Exchange 2010 Setup Checklist for Windows Server 2008 R2
Compiled Mostly from here.
In practice I have found that these hotfixes are included in Microsoft Updates and don’t need to be installed. I have kept them listed anyway.
——————————————begin hotfix list————————————————————————
The following hotfixes are required for the Client Access server for Windows Server 2008 R2:
- Install the update described in Knowledge Base article 979099, An update is available to remove the application manifest expiry feature from AD RMS clients. Without this update, the AD RMS features may stop working.
- Install the update described in Knowledge Base article 979744, A .NET Framework 2.0-based Multi-AppDomain application stops responding when you run the application.
- Install the update described in Knowledge Base article 983440, An ASP.NET 2.0 hotfix rollup package is available for Windows 7 and for Windows Server 2008 R2. For more information, see these MSDN Code Gallery pages:
- For additional background information, see KB983440 – Win7 rollup package (PR for QFE 810219).
- For the available downloads, see KB983440 – Win7 rollup package (PR for QFE 810219).
- Install the update described in Knowledge Base article 977020, FIX: An application that is based on the Microsoft .NET Framework 2.0 Service Pack 2 and that invokes a Web service call asynchronously throws an exception on a computer that is running Windows 7.
The following hotfix is required for Hub Transport and Mailbox servers for Windows Server 2008 R2:
- Install the update described in Knowledge Base article 979099, An update is available to remove the application manifest expiry feature from AD RMS clients. Without this update, the AD RMS features may stop working.
———————————————-end of hotfix list————————————————————
Install Prerequisites:
Install this: Microsoft Office 2010 Filter Packs.
Run this command from the Windows PowerShell
Import-Module ServerManager
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy
reboot and then proceed
Open Services and set the NetTcpPortSharing service to Auto (You can’t do this until after the .Net Framework 3.5 is installed.)
The following hotfix is required for Windows Server 2008 R2 and must be installed after the operating system prerequisites have been installed:
- Install the hotfix described in Knowledge Base article 982867, WCF services that are hosted by computers together with a NLB fail in .NET Framework 3.5 SP1. For more information, see these MSDN Code Gallery pages:
- For additional background information, see KB982867 – WCF: Enable WebHeader settings on the RST/SCT.
- For the available downloads, see KB982867 – WCF: Enable WebHeader settings on the RST/SCT.
After installing the preceding prerequisites and hotfix, and before installing Exchange 2010, we recommend that you install any critical or recommended updates from Microsoft Update.
Now install Exchange 2010 by running the normal setup.
Post Install Checklist:
Self Signed Cert:
http://marckean.wordpress.com/2009/10/09/install-self-signed-exchange-2010-ssl-certificate/
New-ExchangeCertificate -FriendlyName “SelfSigned Cert” -SubjectName “cn=e2010.somedomain.com” -DomainName e2010,e2010.somedomain.com,autodiscover.somedomain.com,mail.somedomain.com -PrivateKeyExportable $True
When finished it will show you the thumbprint for the cert. Paste it into this command:
Enable-ExchangeCertificate -Thumbprint 28E9D9C0E81607AFCE0F6511AA17D418D4B3D8FD -Services POP,IMAP,SMTP,IIS
Outlook Anywhere:
http://technet.microsoft.com/en-us/library/bb123542.aspx
Outlook Anywhere Using EMC:
- In the console tree, navigate to Server Configuration > Client Access.
- In the action pane, click Enable Outlook Anywhere.
- In the Enable Outlook Anywhere wizard, type the external host name or URL for your organization in the box under External host name.
This is the URL, for example site.contoso.com, that users will use to connect to the Exchange server by using Outlook Anywhere. - Select an available external authentication method. You can select Basic authentication or NTLM authentication.
Basic authentication sends the user name and password in clear text. It also requires that users enter domain, user name, and password every time that they connect to the Exchange server. When you use NTLM authentication, the user’s credentials are never sent over the network. Instead, the client computer and the server exchange hashed values of the user’s credentials. NTLM can also use the current Windows operating system logon information.
Even though it’s more secure, NTLM may not work with firewalls that examine and modify traffic. You can use an advanced firewall server such as Microsoft Internet Security and Acceleration (ISA) Server 2006 together with NTLM authentication for Outlook Anywhere.
.gif) Caution: |
|---|
| Negotiate Ex authentication is an authentication type that’s reserved for future Microsoft use and should not be used. Use of this setting will cause authentication to fail. |
Select this check box if you’ll be using a separate server to handle Secure Sockets Layer (SSL) encryption and decryption. When you use SSL offloading, the firewall in front of the Client Access server ends the SSL session and then establishes a new non-SSL session to the Exchange server.
.gif) Important: |
|---|
| Don’t use this option unless you’re sure that you have an SSL accelerator that can handle SSL offloading. If you don’t have an SSL accelerator that can handle SSL offloading, and you select this option, Outlook Anywhere won’t function correctly. |
Outlook Anywhere Using Shell:
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the “Outlook Anywhere configuration settings” entry in the Client Access Permissions topic.
In this example, the Client Access server named Exch1 is enabled for Outlook Anywhere with its external host name as site.contoso.org, the default authentication set to Basic, and SSL offloading not selected.
Enable-OutlookAnywhere -Server 'Exch1' -ExternalHostname 'site.contoso.org' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $false
This example enables the server named Server01 for Outlook Anywhere. The external host name is set to mail.contoso.com, both Basic and NTLM authentication are used, and SSL offloading is set to $true. The ClientAuthenticationMethod parameter specifies the authentication method that the Autodiscover service provides to the Outlook Anywhere clients to authenticate to the Client Access server. The authentication method can be set to Basic or NTLM.
Enable-OutlookAnywhere -Server:Server01 -ExternalHostname:mail.contoso.com -ClientAuthenticationMethod:Ntlm -SSLOffloading:$true
For more information about syntax and parameters, see Enable-OutlookAnywhere.
Enable Spam Filter:
- Run the following command from the %system drive%/Program FilesMicrosoftExchange ServerV14Scripts folder.
./install-AntispamAgents.ps1
- After the script has run, restart the Microsoft Exchange Transport service by running the following command.
Restart-Service MSExchangeTransport
You must specify all internal SMTP servers on the transport configuration object in Active Directory forest before you run connection filtering. Specify the internal SMTP servers by using the InternalSMTPServers parameter on the Set-TransportConfig cmdlet.
.gif) Important: |
|---|
| For all anti-spam features to work correctly, you must have at least one IP address of an internal SMTP server set on the InternalSMTPServers parameter on the Set-TransportConfig cmdlet. If the Hub Transport server on which you’re running the anti-spam features is the only SMTP server in your organization, enter the IP address of that computer. |
This example adds the internal SMTP server addresses 10.0.1.10 and 10.0.1.11 to the transport configuration of your organization.
Set-TransportConfig -InternalSMTPServers 10.0.1.10,10.0.1.11
Create an Offline Address Book Virtual Directory Configure ECP Virtual Directory Properties View or Configure Outlook Web App Virtual Directories View or Configure Exchange ActiveSync Virtual Directory Properties