Navigate your checklist ...........................................................................................................3 Confirm prerequisites are met for new install of Exchange 2010 .................................................4 Install the Exchange 2010 Client Access server role .................................................................5 Add digital certificates on the Client Access server ....................................................................9 Enable Exchange 2010 Outlook Anywhere .............................................................................13 Configure OAB and Web Services virt ual directories ...............................................................14 Configure settings on virtual directories ..................................................................................15 Install the Hub Transport server role ......................................................................................16 Install the Mailbox server role ................................................................................................20 Post-installation tasks ...........................................................................................................23 Checklist complete................................................................................................................24
entire checklist. Also, if you'd like to send mail to someone about a step, click Send. A link to the step is automatically included in the mail.
Directory Servers
Schema master The 32-bit or 64-bit edition of the Windows Server 2003 SP1 Standard or Enterprise operating system or later, or the 32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise operating system or later, or the Windows Server 2008 R2 Standard or Enterprise operating system. Global catalog server In every Active Directory site where you plan to install Exchange 2010, you must have at least one global catalog server that is either the 32-bit or 64-bit edition of Windows Server 2003 SP1 Standard or Enterprise or later, or the 32-bit or 64-bit edition of Windows Server 2008 Standard or Enterprise, or the Windows Server 2008 R2 Standard or Ent erprise. Acti ve Directory Forest The Active Directory forest must be Windows Server 2003 forest functional mode. Domain Controller You must have the 32-bit or 64-bit Windows Server 2003 Standard Edition or Ent erprise Edition SP1 operating system, or the 32-bit or 64-bit edition of the Windows Server 2008 Standard or Enterprise operating system or the Windows Server 2008 R2 Standard or Enterprise operating system.
Operating Systems
64-bit edition of Windows Server 2008 Standard Service Pack 2 64-bit edition of Windows Server 2008 Ent erprise Service Pack 2 64-bit edition of Windows Server 2008 Standard R2 64-bit edition of Windows Server 2008 Ent erprise R2
How do I do this?
You'll use the Exchange Server 2010 Setup wizard to install the Client Access role: 1. Insert the Exchange 2010 DV D into the DVD drive. When the Aut oPlay dialog appears, click Run Setup.exe under Install or run program . If the AutoPlay dialog doesn't appear, navigate to the root of the DVD and double-click Setup.exe. Alternatively, brows e to the location of your Exchange 2010 installation files and double-click Setup.exe. TheExchange Server 2010 Setup welcome screen appears. In the Install section, the software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites. However, if these prerequisites aren't already installed, click the appropriate step to install them. When Steps 1 and 2 are listed as Installed, click Step 3 to expand the Exchange language options, and then choose the appropriat e option: a. Install all languages from the language bundle This option installs all the Exchange 2010 languages from an Exchange 2010 language bundle. You can connect to the Int ernet to download the lat est applicable language bundle or to use a previously 5
2.
3.
downloaded language bundle on a local drive or network share. Internet connectivity is required for Exchange Setup to download the language pack bundle. b. Install only languages from the DVD This option installs only the languages included with the Setup DVD. The installation of additional languages support requires installing the languages from the language bundle.
4. 5. 6. 7. 8.
After Step 3 is complet e, click Step 4: Install Microsoft Exchange . On the Introduction page, click Next. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement , and click Next. On the Error Reporting page, select Ye s or No to enable the Exchange Error Reporting feature, and click Next. On the Installation Type page, select Custom Exchange Server Installation . To optionally change the installation path for Exchange 2010, click Browse , locate the appropriate folder in the folder tree, and then click OK. Click Next. On the Server Role Selection page, select the Client Acce ss Role , and click Next. The Management Tools option, which installs the Exchange Management Console and the Exchange Management Shell, will also be selected and installed.
9.
10. Use the Configure Client Access Serverexternal domain page to configure an external fully-qualified domain name (FQDN). This is the FQDN that you give to Microsoft Office Outlook Web App, Outlook Anywhere, and Exchange ActiveSync users to connect to Exchange 2010. Select the check box, enter your FQDN, and then click Next. 11. On the Customer Experience Improvement Program page, optionally join in the Exchange Customer Experience Improvement Program (CE IP). The CE IP collects anonymous information about how you use Exchange 2010 and any problems that you encount er. To join the CEIP, select Join the Customer Experience Improvement Program , choose the industry that best repres ents your organization, and then click Next. 12. On the Readiness Checks page, review the Summary to det ermine if the system and server are ready for the Client Access role to be installed. If all prerequisite checks completed successfully, click Install . If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed wit h installing the Client Access role. In many cases, you don't need to exit Setup while you're fixing issues. After you res olve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported.
