In the first post about Exchange 2010, I talked about some key features and the prerequisites needed to deploy Exchange 2010.
http://tariqjaber.com/blog/2010/02/01/exchange-server-2010-part1-features-and-prerequisites
In this post I’ll start installing Exchange 2010 in an existing Exchange 2003 environment.
The order in which we must deploy Exchange 2010 server roles in an existing Exchange organization is as follow:
-Client Access
-Hub Transport
-Unified Messaging (UM)
-Mailbox Server
The first thing we should do is to change the Exchange organization to native mode. To change it we will use Exchange 2003 System Manager:
1. Open Exchange System Manager.
2. Right-click the organization and click Properties.
3. In the General tab, under Change Operations Mode, click Change Mode. Click Yes to permanently switch the organization’s mode to native mode.
Legacy Host Names:
Now if you have Outlook Web Access (OWA) published and the users are accessing their mailboxes from outside the network, you have to use a legacy host name. A legacy host name is a name that will be assigned to Exchange 2003 OWA like legacy.domain.com, and the name that was being used for OWA, like mail.domain.com, will be assigned to the newly installed Exchange 2010. When the users connect to mail.domain.com, they will be redirected to Exchange 2003 front-end server and they will not be interrupted accessing their mailboxes using POP3, IMAP4 and Outlook Anywhere.
SSL Certificate:
Prepare your Exchange server 2010 certificate, it is better to have a Subject Alternative Names (SAN) certificate which contains the names of all Exchange 2010 and 2003 server’s names.
Preparing Active Directory for Exchange 2010 installation:
We need to prepare our Active Directory for Exchange 2010 installation. The account that we will use for the preparation should be member of the Schema Admins, Domain Admins and Enterprise Admins groups
1. Because we have an earlier version of Exchange 2003 installed, we must run
Setup.com /PrepareLegacyExchangePermissions or Setup.com /pl
On the server Mig-R2Ex14, which we have installed Exchange 2010 prerequisites on, I’ll run this command, run it as administrator:
The forest functional unit must be Windows Server 2003 native or later or you will got the error:
For more details about How to raise domain and forest functional levels in Windows Server 2003 see KB322692 and here for Windows Server 2008
2. Now we will prepare the schema using the command
Setup.com /PrepareSchema or Setup.com /ps
Wait for the replication to complete or force the replication.
For Exchange 2003, the schema version is 6903, you can check it using ADSIEdit.msc
After preparing the schema for Exchange 2010, the version will be 12640
3. After this, we will prepare Active Directory using the command
Setup.com /PrepareAD or Setup.com /p
Note in the command it says:
“Setup is going to prepare the organization for Exchange 2010 by using ‘Setup /PrepareAD’. No Exchange 2007 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2007 server roles.”
4. Finally, we will prepare the domain
Setup.com /PrepareDomain or Setup.com /pd
If you want to prepare all the domains in your organization run the command
Setup.com /PrepareAllDomains or Setup.com /pad
Now we have prepared the domain, we are ready to start Exchange 2010 installation. I’ll talk about it in the next post.
References
Prepare Active Directory and Domains http://technet.microsoft.com/en-us/library/bb125224.aspx
Prepare Legacy Exchange Permissions http://technet.microsoft.com/en-us/library/aa997914.aspx
If you want to deploy Exchange Server 2010 on a Hyper-V guest machine then make sure your environment meets the following conditions:
Requirements for Exchange guest machine:
| |
- It is deployed on Windows Server 2008/SP2 or Windows Server 2008 R2 OS.
- Doesn’t have the Unified Messaging server role installed. UM server role is not supported as a virtual box because of the real-time response required by voice communications.
- Using fixed virtual hard disks (VHDs) and it should be less than 2,040 GB. Virtual disks that dynamically expand or differential virtual disks aren’t supported by Exchange.
- The host machine must be dedicated only to run guest machines. It is not supported to have AD, Exchange, SQL or SAP on the host server.
- Database Availability Groups (DAG) are supported in a virtualization environment if the host machine is not clustered, Microsoft doesn’t support combining Exchange high availability solutions (DAGs) with hypervisor-based clustering.
- Taking virtual machine snapshots of an Exchange guest virtual machine isn’t supported. This is because snapshots aren’t application aware, and using them can have unintended and unexpected consequences for a server application that maintains state data, such as Exchange.
- The VHD that will host the guest OS has a minimum requirement of 15 GB plus the size of the virtual memory that’s allocated to the Exchange guest machine. For example if you allocated 32 GB to Exchange then the minimum supported VHD size for the OS is 47 GB (15+32), fixed size VHD.
- Storage used by Exchange should be hosted in disk spindles that are separate from the storage that’s hosting the guest virtual machine’s operating system.
|
for more information about this, see Exchange 2010 System Requirements.
Read the rest of this entry »
In this series of posts I’ll talk about installing Exchange Server 2010 on Windows Server 2008 R2 and how to migrate mailboxes from Exchange 2003 to Exchange 2010.
