Saturday, 30 April 2011

Installation of Exchange server 2007

How to Setup Exchange Server 2007

Follow the steps below to correctly configure your Exchange Server 2007 email server for general use, and for use with IGetMail.  Note that for this document we are assuming you are installing Exchange 2007 on Windows Server 2008 64-Bit.
  • Pre-Installation Checklist
    • Install Windows Server 2008 64-bit version
    • Configure your static IP address
    • Activate Auto Updates
    • Add role - Active Directory Services
    • Add role - Active Directory Lightweight Services
    • Add feature - Windows Process Activation Service
    • Add role - Web Server (IIS)
    • Add feature - PowerShell
    • Roles / Features NOT to install
  • Installing Exchange Server 2007
  • Allow Mail access to your Exchange Server
  • Adding E-Mail Users
Pre-Installation Checklist
Make sure you have all of the following steps in place before you setup Exchange Server 2007 on Windows Server 2008 64-Bit.
For simplicity we are assuming you are setting up a small office where one machine will be used for both the Active Directory and the Exchange Server. This setup works just fine and reduces the number of machines to maintain. If you have a larger office you may want to consider separating the Active Directory machine and the Exchange 2007 Server. 
Install Windows Server 2008 64-bit version
Exchange 2007 is a 64-bit application and requires 64-bit versions of Windows Server 2003 or Windows Server 2008.  You should select a computer that is capable of running the 64-bit version of Windows Server 2003 or 2008.  For this example we will start with a clean installation of Windows Server 2008 64-bit version that has not had any roles installed.
After installing Windows Server 2008, we set the clock and the name of the server to be "EX2007".  At this point this server is configured to be a stand-alone computer with default settings.

Configure Your Static IP Address
The default installation of Windows 2008 sets your IP v4 and IP v6 addresses to use DHCP.  Since we will be configuring this computer to be a domain controller, you must change the IP address of the computer to be a static IP address.
To change your IP address, click on "View Network Connections" in the Server Manager screen. 
This will display the list of active network interfaces.

Double-click on your network adaptor to display the adaptors status.

Press the Properties button.

Highlight "Internet Protocol Version 4 (TCP/IPv4)" and press the Properties button.

Change the radio button to "Use the following IP address" and enter an IP address you want to use for this server.  In our example, we chose to assign this server the internal IP address "192.168.1.25".  We also have a firewall appliance that operates as a gateway at the IP address "192.168.1.1". 
NOTE: It is important to include this computer in the DNS list.  You should list the IP address of this computer as the first entry in the list of DNS servers.  In the "Alternate DNS server" field, enter the IP address of a DNS server provided by your ISP.
Press OK to save your changes.
Now you will need to modify the support for IP v6.  If your network uses IP v6, then you will need to select "Internet Protocol Version 6 (TCP/IPv6)" and press the Properties button.  Enter a static address.  If you are not using IP v6, you can leave the IP v6 set to the default setting of DHCP.
NOTE:  Exchange requires that IP V6 be enabled.  Even if you do not use IP V6 you must leave it enabled.  During the setup of Active Directory, the Active Directory Setup Wizard will check that both IP v4 and IP v6 have static addresses as long as the IP v4 address is static you can continue the installation.  DO NOT DISABLE IP V6 or else the Exchange Hub Transport Service will not start.
At this point you should have all IP addresses on this server configured as static IP addresses.  OR you have the IP v4 address configured as static and the IP v6 configured using DHCP.  Press OK to save your changes and close the network connection screen.
Activate Auto Update
The next step in making this server a domain controller is to activate auto update.  Active Directory will not install until this computer has auto updates active.  To activate auto updates click on the link "Configure Updates".   Then select the option to have Windows automatically install updates.   At this time Windows will download updates and will most likely need to reboot your computer.  Allow the updates to be applied and the computer to be restarted until all updates are applied before installing Active Directory.  You do not want to be in the middle of installing Active Directory when an auto update needs to reboot your computer.

