Recently, I decided to install Exchange 2007 on a VM for training purposes. The setup was as follows:
1. Virtualbox - for virtualizing two machines.
2. Windows Server 2003 - AD/DNS and Exchange Client.
3. Windows Server 2008 - Exchange 2007
The networking for these machines actually was really difficult and involved much more work than should have. My plan was to have the machined network be on its own internal subnet, yet have access to the internet via a bridged interface. However, I was unable to easily get the Virtualbox host interface to easily give 192 addresses to the internal VM's while maintaining an external 10 dot IP address. In the end (against my better judgment) I gave the internal VM's a 10 dot ip address and attached another nick to the host machine and bridged that interface with the VM's. Needless to say the VM's were completely updated and locked down as soon as possible. On my Server 2003 VM I ran dcpromo and configured AD and DNS. The domain I named "test.local", an oversight considering my eventual plan was for Exchange to accept and send mail to external addresses. Next I installed Windows Server 2008. (Note: With Virtualbox and Exchange 2007 do not choose dynamically expanding storage. Exchange will complain about not having enough mailbox space.) Once Server 2008 was installed and joined to the domain, it was time to install the pre-requisites for Exchange. The nice part about the Exchange install (and new Microsoft product installations in general) is that Microsoft has become "Information heavy". Error messages have (in general) become much more detailed and often contain directions and links to fixing the problem. However the problem often arises that the messages are much more verbose, and yet still as worthless. If you did not know the prereq's for an exchange install when you insert the install disc it has a list for you to follow, as shown below.
On a lot of servers, .Net framework and Microsoft Management Console will already be installed. Next, Powershell will need to be installed. Powershell is a very handy server management tool. Windows is apparently going the way of linux for the ability to manage server without wasting the server's resources by forcing it to display a GUI.
After installing Powershell you should be all set for starting the actual exchange install. However, first, Exchange 2007 will test to make sure that your domain passes all of the requirements for installation. For more information follow Microsoft's requirement list, found here. When the Exchange installer ran on my server, it discovered I had unmet requirements. The requirements I needed were IIS. I installed the following:
Next, I could chose from several different types of scans. I chose the Health Check, which I believe is something you should run the instant you add an Exchange server. If this was a production environment, I would perform the Performance Baseline Check as well to have something to compare future performance against.
After installing Powershell you should be all set for starting the actual exchange install. However, first, Exchange 2007 will test to make sure that your domain passes all of the requirements for installation. For more information follow Microsoft's requirement list, found here. When the Exchange installer ran on my server, it discovered I had unmet requirements. The requirements I needed were IIS. I installed the following:
- The default IIS 7 package
- IIS 6 Managment Tools
- Static and Dynamic Compression
- Basic and Digest Authentication
Next, I could chose from several different types of scans. I chose the Health Check, which I believe is something you should run the instant you add an Exchange server. If this was a production environment, I would perform the Performance Baseline Check as well to have something to compare future performance against.
I am unsure why this error occurred, and why this was not able to install correctly without forcing me to correct it manually.
Now I had to add some mailboxes. As far as I can tell in Exchange 2007, adding users in active directory does not add them to Exchange 2007, so I added them under Recipient Configuration -> Mailbox -> New Mailbox. Adding them here would add them in Active Directory, and would give them an Exchange mailbox. Quick and easy... I am not sure why adding them in Active Directory does not add them automatically to Exchange. I believe this should be a feature.
Now, I was ready to begin testing. The first thing I did was forward port 443 to my exchange machine, to allow external access to Outlook Web Access (OWA).
I tested this from a remote machine, and this worked fine, I was able to successfully log in and send and receive emails. (Note: To run in "full blown" mode, OWA requires Internet Explorer. Firefox (and I assume other browsers) can run OWA in "Lite" mode. I recommend using IE, as the web interface is quite beautiful when using IE, as shown below.
One thing I noticed (and this I did not know about) was that if you have a Sharepoint server you can access the documents using the "Documents" tab in OWA. Very handy feature, if my Sharepoint Server was up and running I would have tested that feature, as I'm curious as to how exactly that works. Apparently you are also able to access Windows File Shares from that interface.
Next, I was able to install Outlook 2003 on my DC. I started up Outlook 2003, specified that I was connecting to an Exchange server and everything set up correctly, and worked excellently right out of the box, as shown below.
At this point in time I was quite satisfied that at least Exchange was working with minimal amount of work on my part. Then, after getting Outlook 2003 working, I decided to move to Outlook 2007.
Next, I was able to install Outlook 2003 on my DC. I started up Outlook 2003, specified that I was connecting to an Exchange server and everything set up correctly, and worked excellently right out of the box, as shown below.
At this point in time I was quite satisfied that at least Exchange was working with minimal amount of work on my part. Then, after getting Outlook 2003 working, I decided to move to Outlook 2007.
I installed Outlook 2007 on the DC as well, and when I started the program, it found my user name in the Exchange Mailboxes, and automatically filled in my user name and password. I clicked next, and then it prompted me enter a password to connect to the Exchange Server. However, no matter what combination of user names, passwords, and domains, I was unable to log on. So I finally clicked "cancel", and then Outlook displayed the error "The connection to Microsoft Exchange is unavailable.
Outlook must be online and connected to complete this action." After clicking "okay" another dialog box comes up. That dialog box has you resolve the name for the server.
Outlook must be online and connected to complete this action." After clicking "okay" another dialog box comes up. That dialog box has you resolve the name for the server.
After making sure everything was correct, I clicked "Check Name", however Outlook was unable to resolve the name. Nslookup queries proved successful, and considering that Outlook 2003 worked fine, this was an interesting error.
Next, I attempted to manually connect to the exchange server. However, this also proved impossible.
My next post will cover everything that was attempted to resolve the problem, and more about Exchange Server 2007.
Hi Deranjer,
ReplyDeleteThanks for sharing your insightful thoughts and suggestions - very helpful, and appreciated indeed.
On a related note, recently we needed a quick and efficient way to find out which accounts were OWA enabled (for an internal security audit) so we asked our on-site MS consultant and he recommended using the Gold Finger from Paramount Defenses Inc.
Gold Finger pleasantly surprised us because not only was it endorsed by Microsoft but also 100% FREE and loaded with almost 250 useful Active Directory security, Exchange and ACL management reports. BTW, you can download it for free from http://goldfinger.paramountdefenses.com
In particular, it has over 60 inbuilt Exchange reports, including OWA and MAPI enabled accounts. For a complete list of reports, checkout www.paramountdefenses.com/goldfinger_security_reports_exchange_management.php
Thought I'd share this with you incase it could help you too, especially if you need a free way to generate Exchange and AD security reports.
Thanks again, and looking forward to your next post.
Best wishes,
Jonathan
On my view I was lucky when I found out an one software which should be effective for my problem and this issue also - recovery exchange.
ReplyDelete