My lab will consist of the following servers:
Installing Exchange 2010 prerequisites
Let’s start our lab. First of all we will install Exchange 2010 prerequisites.
- Microsoft Filter Pack: for the server that will host Mailbox or Hub Transport roles. Exchange Search uses IFilters to index text content in different file formats. Microsoft Filter Pack includes filters for Microsoft Office 2007 file formats. The following file name extensions are supported by the filter pack: .docm, .docx, .one, .pptm, .pptx, .vdx, .vsd, .vss, .vst, .vsx, .vtx, .xlsb, .xlsm, .xlsx, .zip. Visit 2007 Office System Converter: Microsoft Filter Pack
- Open an elevated PowerShell Console and run the command:
Import-Module ServerManager
- In the same PowerShell console run the command :
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart
- Because we will install Client Access Server role, after the system has restarted, log on as an administrator, open an elevated PowerShell console, and configure the Net.Tcp Port Sharing Service for Automatic startup by running the following command:
Set-Service NetTcpPortSharing -StartupType Automatic
- Finally, make sure to always keep you servers updated.
References
- Exchange 2010 Prerequisites (http://technet.microsoft.com/en-us/library/bb691354.aspx)
- Register Filter Pack IFilters with Exchange 2010 (http://technet.microsoft.com/en-us/library/ee732397.aspx)
- This Exchange server is also a domain controller, which is not a recommended configuration (http://technet.microsoft.com/en-us/library/aa997407(EXCHG.80).aspx)
In the following url you can find a description of Aurora Internet Explorer exploit which the Chinese hackers used to hack google.com gmail accounts:
Reproducing Aurora IE exploit
January 25th, 2010 in
General |
No Comments
You may find the following errors in the Event Viewer regarding Forefront Security for Exchange updates:
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Norman
Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Norman
Proxy Settings: Enabled
Error Code: 0×80004005
Description: An error occurred while checking if an update was available.
Microsoft Forefront Server Security encountered an error while performing a scan engine update.
Scan Engine: Norman
Error Code: 0×80070102
Description: Unable to acquire the scan engine update mutex within the designated timeout period.
And in ProgramLog.txt
"INFORMATION: Attempting to download the Norman scan engine package from http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Norman."
"INFORMATION: The proxy settings will be used for this connection."
"ERROR: The Norman scan engine update timed out while downloading files"
"ERROR: UpdateException: GetFileCommand failed on norman_fullpkg.cab. (0×00002efe) The connection with the server was terminated abnormally. WinHttpClient failed while reading data."
"INFORMATION: The Norman scan engine has been rolled back."
"INFORMATION: Attempting to download the Norman scan engine package from http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Norman."
"INFORMATION: The proxy settings will be used for this connection."
"ERROR: Unable to acquire the scan engine update mutex within the designated timeout period (300 seconds)."
"ERROR: The Norman scan engine update timed out while downloading files"
"ERROR: UpdateException: GetFileCommand failed on norman_fullpkg.cab. (0×00002efe) The connection with the server was terminated abnormally. WinHttpClient failed while reading data."
"INFORMATION: The Norman scan engine has been rolled back."
"INFORMATION: Attempting to download the AhnLab scan engine package from http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab."
"INFORMATION: The proxy settings will be used for this connection."
"ERROR: Unable to load manifest from: http://forefrontdl.microsoft.com/server/scanengineupdate/x86/AhnLab/Package/manifest.cab : WinHttpClient send request returned an invalid return code 404."
This happens because timeout occurs while updating the engines. The solution is to increase the default 300 seconds timeout period. This can be done by editing the following registry key:
Notice that you need to edit a registry value, so make sure you take a backup of your registry before changing any value.
Locate the REG_DWORD registry value EngineDownloadTimeout in the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
And increase it to 600 seconds and try to update, if the update fails again then increase the period. If it is not found, create it.
Another important thing, make sure that the engines updates schedules don’t overlap.
I was installing FSE SP2 on the Exchange Server. I have installed it on more than one server but on the last one, the setup hung on “Setting Up Registry” message with no errors nor warnings in the event viewer!
I found that the solution was to install Hotfix Rollup 2 for Forefront Security for Exchange Server Service Pack 1 (KB 946864).
If the user profile was deleted, then you will get this message:
Your user profile was not loaded correctly! You have been logged on with a temporary profile.
To solve this issue, open C:\Users\ and notice the name of the temp profile, if it is not “TEMP” it will be like “TEMP.DOMAIN.00X”.
Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Now locate teh subkey which contains the “ProfileImagePath” value with the data “<temp-profile-name>” which we noticed from C:\Users folder and delete this subkey. Logoff and login again.
If you were unable to login with the error message stating that the profile is not found, just restart the machine and you will be able to login.
If you promote a Windows Server 2008 to become a Domain Controller, you may notice that the default DNS zones haven’t been created!
To solve this issue, make sure that IPv6 is not disabled on the server and all the network interfaces cards have the “Register this connection’s address in DNS ” check box checked.
Restart the DNS service and the zones should be created.
