I've also created this guide as an eBook, which you can buy here
Setup POP and IMAP
If using POP and IMAP, run these cmdlets on each server:
Set-POPSettings
-ExternalConnectionSetting {mail.domain.com:995:SSL}
Set-ImapSettings
-ExternalConnectionSetting {mail.domain.com:993:SSL}
Set-POPSettings
-X509CertificateName mail.domain.com
Set-IMAPSettings
-X509CertificateName mail.domain.com
Next,
start the POP and IMAP services and set to Automatic on each server
Redistribute
(balance) the Database across the DAG
To
redistribute the database across the DAG according to activation preference,
run the following cmdlets in the EMS:
cd $exscripts
Then,
run:
.\RedistributeActiveDatabases.ps1
-DagName "DAG01" -BalanceDbsByActivationPreference -Confirm:$False
Edge Server Setup
On
a stand-alone server in the DMZ (not joined to the domain), configure
the server name with a DNS suffix matching your Exchange Forest:
Right-click “This PC”
> Properties > Advanced System Settings > Computer Name > Change
> More.
Enter
the DNS suffix to match your Exchange Forest, like so:
EXCH-EDG-01.resourcedomain.com
**Note** We’re only changing the suffix,
leave the server in the workgroup it is currently in.
Reboot
the Edge server for the name to take effect.
In
the NIC properties, set a static IP and add your Exchange Forest DC\DNS
servers as DNS providers, and mark
the “register the IP in DNS”
checkbox.
The
Edge Server needs to be able to resolve the mailbox servers by name and
vice-versa.
Ports
that need to be open in your firewalls:
Port TCP 25 in/out between the Edge
and the internet
Port TCP 25 in/out between the Edge
and the internal LAN
Port TCP 50636 from internal LAN
to the DMZ
Next
install the Exchange Edge pre-reqs by running the cmdlet in an Elevated Windows PowerShell:
Install-WindowsFeature
ADLDS
Run Windows
Update and install all update except for .Net 4.6.1 – its best to hide that
update.
Download the
most current Exchange 2016 CU ISO to the C:\TEMP\CU folder and extract it.
In an Elevated CMD prompt, run:
cd
C:\TEMP\CU
And then run
the following command:
setup
/m:install /r:et /IAcceptExchangeServerLicenseTerms
Reboot
the server and install any other needed updates.
Edge
Subscription Creation
On
the Edge server, in the EMS, run:
New-EdgeSubscription -FileName C:\Temp\Edge.xml
Copy
the EdgeSubscription.xml file to C:\Temp on any Mailbox server.
On
the mailbox server you copied the .xml file to, in the EMS, run:
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path
"C:\Temp\Edge.xml" -Encoding Byte -ReadCount 0)) -Site " resourcedomain.com/Configuration/Sites/Default-First-Site-Name"
On your
Mailbox Severs in the EAC > Mail Flow > Send Connectors, you will see the
new EdgeSync Send Connectors.
**Note** If you previously had any Send Connectors
set up, you’ll need to remove those.
You will
need to ensure that your MX records point to the Public IP of your Edge Server
– which should be NAT’d behind your firewall on Port 25.
Verify
inbound/outbound mailflow.
Load Balancer Setup
Gareth
Gudger (SuperTekBoy) has written an excellent
guide on setting up a Kemp Load Balancer for Exchange.
Follow
his guide here:
CAS Setup
Set DNS Entries
We will be
using Split-DNS – meaning on your internal DNS mail.domain.com will resolve to
your internal VIP of your Load Balancer; while on the External DNS,
mail.domain.com will resolve to the Public IP of your Firewall, which will NAT
to your Load Balancer VIP.
Create the DNS A-Record for “mail” on Internal and External DNS.
This will be an A-Record for
mail, pointing to the VIP of your Load Balancer, for instance:
Internally - Mail > 10.10.128.120
Externally – mail.domain.com > 74.74.72.190
Configure your autodiscover
record pointing to your Load Balancer for both Internal and External DNS.
Internal – autodiscover >
10.10.128.120
External –
autodiscover.domain.com > 74.74.72.190
Create
Namespace
Use
Paul Cunningham’s (ExchangeServerPro) awesome
script to automatically set your namespaces in one shot.
Next, follow Part 4 here
No comments:
Post a Comment