mailbox server

All posts tagged mailbox server

Just as like Windows 2003 you need to add some components to Windows 2008 before you can install Exchange 2007. In this tutorial I will explain which need to be installed on which server and made some scripts for it, that’s far more easier then typing the commands one by one ;-).

When you gone prepare the AD for Exchange 2007 from a Windows 2008 server you first need to install the Active Directory Domain Services remote management tools. These tools make it possible to modify the schema and domain so that Exchange 2007 can be installed.

This can be done by executing the following script:


ServerManagerCmd -i RSAT
shutdown -r

After the installation of the tools the server will be  rebooted, this last thing is optional and is not always needed.

After the tools have been installed the next step is the CAS server. First we will install Powershell, this is a prerequisite for Exchange 2007. Next fase is installing several IIS components for the web applications such as: OWA and AutoDiscovery that will be hosted on the CAS.  When you are going to use Outlook Anywhere you also need to install the RPC over HTTP proxy, this will be done in the last step.


ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression
ServerManagerCmd -i RPC-over-HTTP-proxy
shutdown -r

After installing the components the server will be rebooted, this again is optional.

When the CAS server is prepared it’s time for the HUB server. If you want to use a script for it, it’s your own decission, this because just one component will be installed.


ServerManagerCmd -i PowerShell
shutdown -r

Now that the CAS and HUB server are prepared it’s time for the mailbox server.


ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-Auth
shutdown -r

As you can see IIS is installed besides Powershell. Exchange 2007 doesn’t use the SMTP and NNTP from IIS anymore, some other components do need IIS.

When you want to build a cluster of mailbox servers you will need to add an extra line of code to the script.


ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Failover-Clustering 
shutdown -r

A next step could be installing the Edge Sync server.


ServerManagerCmd -i PowerShell
ServerManagerCmd -i ADLDS
shutdown -r

This script will install Powershell again, besides this Active Directory Lightweight Directory Services will be installed. This services have the same functionality as the Active Directory Application Mode (ADAM) as it was known in Windows 2003.

When you would like to use the auto attendant and voicemail functionality of Exchange 2007 you will need to install the UM role.


ServerManagerCmd -i PowerShell
ServerManagerCmd -i Desktop-Experience
shutdown -r

This script will install the codecs for audio/video from the Windows Media Player.

When you have a dedicated management station it may be necessary to install the manegement tools on it. For this only Powershell and two IIS components are needed.


ServerManagerCmd -i PowerShell
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console

I think we have talked about all the prerequisites for all rolles now. Below there are some links to some resources that contain extra information about this.

How to Install Exchange SP1 Prerequisites on Window Server 2008 or Vista
Speeding up installation of Exchange Server 2007 SP1 Prerequisites on Windows Server 2008

When you have played with Exchange 2007 and Outlook Web Access earlier you may have seen a lot of differences between Outlook Web Access 2007 and 2003. There have been added nice features to the new version of OWA such as: you can access a file-server/sharepoint-server, you can restrict what files can be opened via OWA and how they are opened then.

Users can only use these functionalities if their mailbox is hosted on an Exchange 2007 mailbox server. The users who have their mailbox on an Exchange 2003 server will use the old version of OWA.

The OWA functionalities are delivered by the Client Access Server (CAS) if you had an Exchange 2003 environment running with OWA this functionality was provided by the Frontednd Server. When we zoom in to the Exchange Management Console en then have a close look ath the server configuration of  the CAS server you will discover that it hosts mutiple websites:

The three that are important for Outlook Web Access are:

  • owa, this is the 2007 version of OWA
  • exchange, this is the 2003 version of OWA
  • exchweb, this site contains most functionalities of OWA

Now you may ask yourself, what are those other directories used for:

  • exadmin, this folder willl be used when you manage Public Folders from the Management Console
  • public, this folder will be use when opening a Public Folder via OWA

We will restrict this tutorial to OWA 2007 only, so we will get the properties of the site named owa.

The first tab we see is general:

You can’t change much on this tab, it contains some information you may find interesting:

  • which server is hosting the OWA
  • under which website the OWA is placed
  • for which Exchange version this OWA is responsible
  • when has the website changed

There are two fields which you can fill in:

  • internal url, here you need to define the url which users on the internal network use to access the OWA
  • external url, here you need to define the url which users on the internet use to access the OWA

You need to pay attention to the url’s when you are going to buy certificates that you buy one for the correct url.

The next tab is authentication on this tab we can setup the way the user has to login to OWA. The default setting is Use form-based authentication below this option you can choose three methods to fill in the username:

  • Domain\username, the user logs in like this test.local\johan
  • User Principale Name, the user logs in like this johan@test.local
  • User Name Only, the user fills in his username, in this case the field logon domain contains the domain where the user needs to login.

The next tab is segmentation on this tab we can control what options end-users will get when they use OWA. You can for example block the ActivSync integration or prevent the password changing in OWA.


On the tab Public Computer File Access you can decide how OWA will react if a user tries to open an attachment while logged into OWA from a public computer:

  • OWA needs to convert the file via the Web ready functionality
  • OWA needs to prevent the opening/downloading of the file
  • OWA allows to open/download the file


As you can see it has been changed a lot compared to OWA 2003. The first option enable direct file access let you configure which files the end-user may open without using the Web ready functionality. When you click on the customise button you can change the files allowed or blocked:

  • allow, which files with the extension/mime-code may be opened
  • block, which files with the extension/mime-code may not be opened
  • force save, which files with the extension/mime-code first need to be saved before opening.
  • unknown files, what does OWA need to do with  “unknown” files

You see there are a lot of possibilities and you can really make changes to allow or block a file. The default settings are quite good, if you won’t allow mp3’s being opened via OWA then you need to delete it from the allow list. The option unknown files will be used when an extension/mime-code is not defined in the other 3 lists. The  default option for unknown files is Force Save which tells OWA to first let the user download the file before opening it.

