Supported Systems for Exchange 2013

Supported Domain Controller

  • Windows Server 2012 R2 Standard or Datacenter 1
  • Windows Server 2012 Standard or Datacenter
  • Windows Server 2008 R2 Standard or Enterprise SP1 or later
  • Windows Server 2008 R2 Datacenter RTM or later
  • Windows Server 2008 Standard or Enterprise SP1 or later (32-bit or 64-bit)
  • Windows Server 2008 Datacenter RTM or later
  • Windows Server 2003 Standard Edition with Service Pack 2 (SP2) or later (32-bit or 64-bit)
  • Windows Server 2003 Enterprise Edition with SP2 or later (32-bit or 64-bit)

Supported Forest

Windows Server 2003 forest functionality mode or higher 2

  1. Windows Server 2012 R2 is supported only with Exchange 2013 SP1 or later.
  2. Windows Server 2012 R2 forest functionality mode is supported only with Exchange 2013 SP1 or later.

DNS Name Space

  • Contiguous
  • Noncontiguous
  • Single label domains
  • Disjoint

Mailbox, Client Access, and Management Tools

  • Windows Server 2012 R2 Standard or Datacenter
  • Windows Server 2012 Standard or Datacenter
  • Windows Server 2008 R2 Standard with Service Pack 1 (SP1)
  • Windows Server 2008 R2 Enterprise with Service Pack 1 (SP1)
  • Windows Server 2008 R2 Datacenter RTM or later

Supported Client

  • Outlook 2013
  • Outlook 2010
  • Outlook 2007
  • Entourage 2008 for Mac, Web Services Edition
  • Outlook for Mac 2011

Supported Coexistence

  • Exchange 2007 SP3 Update Rollup 10
  • Exchange 2010 SP3 Update Rollup 6

Supported Hybrid Deployment

  • Latest version of Office 365

Relevant Articles

Exchange 2013 Upgrade Guide

Exchange 2013 Deployment

Unified Messaging in Exchange 2013

Publish Exchange 2013

Exchange 2013 Upgrade, Migration and Co-existence

Migration Guide

Exchange 2007/2010 to Exchange 2013 Migration Step by Step Guide

How to Configure Unified Messaging in Exchange 2013 Step by Step

Mail flow in Exchange 2013

image

Source: Microsoft TechNet

image

Source: Microsoft TechNet

Protocol Exchange 2007 & Exchange 2013 Exchange 2007 & Exchange 2013
Namespace legacy.domain.com no additional namespace
OWA Non-silent redirection to
legacy.domain.com
Proxy to CAS2010
Silent direction
EAS Proxy to MBX2013 Proxy to CAS2010
Outlook Anywhere Proxy to CAS2007 Proxy to CAS2010
Autodiscover Redirect to CAS2007 Proxy to CAS2010
EWS Autodiscover Proxy to CAS2010
POP/IMAP Redirect to CAS2007 Proxy to CAS2010
OAB Redirect to CAS2007 Proxy to CAS2010
RPS N/A Proxy to CAS2010
ECP N/A Proxy to CAS2010

Exchange 2013 Perquisites

Supported Co-existence Scenario

  • Exchange 2010 SP3
  • Exchange 2007 SP3+RU10

Supported Client

  • Outlook Anywhere Only, Outlook 2007 or later
  • Outlook for Mac 2011
  • Entourage 2008 for Mac

Active Directory

  • Windows 2003 Forest Functional Level or higher
  • At least one global catalog. two global catalog is highly recommended for redundancy purpose
  • No support for RODC or ROGC

Namespace

  • Contiguous
  • Non-Contiguous
  • Single level Domain
  • disjoint

Operating Systems

  • Windows Server 2008 R2 SP1
  • Windows Server 2012 or Windows Server 2012 R2

Other Components

  • Internet Information Service (IIS)
  • .Net Framework 4.5
  • Unified Communication Managed API

Cumulative Updates

  • CU is a full exchange installer or binary
  • Required for co-existence with Exchange 2007/2010

Upgrade from Exchange 2010 to Exchange 2013

1. Prepare

  • Prepare Exchange 2010 with SP3
  • Test Exchange using Test cmdlets
  • Test Active Directory health status
  • Prepare Active Directory Schema using Exchange 2013 schema

2. Deploy Exchange 2013

  • Install both Exchange 2013 MBX and CAS servers
  • Install Management Server on admin PC

3. Obtain and deploy Certificates

  • Create Certificate CSR from Exchange 2013
  • Sign the certificate from public CA
  • Install Certificate and assign certificate to IIS,SMTP,POP,IMAP

OR

  • Export certificate from Exchange 2010 and import into Exchange 2013

4. Configure Mail flow

  • Create mail and autodiscover namespace and point to Exchange 2013
  • Add Exchange 2013 MBX server into Send Connector
  • Configure Frontend receive connector
  • Create anonymous relay

5. Switch Primary Name Space

  • Switch OWA, ActiveSync and SMTP traffic to Exchange 2013
  • Use TMG/UAG to switch OWA and ActiveSync to Exchange 2013
  • Switch port 25 forwarding to Exchange 2013
  • Validate traffic flow to Exchange 2013

6. Move Mailboxes

  • Build Exchange DAG
  • Migrate user mailbox
  • Migrate resource mailbox
  • Migrate public folders

7. Repeat additional sites

8. Decommission Exchange 2010

Upgrade from Exchange 2007 to Exchange 2013

1. Prepare

  • Prepare Exchange 2007 with SP3 +RU
  • Test Exchange using Test cmdlets
  • Test Active Directory health status
  • Prepare Active Directory Schema using Exchange 2013 schema

2. Deploy Exchange 2013

  • Install both Exchange 2013 MBX and CAS servers
  • Install Management Server on admin PC

3. Obtain and deploy Certificates

  • Create a certificate CSR from Exchange 2013 with legacy namespace
  • Sign the certificate from public CA
  • Install Certificate and assign certificate to Exchange 2013 IIS,SMTP,POP,IMAP
  • Install same certificate into Exchange 2007

4. Configure Mail flow

  • Create legacy DNS record pointing to Exchange 2007
  • Create mail and autodiscover namespace and point to Exchange 2013 CAS
  • Create Send Connector in Exchange 2013
  • Configure Frontend receive connector
  • Create anonymous relay

5. Switch Primary Name Space

  • Switch OWA, ActiveSync and SMTP traffic to Exchange 2013
  • Use TMG/UAG to switch OWA and ActiveSync to Exchange 2013
  • Switch port 25 forwarding to Exchange 2013
  • Validate traffic flow to Exchange 2013 using MCA and ExRCA

6. Move Mailboxes

  • Build Exchange DAG
  • Migrate user mailbox
  • Migrate resource mailbox
  • Migrate public folders

7. Repeat additional sites

8. Decommission Exchange 2007

Validate External Connectivity

Certificate Best Practice

  • Minimize number of certificates
  • Minimize number of host name
  • use split DNS for Exchange host name
  • Don’t list machine name in certificates
  • Use Subject Alternative Name Certificate or SAN certificates

Restart Transport Services and Information Store Service

  • Patch Exchange Server using WSUS or ConfigMgr
  • Reboot DAG member one by one
  • Reboot CAS server one by one
  • Management Tools
  • User Exchange 2013 Administration Center to manage co-existence and migration tasks
  • Use Exchange 2010 management console to move offline address book

Cutover Process

  • Public folder migration is part of final cutover
  • Exchange and Active Directory health check
  • verify proposed and implemented Exchange 2013

Post Migration

  • Shutdown Exchange 2010 servers for minimum 48 hours in working days
  • Decommission Exchange 2010

Exchange 2007/2010 to Exchange 2013 Migration Step by Step Guide

Before you begin, create a work sheet in spreadsheet recording required information to migrate Exchange 2007/2010 to Exchange 2013. For this article, I am going to use following work sheet. This work sheet and migration guide are tested in production exchange migration which I did for few of my clients. Note that this article is not situation specific hence I can’t provide you a silver bullet for your situation.

Deployment Work Sheet

Version Readiness Check

Present Server Proposed Server
Exchange 2007 SP3 OR 2010 SP3 Exchange 2013 CU3

Exchange Role Assignment

Exchange 2013 has two server roles; the Mailbox and Client Access server roles. You need at least one Client Access server and one Mailbox server in the Active Directory forest. If you’re separating your server roles, Microsoft recommend installing the Mailbox server role first.

Mailbox Role: The Mailbox server includes the Client Access protocols, the Transport service, the Mailbox databases, and Unified Messaging (the Client Access server redirects SIP traffic generated from incoming calls to the Mailbox server). The Mailbox server handles all activity for the active mailboxes on that server.

Client Access: The Client Access server provides authentication, limited redirection, and proxy services for all of the usual client access protocols: HTTP, POP and IMAP, and SMTP. The Client Access server, a thin and stateless server, doesn’t do any data rendering. With the exception of diagnostic logs, nothing is queued or stored on the Client Access server.

Server Name Exchange Roles
AUPEREXMBX01,AUPEREXMBX02 Mailbox
AUPEREXCAS01,AUPEREXCAS02 CAS

Active Directory Schema and Forest

When you install Exchange 2013 for the first time, your Active Directory schema will be updated. This schema update is required to add objects and attributes to Active Directory to support Exchange 2013. Additionally, replicating the changes made to your schema may take several hours or days and is dependent on your Active Directory replication schedule. A forced replication can be performed after schema preparation.