13. The Progre ss page displays the progress and elapsed time for each phase of the installation. As each phase ends, it's marked completed and the next phase proceeds. If any errors are encountered, the phase will end as incomplete and uns uccessful. If that happens, you must exit Setup, resolve any errors, and then restart Setup. 14. When all phases have finished, the Completion page dis plays. Review the results, and verify that each phase completed successfully. Clear the check box for Finalize this installation using the Exchange Management Console , and then click Finish to exit Setup. 15. When you're returned to the Setup welcome screen, click Close . On the Confirm Exit prompt, click Yes. 16. Restart the computer to complete the installation of the Client Access role.
In addition to these three names, your root domain (for example, contoso.com) will also be added as a name. There are three steps to adding certificates to your Client Access server(s): 1. If you don't already have a digital certificate, you can use the Certificate Request Wizard in Exchange 2010 to generate a certificate request file, which yo u can then submit to your selected Certification Authority. After you have the digital certificat e from your Certification Authority, you then complet e the certificate request process by importing the certificate into your Client Access server. After the certificate has been imported, you assign one or more client access services to it.
2. 3.
Before proceeding with these steps, we recommend that you review this topic: Understanding Digital Certificates and SSL
In addition, the configuration settings used in the Exchange Deployment Assistant assume that you are using split DNS for client access. To learn more, see: Understanding DNS Requirements
b.
10
c.
Client Acce ss server (Exchange ActiveSync) Exchange ActiveSync should already be selected and the domain name field should be configured with the same FQDN used for Outlook Web App. Client Acce ss server (Web Services, Outlook Anywhere, and Autodi scover) Exchange Web Services, Outlook Anywhere, and Autodiscover on the Internet should already be selected. Outlook Anywhere should already be configured to use two FQDNs: one that is the same FQDN used by Outlook Web App (for example, mail.contoso.com) and one that is the root domain for that FQDN (for ex ample, contoso.com). Autodiscover should already be configured to use a long URL, which should automatically be configured as autodiscover. rootdomain (for example, autodiscover.contoso.com). Client Acce ss server (POP/IMAP) If you plan on using secure POP or secure IMAP internally or over the Internet, expand this option and select the appropriate check box. In the domain name field for each protocol, remove the individual server names and enter the same FQDN you're using for Outlook Web App. Unified Messaging server If you plan on using Unified Messaging (UM) feat ures, you can use a certific ate that is self-signed by an Exchange 2010 UM server (which is the default option). If you're integrating UM with Office Communications Server (OCS), you'll need to use a public certificate. We recommend using a separate certificate for UM and OCS integration. Hub Transport server Hub Transport servers can use certificates to secure Internet mail, as well as POP and IMAP client submission. If you plan on using mutual TLS or if you're using POP or IMAP clients and want to secure their SMTP submissions, select the appropriate check box and in the FQDN field, ent er the same FQDN you're using for Outlook Web App. Legacy Exchange Server This option is used to add the legacy namespace to the certificate, which will be used only during the period of coexistence between Exchange 2010 and the legacy version(s). Expand this option, select the Use legacy domains check box, and in the FQDN field, enter the FQDN you are using for your legacy namespace.
d.
e.
f.
g.
h.
6.
On the Certi ficate Domains page, review the list of domains that will be added to the certificate. If the names are correct, click Next. If any names are missing or incorrect, you can click Add to add missing names, or select a name and click Edit to modify the name. Click Next. On the Organization and Location page, fill in the Organization, Organization unit, Location, Country/region, City/locality, and State/province fields. Click Brow se and browse to the location where you want the certificate request file created. In the File name field, enter a name for the request file (for example, Exchange Certificate Request.req) and click Save . Click Next. On the Certi ficate Configuration page, review the configuration summary. If any changes need to be made, click Back, and make the necessary changes. If everything is correct, click New to generate the certific ate request file.