Add role - Active Directory Services
The process of installing Active Directory consists of two steps, the first step is to install Active Directory and then you will need to configure your Active Directory.  Once this is complete your Windows Server will now be a domain controller.
Step 1 - Install Active Directory
At the Computer Management Screen press the "Add Roles" link.  At the Select Server Roles dialog check/tick the option "Active Directory Domain Services" and press Next.

Active Directory Domain Services will present information about the changes it will make to your server.  Review this information and press Next.

Now the installation will scan your configuration and inform you if there are any pre-requisites that you have not fulfilled.  If the Active Directory Installation presents an errors, correct these at this time and then repeat the installation.  Once the Setup program indicates that you have met all pre-requisite, then  press the Install button to start the installation process.

The setup program will now install Active Directory on your Server.

When the installation is complete you should see a message indicate "Installation Succeeded", press Close to return to the Server Management Screen.

Step 2 - Configure Active Directory
At the Server Management screen you should now see that you have 1 role installed.  The Active Directory Domain Services may indicate that it is installed but there are errors.  This is because the software is installed but not configured.

To configure Active Directory click on the line under Roles labeled "Active Directory Domain Services".  The Server Manage will show you a page about the status of the Active Directory Role.

Click on the link "Run the Active Directory Services Installation Wizard (dcpromo.exe)" and the Active Directory Domain Services Installation Wizard will appear, press Next.

The Installation Wizard will present information about the version of Active directory, press Next.

Since we are assuming this Exchange Server will be the first Domain Controller, we chose to create a new domain in a new forest.  Press Next.

Enter the name of your domain.  The domain name you enter here is the domain name that Exchange will associated with all of your email.  If you use a hosting company to host your Internet Domain, then you may want to enter the name of your Internet domain with ".local".  If you host your own Internet Domain then you would enter your domain name here.
In our example we are assuming that IGetMail.com is hosted at an Internet Hosting Company.  Since we do not host IGetMail.com on this Exchange Server, we will use IGetMail.local to indicate our internal domain for IGetMail. 
NOTE:  Once you enter your domain name it is very hard to change it in the future, so you should take great care when enter this name. 
Press Next once you have decided on the name of your internal domain, that will be your Active Directory Domain and the domain serviced by Exchange.

Next the Installation Wizard will ask you about compatibility.  If you plan to have domain controllers running various versions of Active Directory then you will want to chose a function level to include the lowest version of Windows that you are using for domain controllers.  Press Next.

Next you will be asked a similar question which is at the domain level instead of the forest level on the previous screen.  You should follow the same approach and include the function level to include the lowest version of Windows you plan to use for domain controllers.  Press Next.

The first Domain Controller needs to have a DNS server running locally.  The optimal location is to start out with having the installation wizard install the DNS server locally.  Also it will automatically make this computer a global catalog server.  Press Next.

You can specify where you want Active Directory to store its data.  If you only have on e drive in your Server then use the defaults.  If you have multiple drives, you can select which drive to use.  Press Next.

Should you need to restore Active Directory in the event of a hard drive failure you will need to boot your Server into a special mode called "Directory Restoration Mode".  Should you need to boot your computer into this special mode, you will need to use a special password just for this restoration.  You can define this password at this time.  NOTE:  This password is different than the administrator account and if you change the administrator password this password will not change.  So you will need to store this password forever in a safe place.  Press Next.

Now the Installation Wizard will summarize the configuration that it is about to create.  Press Next to start the process of configuring your new Domain Controller.

The Installation Wizard will show its progress as it configures your Server.   This will take a long time.

When the installation is complete, you will be shown a final screen.  Press Finish.

Then restart your computer.
After restarting your computer Windows should show you the Server Manager.  You should see on the Server Manager screen that you have Active Directory and DNS Server roles installed.  Also the process of installing Active Directory will add the features "Group Policy Management" and "Remote Server Administration Tools".