Another new feature in OWA is WebReady Document Viewing, this function will convert a file to a webpage with the build-in convertors. Normally this shouldn’t be the case because the option Force WebReady Document viewing when a converter is available is disabled. OWA contains converters for the following filetypes:

  • Excel files
  • Word files
  • Powerpoint files
  • PDF files

I think this are the most used files which you want to open using this new function.  You don’t need to have the application installed locally on your pc/laptop.

The last two options on this tab make it possible to open files on remote file servers. With remote file servers you are able to open files on:

  • Windows File Shares
  • Windows SharePoint Services

The remote file servers need to defined on another tab called remote servers this will come later on in this tutorial.

The next tab is Private Computer Access with this tab you can configure the same things as on the tab Public Computer Access only then for trusted computers/laptops. Default there are a few settings that are not the same as on the tab Public Computer Access for example the options to access Windows File Shares and Windows SharePoint Services is enabled.

On the last tab remote file servers you can setup which servers are accessable via OWA. You can easily set this up by adding a server to one of the two lists. It would be a lot of work to add all the file-servers that you want to block and for example allow only one. For this case you can use the option unknown servers the action defined there will be used for every server who isn’t listed on the allow or block list. Default the action is block.


As you can see there is only one button left that we didn’t spoke about. The button configuration on the bottom of the tab. With this button we need to specify which domains need to be seen as internal domains. When a server is added from a domain that is not listed OWA will not see it as an internal server and will block access to it.

We now have spoken about all the tabs of OWA. The other things such as certificates will be handeled via the Powershell and IIS admin MMC.

When OWA is published on the internet it may be necessary to use a 3rd party certificate for the OWA, you can buy a certificate with for example VeriSign. OWA 2007 uses https and form-based authentication by default. Here a self-signed certificate is used, which can result in warnings from webbrowsers.

You will have to add a copy of the self signed certificate to the trusted root authority to prevent this error. You can get a copy of this certificate in two ways:

  • via the website itself and then import it into the right store
  • by exporting it via Powershell and import it in the right store

First via the website itself:

  • go to the website
  • click on continue when the warning is displayed.
  • click on the certificate error button in the addressbar
  • click on display certificate
  • click on install certificate
  • choose the option to save all certificates in the archive below
  • select the trusted root authority via the browse function
  • click on next en finish
  • a warning will be displayed that you are importing a certificate, accept it
  • a message will be displayed that the certificate is installed

All the steps above can be done on a client. All the steps below need to be executed from the CAS server:

  • execute the following domain: Get-ExchangeCertificate -DomainName mail.test.local
  • an overview will be displayed with all certificates that are used by mail.test.local
  • then we need to export the certificate: Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -BinaryEncoded:$true -Path c:\certificates\export.pfx -Password:(Get-Credential).password
  • when this command is executed it will prompt you for a username and password. The password is the only thing that is necessary to export and import the certificate.
  • the last step is importing the certificate in the trusted root authorities on the client, optionally this can be done via a Group Policy.

Both warnings will result in not displaying the message anymore. When a 3rd party certificate will be installed the steps above are not needed. The only thing you should arrange is that you trust the root certificate from the 3rd party.

When you choose to get a certificate from a 3rd party we first need to create a CSR and after that when receiving the file from the 3rd party install it.:

  • start Powershell
  • run the following command: New-ExchangeCertificate -DomainName test.ocal -Force -FriendlyName OWA -GenerateRequest:$True -Keysize 2048 -Path c:\owa.req -privatekeyExportable:$true -SubjectName “C=NL, O=Test, L=Utrecht, S=Utrecht, CN=owa.test.local”
  • this command will generate a CSR to get a certificate
  • when we receive the certificate from the 3rd Party we need to install it
  • importing is done by the following command: Import-ExchangeCertificate -Path c:\certificaat.crt | Enable-ExchangeCertificate -Services “IIS”
  • with the parameter-Services we can tell Exchange that this certificate may only be use for IIS in this case. Other options are SMTP, IMAP and POP3.

If everything is configured we can check if OWA is working OK, this can be done in two ways:

I use OWA 2007 for a few months now and I must say it’s working really good. I hope you have learned something from this tutorial.

Public folders they do exist in Exchange 2007 but there are rumors that they will be there in the next version also. But you will find out that Microsoft wants to get rid of the Public Folders. On first sight everything looks the same in Exchange 2007, but it isn’t really the same as Exchange 2003. In the past Public Folders can be accessed from Outlook but also via a NNTP-client or IMAP-client. Since Exchange 2007 this isn’t possible anymore. In the RTM version of Exchange there were are few functionalities gone which were available in Exchange 2007. Since the release of SP1 a few functionalities came back. It is possible again to view the Public Folders from OWA again without having a your mailbox hosted on an Exchange 2003 server. In the future Microsoft will fase out Public Folders and will migrate everything to Sharepoint. You can conclude this when you read the trainings manuals from Microsoft. A few years ago it was a fashion to put as many functions in one package. Now a days it looks like it changes roles become seperated again (have a look at Exchange 2007) or even apart software packages.

Maybe you found it already, but I found it this week. The Storage Requirements Calculator from the Exchange Team.

This tool can be used when desinging the storage environment for you Exchange 2007 environment. With this tool yoiu can for example determine what the storage requirements are (I/O Performance and capacity) and determine the optimal LUN design.

The tool can be downloaded for free from the Exchange Team website.