7.
8.
11
9.
On the Completion page, review the output of the wizard. Click Finish to close the wizard.
10. Transmit the certificate request file to your selected Certification Authority, who will then generate the certificate and transmit it to you. After you have the certificate file, you can use the Complete Pending Request wizard to import the certificate file into Exchange 2010. 11. In the Console tree, click Server Configuration . 12. In the Work pane, right-click the certificate request you creat ed and click Complete Pending Request. 13. On the Introduction page, click Browse to select the certificate file provided to you by your selected Certification Authority. Enter the private key password for the certificate, and then click Complete . 14. On the Completion page, verify that the request completed successfully. Click Finish to close the Complete Pending Request wizard.
2. 3.
4.
5.
12
1. 2. 3.
In the Console tree, click Server Configuration . In the Result pane, select the server that contains the certificate, and then in the Work pane, select the certificate you want to view. From the Actions pane, click Open. You can view information about the certificate on the General, Details, and Certification Path pages of the Exchange Certificate dialog box.
How do I do this?
The Enable Outlook Anywhere wizard helps you with this task. 1. 2. 3. In the console tree, navigat e to Server Configuration > Client Acce ss. In the action pane, click Enable Outlook Anywhere . Enable Outlook Anywhere page: Type the external host name or URL for your organization in External host name . The external host name should be the FQDN you entered when installing the Client Access server role, whic h is the existing host name. For example, mail.contoso.com. Select either Ba sic authentication or NTLM authentication . If you're using an SSL accelerator and you want to use SSL offloading, select Allow secure channel (SSL) offloading . Important: Don't use this option unless you're sure that you have an SSL accelerat or that can handle SSL offloading. If you don't have an SSL accelerator that can handle SSL offloading, and you select this option, Outlook Anywhere won't function correctly. 4. Click Enable to apply these settings and enable Outlook Anywhere.
Outlook Anywhere will be enabled on your Client Access server after a configuration period of approximately 15 minutes. To verify that Outlook Anywhere has been enabled, check the application event log on the Client Access serve r. The following events will be logged in the event log. E vent ID 3007 MSExchange RP C over HTTP Autoconfig E vent ID 3003 MSExchange RP C over HTTP Autoconfig E vent ID 3004 MSExchange RP C over HTTP Autoconfig E vent ID 3006 MSExchange RP C over HTTP Autoconfig
How do I do this?
You must use the Exchange Management Shell to configure OAB and Exchange Web Services virtual directory settings. If you're unfamiliar with the Shell, learn more at: Overview of Exchange Management Shell 1. Configure the external URL for the offline address book using the following syntax. Set-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" ExternalUrl https://mail.contoso.com/OAB -RequireSSL:$true 2. Configure the external URL for Exchange Web Services using the following syntax. Set-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" -ExternalUrl https://mail.contoso.com/EWS/Exchange.asmx BasicAuthentication:$True
14
Get-OABVirtualDirectory -Identity "CAS01\OAB (Default Web Site)" ExternalURL Get-WebServicesVirtualDirectory -Identity "CAS01\EWS (Default Web Site)" -ExternalURL
How do I do this?
Perform the following steps from the computer that has the Exchange 2010 Client Access server role installed. 1. 2. 3. In the Console tree, navigat e to Server Configuration > Client Acce ss. In the Result pane, select the Client Access server you want to configure. In the Work pane, click the tab that corres ponds to the virtual directory whose settings you want to configure (Outlook Web App, Exchange Control Panel, Exchange ActiveSync), and then click the virtual directory. In the Actions pane, under the virtual directory name, click Properties. Edit any of the settings on the tabs. (If you need more informat ion about the settings, click F1 while you're on a tab.) Common settings to be configured are: a. b. c. d. External URL This is the URL used to access the Web site from the Internet. The value for this URL should have been set during installation of the Client Ac cess server role. Authenti cation You can specify a variety of authentication options, as well as specify the sign-in format and sign-in domain. Direct File Acce ss For Outlook Web App, you can configure direct file access settings for public and private computers. Exchange2003URL This parameter is only necessary when you have users with mailboxes on Exchange 2003 at the same time as users with mailboxes on Exchange 2010. In that case, set this parameter to the legacy DNS endpoint, for ex ampl e, http://legacy.contoso.com.
