mailbox server.
|
|
|
|
16
|
Click Next. The Readiness Checks screen appears.
Note: You can ignore the warnings that appear on this screen.
|
|
|
|
17
|
When the screen indicates that prerequisites are complete, click Install.
The Progress screen, which monitors the progress of your installation, appears.
Note that installation may take several minutes, depending on the rate of Active
Directory replication.
|
|
|
|
18
|
When the screen indicates that installation is complete, click Next. The Completion
screen appears. The Completion screen confirms that the installation is complete.
|
|
|
|
19
|
Click Finish to exit the Exchange Server 2007 Setup program.
|
|
|
Installing on the passive node
|
|
1
|
Run the Exchange 2007 setup, Setup.exe. The setup GUI opens.
|
|
|
|
2
|
At the Security Warning, click Run. On the following screen, click Step 4:
Install Microsoft Exchange.
|
|
|
|
3
|
On the Introduction screen, click Next.
|
|
|
|
4
|
On the License Agreement screen, accept the license agreement, and then click
Next.
|
|
|
|
5
|
On the Error Reporting screen, accept the default response of Yes (Recommended),
and then click Next.
|
|
|
|
6
|
The Installation Type screen appears. On the Installation Type screen, click
anywhere in the Custom Exchange Server Installation box.
|
|
|
|
7
|
To specify the path for the Exchange Server installation, click Browse.
|
|
|
|
8
|
In the Browse For Folder window, expand My Computer. Click D_Drive,
and then click Make New Folder. Name the folder Exchsrvr.
|
|
|
|
9
|
Click OK.
|
|
|
|
10
|
On the Installation Type screen, verify that D:\Exchsrvr is entered in the
Specify the path for the Exchange Server installation box, and then click
Next. The Server Role Selection screen appears.
|
|
|
|
11
|
On the Server Role Selection screen, select the Passive Clustered Mailbox
Role check box instead of the check box for the active clustered mailbox
role.
|
|
|
|
12
|
Click Next. The Cluster Settings screen appears.
|
|
|
|
13
|
Accept the default setting of Cluster Continuous Replication.
|
|
|
|
14
|
In the Clustered Mailbox Server Name box, enter the name of the clustered
mailbox server.
|
|
|
|
15
|
In the Clustered Mailbox Server IP Address box, enter the IP address of the
clustered mailbox server.
|
|
|
|
16
|
Click Next. The Readiness Checks screen appears. Note: You can ignore
the warnings that appear on this screen.
|
|
|
|
17
|
When the screen indicates that prerequisites are complete, click Install.
The Progress screen, which monitors the progress of your installation, appears
Note that the installation may take several minutes, depending on the rate of Active
Directory replication.
|
|
|
|
18
|
When the screen indicates that the installation is complete, click Next.
The Completion screen appears. The Completion screen confirms that the installation
is complete.
|
|
|
|
19
|
Click Finish to exit the Exchange Server 2007 Setup program.
|
|
|
|
|
|
|
|
CCR post-installation steps
|
|
1
|
Open Powershell. Delete the default first storage group and database by running
the following commands:
Removemailboxdatabase ‑id:<database name>
Removestoragegroup ‑id:<storage group name>
|
|
|
|
2
|
Run the following Powershell script to create storage groups.
newStorageGroup Name:SG01 server:<server name> logfolderpath:l:\LOG01 SystemFolderPath:l:\LOG01
newStorageGroup Name:SG02 server:<server name> logfolderpath:l:\LOG02 SystemFolderPath:l:\LOG02
newStorageGroup Name:SG03 server:<server name> logfolderpath:l:\LOG03 SystemFolderPath:l:\LOG03
Repeat this step sequentially for the number of storage groups you are creating.
|
|
|
|
3
|
Run the following Powershell script to create databases.
newmailboxdatabase Name:"<server name> MBX Store 01" PublicFolderDatabase:"<database
location> PUB Store 1A" OfflineAddressBook:"Default Offline Address
List <Location>" StorageGroup:<name> EdbFilePath:e:\MDB01\priv01.edb
newmailboxdatabase Name:"<server name> MBX Store 02" PublicFolderDatabase:"<database
location> PUB Store 1A" OfflineAddressBook:"Default Offline Address
List <Location>" StorageGroup:<name> EdbFilePath:e:\MDB02\priv02.edb
Repeat this step sequentially for the number of storage groups you are creating.
|
|
|
|
4
|
Enable message tracking by running the following command:
set‑transportserver <servername>
‑MessageTrackingLogMaxAge:10.00:00:00
‑MessageTrackingLogMaxDirectorySize:20GB
‑MessageTrackingLogMaxFileSize:10MB
‑MessageTrackingLogPath:d:\exchsrvr\MessageTracking
‑MessageTrackingLogEnabled:$true
‑MessageTrackingLogSubjectLoggingEnabled:$true
|
|
|
|
5
|
Set specific cluster settings.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ClusterLogSize"="32"
C:\Documents and Settings\<localmachine>cluster /cluster:<server name>
/prop EnableEventLogReplication=0
|
|
|
|
6
|
Enable LossLess.