Description AD Forest Domain Controller
Primary SMTP namespace Superplaneteers.com AUPERDC01,AUPERDC02
User principal name domain Superplaneteers.com AUPERDC01,AUPERDC02

Legacy Edge Transport

N/A

Network Configuration

Server Name TCP/IP DNS Replication network
AUPEREXMBX01 10.10.10.11

 

10.10.10.2

10.10.10.3

192.168.100.11/24
AUPEREXMBX02 10.10.10.12 10.10.10.2

10.10.10.3

192.168.100.12/24
AUPEREXCAS01 10.10.10.13 10.10.10.2

10.10.10.3

N/A
AUPEREXCAS02 10.10.10.14 10.10.10.2

10.10.10.3

N/A

The network adapter name used within the operating system of mailbox server must be changed to closely match the associated network name. For example: Domain Network and Replication Network. The following binding order must be maintained within Windows operating systems:

  1. First in Order- Domain adapter connected to the Active Directory network
  2. Second in Order- Replication adapter connected to the heartbeat network.

Here is a guide how to change adapter binding order http://technet.microsoft.com/en-us/library/cc732472(v=ws.10).aspx Microsoft does not support multiple default gateways on a single server, no default gateway is required on the replication network card.

Disk layout

Server Name C: E: F: G:
AUPEREXMBX01 50 GB 50 GB 500GB 300GB
AUPEREXMBX02 50 GB 50 GB 500GB 300GB
AUPEREXCAS01 50 GB 50 GB N/A N/A
AUPEREXCAS02 50 GB 50 GB N/A N/A

Resilient Exchange Configuration

Purpose Name TCP/IP Subnet Type
DAG AUPEREXDAG01 10.10.10.15 255.255.255.0 N/A
CAS NLB or Load Balancer Mail.superplaneteers.com 10.10.10.16 255.255.255.0 Multicast

Exchange Administrator

User name Privileges
ExMigrationAdmin Domain Admins

Domain user

Schema Admin

Enterprise Admin

Organisation Management

Local Administrator

Certificates

A public Secure Sockets Layer (SSL) certificate is a prerequisite in Exchange 2013. SSL helps to protect communication between your Exchange servers and clients and other mail servers by encrypting data and, optionally, identifying each side of the connection.

You can buy a third-party certificate from public CA such as Verisign. Certificates published by public CAs are trusted by most operating systems and browsers.

Common Name Subject Alternative Type Assigned to
mail.superplaneteers.com autodiscover.superplaneteers.com SSL IIS,SMTP,POP,IMAP

Supported Client

Exchange 2013 supports the following minimum versions of Microsoft Outlook and Microsoft Entourage for Mac:

  • Outlook 2013 (15.0.4420.1017)
  • Outlook 2010 Service Pack 1 with the Outlook 2010 November 2012 update (14.0.6126.5000).
  • Outlook 2007 Service Pack 3 with the Outlook 2007 November 2012 update (12.0.6665.5000).
  • Entourage 2008 for Mac, Web Services Edition
  • Outlook for Mac 2011

Exchange 2013 does not support Outlook 2003.

Public DNS records

DNS record Record Type IP/Alias/FQDN Priority
Mail.superplaneteers.com A 203.17.x.x N/A
superplaneteers.com MX Mail.superplaneteers.com 10
Autodiscover.superplaneteers.com CNAME Mail.superplaneteers.com N/A

If you have hosted email security then your MX record must look like this. An example is given here for TrendMicro hosted email security.

DNS record Record Type IP/Alias/FQDN Priority
Mail.superplaneteers.com A 203.17.x.x N/A
superplaneteers.com MX in.sjc.mx.trendmicro.com 10
Autodiscover.superplaneteers.com CNAME Mail.superplaneteers.com N/A

Internal DNS records

DNS record Record Type Hardware Load Balancer

VIP or CAS NLB IP

Mail.superplaneteers.com A 10.10.10.16
Autodiscover.superplaneteers.com A 10.10.10.16

If you don’t have CAS NLB or hardware load balancer then create Host(A) record of mail.superplaneteers.com and point to Exchange 2013 CAS Server.

Send Connector

Here I am giving an example of TrednMicro smart host. Do not add smart host without proper authorization from smart host provider otherwise you will not be able to send email from internal organisation to external destination.

Intended use Address Space Network Settings Authentication Smart Host
Internet “*” default Basic, Exchange, TLS relay.sjc.mx.trendmicro.com

Receive Connector

Name Intended use Network Settings IP Range Server(s)
Client Frontend Client default All Available IPv4 AUPEREXMBX01

AUPEREXMBX02

Default Frontend Inbound SMTP default All Available IPv4 AUPEREXMBX01

AUPEREXMBX02

Anonymous Relay

Relay Authentication Permission Remote IP SMTP
Anonymous Relay TLS, Externally Secured Anonymous, Exchange Servers IP Address of Printers, Scanner, Devices, App Server 10.10.10.11

10.10.10.12

Port Forwarding in Cisco Router

Rule Source Address Destination Address NATed Destination Port
OWA Any 203.17.x.x 10.10.10.16 443
SMTP Any 203.17.x.x 10.10.10.16 25

Again if you don’t have CAS NLB or load balancer your NATed destination is Exchange 2013 CAS server.

Mailbox Storage

Storage Group Type Database location
Mailbox storage F:Exchange Data
Mailbox storage logs G:Exchange Log

Email address Policy

Email Address Policy %g.%s@superplaneteers.com

Virtual Directory for internal and external network

Virtual directory Internal and External URL value
Autodiscover https://autodiscover.superplaneteers.com/autodiscover/autodiscover.xml
ECP https://mail.superplaneteers.com/ecp
EWS https://mail.superplaneteers.com/EWS/Exchange.asmx
Microsoft-Server-ActiveSync https://mail.superplaneteers.com/Microsoft-Server-ActiveSync
OAB https://mail.superplaneteers.com/OAB
OWA https://mail.superplaneteers.com/owa
PowerShell http://mail.superplaneteers.com/PowerShell

Since you have finished your work sheet, now you are ready to virtualize Exchange servers on Hyper-v.

1. Virtualize Windows Server 2012 R2

2. Configure TCP/IP properties

3. Disable Windows Firewall

4. Join Windows server 2012 R2 to domain.

Download following software as prerequisites.

1. Microsoft Exchange Server 2010 Service Pack 3 (SP3) OR Exchange Server 2007 Service Pack 3

2. Cumulative Update 3 for Exchange Server 2013 (KB2892464)

3. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

4. Microsoft Office 2010 Filter Pack 64 bit

5. Microsoft Office 2010 Filter Pack SP1 64 bit

Additional Prerequisites if you would like to install Exchange 2013 on Windows Server 2008 R2 SP1.

  1. Microsoft .NET Framework 4.5
  2. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
  3. Microsoft Office 2010 Filter Pack 64 bit
  4. Microsoft Office 2010 Filter Pack SP1 64 bit
  5. Microsoft Knowledge Base article KB974405 (Windows Identity Foundation)
  6. Knowledge Base article KB2619234 (Enable the Association Cookie/GUID that is used by RPC over HTTP to also be used at the RPC layer in Windows 7 and in Windows Server 2008 R2)
  7. Knowledge Base article KB2533623 (Insecure library loading could allow remote code execution)

Windows Firewall

Open Control Panel > Windows Firewall. Turn off Firewall components (Domain, private and Public) completely.

Preparing Base Windows Server 2012 for Exchange 2013

Mailbox Server Role in Windows Server 2012 R2

To install prerequisites in Windows Server 2012, open Windows PowerShell as an administrator. Execute the following cmdlet one by one.

Import-Module ServerManager

Install-WindowsFeature RSAT-ADDS

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Reboot Windows Server 2012

Client Access Server Role in Windows Server 2012 R2

To install prerequisites in Windows Server 2012, open Windows PowerShell as an administrator, Execute the following cmdlet one by one.

Import-Module ServerManager

Install-WindowsFeature RSAT-ADDS

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

Reboot Windows Server 2012

If you are installing Exchange 2013 on Windows Server 2008 R2 SP1.

Prepare mailbox role Windows Server 2008 R2 SP1

Open Windows PowerShell as an administrator, Execute the following cmdlets one by one.

Import-Module ServerManager

Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

Reboot Windows Server 2008 R2

Prepare Client Access in Windows Server 2008 R2

Open Windows PowerShell, Execute the following cmdlet one by one.

Import-Module ServerManager

Add-WindowsFeature Desktop-Experience, NET-Framework, NET-HTTP-Activation, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Web-Server, WAS-Process-Model, Web-Asp-Net, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI

Reboot Windows Server 2008 R2

Install Service pack 3 on exchange 2010

Upgrading to SP3 requires a schema update, review the Active Directory Schema changes beforehand. Upgrade your Exchange servers to SP3. This should be performed in the following order:

1. CAS servers

2. Hub and/or Edge servers

3. Mailbox servers

4. Unified Messaging servers

Upgrade Exchange 2010 to Exchange 2010 SP3 level

1. Once the files are extracted, locate and run setup.exe as an administrator

2. Select Install Microsoft Exchange Upgrade.

3. Select Next at the welcome screen. Read and accept the license terms, then select Next.

4. If you’ve got all the requirements you’ll see all the green checks, Select Upgrade to begin the upgrade

5. Select Next to start the upgrade.

6. When the upgrade is complete, select Finish.

7. Reboot the server to allow changes to take affect.

Prepare Active Directory Schema

Before you prepare Active Directory, make sure your Active Directory is healthy. Follow the procedure for AD health check.

1. Prepare Active Directory in an Active Directory site where you want to install Exchange 2013.

2. Domain Controller must be Server 2008 Standard/Enterprise (x86/x64) OR Server 2008 R2 Standard / Enterprise OR Windows Server 2012 OR Windows Server 2012 R2.

