-->

Wednesday, July 27, 2016

Exchange 2016 Installing Exchange In A Resource Forest: Part 3

This is a continuation from Part 2 of my Installing Exchange 2016 in a Resource Forest series.

I've also created this guide as an eBook, which you can buy here

Setup POP and IMAP

If using POP and IMAP, run these cmdlets on each server:

Set-POPSettings -ExternalConnectionSetting {mail.domain.com:995:SSL}

Set-ImapSettings -ExternalConnectionSetting {mail.domain.com:993:SSL}

Set-POPSettings -X509CertificateName mail.domain.com

Set-IMAPSettings -X509CertificateName mail.domain.com

Next, start the POP and IMAP services and set to Automatic on each server

Redistribute (balance) the Database across the DAG


To redistribute the database across the DAG according to activation preference, run the following cmdlets in the EMS:

cd $exscripts

 Then, run:

.\RedistributeActiveDatabases.ps1 -DagName "DAG01" -BalanceDbsByActivationPreference -Confirm:$False  

Edge Server Setup

On a stand-alone server in the DMZ (not joined to the domain), configure the server name with a DNS suffix matching your Exchange Forest:

Right-click “This PC” > Properties > Advanced System Settings > Computer Name > Change > More.

Enter the DNS suffix to match your Exchange Forest, like so:

EXCH-EDG-01.resourcedomain.com

**Note** We’re only changing the suffix, leave the server in the workgroup it is currently in.

Reboot the Edge server for the name to take effect.

In the NIC properties, set a static IP and add your Exchange Forest DC\DNS servers as DNS providers, and mark the “register the IP in DNS” checkbox.

The Edge Server needs to be able to resolve the mailbox servers by name and vice-versa.

Ports that need to be open in your firewalls:

Port TCP 25 in/out between the Edge and the internet

Port TCP 25 in/out between the Edge and the internal LAN

Port TCP 50636 from internal LAN to the DMZ

Next install the Exchange Edge pre-reqs by running the cmdlet in an Elevated Windows PowerShell:

Install-WindowsFeature ADLDS

Run Windows Update and install all update except for .Net 4.6.1 – its best to hide that update.

Download the most current Exchange 2016 CU ISO to the C:\TEMP\CU folder and extract it.

In an Elevated CMD prompt, run:

cd C:\TEMP\CU

And then run the following command:

setup /m:install /r:et /IAcceptExchangeServerLicenseTerms

Reboot the server and install any other needed updates.

Edge Subscription Creation


On the Edge server, in the EMS, run:

New-EdgeSubscription -FileName C:\Temp\Edge.xml

Copy the EdgeSubscription.xml file to C:\Temp on any Mailbox server.

On the mailbox server you copied the .xml file to, in the EMS, run:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\Temp\Edge.xml" -Encoding Byte -ReadCount 0)) -Site " resourcedomain.com/Configuration/Sites/Default-First-Site-Name"

On your Mailbox Severs in the EAC > Mail Flow > Send Connectors, you will see the new EdgeSync Send Connectors.

**Note** If you previously had any Send Connectors set up, you’ll need to remove those.

You will need to ensure that your MX records point to the Public IP of your Edge Server – which should be NAT’d behind your firewall on Port 25.

Verify inbound/outbound mailflow.

Load Balancer Setup

Gareth Gudger (SuperTekBoy) has written an excellent guide on setting up a Kemp Load Balancer for Exchange.

Follow his guide here:


CAS Setup

Set DNS Entries


We will be using Split-DNS – meaning on your internal DNS mail.domain.com will resolve to your internal VIP of your Load Balancer; while on the External DNS, mail.domain.com will resolve to the Public IP of your Firewall, which will NAT to your Load Balancer VIP.

Create the DNS A-Record for “mail” on Internal and External DNS.

This will be an A-Record for mail, pointing to the VIP of your Load Balancer, for instance:

Internally - Mail > 10.10.128.120

Externally – mail.domain.com > 74.74.72.190

Configure your autodiscover record pointing to your Load Balancer for both Internal and External DNS.

Internal – autodiscover > 10.10.128.120

External – autodiscover.domain.com > 74.74.72.190

Create Namespace


Use Paul Cunningham’s (ExchangeServerPro) awesome script to automatically set your namespaces in one shot.


Next, follow Part 4 here

No comments:

Post a Comment