Blog:http://dynamic.blog.51cto.com MSN:LiuJinFeng@msn.com QQ:316190099
《MS UC 2013 -系列》博文:
1) 以TechNet Library为技术资料原型。
2) 以0-《统一沟通-微软-实战》为基础。
3) 以1-《统一沟通-微软-技巧》为参照。
4) 以整个测试过程中图片为样板,再次标准化了操作流程,你看多了就会知道。
5) 不论你喜欢与不喜欢?
6) 不论你说啥!
7) 它都出现了!...它也将在你想不到的时间消失,因为有更好计划在实施中。
8) 目的:为了让大家更容易看懂TechNet Library,更容易看懂微软!
Exchange 2013 Post-Installation Tasks
This topic has not yet been rated - Rate this topic
[This is pre-release documentation and subject to change in future releases.]
Applies to: Exchange Server 2013 Preview
Topic Last Modified: 2012-07-06
The following topics will help you configure mail flow to and from the Internet and configure Microsoft Exchange to accept client connections from the Internet:
Configure Mail Flow and Client Access
Verify an Exchange 2013 Installation
If you want to configure additional features, such as permissions, compliance, high availability, and more, see Exchange Server 2013 Preview.
Note: |
Similar to the products themselves, content for the next version of Exchange Server and Exchange Online is still being developed. If our Preview documentation doesn’t contain the information you’re looking for, there’s a good chance the content from previous releases may still apply. Browse our Exchange Server 2010 and Exchange Online documentation. If you still can’t find answers, please send feedback to Exchange 2013 Preview Help Feedback. Your comments will help us provide you with the most useful content. |
Configure Mail Flow and Client Access
This topic has not yet been rated - Rate this topic
[This is pre-release documentation and subject to change in future releases.]
Applies to: Exchange Server 2013 Preview
Topic Last Modified: 2012-07-11
After you've installed Microsoft Exchange Server 2013 Preview in your organization, you need to configure Exchange Server 2013 Preview for mail flow and client access. Without these additional steps, you won't be able to send mail to the Internet, and external clients such as Microsoft Office Outlook and ActiveSync devices won't be able to connect to your Exchange organization.
The steps in this topic assume a basic Exchange deployment with a single Active Directory site and a single simple mail transport protocol (SMTP) namespace.
Important: |
This topic uses example values such as contoso.com, mail.contoso.com, and 172.16.10.11. Replace the example values with the FQDNs and IP addresses for your organization. |
For additional management tasks related to mail flow and clients and devices, see the following topics:
Mail Flow
Clients and Mobile Devices
What do you need to know before you begin?
- Estimated time to complete this task: 35 minutes
- Procedures in this topic require specific permissions. See each procedure for its permissions information.
- Before you can perform the steps in this topic, you must have installed at least one Mailbox server role and at least one Client Access server role in an Active Directory site. You can install the server roles on the same computer or on separate computers.
- You'll receive certificate warnings when you connect to the Exchange Administration Center (EAC) website until you configure a secure sockets layer (SSL) certificate on the Client Access server. You'll be shown how to do this later in this topic.
- For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in Exchange 2013.
How do you do this?
Step 1: Create a Send connector
Step 2: Add additional accepted domains
Step 3: Configure the default email address policy
Step 4: Configure an SSL Certificate
Step 5: Configure external URLs
Step 6: Configure Outlook Anywhere authentication methods
Tip: |
Having problems? Ask for help in the Exchange Server forums. Visit the forums at: Exchange Server |
Step 1: Create a Send connector
Before you can send mail to the Internet, you need to create a Send connector on the Mailbox server. Do the following.
1. Open the (EAC) by browsing to https://<fully qualified domain name (FQDN) of Client Access server>/ECP.
https://Exchange-2013.uc-cn.net/ECP
2. Enter your username and password in Domain\user name and Password and then click sign in.
3. Go to Mail Flow > Send Connectors. On the Send Connectors page, click +.
4. In the new send connector wizard, specify a name for the Send connector and then select Internet. Click next.
Send Mail To internet
5. Verify that MX record associated with recipient domain is selected. Click next.
6. Under Address space, click +. In the add domain window, make sure SMTP is selected in the Type field. In the Fully Qualified Domain Name (FQDN) field, enter *. Click save.
SMTP
*
1
7. Make sure Scoped send connector isn't selected and then click next.
8. Under Source server, click +. In the Select a server window, select a Mailbox server that will be used to send mail to the Internet via the Client Access server. After you've selected the server, click add and then click ok.