3. Each domain needs at least one writeable global catalog server

4. Ensure AD replication is working properly in each site / domain

5. Ensure Active Directory is healthy. Visit active directory health check

6. Run the following command in a domain controller, Open command prompt as an administrator

repadmin /showrepl

repadmin /replsummary

repadmin /syncall

netdom query fsmo

Dcdiag /e

Netdiag

7. Open Active Directory Sites and Services MMC, make sure all domain controllers are global catalog.

8. Start Menu, Run, Type eventvwr to open event view, Review event logs to see everything is working as per normal

9. Start Menu, Run> Services.msc to open services, Check DNS server, DNS Client, File replication services are started and set to automatic

10. Open SYSVOL in all domain controllers and check everything is same in all domain controllers.

Now you are ready to prepare Active Directory Domain and Forest.

1. Extract the Exchange2013-x64-cu3.EXE package you have downloaded from Microsoft web site to a common location. In my example I will use E:EXCHANGE2013

2. Open a command prompt as an Administrator, and navigate to the directory in which you extracted the files to. In the case of this example it will be E:Exchange2013. You should see a Setup.exe file located there.

3. Run the following cmd:

  • Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

OR

  • Setup.exe /PS /IacceptExchangeServerLicenseTerms

4. Run the following cmd:

  • Setup.exe /PrepareAD /OrganizationName:<NAMEHERE> /IAcceptExchangeServerLicenseTerms

OR

  • Setup.exe /PAD /OrganizationName:<NAMEHERE> /IAcceptExchangeServerLicenseTerms

Now replicate Active Directory manually or wait for replication to complete. Verify event logs in Domain controllers to see any unexpected error or logs pops up or not. If everything looks fine then go ahead and install Exchange 2013.

Installing Exchange 2013 CU3

  1. After you have downloaded Exchange 2013 CU2, log on to the computer on which you want to install Exchange 2013.
  2. Navigate to the network location of the Exchange 2013 installation files.
  3. Start Exchange 2013 Setup by right clicking Setup.exe select Run as administrator
  4. On the Check for Updates page, choose whether you want Setup to connect to the Internet and download product and security updates for Exchange 2013. Select Don’t check for updates right now, you can download and install updates manually later. Click Next to continue.
  5. The Introduction page begins the process of installing Exchange into your organization. Click Next to continue.
  6. On the License Agreement page, review the software license terms. If you agree to the terms, select I accept the terms in the license agreement, and then click Next.
  7. On the Recommended settings page, select whether you want to use the recommended settings. If you select Use recommended settings, Exchange will automatically send error reports and information about your computer hardware and how you use Exchange to Microsoft. click Next.
  8. On the Server Role Selection page, select both Mailbox role and Client Access role or separate role based on your design. The management tools are installed automatically if you install any other server role.
    Select Automatically install Windows Server roles and features that are required to install Exchange Server to have the Setup wizard install required Windows prerequisites. You may need to reboot the computer to complete the installation of some Windows features. If you don’t select this option, you must install the Windows features manually. Click Next to continue.
  9. On the Installation Space and Location page, click Browse to choose a new location. I strongly recommend you installing Exchange 2013 on a separate partition other then C: drive. Click Next to continue.
  10. On the Malware Protection Settings page, choose whether you want to enable or disable malware scanning. If you disable malware scanning, it can be enabled in the future. Unless you have a specific reason to disable malware scanning, we recommend that you keep it enabled. Click Next to continue.
  11. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. click Next to run the prerequisite check again. Be sure to also review any warnings that are reported. If all readiness checks have completed successfully, click Install to install Exchange 2013.
  12. On the Completion page, click Finish.
  13. Restart the computer after Exchange 2013 has completed.
  14. Once rebooted log on to Exchange server and review Event Logs in Exchange Server.
  15. Repeat the steps for all Exchange Server 2013 in your organisation.

Create a Test mailbox

1. Open the EAC by browsing to the URL of your Client Access server. For example, https://AUPEREXCAS01/ecp?ExchClientVer=15.

2. Enter the user name and password of the account you used to install Exchange 2013 in Domainuser name and Password, and then click Sign in.

3. Go to Recipients > Mailboxes. On the Mailboxes page, click Add and then select User mailbox.

4. Provide the information required for the new user and then click Save.

5. Go to Permissions > Admin Roles. On the Admin Roles page, select Organization Management and click Edit .

6. Under Members, click Add .

7. Select the Exchange 2013 mailbox you just created, click Add, then click OK. Then click Save.

Install Exchange 2013 certificates

Depending on your requirements, you can configure wild card certificate or a SAN certificate. I will go for SAN certificate to avoid further configuration such as certificate principal name configuration. In this example, I will create a SAN certificate which is as follows.

  1. Open the EAC by browsing to the URL of your Client Access server. For example, https://AUPEREXCAS01/ecp?ExchClientVer=15.
  2. Enter your user name and password in Domainuser name and Password, and then click Sign in.
  3. Go to Servers > Certificates. On the Certificates page, make sure your Client Access server is selected in the Select server field, and then click New .
  4. In the New Exchange certificate wizard, select Create a request for a certificate from a certification authority and then click Next.
  5. Specify a name for this certificate and then click Next.
  6. If you want to request a wildcard certificate, select Request a wild-card certificate and then specify the root domain of all subdomains in the Root domain field. If you don’t want to request a wildcard certificate and instead want to specify each domain you want to add to the certificate, leave this page blank. Click Next.
  7. Click Browse and specify an Exchange server to store the certificate on. The server you select should be the Internet-facing Client Access server. Click Next.
  8. For each service in the list shown, verify that the external or internal server names that users will use to connect to the Exchange server are correct. For example: CN=mail.superplaneteers.com and SAN=autodiscover.superplaneteers.com
  9. These domains will be used to create the SSL certificate request. Click Next.
  10. Add any additional domains you want included on the SSL certificate.
  11. Select the domain that you want to be the common name for the certificate and click Set as common name. For example, mail.superplaneteers.com. Click Next.
  12. Provide information about your organization. This information will be included with the SSL certificate. Click Next.
  13. Specify the network location where you want this certificate request to be saved. Click Finish.

After you’ve saved the certificate request, submit the request to your certificate authority (CA) which is public CA. Clients that connect to the Client Access server must trust the CA that you use. After you receive the certificate from the CA, complete the following steps:

  1. On the Server > Certificates page in the EAC, select the certificate request you created in the previous steps.
  2. In the certificate request details pane, click Complete under Status.
  3. On the Complete pending request page, specify the path to the SSL certificate file and then click OK.
  4. Select the new certificate you just added, and then click Edit .
  5. On the certificate page, click Services.
  6. Select the services you want to assign to this certificate. At minimum, you should select IIS but you can also select IMAP, POP, SMTP and UM call router if you use these services. Click Save.
  7. If you receive the warning Overwrite the existing default SMTP certificate?, click Yes.

To re-use existing certificate follow the steps below

  1. Log on directly to your Exchange 2010 Client Access server with an administrator user account.
  2. Open an empty Microsoft Management Console (MMC).
  3. Click File, then Add/Remove Snap-in.
  4. In the Add or Remove Snap-ins window, select Certificates and then click Add >.
  5. In the Certificates snap-in window that appears, select Computer account and click Next.
  6. Select Local computer and click Finish. Then click OK.
  7. Under Console Root, expand Certificates (Local Computer), Personal, and then Certificates.
  8. Select the 3rd-party certificate that’s used by Exchange 2010 that matches the host names you’ve configured on the Exchange 2013 server. This must be a 3rd-party certificate and not a self-signed certificate.
  9. Right-click on the certificate and select All Tasks and then Export….
  10. In the Certificate Export Wizard, click Next.
  11. Select Yes, export the private key and click Next.
  12. Make sure Personal Information Exchange – PKCS #12 (.PFX) and Include all certificates in the certification path if possible are selected. Make sure no other options are selected. Click Next.
  13. Select Password and enter a password to help secure your certificate. Click Next.
  14. Specify a file name for the new certificate. Use the file extension .pfx. Click Next and then click Finish.
  15. You’ll receive a confirmation prompt if the certificate export was successful. Click OK to close it.
  16. Copy the .pfx file you created to your Exchange 2013 Client Access server.

After you’ve exported the certificate from your Exchange 2010 server, you need to import the certificate on your Exchange 2013 server using the following steps.

  1. Log on directly to your Exchange 2013 Client Access server with an administrator user account.
  2. Open an empty Microsoft Management Console (MMC).
  3. Click File, then Add/Remove Snap-in.
  4. In the Add or Remove Snap-ins window, select Certificates and then click Add >.
  5. In the Certificates snap-in window that appears, select Computer account and click Next.
  6. Select Local computer and click Finish. Then click OK.
  7. Under Console Root, expand Certificates (Local Computer), and then Personal.
  8. Right-click Personal and select All Tasks and then Import….
  9. In the Certificate Import Wizard, click Next.
  10. Click Browse and select the .pfx file you copied to your Exchange 2013 Client Access server. Click Open and then click Next.
  11. In the Password field, enter the password you used to help secure the certificate when you exported it on the Exchange 2010 Client Access server.
  12. Verify that Include all extended properties is selected and click Next.
  13. Verify that Place all certificates in the following store is selected and Personal is shown in Certificate store. Click Next. Click Finish.
  14. You’ll receive a confirmation prompt if the certificate import was successful. Click OK to close it.

Now that the new certificate has been imported on your Exchange 2013 Client Access server, you need to assign it to your Exchange services using the following steps.

  1. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013CAS/ECP.
  2. Open the EAC by browsing to the URL of your Client Access server. For example, https://Ex2013/ECP.
  3. Enter your user name and password in Domainuser name and Password, and then click Sign in.
  4. On the Server > Certificates page in the EAC, select the new certificate you just added, and then click Edit .
  5. On the certificate page, click Services.
  6. Select the services you want to assign to this certificate. At minimum, you should select IIS but you can also select IMAP, POP, SMTP and UM call router if you use these services. Click Save.
  7. If you receive the warning Overwrite the existing default SMTP certificate?, click Yes.

