Thursday, September 7, 2017

Install Microsoft Exchange 2016 Like a Boss

Prerequisites


First step is to install Windows Server 2016 X64 with the server GUI, then join it to a domain that is Windows Server 2012 schema or Server 2016 Schema. Next step is to install the infamous "Microsoft Unified Communications Managed API 4.0, Core Runtime" package. see below.

This computer requires the Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit. Please install the software from http://go.microsoft.com/fwlink/?LinkId=260990

If you see the message below, and you have installed the server GUI, then you need to get CU4 from KB3177106, and use this ISO to restart the installation process.


The Windows component Server-Gui-Mgmt-Infra isn't installed on this computer and needs to be installed before Exchange Setup can begin.

For more information, visit: http://technet.microsoft.com/library(EXCHG.160)/ms.exch.setupreadiness.ServerGuiMgmtInfraNotInstalled.aspx

Just for kicks, Install the Server GUI component from Powershell

Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell -Restart

Or
Get-WindowsFeature -Name *GUI*
from
http://kpytko.pl/powershell/how-to-install-server-gui-on-windows-server-2016-from-powershell/

A note about running Exchange Server 2016 on Windows Server 2016.

https://blogs.technet.microsoft.com/exchange/2016/12/13/released-december-2016-quarterly-exchange-updates/
 

Newsflash:
The original installer is full of bugs, the updater does not work at all.
Cumulative Update 4 for Exchange Server 2016 (KB3177106)

https://www.microsoft.com/en-us/download/confirmation.aspx?id=54450
to get a good installer package that will pass the readiness checks.

Once Installed, visit this URL in your IE.  This is the Exchange Control Panel GUI in a IE.
https://localhost/ecp/?ExchClientVer=15

The left column has the usual menu items that you have seen in older versions of Exchange. Some steps to configuring Exchange 2016 like a BOSS.
1) Mail Flow Menu

  • Configure Accepted Domains here. Add all of your domains. Configure your email address policies, configure all of your recieve connectors for ports 25, 465, 587 for Hub Transport between Outlook clients and Exchange or between Exchange servers.  Set maximum message size here.
  • Configure the "Send Connector" here, which forwards outbound email to another SMTP relay or directly through MX records to external recipients. Use a smarthost or use MX records.

2) Servers Menu
Configure OWA here. Under authentification, configure the forms based authentification. Use UPN to allow NAME@DOMAIN here.


Assign SSL Certificates to services
https://technet.microsoft.com/en-us/library/dd351257(v=exchg.160).aspx

Great Deals on SSL Certs

SSL Certs for UC
https://www.ssls.com/ssl-certificates/comodo-unified-communications

SSL2BUY
https://www.ssl2buy.com/comodo-san-ssl-ucc-certificate-for-exchange?gclid=cjwkcajwos7nbraweiwaypnce73hbhilkaubqjxsq8ih-9s2zulrtjpycdydq2uiiihzi4ulxn94vrocmmaqavd_bwe

Configure Outside Services

IMAP4
https://technet.microsoft.com/en-us/library/bb124489(v=exchg.160).aspx

SMTP
https://technet.microsoft.com/en-us/library/gg298947(v=exchg.160).aspx

POP3
https://technet.microsoft.com/en-us/library/bb124934(v=exchg.160).aspx

Authenticated SMTP and Certificates
https://technet.microsoft.com/en-us/library/gg298947(v=exchg.160).aspx

Top 10 Useful Exchange Management Shell Commands

1. Show all of your SSL Certificates and then show the services assigned to them.
Get-ExchangeCertificate | Format-List Thumbprint,Issuer,Subject,CertificateDomains,Services   

2. Show your receive connector, and make sure it has a FQDN and TLS Certificate.  Checks your external client access SMTP service i.e. 587
Get-ReceiveConnector -Identity "Client Frontend*" | Format-List Name,Fqdn,TlsCertificateName                  

... output ...

Name               : Client Frontend PPFMAIL  
Fqdn               : PPFMAIL.primate-homos.com 
TlsCertificateName :                           


...

A Few Words About SSL Certificates

Exchange 2016 deployments often require hosting multiple host names such as AUTODISCOVER.NAME.COM, MAIL.NAME.COM, NAME.COM, OTHERNAME.COM, etc. Therefore you need  a SSL certificate with multiple names embedded within. Thus the requirement for multi-SAN or UC certificates.

Once you get one, you can check it out at:
https://www.sslshopper.com/certificate-decoder.html
Use the CSR checker to make sure your CSR has the right parameters
https://www.sslshopper.com/csr-decoder.html


Many Thanks To

This Tech Tidbit was brought to you by your friends at Eleven Dimensions Computer Technologies.
See our new 11D website at:

Our Partner Websites:

Bare Wire Networks:     http://www.barewirenetworks.com
CTI Solutions:   http://www.cti-solutions.com

Many Thanks to Our Partner companies