4. 5.
6.
15
16
2.
TheExchange Server 2010 Setup welcome screen appears. In the Install section, the software listed for Steps 1 and 2 was installed with the Exchange 2010 prerequisites. If these prerequisites are not already installed, click on the appropriate step to install them. When Steps 1 and 2 are listed as Installed, click Step 3 to expand the Exchange language options, and then choose the appropriat e option: a. Install all languages from the language bundle This option installs all the Exchange 2010 languages from an Exchange 2010 language bundle. You can connect to the Internet to download the latest applicable language bundle or to use a previously downloaded language bundle on a local drive or network share. Internet connectivity is required for Exchange Setup to download the language pack bundle. Install only languages from the DVD This option installs only the languages included with the Setup DVD. The installation of additional lang uages support requires installing the languages from the language bundle.
3.
b.
4. 5. 6. 7. 8.
After Step 3 is complet e, click Step 4: Install Microsoft Exchange . On the Introduction page, click Next. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement , and click Next. On the Error Reporting page, select Yes or No to enable the Exchange Error Reporting feature, and click Next. On the Installation Type page, select Custom Exchange Server Installation . To optionally change the installation path for Exchange 2010, click Browse , locate the appropriate folder in the folder tree, and then click OK. Click Next. On the Server Role Selection page, select the Hub Transport Role , and click Next. The Management Tools option, which installs the Exchange Management Console and the Exchange Management Shell, will also be selected and installed.
9.
17
10. On the Readiness Checks page, review the Summary to det ermine if the system and server are ready for the Hub Transport role to be installed. If all prerequisite checks completed successfully, click Install . If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed wit h installing the Hub Transport role. In many cases, you don't need to exit Setup while you're fixing issues. After you res olve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. 11. The Progre ss page displays the progress and elapsed time for each phase of the installation. As each phase ends, it's marked completed and the next phase proceeds. If any errors are encountered, the phase will end as incomplete and uns uccessful. If that happens, you must exit Setup, resolve any errors, and then restart Setup. 12. When all phases have finished, the Completion page dis plays. Review the results, and verify that each phase completed successfully. Clear the check box for Finalize this installation using the Exchange Management Console , and then click Finish to exit Setup. 13. When you're returned to the Setup welcome screen, click Close . On the Confirm Exit prompt, click Yes. 14. Restart the computer to complete the installation of the Hub Transport role.
How do I add the Hub Transport server role to my Client Access server?
18
You can also use the Exchange Server 2010 Setup wizard to add the Hub Transport role to your existing Client Access server. 1. 2. 3. 4. 5. Open the Windows Control Panel and launch the P rograms and Features applet. Select Microsoft Exchange Server 2010 from the list of installed programs, and then click Change . The Exchange Server 2010 Set up wizard will start in Exchange Maintenance Mode. Click Next. On the Server Role Selection page, select the check box for Hub Transport Role and then click Next. On the Readiness Checks page, review the Summary to det ermine if the system and server are ready for the Hub Transport role to be installed. If all prerequisite checks completed successfully, click Install . If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed wit h installing the Hub Transport role. In many cases, you don't need to exit Setup while you're fixing issues. After you res olve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. The Progre ss page will display the progress and elapsed time for each phase of the installation. As each phase ends, it will be marked completed and the next phase wil l proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful. In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance Mode. When all phases have finished, the Completion page will be displayed. Review the results and verify that each phase completed successfully. Click Finish to exit Setup. Restart the computer to complete the installation of the Hub Transport role.
6.
7. 8.
19
2.
3.
b.
4. 5.
After Step 3 is complet e, click Step 4: Install Microsoft Exchange . On the Introduction page, click Next. 20
6. 7. 8.
On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement , and click Next. On the Error Reporting page, select Ye s or No to enable the Exchange Error Reporting feature, and click Next. On the Installation Type page, select Custom Exchange Server Installation. To optionally change the installation path for Exchange 2010, click Browse , locate the appropriate folder in the folder tree, and then click OK. Click Next. On the Server Role Selection page, select the Mailbox Role, and click Next. The Management Tools option, which installs the Exchange Management Console and the Exchange Management Shell, will also be selected and installed.
