Windows Server Essentials
United States (English) Sign in
Home 2012 2011 2008 2003 Library Forums
6 out of 10 rated this helpful - Rate this topic

Integrate an on-premises Exchange Server with Windows Server 2012 Essentials

Published: July 9, 2012

Updated: November 1, 2012

Applies To: Windows Server 2012 Essentials

This guide provides information and basic instructions to help you set up and integrate an on-premises server that is running Exchange Server with a server that is running Windows Server® 2012 Essentials.

You should read this guide before attempting to deploy an on-premises server that is running Exchange Server on a Windows Server 2012 Essentials network.

noteNote
Exchange Server 2010 does not support installation on computers that are running Windows Server 2012 Release Candidate.

Before installing Exchange Server on a Windows Server 2012 Essentials network, make sure that you complete the tasks outlined in this section.

You must have already set up a server that is running Windows Server 2012 Essentials. This will be the domain controller for the server that is running Exchange Server. For information about how to set up Windows Server 2012 Essentials, see Install and Configure Windows Server 2012 Essentials.

You must install Exchange Server on a second server that is running a version of the Windows Server operating system that officially supports running Exchange Server 2010 or Exchange Server 2013. You must then join the second server to the Windows Server 2012 Essentials domain.

For information about how to join a second server to the Windows Server 2012 Essentials domain, see Join a second server to the network.

noteNote
Microsoft does not support installing Exchange Server on a server that is running Windows Server 2012 Essentials.

To integrate an on-premises server that is running Exchange Server with Windows Server 2012 Essentials, you must have registered a valid Internet domain name for your business (such as contoso.com). You must also work with your domain name provider to create the DNS resource records that Exchange Server requires.

For example, if your company Internet domain name is contoso.com and you want to use the fully qualified domain name (FQDN) of mail.contoso.com to reference your on-premises server that is running Exchange Server, work with your domain name provider to create the DNS resource records in the following table.

 

Resource record name Record type Record setting Description

mail

host (A)

Address=public IP address assigned by your ISP

Exchange Server will receive mail addressed to mail.contoso.com.

You can use a different name at your own selection.

MX

mail exchanger (MX)

Hostname=@

Address=mail.contoso.com

Preference=0

Provides email message routing for email@contoso.com to arrive at your on-premises server that is running Exchange Server.

SPF

text (TXT)

v=spf1 a mx ~all

Resource record that helps prevent email sent from your server as being identified as spam.

autodiscover._tcp

service (SRV)

Service: _autodiscover

Protocol: _tcp

Priority: 0

Weight: 0

Port: 443

Target host: mail.contoso.com

Enables Microsoft Office Outlook and mobile devices to automatically discover your on-premises server that is running Exchange Server.

noteNote
You can also configure an “autodiscover” host (A) resource record and point the record to the public IP address of your on-premises server that is running Exchange Server. However, if you implement this option, you must also provide subject alternative name (SAN) SSL certificate that supports both the mail.contoso.com and autodiscover.contoso.com domain names.

noteNote
  • Replace instances of contoso.com in this example with the Internet domain name that you registered.

You must choose a different FQDN for your on-premises server that is running Exchange Server than the FQDN you are using for the server that is running Windows Server 2012 Essentials. For example, you can choose to use remote.contoso.com as the FQDN that computers use to access the server running Windows Server 2012 Essentials from the Internet. You can use mail.contoso.com as the FQDN that is used to route email to your on-premises server that is running Exchange Server.

The Exchange Server integration feature on Windows Server 2012 Essentials supports the following versions of Exchange Server:

  • Exchange Server 2013

  • Exchange Server 2010 with Service Pack 1 (SP1)

Before you install the Exchange Server on the second server, you must first add the current administrator account to the Enterprise Admins group.