Configure Exchange 2013 external and internal URLs

  1. Open the EAC by browsing to the URL of your Client Access server. For example, https://AUPEREXCAS01/ecp?ExchClientVer=15.
  2. Enter your user name and password in Domainuser name and Password, and then click Sign in.
  3. Go to Servers > Servers, select the name of the Internet-facing Exchange 2013 Client Access server and then click Edit .
  4. Click Outlook Anywhere.
  5. In the Specify the external hostname field, specify the externally accessible FQDN of the Client Access server. For example, mail.superplaneteers.com.
  6. While you’re here, let’s also set the internally accessible FQDN of the Client Access server. In the Specify the internal hostname field, insert the FQDN you used in the previous step. For example, mail. superplaneteers.com.
  7. Click Save.
  8. Go to Servers > Virtual directories and then click Configure external access domain .
  9. Under Select the Client Access servers to use with the external URL, click Add .
  10. Select the Client Access servers you want to configure, and then click Add. After you’ve added all the Client Access servers you want to configure, click OK.
  11. In Enter the domain name you will use with your external Client Access servers, type the external domain you want to apply. For example, mail.superplaneteers.com. Click Save.

Configure External and Internal URL to be same

  1. Open the Exchange Management Shell on your Exchange 2013 Client Access server.
  2. Store the host name of your Client Access server in a variable that will be used in the next step. For example, In my case, mail.superplaneteers.com

$HostName = “mail.superplaneteers.com “

3. Run each of the following commands in the Shell to configure each internal URL to match the virtual directory’s external URL.

Set-EcpVirtualDirectory “$HostNameECP (Default Web Site)” -InternalUrl ((Get-EcpVirtualDirectory “$HostNameECP (Default Web Site)”).ExternalUrl)

Set-WebServicesVirtualDirectory “$HostNameEWS (Default Web Site)” -InternalUrl ((get-WebServicesVirtualDirectory “$HostNameEWS (Default Web Site)”).ExternalUrl)

Set-ActiveSyncVirtualDirectory “$HostNameMicrosoft-Server-ActiveSync (Default Web Site)” -InternalUrl ((Get-ActiveSyncVirtualDirectory “$HostNameMicrosoft-Server-ActiveSync (Default Web Site)”).ExternalUrl)

Set-OabVirtualDirectory “$HostNameOAB (Default Web Site)” -InternalUrl ((Get-OabVirtualDirectory “$HostNameOAB (Default Web Site)”).ExternalUrl)

Set-OwaVirtualDirectory “$HostNameOWA (Default Web Site)” -InternalUrl ((Get-OwaVirtualDirectory “$HostNameOWA (Default Web Site)”).ExternalUrl)

Set-PowerShellVirtualDirectory “$HostNamePowerShell (Default Web Site)” -InternalUrl ((Get-PowerShellVirtualDirectory “$HostNamePowerShell (Default Web Site)”).ExternalUrl)

To verify that you have successfully configured the internal URL on the Client Access server virtual directories, do the following:

  1. In the EAC, go to Servers > Virtual directories.
  2. In the Select server field, select the Internet-facing Client Access server.
  3. Select a virtual directory and then click Edit .
  4. Verify that the Internal URL field is populated with the correct FQDN.

Move Arbitration Mailboxes

Follow the below steps to move all arbitration and discovery search mailboxes to 2013 database.

Open Exchange Management Shell with run as administrator and run the following cmds

Get‐Mailbox –Arbitration | New-MoveRequest –TargetDatabase TargetDBName

Get-Mailbox “*Discovery*” | New-MoveRequest –TargetDatabase TargetDBName

OR

Type the following comdlets in EMS to find arbitration mailboxes and migrate using migration wizard.

Get-Mailbox –Arbitration >C:Arbitration.txt

Get-Mailbox “*Discovery*” >C:Discovery.txt

  1. In the EAC, go to Recipients > Migration.
  2. Click New , and then click Move to a different database.
  3. On the New local mailbox move page, click Select the users that you want to move, and then click Add .
  4. On the Select Mailbox page, add the mailbox that has the following properties:
    • The display name is Microsoft Exchange.
    • The alias of the mailbox’s email address is SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}.
  5. Click OK, and then click Next.
  6. On the Move configuration page, type the name of the migration batch, and then click Browse next to the Target database box.
  7. On the Select Mailbox Database page, add the mailbox database to move the system mailbox to. Verify that the version of the mailbox database that you select is Version 15. x, which indicates that the database is located on an Exchange 2013 server.
  8. Click OK, and then click Next.
  9. On the Start the batch page, select the options to automatically start and complete the migration request, and then click New.

Enable and configure Outlook Anywhere

To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2010 servers, you must enable and configure Outlook Anywhere on all of the Exchange 2010 servers in your organization. If some Exchange 2010 servers in your organization are already configured to use Outlook Anywhere, their configuration must also be updated to support Exchange 2013. When you use the steps below to configure Outlook Anywhere, the following configuration is set on each Exchange 2010 server:

  1. Open the Exchange Management Shell on your Exchange 2010 Client Access server.
  2. Store the external host name of your Exchange 2013 Client Access server in a variable that will be used in the next steps. For example, mail.superplaneteers.com.

$Exchange2013HostName = “mail.superplaneteers.com”

Run the following command to configure Exchange 2010 servers that already have Outlook Anywhere enabled to accept connections from Exchange 2013 servers.

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $True} | ForEach {Set-OutlookAnywhere “$_RPC (Default Web Site)” -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic}

If you didn’t enable Outlook Anywhere in Exchange 2010 already, Run the following command to enable Outlook Anywhere and configure Exchange 2010 to accept connections from Exchange 2013 servers.

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Get-ClientAccessServer | Where {$_.OutlookAnywhereEnabled -Eq $False} | Enable-OutlookAnywhere -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $Exchange2013HostName -IISAuthenticationMethods NTLM, Basic

Configure service connection point (SCP)

Autodiscover uses an Active Directory object called the service connection point (SCP) to retrieve a list of AutoDiscover URLs for the forest in which Exchange is installed. When you install Exchange 2013, you need to update the SCP object to point to the Exchange 2013 server. This is necessary because Exchange 2013 servers provide additional AutoDiscover information to clients to improve the discovery process.

You must update the SCP object configuration on every Exchange server in the organization. You need to use the version of the Exchange Management Shell that corresponds to the version of the Exchange servers you’re updating.

Perform the following steps to configure the SCP object on your Exchange 2010 servers.

  1. Open the Exchange Management Shell on your Exchange 2010 Client Access server.
  2. Store the AutoDiscover host name of your Exchange 2013 Client Access server in a variable that will be used in the next step. For example, autodiscover.superplaneteers.com.

$AutodiscoverHostName = “autodiscover.superplaneteers.com”

Run the following command to set the SCP object on every Exchange 2010 server to the AutoDiscover URL of the new Exchange 2013 server.

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 14*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverHostName/Autodiscover/Autodiscover.xml

Perform the following steps to configure the SCP object on your Exchange 2013 servers.

  1. Open the Exchange Management Shell on your Exchange 2013 Client Access server.
  2. Store the AutoDiscover host name of your Exchange 2013 Client Access server in a variable that will be used in the next step. For example, autodiscover.superplaneteers.com.

$AutodiscoverHostName = “autodiscover.superplaneteers.com”

Run the following command to set the SCP object on every Exchange 2013 server to the AutoDiscover URL of the new Exchange 2013 server.

Get-ExchangeServer | Where {($_.AdminDisplayVersion -Like “Version 15*”) -And ($_.ServerRole -Like “*ClientAccess*”)} | Set-ClientAccessServer -AutoDiscoverServiceInternalUri https://$AutodiscoverHostName/Autodiscover/Autodiscover.xml

Configure Exchange 2013 Mail flow

Receive connectors

There are four receive connectors in Exchange 2013. They are:

· Default <server name>   Accepts connections from Mailbox servers running the Transport service and from Edge servers.

· Client Proxy <server name>   Accepts connections from front-end servers. Typically, messages are sent to a front-end server over SMTP.

· Default FrontEnd <server name>   Accepts connections from SMTP senders over port 25. This is the common messaging entry point into your organization.

· Outbound Proxy Frontend <server name>   Accepts messages from a Send Connector on a back-end server, with front-end proxy enabled.

1. Open the EAC by browsing to https://AUPEREXCAS01/ecp?ExchClientVer=15 of your Client Access server. Click Mail flow, Click Receive Connector

2. Select Default Frontend AUPERMBX01, Click on Edit or Pencil icon, On the Security Parameter, Select Anonymous, Click Save.

3. Repeat the steps for Default Frontend AUPERMBX02.

Send connector:

All you have to do is to add Exchange 2013 mailbox servers to the existing send connector as shown below:

Open Exchange management Shell as an administrator, execute the following command.

Set-SendConnector –Identity Outbound –SourceTransportServers AUPEREXMBX01, AUPEREXMBX02

OR

1. Open the EAC by browsing to https://AUPEREXCAS01/ecp?ExchClientVer=15 of your Client Access server. Click Mail flow, Click Send Connector, Click Edit or Pencil icon

2. Click on scoping and + icon on Source Server parameter to add the server

3. Select the Exchange 2013 Mailbox servers (AUPEREXMBX01 and AUPEREXMBX02) and add them and Click save.

4. Send connector configuration completed.

Configure a smart host if necessary

1. In the EAC https://AUPEREXCAS01/ecp?ExchClientVer=15, navigate to Mail flow > Send connectors, and then click Add .

2. In the New send connector wizard, specify a name for the send connector and then select Custom for the Type. You typically choose this selection when you want to route messages to computers not running Microsoft Exchange Server 2013. Click Next.

3. Choose Route mail through smart hosts, and then click Add . In the Add smart host window, the fully qualified domain name (FQDN), such as relay.sjc.mx.trendmicro.com. Click Save.