9.
10. On the Client Settings page, select Yes if your organization has client comput ers running either Microsoft Outlook 2003 or Microsoft Entourage 2004 or earlier. Select No if you don't. 11. On the Readiness Checks page, review the Summary to det ermine if the system and server are ready for the Mailbox role to be installed. If all prerequisite checks compl eted successfully, click Install . If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed wit h installing the Mailbox role. In many cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. 12. The Progre ss page displays the progress and elapsed time for each phase of the installation. As each phase ends, it's marked completed and the next phase proceeds. If any
21
errors are encountered, the phase will end as incomplete and uns uccessful. If that happens, you must exit Setup, resolve any errors, and then restart Setup. 13. When all phases have finished, the Completion page dis plays. Review the results, and verify that each phase completed successfully. Clear the check box for Finalize this installation using the Exchange Management Console , and then click Finish to exit Setup. 14. When you are returned to the Setup welcome screen, click Close . On the Confirm Exit prompt, click Yes. 15. Restart the computer to complete the installation of the Mailbox role.
How do I add the Mailbox server role to an existing Exchange 2010 server?
You can also use the Exchange Server 2010 Setup wizard to add the Mailbox role to an existing Exchange 2010 server. 1. 2. 3. 4. 5. Open the Windows Control Panel and launch the P rograms and Features applet. Select Microsoft Exchange Server 2010 from the list of installed programs, and then click Change . The Exchange Server 2010 Set up wizard will launch in Exchange Maintenance Mode. Click Next. On the Server Role Selection page, select the check box for Mailbox Role and then click Next. On the Readiness Checks page, review the Summary to det ermine if the system and server are ready for the Mailbox role to be installed. If all prerequisite checks completed successfully, click Install . If any of the prerequisite checks failed, you must resolve the displayed error before you can proceed wit h installing the Mailbox role. In many cases, you don't need to exit Setup while you're fixing issues. After you resolve an error, click Retry to run the prerequisite check again. Also, be sure to review any warnings that are reported. The Progre ss page will display the progress and elapsed time for each phase of the installation. As each phase ends, it will be marked completed and the next phase will proceed. If any errors are encountered, the phase will end as incomplete and unsuccessful. In this event, you must exit Setup, resolve any errors, and then restart Setup in Maintenance Mode. When all phases have finished, the Completion page will be displayed. Review the results and verify that each phase completed successfully. Click Finish to exit Setup. Restart the computer to complete the installation of the Mailbox role.
6.
7. 8.
22
The successful completion of the Exchange Setup wizard will be your first indication that the installation process worked as expected. To further verify that the Mailbox server role installed successfully, you can run Get-ExchangeServer <server name> in the Exchange Management Shell, which can be launc hed from the Exchange Server 2010 program group on the Windows Start Menu. This cmdlet outputs a list of the Exchange 2010 server roles that are installed on the specified server. You can also review the contents of the Exchange setup log file (ExchangeSetup.log), located in <system drive> \ExchangeS etupLogs to verify that the Mailbox role was installed as expect ed. Learn more at: Verifying an Exchange 2010 Installation
Post-installation tasks
After you complete a new installation of Exchange 2010 or after you add an additional Exchange 2010 server role to an existing Exchange 2010 server, you should complete the postinstallation tasks. The post-installation tasks will help you verify the installation and configure the components that you have just installed.
23
Permissions configuration
For the purposes of the Exchange Deployment Assistant, your administrator account was granted permissions that you might not need going forward. You should verify that this account doesn't have more permissions than required to config ure and manage your Exchange 2010 environment. Role Bas ed Access Control (RBA C), the new permissions model in Exchange 2010, is extremely flexible. The built -in role groups are probably sufficient to manage most of your Exchange 2010 organization. You can simply add and remove members from the existing role groups to control permissions. The following topics will provide more information and help you configure the appropriate permissions for your Exchange 2010 tasks: Understanding Permissions Understanding Role Based Access Control Understanding Management Role Groups Understanding Management Scopes Built-in Role Groups Built-in Management Roles Understanding Permissions Coexistence with Exchange 2003
Checklist complete
Congratulations on successfully completing your checklist in the Exchange Deployment Assistant!
24
25