9. Click finish.
Note: |
A default inbound Receive connector is created when Exchange 2013 Preview is installed. This Receive connector accepts anonymous SMTP connections from external servers. You don't need to do any additional configuration if this is the functionality you want. If you want to restrict inbound connections from external servers, modify the Default Frontend <Client Access server> Receive connector on the Client Access server. |
How do you know this step worked?
To verify that you have successfully created an outbound Send connector, do the following:
1. In the EAC, verify the new Send connector appears in Mail Flow > Send Connectors.
2. Open Outlook Web App and send an email message to an external recipient. If the recipient receives the message, you've successfully configured the Send connector.
Step 2: Add additional accepted domains
By default, when you deploy a new Exchange 2013 Preview organization in an Active Directory forest, Exchange uses the domain name of the Active Directory domain where Setup /PrepareAD was run. If you want recipients to receive and send messages to and from another domain, you must add the domain as an accepted domain. This domain is also added as the primary SMTP address on the default email address policy in the next step.
Important: |
A public Domain Name System (DNS) MX resource record is required for each SMTP domain for which you accept email from the Internet. Each MX record should resolve to the Internet-facing server that receives email for your organization. |
1. Open the EAC by browsing to https://<FQDN of Client Access server>/ECP.
2. Enter your username and password in Domain\user name and Password and then click sign in.
3. Go to Mail Flow > Accepted Domains. On the Accepted Domains page, click +.
4. In the new accepted domain wizard, specify a name for the accepted domain.
5. In the Accepted domain field, specify the SMTP recipient domain you want to add. For example, contoso.com.
6. Select Authoritative domain and then click save.
How do you know this step worked?
To verify that you have successfully created an accepted domain, do the following:
- In the EAC, verify the new accepted domain appears in Mail Flow > Accepted Domains.
Step 3: Configure the default email address policy
If you added an accepted domain in the previous step and you want that domain to be added to every recipient in the organization, you need to update the default email address policy.
1. Open the EAC by browsing to https://<FQDN of Client Access server>/ECP.
2. Enter your username and password in Domain\user name and Password and then click sign in.
3. Go to Mail Flow > Email Address Policies. On the Email Address Policies page, select Default Policy and then click the edit icon.
4. On the Default Policy Email Address Policy page, Click Edit, click Email Address Format.
5. Under Email address format, click the SMTP address you want to change and then click the edit icon.
6. On the email address format page in the Email address parameters field, specify the SMTP recipient domain you want to apply to all recipients in the Exchange organization. This domain must match the accepted domain you added in the previous step. Click save.
7. Click save
8. In the Default Policy details pane, click Apply.
Note: |
We recommend that you configure a user principal name (UPN) that matches the primary email address of each user. If you don't provide a UPN that matches the email address of a user, the user will be required to manually provide their domain\username or UPN in addition to their email address. If their UPN matches their email address, Outlook Web App, ActiveSync, and Outlook, will automatically match their email address to their UPN. |
How do you know this step worked?
To verify that you have successfully configured the default EAP, do the following:
1. In the EAC, go to Recipients > Mailboxes.
2. Select a mailbox and then, in the recipient details pane, verify that the User mailbox field has been set to <alias>@<new accepted domain>.
3. Optionally, create a new mailbox and verify the mailbox is given an email address with the new accepted domain by doing the following:
1. Go to Recipients > Mailboxes and click +.
2. On the new user mailbox page, provide the information required to create a new mailbox. Click save.
3. Select the new mailbox and then, in the recipient details pane, verify that the User mailbox field has been set to <alias>@<new accepted domain>.
Step 4: Configure an SSL certificate
Some services, such as Outlook Anywhere and ActiveSync, require certificates to be configured on your Exchange 2013 Preview server. The following steps show you how to configure an SSL certificate from a third-party certificate authority (CA):
1. Open the EAC by browsing to https://<FQDN of Client Access server>/ECP.
2. Enter your username and password in Domain\user name and Password and then click sign in.
3. Go to Servers > Certificates. On the Certificates page, make sure your Client Access server is selected in the Select server field, and then click +.
4. In the new exchange certificate wizard, select Create a request for a certificate from a certification authority and then click next.
5. Specify a name for this certificate and then click next.
Mail.uc-cn.net
6. If you want to request a wildcard certificate, select Request a wild-card certificate and then specify the root domain of all subdomains in the Root domain field. If you don't want to request a wildcard certificate and instead want to specify each domain you want to add to the certificate, leave this page blank. Click next.
