A Newbies Guide to Getting Exchange 2010 Configured
By Ian Matthews, Up & Running Technologies Inc, April 11, 2010 Last Updated April 16, 2010
You should know four things before you start:
- I am have taken two or three small Exchange 2010 courses and I am pretty good with 2007 but I am not an Exchange 2010 specialist.
- I am writing this primarily for myself as a cookbook for future Exchange installations. It is provided WITHOUT WARRENTY OR GUARANTY OF ANY SORT. USE AT YOUR OWN RISK!
- I completed the work in in 5 hours but much of that was reading documentation to confirm my decisions. I think you can comfortably upgrade a small Exchange 07 to Exchange 10 in 90 minutes.
- You need to have a basic knowledge of Windows, Active Directory, and mail servers to get through this.
- Be sure to check out our page on adding Footers/Disclaimers, Adding Junk Email Retention Policies, Attachment Size Limits, Backup/Restore Exchange 2007, Export to .PST, and use common easy scripts. All of this and more is on our A Newbies Guide to Configuring Exchange – ADVANCED TOPICS
- If you want to see how to install Forefront Protection 2010 for Exchange read my short instructions HERE.
The idea is to create down and dirty, point form instructions on how to migrate Exchange 2007 to Exchange 2010 and be FULLY operational with just two hours of work. To make this more difficult, I did my install on a R2 of Windows Server 2008 64 Bit platform but I believe these instructions will function on 7/Vista 64 bit or Server 2003/2008 64 bit. Yes, 64 Bit is required for Exchange 2010; there is not even a lab version of 32 bit Exchange 2010.
Lets get to it.
A – PREWORK:
- Install R2 of Windows 2008 64 Bit on a new box and run Microsoft Update to patch it to whatever is current. Peronally, I love Hyper-V and I so I used that to build a spanky new Virtual Machine.
- If the server is not already a Domain Controller, you need to run DCPROMO to make it so, assuming you are going to fully decommision your old single server, if not skip to item 3. Make sure you move the FSMO’s to your new DC.
- Install the Microsoft Office System Converter Filter Pack which you can source HERE. This lets your Exchange Server index Office documents. It is not absolutely needed but both the Exchange pre-install check and the System Health Checks will throw a skippable errors if you don’t have it.
- Start the TCP Port Sharing service and set it to automatic. You can do this through the services GUI or use command line: Scconfig NetTCPPortSharingstart=auto
- Install all the required prequisite software which basically is .NET, RSAT Tools, parts of IIS, and the Windows Desktop Experience. It is really quite a lot of work to get this right so MS made it easy by creating install scripts. Don’t worry if you already have some of these features installed, the script is additive only. For complete details on prequisites read THIS.
- R1 of Windows 2008, open an elevated command prompt and navigate to the scripts folder on the root of the Exchange 2010 DVD and run each of the following:
- sc config NetTcpPortSharing start= auto
ServerManagerCmd -i Desktop-Experience – this is only needed for the UM role
ServerManagerCmd -ip Exchange-Typical.xml -Restart
- sc config NetTcpPortSharing start= auto
- R2 of Windows 2008, open a PowerShell command line and these two scripts:
- Import-Module servermanagerAdd-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience –Restart����
- R1 of Windows 2008, open an elevated command prompt and navigate to the scripts folder on the root of the Exchange 2010 DVD and run each of the following:
- You may read that the Active Directory Schema has to be updated prior to install but in fact the Exchange setup will quickly and automatically perform that upgrade.
- Run a Windows Update and install everything you can.
B – EXCHANGE 2010 CORE INSTALL:
- Start the “Exchange 2010” install and notice that the first two steps are already completed because of the pre-work listed above.
- Choose your language option; most “Westerners” will choose ONLY LANGUAGES FROM THE DVD.