Friday, 29 April 2011

ISA Server 2006: Installing ISA 2006 Enterprise Edition (beta) in a Unihomed Workgroup Configuration

However, we’ll change our approach a little bit now with the release of ISA Server 2006. The reason for this is that the new ISA firewall, ISA Server 2006, has new features and improvements that are primarily focused on the Web proxy filter components that support Web Publishing Rules. These components include:
  • Improved OWA, OMA, ActiveSync and RPC/HTTP publishing support
  • Improved SharePoint Portal Server support
  • Improved Windows SharePoint Services support
  • Support for publishing Web farms
  • Support for binding multiple certificates to a single Web listener
  • Support for wildcard certificates bound to the published Web server
  • Support for multiple new authentication delegation scenarios
  • Support for LDAP authentication for Web Publishing Rules
  • And many more!
I won’t go through an entire review of what’s new and improved in the new ISA firewall product at this time. I’ll prepare another article on that topic for you and publish here on ISAserver.org in the near future. At this point I just want to make it clear that the major thrust of the new ISA firewall product is on secure Web Publishing scenarios.

Apologia for Unihomed ISA Firewall Deployments

One advantage of the Web Publishing scenario is that you can place the ISA firewall just about anywhere on the network. And one of the most popular deployment scenarios in a Web publishing only scenario is placement of a unihomed ISA firewall in Web proxy only mode in an existing firewall’s DMZ segment. The existing firewall can be a multihomed ISA firewall, or it can be any other kind of network firewall.
I’ve already gone into the details of how to configure a unihomed ISA firewall in a DMZ segment over at http://www.isaserver.org/articles/2004pixwebproxy.html so I won’t repeat that effort here. What I will do in this article is demonstrate how to install ISA Server 2006 on a single NIC server on the corporate network. In an article that follows this one, I’ll describe how to install ISA Server 2006 Enterprise Edition on an array of single NIC servers.
This article also represents a major departure from how I usually configure the ISA firewall in another way: the unihomed ISA firewall won’t be a member of an Active Directory domain. While domain membership significantly enhances the overall security the ISA firewall can provide when deployed in full firewall mode, this isn’t necessarily true when the ISA firewall is installed as a unihomed Web proxy server dedicated to Web publishing. This is especially the case with ISA Server 2006, given that we now have integrated support for LDAP authentication.

Procedure for Installing ISA Server 2006 Enterprise Edition on a Unihomed Computer

Before you get started installing ISA Server 2006 Enterprise Edition on a new computer, make sure you have done the following:
  • Install Windows Server 2003 and installed Windows Server 2003 SP1 and all current updates
  • Do not join the unihomed computer to the domain
  • Configure a static IP address on the network interface
  • Configure a DNS server address on the network interface that enables the unihomed ISA firewall to resolve its own name and the names of the published servers. You should configure the device to use a domain name suffix that matches your Active Directory domain so that the machine can resolve its own name.
  • If you are not allowing dynamic DNS registrations on your internal DNS servers, manually enter a Host (A) record for the unihomed ISA firewall device into your DNS
  • Configure the unihomed ISA firewall’s network interface with a gateway address that allows it to reach both the Internet and the published servers
  • Obtain the ISA Server 2006 Enterprise Edition beta trial software at http://www.microsoft.com/isaserver/2006/beta.mspx
Once you’ve performed those actions, you’ll be ready to install ISA Server 2006 Enterprise Edition on your unihomed computer.
Perform the following steps to install ISA Server 2006 Enterprise Edition:
  1. Copy the installation files for ISA Server 2006 Enterprise Edition to the unihomed ISA firewall device. Then double click on the isaautorun.exe to bring up the installation dialog box.
  2. In the Microsoft ISA Server 2006 beta installation dialog box, click the Install ISA Server 2006 link.
  3. Click Next on the Welcome to the Installation Wizard for Microsoft ISA Server 2006 Beta page.
  4. On the License Agreement page, select the I accept the terms in the license agreement option and click Next.
  5. On the Customer Information page, enter your User Name, Organization and Product Serial Number and click Next.
  6. On the Setup Scenarios page, select the Install both ISA Server services and Configuration Storage server option. Note that this option implies that you can install both ISA Server firewall services and the CSS at the same time, and then later install additional array members once you have this installed. This is not true. Use this option only if you plan to deploy a single member ISA Server 2006 Enterprise Edition array. If you plan to add additional array members later, then do not select this option. Since this article is focused on installing a single ISA Server 2006 Enterprise Edition unihomed device as a single member array, we will use this option. Click Next.