  1. Log on to the Windows Server 2012 Essentials as an administrator.

  2. Run Windows Powershell as an administrator.

  3. At the Powershell command prompt, type Add-ADGroupMemeber ‘Enterprise Admins’ $env:username, and then press Enter.

  1. Log on to the second server as an administrator.

  2. Open your Internet browser, and then navigate to the Exchange Server Deployment Assistant website.

  3. Click On-Premises Only.

  4. Click the new installation option for the version of Exchange Server that you will install.

    noteNote
    If you are migrating from an installation of Windows Small Business Server, you should select the appropriate upgrade option that covers the migration steps.

  5. On the next page, accept the default settings, and then click Next.

    noteNote
    If you plan to use public folders in the new installation of Exchange Server, change that setting to Yes.

  6. Follow the step-by-step instructions in the checklist to deploy Exchange Server.

    The Exchange Server Deployment Assistant also allows you to:

    • Print a copy of the checklist

    • Send a copy of the checklist to an email recipient

    • Download the checklist as a PDF file.

noteNote
  • You must always choose to install the Management Tools on the server that is running Exchange Server. The Management Tools are required by the Exchange Server Integration feature on Windows Server 2012 Essentials.

  • If you need to configure virtual directories, we recommend that you also set the InternalUrl property to be the same URL as the ExternalUrl property for each virtual directory. For more information, see Managing Client Access Server Virtual Directories at the Exchange Server 2010 online Help website.

  • If you want to access Outlook Web Access (OWA) from within the Remote Web Access site on Windows Server 2012 Essentials, you must set the External URL property for OWA.

If you are installing Exchange Server 2010 in clean setup, you can also use the following scripts to set up Exchange Server.

  1. Open Notepad, and paste the following script into a new file:

    Import-Module ServerManager

    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,Web-Asp-Net,Web-Client-Auth,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Logging,Web-Http-Redirect,Web-Http-Tracing,Web-ISAPI-Filter,Web-Request-Monitor,Web-Static-Content,Web-WMI,RPC-Over-HTTP-Proxy –Restart

  2. Save the file as InstallDependencies.ps1.

  3. Copy the Exchange SSL certificate to a location on the server.

  4. Open a new Notepad file, and copy the following text to the file:

    param (

    [string]

    [Parameter(Mandatory=$true, HelpMessage = "The path to your Certificate file, must be a *.pfx format")]

    $CertPath = "c:\certificates\ExchangeCertificate.pfx",

    [Security.SecureString]

    [Parameter(Mandatory=$true, HelpMessage = "The password of your cert")]

    $CertPassword = $null,

    [string]

    [Parameter(Mandatory=$true, HelpMessage = "Domain Name, eg. contoso.com")]

    $DomainName = "contoso.com",

    [string]

    [Parameter(Mandatory=$true, HelpMessage = "Server IP Address, eg. 192.168.0.1")]

    $ServerIpAddress = "192.168.0.1",

    [string]

    [Parameter(Mandatory=$true, HelpMessage = "Internal Ip Range, eg. 192.168.0.0-192.168.0.255")]

    $InternalIpRange = "192.168.0.0-192.168.0.255"

    )

    #Import Exchange Certificate, and Enable it for POP IIS IMAP SMTP services.

    Import-ExchangeCertificate –FileData ([Byte[]]$(Get-content -Path $CertPath –Encoding byte –ReadCount 0)) -Password:$CertPassword -Force | Enable-ExchangeCertificate -Services 'POP, IIS, IMAP, SMTP' -Force

    #New AcceptedDomain and set it to default

    New-AcceptedDomain –Name "official name" –DomainName $domainname

    Set-AcceptedDomain –Identity "official name" –MakeDefault $true

    #New EmailAddress Policy

    $address = "%m@" + $DomainName

    New-EmailAddressPolicy -Name "Windows Server Essentials Email Address Policy" -IncludedRecipients AllRecipients -EnabledPrimarySMTPAddressTemplate $address

    #Set owa and ecp VirtualDirectory ExternalUrl

    $hostname = "mail." + $DomainName

    $owa = "https://" + $hostname + "/owa"

    $ecp = "https://" + $hostname + "/ecp"

    $activesync = "https://" + $hostname + "/Microsoft-Server-ActiveSync"