- Let the fun begin! Select “Step 4: Install Microsoft Exchange” and then Typical
- You would think that an upgrade would automatically populate the “Configure Client Access Server External Domain” screen… but it doesn’t, so type in your domain:
- Watch it complete the Readiness Checks and don’t freak out if it finds a problem… the explainations are quite clear and easy to follow. I had none (on this server 🙂 )
- Watch the server install (or go watch a sitcom and relax). In my case it took about 30 minutes:
- Your Done! Ya… not quite. Perform some checks to make yourself feel like the upgrade, upgraded. I signed into OWA to make sure my mail system was still fully functional (which was still running on the old 2007 as it should be at this point) and then I looked at my mail boxes using the new Exchange 2010 and finally I ran a health check:
- Next I ran Windows Update but it found nothing, so I assume the updates are pulled during the install process.
- Enter your PRODUCT KEY, if for no other reason than to stop the nag screens.
C – CONFIGURE EXCHANGE 2010 & MIGRATE YOUR DATA:
Now that the install is complete and tested, you need to perform some migration & configuration tasks:
- Move your mailboxes from the old server to the new server which is a three step process:
- Go to RECIPIENT CONFIGURATION, MAILBOX, select all (or just a few if you want to test first) of your mailboxes, right click and select NEW LOCAL MOVE REQUEST and follow the wizard. The only wierd part was the last screen has you click NEW (which means START):
- Go to RECIPIENT CONFIGURATION, MOVE REQUEST and watch it work. If you are getting worried or just want more information you can double click on any of the entries and Exchange will display a progress report:
- After all of the items have a COMPLETED status, right click on them and select CLEAR MOVE REQUEST. Also, note that if you DON’T clear the move request that all of your RECIPIENT CONFIGURATION, MAILBOXes will have little green (move) arrows on them and you will not be able to do much with them.
- Go to RECIPIENT CONFIGURATION, MAILBOX, select all (or just a few if you want to test first) of your mailboxes, right click and select NEW LOCAL MOVE REQUEST and follow the wizard. The only wierd part was the last screen has you click NEW (which means START):
- Change to your ORGANIZATION CONFIGURATION, HUB TRANSPORT, SEND CONNECTORS, right click on the asterisk, select PROPERTIES, and go to the SOURCE SERVER tab. Delete your old server and add your new server:
- Enable anonymous users (i.e. anyone on the internet) to SEND to this server by going to SERVER CONFIGURATION, HUB TRANSPORT, right click on your default RECEIVE CONNECTOR, select PROPERTIES, then go to the PERMISSIONS GROUPS tab and selecting Anonymous Users and all the Exchange types:
- Under ORGANIZATION CONFIGURATION, MAILBOX, OFFLINE ADDRESS BOOK tab, delete the old OFFLINE ADDRESS BOOK entry and create a new one for the new server. (There is likely a way to edit to the existing one but after 30 minutes, I just gave up and recreated it… it took about 1 minute.)
- Enable OWA on the new 2010 server by going to SERVER CONFIGURATION, CLIENT ACCESS, and right clicking on your server and selecting ENABLE OUTLOOK ANYWHERE. Most people will want to leave the authentication method as BASIC (yes, it is still secure because it occurs in an SSL tunnel).
- Sign into the new 2010 OWA on the server using https://127.0.0.1/owa (don’t forget the “S” in https – also just ignore the cerficate warnings, we deal with them in section D below) and send a few emails to make sure everything is working.
- Update your external firewall to redirect traffic to your new exchange servers internal IP address (that would be port 25 and 443 at a minimum. In my case I was scrapping my old server and I ran an authoritative DNS for a few sites so I also had to update the forwarding port 53 and I allow a few clients to use POP so I updated ports 110 and 995 (secure POP).
- Check OWA using your external domain https://mail.yourdomain.com/owa (don’t forget the “S” in https – also just ignore the cerficate warnings, we deal with them in section D below)) and try sending an email to external source then replying.