Figure 1
  1. On the Component Selection page, accept the default settings. Note that you don’t have the option to install the Firewall client. I’m not sure where or how we’ll end up doing this in the future, as its also not an option on the initial setup page. This will likely be worked out by the time the product releases. Note that Advanced Logging is MSDE logging. If you prefer to use SQL logging or text based logging, then do not select this option  Click Next.

Figure 2
  1. On the Enterprise Installation Options page, select the Create a new ISA Server enterprise option. Since this will be the only machine in the array, we need to create a new ISA enterprise. Note that the option Create a replica of the enterprise configuration option is not available to workgroup configurations. This is something to keep in mind in the future if you want to have a backup CSS for your enterprise array. However, its not an issue for us, since this is a single machine array. Click Next.

Figure 3
  1. Click Next on the New Enterprise Warning page.

Figure 4
  1. On the Internal Network page, click the Add button.
  2. In the Addresses dialog box, click the Add Adapter button. In the Select Network Adapters dialog box, put a checkmark in the checkbox next to the single interface installed on the computer. Note that in a typical firewall installation, this NIC would be used to define the default Internal network. In a unihomed ISA firewall Web proxy configuration, this is not the case, since all addresses are considered internal. Click OK.

Figure 5
  1. In the Addresses dialog box, click OK. Note that the addresses listed in this dialog box will have no meaning in the unihomed ISA firewall configuration scheme. In a normal ISA firewall setup with multiple interfaces, these addresses would define the default Internal ISA firewall Network. However, as I mentioned in the last step, with a unihomed ISA firewall in Web proxy mode, all addresses are considered part of the default Internal ISA firewall Network.

Figure 6
  1. Click Next on the Internal Network page. Note again that the IP addresses listed here do not represent the default Internal Network on a unihomed ISA firewall as we'll see later when we apply the single NIC ISA firewall template.

Figure 7
  1. On the Firewall Client Connections page, click Next. We don’t have to worry about Firewall client connections because both Firewall and SecureNAT clients are not supported on a unihomed ISA firewall in Web proxy configuration. Only Web proxy clients are supported.
  2. Click Next on the Services Warning page.
  3. Click Install to being the installation.
  4. On the Installation Wizard Completed page, put a checkmark in the Invoke ISA Server Management when the wizard closes checkbox and click Finish.
  5. Close the Internet Explorer window entitled Protect the ISA Server Computer.


The first thing you’ll notice when the console opens is a link entitled Click here to learn about the Customer Experience Improvement Program. Click that link.

Figure 8
This brings up the Customer Feedback dialog box. I highly recommend that you participate in the Customer Experience Improvement Program. No personal data is sent to Microsoft and the result of your participation is to make the ISA firewall product more flexible and provide even higher levels of security to your network. Select the Yes option to participate in the program.

Figure 9
After you select an option and click OK, the link disappears from the middle pane of the console.
Expand all the nodes in the left pane of the ISA firewall console. Then perform the following steps to see the definition of the default Internal ISA firewall Network:
  1. In the left pane of the ISA firewall console, click the Networks node under the Configuration node.

Figure 10
  1. In the Networks node, click the Networks tab in the middle pane of the ISA firewall console. Double click on the Internal entry.
  2. In the Internal Properties dialog box, click the Addresses tab. Here you see the addresses that define the default Internal ISA firewall Network at this time. However, this will change when we configure this ISA firewall to act as a Web proxy only unihomed ISA firewall. Click Cancel to leave this dialog box.