4. Under Address space, click Add . In the Add domain window, make sure SMTP is listed as the Type. For Fully Qualified Domain Name (FQDN), enter * to specify that this send connector applies to messages sent to any domain. Click Save.

5. For Source server, click Add . In the Select a server window, choose a server and click Add . Click OK.

6. Click Finish.

Anonymous Relay

Create a new receive connector using Exchange Administration Center with the following parameters.

  • Name: Anonymous Relay
  • Role: Frontend Transport
  • Type: Custom
  • Available IP: Exchange 2013 server IP
  • Port: 25
  • Security: Anonymous
  • Authentication: TLS, Externally Secured
  • Permission: Exchange Servers, Anonymous users

1. Open the EAC by browsing to https://AUPEREXCAS01/ecp?ExchClientVer=15 of your Client Access server. Click Mail flow, Click Receive Connector, Click Add or + icon

2. Select an Exchange Mailbox Server name AUPEREXMBX01, Type Anonymous Relay on the name, Click Frontend transport, Select Custom, Click Next..

3. On the Network Adapter Binding, Add Exchange 2013 MBX Server IP (10.10.10.11) and port 25. On the remote network settings, add printer, scanner, device and application server IPs. Click Save to create Anonymous Relay.

4. Select newly created Anonymous relay, Click Edit or Pencil Icon, Click Security parameter, Select TLS, Externally Secured in Authentication and Select Exchange Servers, Anonymous users in Permission groups.

5. Open Exchange 2013 Management Shell and execute the following

Get-ReceiveConnector “Anonymous Relay” | Add-ADPermission -User “NT AUTHORITYANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

6. Open Exchange management Shell in Exchange 2010 execute cmdlet

Get-ReceiveConnector –Identity “Anonymous relay” | Fl

From PowerShell Windows copy all the IP addresses of printer and scanner to a notepad

7. Edit Anonymous Relay in Exchange 2013 Administration center and add all the IPs addresses you copied in previous step into remote network setting of Exchange 2013 relay.

8. Repeat step 1 to step 7 on all mailbox servers.

Configure Public Name Space

At this stage, you are ready to configure public DNS record. Update your public DNS record including Hosted Email Security. You only need to configure public DNS if you are changing public IPs and hosted email security otherwise you just have to change the port 443 and port 25 forwarding rule in internal Cisco router in your organization.

You public DNS must look similar to this table.

superplaneteers.com MX Mail.superplaneteers.com
mail.superplaneteers.com A 203.17.x.x (Public IP)
autodiscover.superplaneteers.com A 203.17.x.x (Public IP)

Request your ISP who provided you 203.17.x.x public IP to create reverse DNS record for mail.superplaneteers.com. This is very important for Exchange to function correctly. When you send email to a destination, many destination server checks reverse DNS. If reverse DNS is wrong you could be banned from sending email to destination server. Note that outlook.com check reverse DNS and SPF records of domain sending email to an outlook address.

Configure TMG/UAG

If you are publishing internet facing Exchange 2013 CAS using TMG or UAG, follow the URL below and publish Outlook Web App and Active Sync.

Publish-exchange-server-2010-using-forefront-uag-2010-step-by-step/

Publish-outlook-web-access-and-exchange-servers-using-forefront-tmg-2010/

Create internal DNS Record

Create Host(A) record with reverse DNS in the forward lookup zone of forest superplaneteers.com. Internal DNS records must look similar to this table.

FQDN Record Type IP Address
Mail.superplaneteers.com A 10.10.10.16
Autodiscover.superplaneteers.com A 10.10.10.16

If you don’t have CAS NLB or load balancer then your internal host(A) record must point to Exchange 2013 CAS server.

Open PowerShell as an administrator, execute the following

Resove-Dnsname mail.superplaneteers.com

Nslookup mail.superplaneteers.com

Configure Offline Address Book

To create a new offline address book and set the same OAB on all mailbox databases at once, run the following command. The command example uses “Default Offline Address Book” for the name of the OAB.

Open Exchange Management Shell, execute the cmdlets

New-OfflineAddressBook -Name “Default Offline Address Book” -AddressLists “Default Global Address List”

Restart-Service MSExchangeMailboxAssistants

Wait a few minutes and check if the OAB files is created in C:Program FilesMicrosoftExchange ServerV15ClientAccessOAB<newGUID>

Try to access the new OAB in IE: https://mail.superplaneteers.com/oab/<newguid/oab.xml

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook “Default Offline Address Book (Ex2013)”

To Change the generation server open Exchange 2010 Management Shell and run the following command:

Move-OfflineAddressBook –Identity “Default Offline Address Book” –Server AUPERCAS01,AUPERCAS02

Configure new transport rule in Exchange 2013 or Export transport rules from legacy Exchange.

Follow this reference if you are migrating from Exchange 2007

You cannot migrate transport rules from Exchange Server 2007 to Exchange Server 2013

The following cmdlet example exports all your Transport Rules to the XML file, ExportedRules.xml, in the “c:TransportRules” folder:

Export-TransportRuleCollection -FileName “c:TransportRulesExportedRules.xml”

The following example cmdlet imports your transport rule collection from the XML file ExportedRules.xml in the “C:TransportRules” folder

[Byte[]]$Data = Get-Content -Path “C:TransportRulesExportedRules.xml” -Encoding Byte -ReadCount 0 Import-TransportRuleCollection -FileData $Data

To create new Transport rule,

1. Open the EAC by browsing to https://AUPEREXCAS01/ecp?ExchClientVer=15 of your Client Access server.

  1. Enter your user name and password in Domainuser name and Password, and then click Sign in.
  2. Click Mail Flow, Click Rules, Click Add or + Icon, Type the Name of Rule, Select rule conditions, Click More Option.
  3. Select Date when you would like to activate the rule
  4. Click whether you would like to enforce the rule or test the rule
  5. Follow the wizard to finish the rule settings.

Move mailboxes to Exchange 2013

  1. Open the EAC by browsing to https://AUPEREXCAS01/ecp?ExchClientVer=15 of your Client Access server.
  2. Enter your user name and password in Domainuser name and Password, and then click Sign in.
  3. Go to Recipients > Migration, click Add and then select Move to a different database.
  4. Under Select the users that you want to move, click Add .
  5. In the Select Mailbox window, select the mailboxes you want to move, click Add and then OK.
  6. Verify that the mailboxes you want to move are listed and then click Next.
  7. Specify a name for the new mailbox move and verify that Move the primary mailbox and the archive mailbox if one exists is selected.
  8. Under Target database, click Browse.
  9. In the Select Mailbox Database window, select a mailbox database on the Exchange 2013 server that you want to move the mailboxes to, click Add and then OK.
  10. Verify that the mailbox database displayed in Target database is correct and then click Next.
  11. Decide which user should receive the mailbox move report once the move is complete. By default, the current user will receive the move report. If you want to change which user receives the report, click Browse and select a different user.
  12. Verify Automatically start the batch is selected.
  13. Decide whether you want to have mailbox moves automatically complete. During the finalization phase, the mailbox is unavailable for a short time. If you choose to complete the mailbox move manually, you can decide when the move is finalized. For example, you might want to finalize the move during off-work hours. Select or clear Automatically complete the migration batch.

14. Click Finish.

OR

Open Exchange Management Shell

Get-Mailbox –Database “Exchange 2010 database name’ | New-MoveRequest –targetdatabase “Exchange 2013 database name”

Get-MoveRequest

Migrate Room or Resource mailboxes

Open EMS and execute the cmdlets

Get-Mailbox -RecipientTypeDetails roommailbox -database SOURCEDBNAME | new-moverequest -targetdatabase TARGETDBNAME

Upgrade Distribution groups

Open Exchange management Shell as an administrator, execute the following command.

Get-DistributionGroup -resultsize unlimited | Set-DistributionGroup –ManagedBy “CN=Organization

Management,OU=Microsoft Exchange Security Groups,DC=superplaneteers,DC=com”

Get-DistributionGroup -resultsize unlimited | Set-DistributionGroup –ForceUpgrade

Upgrading Distribution Groups with multiple owners to Exchange 2013

Open Exchange management Shell as an administrator, execute the following command.

foreach ($DL in (Get-DistributionGroup -ResultSize Unlimited)) { $owners = Get-ADPermission $DL.identity | ?{$_.User -notlike “*Exchange*” -and $_.User -notlike “S-*” -and $_.User -notlike “*Organization*” -and $_.User -notlike “NT*” -and $_.User -notlike “*Domain Admins*” -and $_.User -notlike “*Enterprise Admins” -and $_.User -notlike “BUILTIN*” -and $_.User –notlike “*Delegated Setup*”}  | %{$_.user.tostring()};Set-DistributionGroup $DL -BypassSecurityGroupManagerCheck -ManagedBy $owners }

Reference http://blogs.technet.com/b/microsoft_exchange_tips/archive/2013/11/07/upgrading-distribution-groups-with-multiple-owners-to-exchange-2013.aspx

Migrate Public Folder

In Exchange 2013, public folders were re-engineered using mailbox infrastructure to take advantage of the existing high availability and storage technologies of the mailbox database. Public folder architecture uses specially designed mailboxes to store both the public folder hierarchy and the content. This also means that there’s no longer a public folder database. High availability for the public folder mailboxes is provided by a database availability group (DAG).

There are two types of public folder mailboxes: the primary hierarchy mailbox and secondary hierarchy mailboxes. Both types of mailboxes can contain content:

  • Primary hierarchy mailbox   The primary hierarchy mailbox is the one writable copy of the public folder hierarchy. The public folder hierarchy is copied to all other public folder mailboxes, but these will be read-only copies.
  • Secondary hierarchy mailboxes   Secondary hierarchy mailboxes contain public folder content as well and a read-only copy of the public folder hierarchy.