D – MOVING AN EXCHANGE 2007 CERTIFICATE TO EXCHANGE 2010
I don’t enjoy dealing with certificates, so I buy multiyear certs and so my old 2007 Exchange server had a cert with more than a year left on it and I do not want to buy a new one! Below is how I moved it:
- On your new Exchange 2010 server, go to SERVER CONFIGURATION and select NEW EXCHANGE CERTIFICATE, and go through each section. All this wizard does is make you think about what you need secured and build a CSR request; it does not enable these features in anyway. You should have 5 names in your certificate:
NAME | EXAMPLE |
external mail server name | mail.commodore.ca |
autodiscover name | autodiscover.commodore.ca |
root domain name | commodore.ca |
internal fqdn of host | server1.corpdomain.local |
host name | server1 |
- Select your external mail server name as the COMMON NAME, usually something like MAIL.SERVER.COM. This has to match your old servers common name or most certificate providers will not update your cert.
- Complete the ORGANIZATION AND LOCATION fields with any information and choose a location to put the CSR request file . Exchange does not care about this information but your certificate provider might.
From this section on I am going to talk about GoDaddy, because that is who I use and that is who I like. However, all other certificate providers will have a similar process. - Sign into your GoDaddy account, drill down to your cert, choose REKEY and then paste the contents of the .REQ file you created in the steps above into the dialog box.
- While still in GoDaddy, go to your certs, choose MANAGE, paste in the contents of the .REQ file (again) and then click little blue RETRIEVE SANS, and then delete the old server entries. Sorry I did not get a screen shot of this. If you have any question call the awesome GoDaddy staff 24 hours a day at 480-505-8877 (and no… I do not have any hooks or profit to/from GoDaddy… but I still love them).
- Wait two minutes for GoDaddy to send you an email verification and then click the varification link:
- In a few minutes, go back to the GoDaddy site, sign in, go to your certificates and select DOWNLOAD.
- Follow GoDaddy’s installation instructions for Exchange 2010 closely:
To Install Intermediate Certificate Bundles
NOTE: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification To Install the SSL Certificate on Microsoft Exchange 2010 – SEE MY SCREEN SHOT BELOW
|
- I read nowhere that you need to perform an IISRESET or a restart the EXCHANGE TRANSPORT SERVICE, but I did those anyway and then I rebooted for other reasons… this was not likely required.
- Check your system by logging into your OWA and check your Outlook clients. On my quick test I found:
- one of the machines I checked OWA on still showed a certificate warning but when I check the cert, all was well… a reboot of the client PC took care of this
- one Outlook 2010 client did not update the server information and I had to spend a few minutes adjusting it but then all was well.
E – POP3:
On the off chance you care about POP3, follow these three simple steps:
(Note, this is straight from my 2007 instructions so the screens look slightly different)
- Start the MICROSOFT EXCHANGE POP3 Service on the Server and set it to AUTOMATIC
- If you want to block POP3 users from using “Exchange mail” disable MAPI. This is step is only required if you want to use the Outlook 2007 AUTOCONFIGURE feature (or you just don’t want POP users burning up storage on your server)
- If you followed step 2 then when you create a new mail account in Outlook, the autoconfigure will take care of the rest. If you did not follow step 2, then you will setup the POP account like any other and then go into your Advanced Account Settings and turn on MY OUTGOING SERVER REQUIRES AUTHENTICATION and THIS SERVER REQUIRES ENCRYPTED SSL CONNECTION
F – ANTISPAM
If you want to see how to install Forefront Protection 2010 for Exchange read my short instructions HERE, otherwise… read this:
You might be thinking to yourself, hey, I saw the ANTISPAM tab under ORGANIZATION, HUB TRANSPORT, and I even went so far as to check that the configuration from the old 2007 server had moved over… ya… but it will not fuction on the new server until you install it.
- Launch an Exchange Shell, change to the scripts folder (i.e. type cd $exscripts ) and then type .\install-AntispamAgents.ps1
- As it tells you, go to the servers SERVICES and restart the Microsoft Exchange Transport Service
- Check the ANTISPAM tab under ORGANIZATION, HUB TRANSPORT and make sure the items are configured. The most important/effective is the IP BLOCK LIST PROVIDERS.
