Installing prerequisites for e-mail protection

  • Article

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Forefront TMG enables you to protect your organization from spam, viruses and other e-mail-based threats. It does this by leveraging the mail protection provided by Forefront Protection 2010 for Exchange Server (FPES), and by utilizing the end-to-end mail relay service provided by Exchange Edge Transport server.

These protection technologies are not included in the default Forefront TMG installation; you must install them separately on each Forefront TMG array member.

The supported versions are:

  • Exchange Server 2007 SP2, and Exchange Server 2010.

    Note

    You can download evaluation software of Exchange Server from the Microsoft Download site.

  • Forefront Protection 2010 for Exchange Server.

It is recommended that you install these mail protection technologies (and their prerequisites) on each array member, in the following order:

  1. Install Active Directory Lightweight Directory Services. For instructions, see Installing Active Directory Lightweight Directory Services.

  2. Install the Exchange Server Edge Transport Transport role. For instructions, see Installing the Exchange Server Edge Transport role.

  3. Install Forefront Protection 2010 for Exchange Server. For instructions, see Installing Forefront Protection 2010 for Exchange Server.

  4. Install Forefront TMG. For instructions, see Installing Forefront TMG.

Installing Active Directory Lightweight Directory Services

You must install Active Directory Lightweight Directory Services (AD LDS) before installing the Exchange Server Edge Transport role. If AD LDS is not installed, use the following instructions to install it.

To install Active Directory Lightweight Directory Services

  1. From an elevated command prompt, type cmd.exe /c start /w pkgmgr.exe /iu:"DirectoryServices-ADAM".

Installing the Exchange Server Edge Transport role

Note

  • If you have already installed Forefront TMG, you must remove Windows Powershell 1.0 before installing Exchange. See Removing Windows Powershell 1.0 for instructions.

  • You cannot install the Exchange Server Edge Transport role on a server with a DNS suffix that includes non-English characters.

Before installing the Exchange Server Edge Transport role, you must verify that the computer is configured with a DNS suffix. Use the following procedure:

To add a DNS suffix to a Forefront TMG computer

  1. On the Desktop, right-click Computer, and select Properties.

  2. Click Advanced system settings, and then click the Computer Name tab.

  3. Click Change, and then click More.

  4. In the Primary DNS suffix of this computer box, if an FQDN is not configured, type one, and click OK.

To install the Exchange Server Edge Transport role

  1. Run the Exchange Server Setup.exe file, and follow the steps in the Exchange Server Setup Wizard, including the installation of all the prerequisites.

  2. On the Installation Type page, click Custom Exchange Server Installation.

  3. On the Server Role Selection page, select Edge Transport Role, and click Next. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. Then, click Install to install Exchange.

  4. On the Completion page, click Finish.

  5. After completing the installation, it is recommended that you back up the configuration and store the backup file in a secure location. This may be useful for troubleshooting e-mail protection issues in the future, and will allow you to revert to the original configuration if necessary. You should do this for each member of the array. For instructions, see Configure Edge Transport Server Using Cloned Configuration (https://go.microsoft.com/fwlink/?LinkId=177822) for Exchange 2010, and How to Back Up Edge Transport Servers by Using Cloned Configuration Tasks (https://go.microsoft.com/fwlink/?LinkId=177823) for Exchange 2007.

Installing Forefront Protection 2010 for Exchange Server

To install Forefront Protection 2010 for Exchange Server

  1. Insert the Forefront TMG DVD and run autorun.hta.

  2. Click Install Microsoft Forefront Protection 2010 for Exchange Server.

  3. Follow the on-screen instructions in the Setup Wizard.

  4. When you have completed the installation, it is recommended that you back up the configuration and store the backup file in a secure location. This may be useful for troubleshooting e-mail protection issues in the future, and will allow you to revert to the original configuration if necessary. You should do this for each member of the array. For instructions, see Backing up and restoring (https://go.microsoft.com/fwlink/?LinkId=177824).

Removing Windows Powershell 1.0

Note

If you have already installed Forefront TMG, use the following procedure to remove Windows Powershell 1.0 before installing Exchange:

  1. Click Start, Run, and type CompMgmtLauncher. Click OK.

  2. In the Server Manager tree, expand Features, and in the Features Summary, click Remove Features.

  3. In the Remove Features Wizard, scroll to Windows Powershell, and then clear the check box.Click Next, and then click Remove.

  4. When the process has completed, restart the computer, and then install Exchange Server 2010. The prerequisites page directs you to install Windows Powershell 2.0.

Next Steps

After you have completed the installation of the Exchange Edge Transport Server role, FPES and Forefront TMG on each member of your array, you can begin to configure an e-mail policy for your organization. For configuration information, see Configuring protection from e-mail-based threats.

Concepts

Forefront TMG Deployment
Planning to protect against e-mail threats
Configuring protection from e-mail-based threats