There are two ways you can manage public folder mailboxes:

  • In the Exchange admin center (EAC), navigate to Public folders > Public folder mailboxes.

Before you migrate public folder, I would recommend creating new separate mailbox database in Exchange 2013 then start the migration process.

Step1: Perform Perquisites
Download all four of the Microsoft Exchange 2013 public folder migration scripts and save the script in C:PFScripts
Prerequisites in Exchange 2010 Server
Open Exchange Management Shell in Exchange 2010 server, run the following cmdlets one by one.
Run the following command to take a snapshot of the original source folder structure.
Get-PublicFolder -Recurse | Export-CliXML C:PFMigrationLegacy_PFStructure.xml

Run the following command to take a snapshot of public folder statistics such as item count, size, and owner
Get-PublicFolderStatistics | Export-CliXML C:PFMigrationLegacy_PFStatistics.xml

Run the following command to take a snapshot of the permissions.
Get-PublicFolder -Recurse | Get-PublicFolderClientPermission | Select-Object Identity,User -ExpandProperty AccessRights | Export-CliXML C:PFMigrationLegacy_PFPerms.xml

Save the information from the preceding commands for comparison at the end of the migration.
In Exchange 2010, to locate public folders that have a backslash in the name, run the following command:
Get-PublicFolderStatistics -ResultSize Unlimited | Where {$_.Name -like “**”} | Format-List Name, Identity

In Exchange 2007, to locate public folders that have a backslash in the name, run the following command:
Get-PublicFolderDatabase | ForEach {Get-PublicFolderStatistics -Server $_.Server | Where {$_.Name -like “**”}}

If any public folders are returned, you can rename them by running the following command:
Set-PublicFolder -Identity <public folder identity> -Name <new public folder name>

Make sure there isn’t a previous record of a successful migration. If there is, you’ll need to set that value to $false. If the value is set to $true the migration request will fail.
The following example checks the public folder migration status.
Get-OrganizationConfig | Format-List PublicFoldersLockedforMigration, PublicFolderMigrationComplete

Set-OrganizationConfig -PublicFoldersLockedforMigration:$false -PublicFolderMigrationComplete:$false

Prerequisites on Exchange 2013
Make sure there are no existing public folder migration requests. If there are, clear them.
Get-PublicFolderMigrationRequest | Remove-PublicFolderMigrationRequest -Confirm:$false

To make sure there are no existing public folders on the Exchange 2013 servers, run the following commands.
Get-Mailbox -PublicFolder
Get-PublicFolder

If the above commands return any public folders, use the following commands to remove the public folders.
Get-MailPublicFolder | where $_.EntryId -ne $null | Disable-MailPublicFolder -Confirm:$false
Get-PublicFolder -GetChildren | Remove-PublicFolder -Recurse -Confirm:$false
Get-Mailbox -PublicFolder |Remove-Mailbox -PublicFolder -Confirm:$false

Step2: Generate CSV Files
On the Exchange 2010 server, run the Export-PublicFolderStatistics.ps1 script to create the folder name-to-folder size mapping file.
.Export-PublicFolderStatistics.ps1 <Folder to size map path> <FQDN of source server>

Run the PublicFolderToMailboxMapGenerator.ps1 script to create the public folder-to-mailbox mapping file. This file is used to create the correct number of public folder mailboxes on the Exchange 2013 Mailbox server.
.PublicFolderToMailboxMapGenerator.ps1 <Maximum mailbox size in bytes> <Folder to size map path> <Folder to mailbox map path>

<Folder to size map path> is  \AUPEREX2010c$PFstat.csv
<Maximum mailbox size in bytes> is 20000000
<Folder to mailbox map path> is \AUPEREX2010c$PFMigrationmapgen.csv

Step3: Create public folder mailboxes on Exchange 2013
Run the following command to create the first public folder mailbox on the Exchange 2013 Mailbox server.
New-Mailbox -PublicFolder <Name> -HoldForMigration:$true –database “Exchange 2013 database”

Run the following command to create additional public folder mailboxes as needed based on the .csv file generated from the PublicFoldertoMailboxMapGenerator.ps1 script.

$numberOfMailboxes = 25;
for($index =1 ; $index -le $numberOfMailboxes ; $index++)
{
$PFMailboxName = “Mailbox”+$index;  if($index -eq 1) {New-Mailbox -PublicFolder $PFMailboxName -HoldForMigration:$true -IsExcludedFromServingHiearchy:$true;}else{NewMailbox-PublicFolder $PFMailboxName -IsExcludedFromServingHierarchy:$true}
}

Step4: Start Migration request

Legacy system public folders such as OWAScratchPad and the schema-root folder subtree in Exchange 2007 won’t be recognized by Exchange 2013 and will be treated as bad items. This will cause the migration to fail. As part of the migration request, you must specify a value for the BadItemLimit parameter.

From the Exchange 2013 Mailbox server, run the following command:

$PublicFolderDatabasesInOrg = @(Get-PublicFolderDatabase)
$BadItemLimitCount = 5 + ($PublicFolderDatabasesInOrg.Count -1)
New-PublicFolderMigrationRequest -SourceDatabase (Get-PublicFolderDatabase -Server <Source server name>) -CSVData (Get-Content <Folder to mailbox map path> -Encoding Byte) -BadItemLimit $BadItemLimitCount

To verify that the migration started successfully, run the following command.
Get-PublicFolderMigrationRequest | Get-PublicFolderMigrationRequestStatistics -IncludeReport | Format-List

Step 5: Lock Source Server
On the Exchange 2010 server, run the following command to lock the legacy public folders for finalization.

Set-OrganizationConfig -PublicFoldersLockedForMigration:$true

Step6: Finalize public folder migration
Set-PublicFolderMigrationRequest -Identity PublicFolderMigration -PreventCompletion:$false
Resume-PublicFolderMigrationRequest -Identity PublicFolderMigration

Step7: Test Public Folder Migration
Run the following command to assign some test mailboxes to use any newly migrated public folder mailbox as the default public folder mailbox
Set-Mailbox -Identity <Test User> -DefaultPublicFolderMailbox <Public Folder Mailbox Identity>

Log on to Outlook 2007 or later with the test user identified in the previous step, and then perform the following public folder tests:

Post Migration Check

1. Verify Internal and external DNS records and aliases of autodiscover and mail are pointing to Exchange 2013 CAS server or load balancer VIP or CAS NLB IP. At this stage do not delete Host(A) record of legacy exchange servers until you decommission them.

2. Point your Spam Guard or hosted email security to forward all the emails to exchange 2013 to receive incoming mail via Exchange 2013.

3. Configure Spam Guard or hosted email security to accept emails from all Exchange 2013 Mailbox servers.

4. Configure smart host if necessary.

5. Configure all other application to send email via the Exchange 2013 Mailbox Servers

6. Test inbound and outbound email from outlook client and mobile devices.

7. Start Monitoring Exchange, Open EMS and execute Get-mailbox –monitoring

8. Go to https://testconnectivity.microsoft.com/ to test connectivity of Exchange 2013

9. Go to http://mxtoolbox.com/ to test your MX, Reverse DNS and DNS records.

Decommission Legacy Exchange Server

Before you decommission legacy Exchange server, make sure you have completed the following tasks

  1. Make sure public and internal DNS, MX and CNAME are correct.
  2. Move all user mailboxes to Exchange 2013.
  3. Move all room mailboxes to Exchange 2013.
  4. Move all public folders to Exchange 2013
  5. Move all arbitration mailboxes to Exchange 2013.
  6. Move all Discovery Search mailboxes to Exchange 2013
  7. Add all Exchange 2013 mailbox servers in all the send connectors and remove the Exchange 2007/2010 servers from Send Connector.
  8. Create new anonymous relay receive connectors in Exchange 2013 and all IPs in remote network settings properties of relay
  9. Ensure you have configured Autodiscover correctly at AutoDiscoverServiceInternalUri properties if all CAS 2013. Issue Get-ClientAccessServer | fl cmdlet to view internal url of autodiscover.

10. Remove Exchange 2010 CAS arrays. Execute Get-clientaccessarray | remove-ClientAccessArray in Exchange 2010 management shell

11. Point all the applications to use Exchange 2013 SMTP.

12. Test inbound and outbound email from various supported clients.

Now is the time to shutdown legacy exchange servers in your organization and test Exchange 2013 mail flow again. Make sure you shut down the server during working hours and working days. Keep the legacy exchange down for at least 48hrs. To decommission legacy Exchange follow the steps

1. Bring all legacy servers online means power on all servers which were down in previous step.

2. Remove all Public Folder replicas else Public Folder Database will not be removed. To remove public folder replicas, open Exchange Management Console in exchange 2010, Click Tools, Open Public Folder Management Console, Select Default Public Folder, Click properties, Click Replication, Remove exchange 2010 database from replication. Repeat the same for systems public folder.

3. Remove Exchange 2007/2010 mailbox database and Public folder databases from EMC or EMS.

4. Go to Control Panel to remove Exchange 2007/2010. On Program and Features screen click on Uninstall. On the Maintenance Mode page of the Exchange Server 2007/2010 Setup wizard begins the process of removing your Exchange installation. Click Next to continue.    

5. On the Server Role Selection page, uncheck in 2007/2010 all Exchange server roles and Exchange management tools to remove. In Exchange 2007 CCR remove passive node first then follow the same steps on active node. Click next to continue.

6. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. If the prerequisites check doesn’t complete successfully, review the Summary page and fix any issues that are preventing Setup from removing exchange 2007/2010. If the checks have completed successfully, click Uninstall to remove the entire installation of Exchange 2007/2010.