    $oab = "https://" + $hostname + "/OAB"

    $ews = "https://" + $hostname + "/EWS/Exchange.asmx"

    Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –ExternalUrl $owa –InternalUrl $owa

    Get-EcpVirtualDirectory | Set-EcpVirtualDirectory –ExternalUrl $ecp –InternalUrl $ecp

    Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -ExternalUrl $activesync –InternalUrl $activesync

    Get-OABVirtualDirectory | Set-OABVirtualDirectory -ExternalUrl $oab -InternalUrl $oab -RequireSSL:$true

    Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -ExternalUrl $ews -InternalUrl $ews -BasicAuthentication:$True -Force

    #Enable outlook Anywhere

    Enable-OutlookAnywhere –ClientAuthenticationMethod:Basic –ExternalHostname:$hostname –SSLOffloading:$false

    #new receive/send connector

    $machinename = get-content env:computername

    $bindingIpaddress = $ServerIpAddress + ":25"

    $RecevieConnectorName = $machinename + "\Default " + $machinename

    Set-ReceiveConnector $RecevieConnectorName -RemoteIPRanges $InternalIpRange

    New-ReceiveConnector -Name "WSE Internet Receive Connector" -Usage "Internet" -Bindings $bindingIpaddress -Fqdn $hostname -Enabled $true -Server $machinename -AuthMechanism Tls,BasicAuth,BasicAuthRequireTLS,Integrated

    New-SendConnector -Name "WSE Internet SendConnector" -Usage "Internet" -AddressSpaces 'SMTP:*;1' -IsScopedConnector $false -DNSRoutingEnabled $true -UseExternalDNSServersEnabled $true -SourceTransportServers $machinename

  5. Set the parameters at the beginning of the script to reflect your networking environment.

  6. Save the file as ConfigureExchange.ps1.

  7. Run Windows Powershell as an administrator.

  8. At the Powershell command prompt, type Set-ExecutionPolicy RemoteSigned, and then press Enter.

  9. Run the script InstallDependencies.ps1.

  10. Restart the server, and then Run Windows Powershell as an administrator.

  11. At the Powershell command prompt, run the following script:

    E:\setup.com /mode:install /roles:mb,ht,ca /OrganizationName:"First Organization"

    noteNote
    Be sure to type the correct path to the Exchange Server setup program.

  12. When Exchange Server setup is complete, open Exchange Management Shell as an administrator.

  13. At the Exchange Management Shell command prompt, type Set-ExecutionPolicy RemoteSigned, and then press Enter.

  14. Run the script ConfigureExchange.ps1.

  15. Restart the server.

noteNote
If you decide to use a publically trusted SSL certificate instead of a self-issued certificate, you can follow the instructions in the setup guide to create a certificate request and send it to your selected Certification Authority. You can also use an Exchange Powershell cmdlet to create a certificate request. An example follows.

New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, S=Washington, L=Redmond, O=contoso, OU=contoso, CN=mail.contoso.com" -DomainName mail.contoso.com -PrivateKeyExportable $true | Set-Content -path "c:\Docs\MyCertRequest.req"

Customize the script parameters to reflect your networking environment.

This section describes server configuration tasks you may need to complete in the post-installation phase that contains information specific to setting up an on-premises server that is running Exchange Server on a Windows Server 2012 Essentials network.

noteNote
This is a required task if you are performing a clean setup. Skip this step if you are migrating from Windows Small Business Server.

You must specify your email domain to be the default accepted domain, and then configure the email address policy.

  1. Follow the instructions in the Exchange Server article “Create an Accepted Domain” to add an accepted domain.

  2. Log on to the second server as an administrator, open the Exchange Management Console, and then navigate to the Hub Transport tab of the Organization Configuration.

  3. In the Exchange Management Console work pane, right-click the new accepted domain, and then click Set as Default.

  4. Follow the instructions in the Exchange Server article “Create an E-Mail Address Policy” to create a new e-mail address policy. You can accept all of the default values except the e-mail address. For e-mail address, specify your public email domain.

noteNote
This is a required task.