Figure 11
What we need to do now is apply the unihomed ISA firewall template to configure this machine as a unihomed Web proxy only ISA firewall. Perform the following steps to apply the template:
  1. In the Task Pane, click the Templates tab. Scroll down the list of templates and click the Single Network Adapter template.

Figure 12
  1. Click Next on the Welcome to the Network Template Wizard page.
  2. Click Next on the Export the ISA Server Configuration page. Note that you have the option to export the current configuration, but we’ll not use that option because we haven’t made any configuration changes from the default setting.

Figure 13
  1. On the Internal Network IP Addresses page, you’ll see the addresses that will be configured to define the default ISA firewall Internal Network. Notice that all IP addresses except the local host network range are considered part of the default Internal network. For this reason, SecureNAT and Firewall clients are not supported in a unihomed Web proxy mode ISA firewall configuration. You do not need to make any changes on this page. Click Next.

Figure 14
  1. On the Select a Firewall Policy page, you are offered a single firewall policy to select from. Click on the Apply default Web proxying and caching configuration option. This will apply the default Deny rule to the firewall policy for the array. No Network Rules are created because the Web proxy always replaces its own IP address for the IP address of the Web proxy client connecting to the Internet through the unihomed Web proxy mode ISA firewall. Click Next.

Figure 15
  1. On the Completing the Network Template Wizard page, click Finish.
  2. Click Apply to save the changes and update the firewall policy.
  3. Click OK in the Apply New Configuration dialog box.
At this point you’re ready to start configuring firewall policy and customizing the installation.

Thursday, 28 April 2011

Upgrade from Windows Server 2003 Domain Controller to Windows Server 2008

In-Place Upgrade from Windows Server 2003 Domain Controller to Windows Server 2008

Published

:

December 20, 2007
Last Updated : December 20, 2007
Introduction

I have been using Windows Server 2003 for years and I believe its time to shift and try using Windows Server 2008, I have downloaded RC0 and decided to Upgrade my Domain Controller, which is also a DNS & DHCP Server to Windows Server 2008 Standard Edition RC0. In this article, I will show you step by step how to perform an in-place upgrade for a Domain Controller from Windows Server 2003 To Windows Server 2008 RC0


Note: This article was written when Windows Server 2008 was still RC0. Changes might occur later once the product is RTM'd
Upgrade Steps
  1. On you Windows Server 2003 DC, insert the Windows Server 2008 DVD, and then open command prompt and run the following commands, make sure first to browse to the adprep directory inside the Windows 2008 DVD , in my case case, the F drive is the DVD Drive letter, so to browse to the adprep directory I would write the following inside cmd: cd f:\sources\adprerp
  • adprep/ forestprep
  • adprep/ domainprep
  • adprep/ rodcprep (Optional, if you plan to add a Read Only Domain Controller Later)





  1. If the Install Windows page did not auto run before the previous step, double click on your DVD drive where you have inserted the Windows Server 2008 DVD, then Click on Install now

  2. A please wait screen will be followed, then a page to decide what to do, either to go online and get the latest updates for installation or to skip going online by clicking on the Do not get the latest updates for installation option



    I will perform the updates later, so for the purpose of this article, I will click on Do not get the latest updates for installation


  3. Enter the product key, click Next

  4. Accept the license terms and click on Next



  5. What we need to do is to upgrade our server, so click on the Upgrade option


  6. The compatibility report will be displayed telling you what hardware might not function once upgrade is completed , also to check with software vendors to check if their software are compatible with Windows Server 2008. click Next


  7. Upgrade is now in process


  8. The Server will be restarted automatically several times, the Upgrade process will continue with the remaining operations:
    • Expanding Files
    • Installing Features and updates
    • Completing Upgrade
  9. After multiple restarts, the Upgrade process will be completed and you will be able to start using your Windows Server 2008.
Summary
In this article, I showed you how to do an in-place upgrade for Windows Server 2003 Domain Controller to Windows Server 2008. The steps are easy and straightforward, just make sure while reading the compatibility report, if any of the hardware/software installed on your Server are compatible with Windows Server 200