7. On the Completion page, click Finish.

8. Verify the setup log files and folder located at c:ExchangeSetupLogs.

9. Uninstall Internet Information Services (IIS) from windows Server 2008 or add/remove program and features in Windows Server 2003.

10. Disjoin the legacy Exchange servers from the Domain.

11. Delete Host(A) DNS record of Legacy Exchange Server. Delete ONLY legacy DNS record.

References

http://technet.microsoft.com/en-us/library/ee332361(EXCHG.141).aspx

http://technet.microsoft.com/en-us/library/bb123893(EXCHG.80).aspx

http://technet.microsoft.com/en-US/exdeploy2013/Checklist?state=2284-W-CABEAgAAQAAACQEAAQAAAA~~

http://support.microsoft.com/kb/2846555

http://support.microsoft.com/?kbid=940726

http://www.petenetlive.com/KB/Article/0000036.htm

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-1-step-by-step-exchange-2007-to-2013-migration.aspx

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration.aspx

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-4-step-by-step-exchange-2007-to-2013-migration.aspx

http://www.expta.com/2013/05/owa-2013-cu1-redirection-is-broken-for.html

Transition from Exchange 2010 to Exchange 2013 Step by Step

Exchange Server 2013 Step by Step 

BUY IT NOW:
Amazon USA

Amazon UK

BARNES & NOBLE

Book World

Assumptions:

You have the following infrastructure operational and functioning as desired.

  1. Domain Controller
  2. Certificate Authority
  3. Exchange Server 2010 SP2 DAG
  4. FF TMG 2010 SP2

Current Exchange Version:

image

Prerequisites:

  1. Windows Server 2012 installed on computers which will house Exchange Server 2013.
  2. Windows Media Foundation. Use Add Roles and features Wizard to install Media Foundation on Windows Serer 2012.
  3. Download Exchange 2010 SP3
  4. Cumulative Update 1 for Exchange Server 2013

Step1: Perform a Server Switch Over for a Exchange 2010 SP2 DAG Member

Before you upgrade Exchange Server 2010 SP2 to Exchange 2010 SP3, you must perform a server switch over if you have Exchange DAG. You need to be assigned permissions before you can perform this procedure. use Exchange Management Shell and Run the following Command.

Move-ActiveMailboxDatabase -Server EXCHMBXSRV01 -ActivateOnServer EXCHMBXSRV02

Step2: Install Service Pack 3 on Exchange Server 2010 SP2

Download and Extract Exchange Server 2010 SP3 on the DAG member where you want run the Exchange 2010 Sp3 installer. Now follow the screen shot and upgrade Exchange Server 2010 SP2 to Exchange Server 2010 SP3.

image

you will be prompted for an warning which is A transient communication failure causes a Windows Server 2008 R2 failover cluster to stop working. Ignore the warning and continue. Once SP3 installed. Check the version which is as follows.

 image

Repeat the step 2 in all Exchange Server in your Exchange Organization.

Step3: Prepare Windows Server 2012

Download Windows Server 2012 and install the following prerequisites on Windows Server 2012.

Windows Media Foundation. Use Add Roles and features Wizard to install Media Foundation on Windows Serer 2012.

Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit

Microsoft Office 2010 Filter Pack 64 bit

Microsoft Office 2010 Filter Pack SP1 64 bit

Exchange 2013 setup automatically install features required by Exchange. Alternatively you can use the following PowerShell Command to install all the features at that same time. A reboot is required after installing features.

Step4: Prepare Active Directory and Active Directory Schema

Run the following command to prepare AD Schema and Active Directory.

setup /PrepareSchema /IAcceptExchangeServerLicenseTerms

image

setup /PrepareAD /OrganizationName:<organization name> /IAcceptExchangeServerLicenseTerms

since we already have an Exchange Organization, we don’t need to type Organization again. the following command is enough to prepare Active Directory.  setup /PrepareAD /IAcceptExchangeServerLicenseTerms

image

Step5: Install CU1 for Exchange Server 2013

Log on to the computer on which you want to install Exchange 2013. After you have downloaded Exchange 2013 CU1, Copy Exchange-X64.exe file into Windows Server 2012 where you want to install Exchange Server 2013 . Extract the installer by double clicking the Exchange-x64.exe installer.

  1. On the Check for Updates page, Select Don’t check for updates right now, you can download and install updates manually later. We recommend that you download and install updates now. Click Next to continue. at this stage setup will copy the content and initialize installer.
  2. The Introduction page begins the process of installing Exchange into your organization. Click Next to continue.
  3. On the License Agreement page, Select I accept the terms in the license agreement, and then click Next.
  4. On the Recommended settings page, select whether you want to use the recommended settings. If you select Use recommended settings, click Next.
  5. On the Server Role Selection page, select both Mailbox role and Client Access role. Select Automatically install Windows Server roles and features that are required to install Exchange Server to have the Setup wizard install required Windows prerequisites. You may need to reboot the computer to complete the installation of some Windows features.  Click Next to continue.
  6. On the Installation Space and Location page, either accept the default installation location or click Browse to choose a new location. Make sure that you have enough disk space available in the location where you want to install Exchange. Click Next to continue.
  7. On the Malware Protection Settings page, choose keep it enabled. Click Next to continue.
  8. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. Reboot the server from Server Manager>All Servers>Right Click on Server>Click Shutdown Local Server, Select Reboot, Click Ok.
  9. Be sure to also review any warnings that are reported. If all readiness checks have completed successfully, click Install to install Exchange 2013.
  10. On the Completion page, click Finish.
  11. Restart the computer after Exchange 2013 has completed.

On a co-existence scenario if you type https://FQDN of Client Access Server/ecp you will see only Mailboxes.image

If you type https://FQDN of Client Access Server/ecp?ExchClientVer=15  on internet explorer you will see detailed Exchange Administration Center. 

image

Step6: Install Certificates on Exchange Server 2013 CAS Server(s)

Step7: Configure Outlook Web Access in Exchange 2013

Step8: Configure Send/Receive Connector

Open Exchange Administration Center using https://FQDN of Client Access Server/ecp?ExchClientVer=15 url. Create new Send Connector using this procedure.

  1. In the EAC, navigate to Mail flow > Send connectors, and then click Add Add Icon.
  2. In the New send connector wizard, specify a name for the send connector and then select Internet for the Type. Click Next.
  3. Verify that MX record associated with recipient domain is selected, which specifies that the connector uses the domain name system (DNS) to route mail. Click Next.
  4. Under Address space, click Add Add Icon. In the Add domain window, make sure SMTP is listed as the Type. For Fully Qualified Domain Name (FQDN), enter *, which indicates that this send connector applies to messages addressed to any domain. Click Save.
  5. Make sure Scoped send connector is not selected and then click Next.
  6. For Source server, click Add Add Icon. In the Select a server window, select a Mailbox server that will be used to send mail to the Internet via the Client Access server and click Add Add Icon. After you’ve selected the server, click Add Add Icon. Click OK.
  7. Click Finish.

image

New-SendConnector –Internet –Name MysendConnector –AddressSpace Superplaneteers.com

Similarly you can use New-ReceiveConnector Cmdlet to create receive connector.

Step9: Test Internal/External Mail Flow using new Send Connector

Open internet explorer and type Https://FQDN of CAS Server/OWA  Log on to OWA using domain nameusername and password and check email

Step10: Migrate Mailboxes, DL, Public Folder from Exchange 2010 to Exchange 2013

Before you start migrating Exchange mailboxes, se the Exchange Management Console to enable circular logging otherwise a large log will be generated when migrating mailboxes.  you can enable circular logging in all mailbox database using the following power shell command

Get-MailboxDatabase | Set-MailboxDatabase –circularloggingenabled $true

Set-StorageGroup -Identity “First Storage Group” -CircularLoggingEnabled $true

Open Exchange Administration Center using https://FQDN of Client Access Server/ecp?ExchClientVer=15 url, In the EAC, navigate to Recipients > Migration, and then click Add Add Icon.

image

In the New local mailbox move wizard, select the user you want to move click OK and then click Next.

image 

On the Move configuration page, specify a name for the new batch. Select which options you want for the archive mailbox, and mailbox database location and click New. follow the screen to complete migration.

image

image

image 

To migrate entire mailboxes from an existing Exchange 2010 DAG to new Exchange 2013 DAG using Exchange Management Shell in Exchange Server 2013 and run the following cmdlets.

Get-Mailbox -Database Manager-DB01 | New-MoveRequest -TargetDatabase Manager-DB02 -BatchName “DB01toDB02”

To find out more about New-MoveRequest cmdlet type Get-Help New-MoveRequest –Example or visit Move and Migration Cmdlets 

Step11: Publish Exchange OWA to External Clients

Step12: Migrate Public Folder.

Step13: Migrate Exchange UM

Step14: Retire Exchange Server 2010

A detailed migration steps are available in this book.

Exchange Server 2013 Step by Step 

BUY IT NOW:
Amazon USA

Amazon UK

BARNES & NOBLE

Book World

Exchange 2007/2010 SP3 Released

 

Exchange 2007/2010 SP3 released.

Download Exchange 2007 SP3

Download Exchange 2010 SP3

Building Lync 2010 Server Infrastructure

This article describes systems requirement of Lync 2010 Server and the steps necessary to create a Lync 2010 topology in a production environment in a single forest, single domain topology.

Lync 2010 Server Roles: Lync 2010 is delivered through the following server roles.