You must configure an SMTP send connector and an SMTP receive connector for outbound/inbound transmission of email messages.

To create an SMTP Send connector, follow the instructions in the Exchange Server article Create an SMTP Send Connector.

To create an SMTP Receive connector, follow the instructions in the Exchange Server article Create a SMTP Receive Connector.

As an option, you can refer to the script earlier in this document for creating the send and receive connectors using by Exchange Powershell cmdlets.

noteNote
This is a required task if you are performing a clean setup. If you are migrating from Windows Small Business Server, see the Windows Server 2012 Essentials migration documentation for instructions about how to configure the network.

At minimum, you must configure the following port settings on the router:

 

Router port Destination IP Destination Port Note

25 (SMTP)

Internal IP of the on-premises server that is running Exchange Server.

25

80 (HTTP)

Internal IP of the server that is running Windows Server 2012 Essentials

80

443 (HTTPS)

Internal IP of the server that is running Windows Server 2012 Essentials

443

If you support the POP3 or IMAP messaging protocols on your network, you must also configure port forwardings for those protocols. For related information, see the section Client Access Servers in the topic “Exchange Network Port Reference” in the Exchange Server Technical Library.

noteNote
  • We recommend that you configure static IP addresses for the server that is running Windows Server 2012 Essentials and for the second server that is running Exchange Server. For instructions about how to configure a static IP address on computer running Windows Server 2003 or Windows Server 2008 R2, see Configure a Static IP Address in the Windows Server Technical Library

    noteNote
    The DNS server setting should always point to the IP address of the server that is running Windows Server 2012 Essentials.

  • On the router, make sure that the IP addresses of the server that is running Windows Server 2012 Essentials and the server that is running Exchange Server either are reserved, or are out of the DHCP IP addresses range.

  • The router configuration in this section assumes that you have only one public IP address assigned by your Internet Service Provider (ISP). If you have multiple public IP addresses, you can assign a different IP address to the server that is running Windows Server 2012 Essentials and to the server that is running Exchange Server, and then create port forwardings based on the public IP addresses.

noteNote
If you are migrating from a Windows Small Business Server installation, we recommend that you skip this step for now and run it after you uninstall the previous installation of Exchange Server on the Source Server.

After you install and configure a server that is running Exchange Server, you must enable the on-premises Exchange Server Integration on the server that is running Windows Server 2012 Essentials.

  1. Log on to the server that is running Windows Server 2012 Essentials as an administrator, and then open the Dashboard.

  2. On the Home page, click Connect to My Email Service, and then click Integrate your Exchange Server.

  3. In the information pane, click Set up Exchange Server Integration.

  4. Follow the instructions in the wizard.

noteNote
This is a required task if you have only one internet connection from your Internet Service Provider.

Both Windows Server 2012 Essentials and Exchange Server support some remote access scenarios for network users. For example, if you turn on Anywhere Access on the server that is running Windows Server 2012 Essentials, you can remotely access the Remote Web Access site or use virtual private networking (VPN) to remotely connect to the Windows Server 2012 Essentials network. To remotely access email messages, you must use Outlook Anywhere, Outlook Web Access (OWA), or ActiveSync.

If Windows Server 2012 Essentials and the server running Exchange Server are both connected to the same router and there is only one inbound internet connection from your Internet Service Provider to the router, then , you must use a reverse proxy solution to route different types of remote access requests from the Internet based on the destination host names. We recommend that you use the Microsoft supported IIS Application Request Routing (ARR) extension as your reverse proxy solution. For more information about IIS Application Request Routing, visit the Application Request Routing website.

  1. Log on to Windows Server 2012 Essentials as an administrator.

  2. Open your Internet browser, and navigate to the Application Request Routing website.

  3. On the ARR website, click the Install button, and then follow the instructions to install ARR.

    noteNote
    You must select the URL Rewrite Module during ARR installation.