7. Click browse and specify an Exchange server to store the certificate on. The server you select should be the Internet-facing Client Access server. Click next.
8. For each service in the list shown, specify the external or internal server names that users will use to connect to the Exchange server. For example, for Outlook Web App (when access from the Internet), you might specify owa.contoso.com. For OWA (when access from the Intranet), you might specify CAS02.corp.contoso.com. These domains will be used to create the SSL certificate request. Click next.
Mail.uc-cn.net
Autodiscover.uc-cn.net
9. Add any additional domains you want included on the SSL certificate. Click next.
10. Provide information about your organization. This information will be included with the SSL certificate. Click next.
统一沟通(中国)有限公司
IT
China
SH
SH
11. Specify the network location where you want this certificate request to be saved. Click finish.
\\DC.uc-cn.net\Cert Cert: Share everyone read/write
\\DC.uc-cn.net\Cert\CertRequest-Mail.REQ
https://dc.uc-cn.net/certsrv
After you've saved the certificate request, submit the request to your certificate authority (CA). This can be an internal CA or a third-party CA, depending on your organization. Clients that connect to the Client Access server must trust the CA that you use. After you receive the certificate from the CA, complete the following steps:
1. On the Server > Certificates page in the EAC, select the certificate request you created in the previous steps.
\\DC.uc-cn.net\Cert\Cert-Mail.cer
2. In the certificate request details pane, click Complete under Status.
3. On the complete pending request page, specify the path to the SSL certificate file and then click ok.
4. Select the new certificate you just added, and then click the edit icon.
[Edit]
5. On the certificate page, click Services.
6. Select the services you want to assign to this certificate. At minimum, you should select SMTP and IIS. Click save.
7. If you receive the warning Overwrite the existing default SMTP certificate?, click ok.
https://Mail.uc-cn.net/ECP
https://Mail.uc-cn.net/OWA
How do you know this step worked?
To verify that you have successfully added a new certificate, do the following:
1. In the EAC, go to Servers > Certificates.
2. Select the new certificate and then, in the certificate details pane, verify that the following are true:
o Status shows Valid
o Assigned to services shows IIS and SMTP
Step 5: Configure external URLs
After you've chosen your external FQDNs and installed your certificate, you need to configure the external FQDNs on the Client Access server's virtual directories and then configure your domain name service (DNS) records.
If you didn't configure the external Client Access FQDN during setup, you'll need to configure the external URL of each virtual directory on the Internet-facing Client Access server. If you did configure the external Client Access FQDN during setup, you can use the steps below to verify that the FQDN has been correctly set on each virtual directory or skip to the DNS record configuration below.
1. Open the EAC by browsing to https://<FQDN of Client Access server>/ECP.
2. Enter your username and password in Domain\user name and Password and then click sign in.
3. Go to Servers > Virtual Directories.
4. In the Select server field, select the Internet-facing Client Access server.
5. For each virtual directory that's shown (except the Autodiscover virtual directory), click the edit icon. In each virtual directory, do the following:
1. Copy the value in the Internal URL field into the External URL field.
2. In the External URL field, replace the internal FQDN of the Client Access server with the externally accessible FQDN. For example, if the internal FQDN of the Exchange Web Services (EWS) virtual directory is https://cas02.contoso.com/EWS/Exchange.asmx, set the External URL field to https://mail.contoso.com/EWS/Exchange.asmx.
3. Click save.
6. Repeat the above steps for each virtual directory shown in the list.
7. Go to Servers > Servers, select the name of the Internet-facing Client Access server and then click the edit icon.
8. Click Outlook Anywhere.
9. In the Specify the external hostname field, specify the externally accessible FQDN of the Client Access server. For example, mail.contoso.com.
10. Click save.
After you've configured the external URL on the Client Access server virtual directories, you need to configure DNS records for Autodiscover, Outlook Web App, and mail flow. The DNS records should point to the external IP address of your Internet-facing Client Access server and use the externally accessible FQDNs that you've configured on your Client Access server. The following are examples of recommended DNS records that you should create to enable mail flow and external client connectivity.
FQDN | DNS record type | Value |
Contoso.com | MX | Mail.contoso.com |
Mail.contoso.com | A | 172.16.10.11 |
Owa.contoso.com | A | 172.16.10.11 |
Autodiscover.contoso.com | A | 172.16.10.11 |
How do you know this step worked?