For more information see our AntiSpam section of our Exchange 2007 documentation (section D HERE).
G – QUICK CUSTOMIZE/BRAND OWA (Outlook Web App)
If you want to customize your OWA screens, all you have to do is change two graphics. Both are stored under the following path by default:
c:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\#current_num\themes\Base
Just snap your corporate logo on to both lgntopl.gif and logoowa.png and save them in the BASE folder. This will be the default for all users as they log in.
Note that lgntopl.gif is also used by the log off screen so you kill two birds with one edit :).
The only problem with this process is that every notable Exchange patch will overwrite your changes so I created a folder called COPY TO BASE where I store these two graphics and I simply re-copy them into the BASE folder after every Exchange upgrade.
There is alot more customization you can perfom but I can not find much on 2010. However, nearly all of the 2007 customization instructions still apply. Sooo you can read THIS for more detail.
H – DECOMMISSION OLD EXCHANGE 2007 SINGLE SERVER
Once you are sure all has been moved to 2010, it is time to dump your 2007. So here is the process:
- Uninstall Exchange 2007 from your old server via PROGRAMS AND FEATURES. The deal here is do NOT use SETUP from the Exchange folder, apparently that will be Hell.
- Next DCPROMO the old Windows Server out of your network and reboot as requested
- Lastly have that old Windows Server join a workgroup (i.e. remove it from the domain).
If you are worried about the process, watch THIS video or THIS Microsoft text (and yes, you can ignore the part where he says you should delete the old Exchange 2007 database before uninstalling… I have both done this and confirmed it with MS Tech Support.)
If for some reason your Exchange 2010 server still has references to the old server, you can removing the old server from the domain manually by following THESE instructions.
I – VERIFICATION:
After you have everything running to your satisfaction you should run a couple of simple and fast system checks:
- Run the EXCHANGE 2010 ORGANIZATIONAL HEALTH checker:
- In the Exchange Management Console, click TOOLBOX, BEST PRACTICES ANALYZER, approve any updates and checks that it wants to do and then click GO TO WELCOME SCREEN. Then start a HEALTH CHECK as per the obvious screen shots below. Be sure to read the results and make whatever changes it suggests.
- In the Exchange Management Shell, you should run:get-OrganizationConfigand then you should run:Test-SystemHealthand make sure everything looks as you expect it should.
4 Comments
Jimmy · February 28, 2013 at 7:54 am
Now this is precisely what I have been trying to find.
In depth, informative, and RELIABLE. I truly feel there needs to be a literacy evaluation for new site owners.
You’d pass for certain, but I think Over 90% of all web sites would disappear, lol.
Ilias · September 24, 2010 at 3:35 am
Greatings, yo soy deprimida …
Gracias
Ilias
Justin Maas · September 9, 2010 at 11:45 am
A couple of quick questions about upgrading to Exchange 2010, I currently have an Windows 2003 Server with Exchange 2007 installed on it, I have joined a Windows 2008 R2 server to the Windows 2003 Domain and have installed Exchange 2007 on it (not SP1) The question of is, I host several domains email on the Exchange 2007 server, which works fine. The users are not joined to the Domain and use Outlook Anywhere to connect. I am concerned that if move the mail boxes to Exchange 2010 that the remote users will need to have Outlook setup again, which would be pain. Do you know if Outlook and Exchange are smart enough to know about the the new Exchange 2010 server?
Thanks for your great guides, will done and very easy to follow.
Justin (Sorry for being so long winded)
Ian Matthews · September 12, 2010 at 12:33 pm
Well, I can say for sure that in my test, my Outlook clients who used to back onto Exchange 2007 changed over Exchange 2010 complely seemlessly. Also, I planning prove this in a larger way in about a month with my largest client, when I move them over from Exch07 to Exch10… and it better work!