    You may receive an error at the end of the ARR installation that KB 2589179 for ARR 2.5 did not install successfully. You can safely ignore this error.

  4. When ARR installation is complete, restart the Remote Desktop Gateway service if it is not running.

    noteNote
    After you install ARR, the Remote Desktop Gateway service may be stopped. To manually restart the service, open the Services administrative tool, and then restart the Remote Desktop Gateway service.

  5. Download KB2732764 for ARR 2.5, and then install the update on the server that is running Windows Server 2012 Essentials.

  6. Copy the SSL certificate file for Exchange Server to the server that is running Windows Server 2012 Essentials. The certificate file must contain the private key, and it must be in the PFX file format.

    noteNote
    If you are using a self-issued certificate, follow the instruction in the Exchange Server article Export an Exchange Certificate to export the certificate.

  7. Open a command window as an administrator, and then open the %ProgramFiles%\Windows Server\Bin directory.

  8. Based on you installation scenario, follow one of these steps to configure ARR:

    • If you are performing a clean setup, run the following command:

      ARRConfig config –cert “path to the certificate file” –hostnames “host names for Exchange Server

      noteNote
      For example; ARRConfig config –cert “c:\temp\certificate.pfx” –hostnames “mail.contoso.com

      Replace mail.contoso.com with the name of your domain that is protected by the certificate.

    • In you are migrating from Windows Small Business Server, run the following command:

      ARRConfig config –cert “path to the certificate file” –hostnames “host names for Exchange Server–targetserver “server name of Exchange Server

      For example; ARRConfig config –cert “c:\temp\certificate.pfx” –hostnames “mail.contoso.com–targetserver “ExchangeSvr

      Replace mail.contoso.com with the name of your domain. Replace ExchangeSvr with the name of your server that is running Exchange Server.

  9. When prompted, type the password for the certificate.

noteNote
  • The host names that you provide must be contained in the SSL certificate that you purchased for Exchange Server.

  • If you have multiple host names, use a comma (,) to separate them.

To verify that the configuration works, try to access the OWA website for your server that is running Exchange Server (https://mail. yourdomainname.com/owa) from a computer that is not a member of the domain. To troubleshoot connectivity issues, you can also use the online Microsoft Remote Connectivity Analyzer tool.

noteNote
This is a recommended task.

Split DNS allows you to configure different IP addresses in DNS for the same host name, depending on where the DNS request originates. If the client computer is on the intranet, the DNS request resolves to an intranet IP address. If the client computer is on the Internet, the DNS request resolves to an Internet IP address. This is transparent to users.

We recommend that you configure split DNS in such a way that enables users to always use the same host name to access Exchange Server services, regardless of their location.

  1. Log on to Windows Server 2012 Essentials as an administrator, and then open DNS Manager.

  2. In the DNS Manager console tree, right click your server, and then click New Zone. The New Zone Wizard appears.

  3. On the Zone Type page of the wizard, accept the default option, and then click Next.

  4. On the Active Directory Zone Replication Scope page, accept the default option, and then click Next.

  5. On the Forward or Reverse Lookup Zone page, accept or select Forward lookup zone, and then click Next.

  6. One the Zone Name page, type the FQDN of your server that is running Exchange Server (for example; mail.contoso.com), and then click Next.

  7. On the Dynamic Update page, accept the default option, click Next, and then click Finish.

  8. In the DNS Manager console tree, right-click the new forward lookup zone, and then click New Host (A or AAAA).

  9. In the New Host page, leave the Name field blank, type the intranet IP address of your server that is running Exchange Server, and then click Add Host.

    noteNote
    When you leave the Name field blank, the server uses the parent domain name by default.

  10. In the New Host page, click Done.

noteNote
If you use ActiveSync but cannot synchronize the email for some mailbox accounts, determine if those accounts are members of one or more protected groups such as Domain Administrators. For related information that can help you resolve this issue, see Exchange ActiveSync Returned an HTTP 500 Error.

Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft
|
Site Feedback
© 2013 Microsoft. All rights reserved.