Saturday, October 24, 2009

Exchange 2007 Installation on Windows Server 2008 (Part 1)

Recently, I decided to install Exchange 2007 on a VM for training purposes.  The setup was as follows:
1. Virtualbox - for virtualizing two machines.
2. Windows Server 2003 - AD/DNS and Exchange Client.
3. Windows Server 2008 - Exchange 2007
The networking for these machines actually was really difficult and involved much more work than should have.  My plan was to have the machined network be on its own internal subnet, yet have access to the internet via a bridged interface.  However, I was unable to easily get the Virtualbox host interface to easily give 192 addresses to the internal VM's while maintaining an external 10 dot IP address. In the end (against my better judgment) I gave the internal VM's a 10 dot ip address and attached another nick to the host machine and bridged that interface with the VM's.  Needless to say the VM's were completely updated and locked down as soon as possible. On my Server 2003 VM I ran dcpromo and configured AD and DNS. The domain I named "test.local", an oversight considering my eventual plan was for Exchange to accept and send mail to external addresses.  Next I installed Windows Server 2008. (Note: With Virtualbox and Exchange 2007 do not choose dynamically expanding storage. Exchange will complain about not having enough mailbox space.) Once Server 2008 was installed and joined to the domain, it was time to install the pre-requisites for Exchange.  The nice part about the Exchange install (and new Microsoft product installations in general) is that Microsoft has become "Information heavy".  Error messages have (in general)  become much more detailed and often contain directions and links to fixing the problem.  However the problem often arises that the messages are much more verbose, and yet still as worthless. If you did not know the prereq's for an exchange install when you insert the install disc it has a list for you to follow, as shown below.

On a lot of servers, .Net framework and Microsoft Management Console will already be installed.  Next, Powershell will need to be installed.  Powershell is a very handy server management tool.  Windows is apparently going the way of linux for the ability to manage server without wasting the server's resources by forcing it to display a GUI.  

After installing Powershell you should be all set for starting the actual exchange install.  However, first, Exchange 2007 will test to make sure that your domain passes all of the requirements for installation. For more information follow Microsoft's requirement list, found here.  When the Exchange installer ran on my server, it discovered I had unmet requirements.  The requirements I needed were IIS.  I installed the following:
  • The default IIS 7 package
  • IIS 6 Managment Tools
  • Static and Dynamic Compression
  • Basic and Digest Authentication    
After installing the following components, the Exchange install started without any difficulties. The Exchange install took a rather large amount of time (over 40 minutes).  Everything appeared to install without incident.  After creating a snapshot of the hard drive, I rebooted the server. Next, I ran the Exchange Management console. Upon loading, Exchange loads the Finalize Deployment Wizard.  The next recommended thing to do is to run the best practices wizard, to make sure everything is working correctly.  This option is found in the toolbox.  The wizard will initially look for updates before running, and once it is updated it will direct you to the welcome screen.  From the welcome screen it will have you select an AD server to connect to.  Considering I only had one, it was a rather easy choice.   It gives an estimated time of one minute, however in my case a few seconds was all that was needed. Next you come to the main page, which has several options.  First you can select the scope of the scan... for me I obviously chose the only Exchange server I had running.

Next, I could chose from several different types of scans.  I chose the Health Check, which I believe is something you should run the instant you add an Exchange server.  If this was a production environment, I would perform the Performance Baseline Check as well to have something to compare future performance against.


The Health Check took about 3 minutes to complete, and then gave me an option to view the report, which I did.  Immediately, the report showed any critical errors.  I had one critical error, namely "Offline address book definition is missing."  To fix the error, I performed the following.  I went to Server Configuration -> Mailbox -> Mailbox Database -> Properties -> Client Settings.  From there it will show that the "Offline Address Book" is missing.  Just click browse and select an offline address book.  
I am unsure why this error occurred, and why this was not able to install correctly without forcing me to correct it manually.
Now I had to add some mailboxes.  As far as I can tell in Exchange 2007, adding users in active directory does not add them to Exchange 2007, so I added them under Recipient Configuration -> Mailbox -> New Mailbox.  Adding them here would add them in Active Directory, and would give them an Exchange mailbox.  Quick and easy... I am not sure why adding them in Active Directory does not add them automatically to Exchange.  I believe this should be a feature.

Now, I was ready to begin testing.  The first thing I did was forward port 443 to my exchange machine, to allow external access to Outlook Web Access (OWA).  
I tested this from a remote machine, and this worked fine, I was able to successfully log in and send and receive emails. (Note: To run in "full blown" mode, OWA requires Internet Explorer.  Firefox (and I assume other browsers) can run OWA in "Lite" mode.  I recommend using IE, as the web interface is quite beautiful when using IE, as shown below.

One thing I noticed (and this I did not know about) was that if you have a Sharepoint server you can access the documents using the "Documents" tab in OWA.  Very handy feature, if my Sharepoint Server was up and running I would have tested that feature, as I'm curious as to how exactly that works.  Apparently you are also able to access Windows File Shares from that interface.
Next, I was able to install Outlook 2003 on my DC.  I started up Outlook 2003, specified that I was connecting to an Exchange server and everything set up correctly, and worked excellently right out of the box, as shown below. 

At this point in time I was quite satisfied that at least Exchange was working with minimal amount of work on my part.  Then, after getting Outlook 2003 working, I decided to move to Outlook 2007.  
I installed Outlook 2007 on the DC as well, and when I started the program, it found my user name in the Exchange Mailboxes, and automatically filled in my user name and password. I clicked next, and then it prompted me enter a password to connect to the Exchange Server.  However, no matter what combination of user names, passwords, and domains, I was unable to log on.  So I finally clicked "cancel", and then Outlook displayed the error "The connection to Microsoft Exchange is unavailable. 

Outlook must be online and connected to complete this action."  After clicking "okay" another dialog box comes up.  That dialog box has you resolve the name for the server.



After making sure everything was correct, I clicked "Check Name", however Outlook was unable to resolve the name.  Nslookup queries proved successful, and considering that Outlook 2003 worked fine, this was an interesting error.
Next, I attempted to manually connect to the exchange server.  However, this also proved impossible.
My next post will cover everything that was attempted to resolve the problem, and more about Exchange Server 2007.

2 comments:

  1. Hi Deranjer,

    Thanks for sharing your insightful thoughts and suggestions - very helpful, and appreciated indeed.

    On a related note, recently we needed a quick and efficient way to find out which accounts were OWA enabled (for an internal security audit) so we asked our on-site MS consultant and he recommended using the Gold Finger from Paramount Defenses Inc.

    Gold Finger pleasantly surprised us because not only was it endorsed by Microsoft but also 100% FREE and loaded with almost 250 useful Active Directory security, Exchange and ACL management reports. BTW, you can download it for free from http://goldfinger.paramountdefenses.com

    In particular, it has over 60 inbuilt Exchange reports, including OWA and MAPI enabled accounts. For a complete list of reports, checkout www.paramountdefenses.com/goldfinger_security_reports_exchange_management.php

    Thought I'd share this with you incase it could help you too, especially if you need a free way to generate Exchange and AD security reports.

    Thanks again, and looking forward to your next post.

    Best wishes,
    Jonathan

    ReplyDelete
  2. On my view I was lucky when I found out an one software which should be effective for my problem and this issue also - recovery exchange.

    ReplyDelete