|
|
|
|
7
|
Verify failover/back with the following move-clustered mailbox Powershell command.
move‑clusteredmailboxserver ‑id <servername> ‑targetmachine
<servername> ‑movecomment “test move for post install validation”
|
|
|
|
8
|
Run the following Powershell script to set mailbox limits.
get‑MailboxDatabase ‑server:<server name> | set‑mailboxdatabase
‑IssueWarningQuota:419840KB ‑ProhibitSendReceiveQuota:512000KB
‑ProhibitSendQuota:460800KB ‑ItemRetention:14.00:00:00
‑MailboxRetention:30.00:00:00
|
|
|
|
9
|
Request test accounts to be created.
|
|
|
|
10
|
Configure backups.
|
|
|
|
11
|
Configure Microsoft Operations Manager.
|
|
|
Exchange 2007 UM Server Installation and Configuration
This worksheet provides an overview of deployment steps for installing and configuring
an Exchange 2007 UM server for use in the Microsoft IT environment.
Table 12. UM Server Worksheet
|
|
|
Check
|
Initial
|
Pre-installation tasks
|
|
1
|
Verify that the server you will be installing to resides in the appropriate Active
Directory site.
|
|
|
|
2
|
Verify that the installation prerequisites in the pre-installation checklist have
been completed.
|
|
|
Installation and configuration tasks
|
|
1
|
Connect to the subject computer via Terminal Server.
|
|
|
|
2
|
Open a Command Prompt window.
|
|
|
|
3
|
Run the following command to start the setup program:
\\msgweb\e12\rtm\<df folder>\<build number>\build\setup.com /mode:install
/roles:um /targetdir:d:\exchsrvr
Replace the values for <df folder> and <build number> based on the current
build.
|
|
|
|
4
|
From another computer with a current UM server installation, obtain copies of the
file speechgrammarfilterlist.xml from d:\exchsrvr\bin and the file gal.cfg from
d:\exchsrvr\unifiedmessaging\grammars\en.
|
|
|
|
5
|
Place the copies of these files in the corresponding directories of the computer
on which you are installing the new UM server.
|
|
|
|
6
|
From the folder d:\exchsrvr\bin, run the following command:
galgrammargenerator.exe -g -x speechgrammarfilterlist.xml
Then run galgrammargenerator.exe for each dial plan to which this server belongs:
Galgrammargenerator.exe -d <dialplan1> -x speechgrammarfilterlist.xml
Galgrammargenerator.exe -d <dialplan2> -x speechgrammarfilterlist.xml
And so on.
|
|
|
|
7a
|
Install the language packs by creating a batch file with the following commands:
exsetup /addumlanguagepack:de-DE /s:\\<path>\umlangpacks\de\retail\amd64
exsetup /addumlanguagepack:en-AU /s:\\<path>\umlangpacks\en-au\retail\amd64
exsetup /addumlanguagepack:en-GB /s:\\<path>\umlangpacks\en-gb\retail\amd64
exsetup /addumlanguagepack:es-ES /s:\\<path>\umlangpacks\es\retail\amd64
exsetup /addumlanguagepack:es-MX /s:\\<path>\umlangpacks\es-mx\retail\amd64
exsetup /addumlanguagepack:fr-CA /s:\\<path>\umlangpacks\fr-ca\retail\amd64
exsetup /addumlanguagepack:fr-FR /s:\\<path>\umlangpacks\fr\retail\amd64
exsetup /addumlanguagepack:it-IT /s:\\<path>\umlangpacks\it\retail\amd64
exsetup /addumlanguagepack:ja-JP /s:\\<path>\umlangpacks\ja\retail\amd64
|
|
|
|
7b
|
Continue adding language packs.
exsetup /addumlanguagepack:ko-KR /s:\\<path>\umlangpacks\ko\retail\amd64
exsetup /addumlanguagepack:nl-NL /s:\\<path>\umlangpacks\nl\retail\amd64
exsetup /addumlanguagepack:pt-BR /s:\\<path>\umlangpacks\pt\retail\amd64
exsetup /addumlanguagepack:sv-SE /s:\\<path>\umlangpacks\sv\retail\amd64
exsetup /addumlanguagepack:zh-CN /s:\\<path>\umlangpacks\zh-chs\retail\amd64
exsetup /addumlanguagepack:zh-TW /s:\\<path>\umlangpacks\zh-cht\retail\amd64
Replace <path> with the installation path for the current build.
|
|
|
|
8
|
Upon completion, restart the MSExchangeUM service in the Exchange Management Console.
|
|
|