To verify that you have successfully configured the external URL on the Client Access server virtual directories, do the following:
1. In the EAC, go to Servers > Virtual Directories.
2. In the Select server field, select the Internet-facing Client Access server.
3. Select a virtual directory and then, in the virtual directory details pane, verify that the External URL field is populated with the correct FQDN and service as shown below:
Virtual directory | External URL value |
Autodiscover | No external URL displayed |
ECP | https://mail.contoso.com/ecp |
EWS | https://mail.contoso.com/EWS/Exchange.asmx |
Microsoft-Server-ActiveSync | https://mail.contoso.com/Microsoft-Server-ActiveSync |
OAB | https://mail.contoso.com/OAB |
OWA | https://mail.contoso.com/owa |
PowerShell | http://mail.contoso.com/PowerShell |
To verify that you have successfully configured DNS, do the following:
1. Open a command prompt and run
nslookup.exe
.2. In
nslookup
, look up the A record of each FQDN you created. Verify that the IP address that's returned for each FQDN is correct.3. In
nslookup
, type set type=mx
and then look up the accepted domain you added in Step 1. Verify that the value returned matches the FQDN of the Client Access server.Step 6: Configure Outlook Anywhere authentication methods
In Exchange 2013 Preview, you need to configure the Internet Information Service (IIS) authentication methods that Outlook Anywhere uses for external clients.
1. On the Client Access server, open the Exchange Management Shell.
2. Add Basic as an available authentication method to the Outlook Anywhere virtual directory on the Internet-facing Client Access server:
3. Repeat the above command for any other Internet-facing Client Access servers in the organization.
4. Either restart the Microsoft Exchange Service Host service using the following commands on each server you modified in the previous step or wait 15 minutes for Exchange to update its configuration:
Copy
Copy
How do you know this step worked?
To verify that you've properly set the IIS authentication methods on all Internet-facing Client Access servers, do the following:
1. Open the Exchange Management Shell.
2. Run the following command:
Copy
Verify that for each Internet-facing Client Access server that's returned that the IISAuthenticationMethods property is set to
Basic, Ntlm, Negotiate
.How do you know this task worked?
To verify that you have configured mail flow and external client access, do the following:
1. In Outlook, on an ActiveSync device, or on both, create a new profile. Verify that Outlook or the mobile device successfully creates the new profile.
2. In Outlook, or on the mobile device, send a new message to an external recipient. Verify the external recipient receives the message.
3. In the external recipient's mailbox, reply to the message you just sent from the Exchange mailbox. Verify the Exchange mailbox receives the message.
4. Go to https://owa.contoso.com/owa and verify that there are no certificate warnings.
Verify an Exchange 2013 Installation
This topic has not yet been rated - Rate this topic
[This is pre-release documentation and subject to change in future releases.]
Applies to: Exchange Server 2013 Preview
Topic Last Modified: 2012-07-06
After you install Microsoft Exchange Server 2013 Preview, we recommend that you verify the installation by running the Get-ExchangeServer cmdlet and by reviewing the setup log file. If the setup process fails or errors occur during installation, you can use the setup log file to track down the source of the problem.
Run Get-ExchangeServer
To verify that Exchange 2013 Preview installed successfully, run the Get-ExchangeServer cmdlet in the Exchange Management Shell. A list is displayed of all Exchange 2013 Preview server roles that are installed on the specified server when this cmdlet is run.
For detailed syntax and parameter information, see Get-ExchangeServer.
Review the setup log file
You can also learn more about the installation and configuration of Exchange 2013 Preview by reviewing the setup log file created during the setup process.
During installation, Exchange Setup logs events in the Application log of Event Viewer on computers that are running Windows Server 2008 R2 with Service Pack 1 (SP1) and Windows Server 2012. Review the Application log, and make sure there are no warning or error messages related to Exchange setup. These log files contain a history of each action that the system takes during Exchange 2013 Preview setup and any errors that may have occurred. By default, the logging method is set to
Verbose
. Information is available for each installed server role.You can find the setup log file at <system drive>\ExchangeSetupLogs\ExchangeSetup.log. The <system drive> variable represents the root directory of the drive where the operating system is installed.
The setup log file tracks the progress of every task that is performed during the Exchange 2013 Preview installation and configuration. The file contains information about the status of the prerequisite and system readiness checks that are performed before installation starts, the application installation progress, and the configuration changes that are made to the system. Check this log file to verify that the server roles were installed as expected.
We recommend that you start your review of the setup log file by searching for any errors. If you find an entry that indicates that an error occurred, read the associated text to determine the cause of the error.