  • Front End Server and Back End SQL Server
  • A/V Conferencing Server
  • Edge Server
  • Mediation Server
  • Monitoring Server
  • Archiving Server
  • Director

Lync 2010 Features:

  • Instant messaging (IM) and presence are always enabled
  • Audio Video Conferencing
  • Enterprise Voice is the voice over IP (VoIP) solution
  • Exchange UM features include enabling users to receive voice mail notices and listen to voice mail from Outlook or OWA, to access their Microsoft Exchange mailboxes using a telephone and to receive faxes in their Microsoft Exchange mailboxes.
  • Federated partner/supplier users can easily send and receive IM messages, invite each other to meetings and see each other’s presence.
  • IM and Enterprise voice support for branch office over the WAN link

Reference Topology with High Availability

image

How Lync 2010 Communication works?

image

Hardware Requirements:

Hardware

Lync Front End

Director

DB, Archive, Monitor server

CPU

64-bit processor

64-bit processor

64-bit  processor

RAM

16 GB

4 GB

Min 16GB for Archiving or Monitoring
Max 32GB

System Partition

72 GB free disk space

72 GB free disk space

72 GB free disk space

Additional Partition

Separate Page File partition

Separate Page File partition

Separate Page File partition+ Other Partition for DB & Data

No of NIC
Gbps or higher

2

2

2

Operating Systems for Standard Front End, Director, Edge Server and Proxy Server:

  • Windows Server 2008 R2 Standard/Enterprise/datacenter With SP
  • Windows Server 2008 Standard/Enterprise/datacenter with SP

Clients OS:

  • Windows 7 Pro, Enterprise with all patches installed via WSUS
  • Windows Mobile
  • IP Phone such as Astra/Cisco desk phone set

Database Server:

  • Microsoft SQL Server 2008 R2 Standard/Enterprise with SP x64
  • Microsoft SQL Server 2005 Standard/Enterprise with SP3 x64

Additional Software:

  • Microsoft .NET Framework 3.5 with SP1
  • Silverlight 4.0
  • Windows PowerShell 2.0
  • Active Directory Administrative tools feature installed on Front End Server and Director
  • Microsoft Forefront Threat Management Gateway (TMG) 2010 software.

Internet Information Services (IIS): Front End Servers and Standard Edition servers must run Internet Information Services (IIS), with the following modules:

  • Static Content
  • Default Document
  • HTTP Errors
  • ASP.NET
  • .NET Extensibility
  • Internet Server API (ISAPI) Extensions
  • ISAPI Filters
  • HTTP Logging
  • Logging Tools
  • Tracing
  • Windows Authentication
  • Request Filtering
  • Static Content Compression
  • IIS Management Console
  • IIS Management Scripts and Tools
  • Anonymous Authentication (This is installed by default when IIS is installed.)
  • Client Certificate Mapping Authentication

Software Auto installed:

  • Microsoft Visual C++ 2008 Redistributable
  • Microsoft Visual J# version 2.0 Redistributable
  • URL Rewrite Module version 2.0 Redistributable
  • SQL Server 2008 Native Client

Network Requirements:

  • For public switched telephone network (PSTN) integration, you can integrate by using either T1/E1 lines or SIP trunking
  • Provision your network links to support throughput of 65 kilobits per second (Kbps) per audio stream and 500 Kbps per video stream, if enabled, during peak usage periods. A bidirectional audio or video session consists of two streams.
  • WAN links for Branch servers
  • Reverse Proxy server in Edge

Supported configuration:

  • Windows Server 2008 R2, Windows Server 2008, or at least Windows Server 2003 native mode Forrest Functional level
  • Single/Multiple Forests
  • Single/Multiple Domains
  • Federated Lync Server
  • DNS Load balancing

Un-supported Configuration:

  • x86 Windows Server 2008
  • x86 SQL server database
  • RODC Domain Controllers

Virtualizing Lync 2010 Server: Microsoft Lync Server 2010 supports all workloads and server roles in both physical and virtualized topologies. User capacity in a virtualized topology is roughly 50 percent of the capacity in a physical topology. For details, see Running in a Virtualized Environment in the Planning for Other Features documentation.

Examples of SIP and Domain Name System (DNS) Requirements

SIP Domain

Microsoftguru.com.au

Front End Pool

mypool.Microsoftguru.com.au

Director Pool

dir-pool.microsoftguru.com.au

Edge Pool

myedge.microsoftguru.com.au

Examples of DNS Records and IPs

FQDN

Internal IP Address

Routable Public IP

FrontEnd.Microsoftguru.com.au

192.168.1.6

x

Mediation.Microsoftguru.com.au

192.168.1.7

x

Director.Microsoftguru.com.au

192.168.1.8

x

Archiving.Microsoftguru.com.au

192.168.1.9

x

Monitor.Microsoftguru.com.au

192.168.1.10

x

Edge.microsoftguru.com.au

192.168.1.11

203.9.x.1 , 203.9.x.5, 203.9.x.3

Proxy.microsoftguru.com.au

192.168.1.12

203.9.x.4

Important! Note that Edge and reverse proxy server are in a workgroup environment using microsoftguru.com.au DNS suffix.

Requirements of DNS SRV record for client auto login

DNS SRV Service record for automatic login

SRV Service: _sipinternaltls

Protocol: _TCP

FQDN: Lync.Microsoftguru.com.au

5061

Necessary URLs and Ports

Name

URL

Port

Administrative Access

https://admin.microsoftguru.com.au

443

Meeting

https://meet.microsoftguru.com.au

443

Phone Dialin

https://dialin.microsoftguru.com.au

443

Edge Access

https://internal.microsoftguru.com.au (internal)
http://external.microsoftguru.com.au (External-SIP, Web, AV)

4443

4061
444
443

Director

https://external1.microsoftguru.com.au

443

5060

5061

Certificate Requirements for Internal Servers

Certificate

Subject name/

Common name

Example

Default

FQDN of the pool

SN=FrontEnd.microsoftguru.com.au;

SAN= mypool.microsoftguru.com.au;

SAN=sip.microsoftguru.com.au;

If this pool is the auto-logon server for clients and strict DNS matching is required in SAN

Web Internal

FQDN of the server

SN=FrontEnd.microsoftguru.com.au;

SAN=internal.microsoftguru.com.au;

SAN=meet.microsoftguru.com.au; SAN=dialin.microsoftguru.com.au; SAN=admin.microsoftguru.com.au

Using a wildcard certificate:

SN= FrontEnd.microsoftguru.com.au; SAN=internal.microsoftguru.com.au; SAN=*.microsoftguru.com.au

Web external

FQDN of the server

SN=FrontEnd.microsoftguru.com.au; SAN=external.microsoftguru.com.au; SAN=meet.microsoftguru.com.au; SAN=meet.fabrikam.com; SAN=dialin.microsoftguru.com.au

Using a wildcard certificate:

SN= FrontEnd.microsoftguru.com.au; SAN=external.microsoftguru.com.au; SAN=*.microsoftguru.com.au

Certificates for Director

Certificate

Subject name/

Common name

Example

Default

FQDN of the Director pool

SN=dir-pool.microsoftguru.com.au;

SAN=dir-pool.microsoftguru.com.au;

If this Director pool is the auto-logon server for clients and strict DNS matching is required in SAN

Web Internal

FQDN of the server

SN=Director.microsoftguru.com.au;

SAN= Director.microsoftguru.com.au; SAN=meet.microsoftguru.com.au; SAN=dialin.microsoftguru.com.au; SAN=admin.microsoftguru.com.au

To use Wild Card Certificate

SN= Director.microsoftguru.com.au;

SAN= Director.microsoftguru.com.au SAN=*.microsoftguru.com.au

Web external

FQDN of the server

The Director external web FQDN must be different from the Front End pool or Front End Server.

SN= Director.microsoftguru.com.au; SAN=external1.microsoftguru.com.au SAN=meet.microsoftguru.com.au; SAN=dialin.microsoftguru.com.au

SN= Director.microsoftguru.com.au; SAN=external1.microsoftguru.com.au; SAN=*.microsoftguru.com.au

Ports Requirements:

Server role

Service name

Port

Protocol

Front End Servers

Lync Server Front-End service

5060

TCP

Front End Servers

Front-End service

5061

TCP (TLS)

Front End Servers

Front-End service

444

HTTPS

TCP

Front End Servers

Lync Server Front-End service

135

DCOM and remote procedure call (RPC)

Front End Servers

Lync Server IM Conferencing service

5062

TCP

Front End Servers

Lync Server Web Conferencing service

8057

TCP (TLS)

Front End Servers

Web Conferencing Compatibility Service

8058

TCP (TLS)

Front End Servers

Lync Server Audio/Video Conferencing service

5063

TCP

Front End Servers

Lync Server Audio/Video Conferencing service

57501-65335

TCP/UDP

Front End Servers

Web Compatibility service

80

HTTP

Front End Servers

Lync Server Web Compatibility service

443

HTTPS

Front End Servers

Lync Server Conferencing Attendant service (dial-in conferencing)

5064

TCP

Front End Servers

Lync Server Conferencing Attendant service (dial-in conferencing)

5072

TCP

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5070

TCP

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5067

TCP (TLS)

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5068

TCP

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5081

TCP

Front End Servers that also run a Collocated Mediation Server

Lync Server Mediation service

5082

TCP (TLS)

Front End Servers

Lync Server Application Sharing service

5065

TCP

Front End Servers

Lync Server Application Sharing service

49152-65335

TCP

Front End Servers

Lync Server Conferencing Announcement service

5073

TCP

Front End Servers

Lync Server Call Park service

5075

TCP

Front End Servers

Audio Test service

5076

TCP

Front End Servers

Not applicable

5066

TCP

Front End Servers

Lync Server Response Group service

5071

TCP

Front End Servers

Lync Server Response Group service

8404

TCP (MTLS)

Front End Servers

Lync Server Bandwidth Policy Service

5080

TCP

Front End Servers

Lync Server Bandwidth Policy Service

448

TCP

Front End Servers where the Central Management store resides

CMS Replication service

445

TCP

All internal servers

Various

49152-57500

TCP/UDP

Directors

Lync Server Front-End service

5060

TCP

Directors

Lync Server Front-End service

5061

TCP

Mediation Servers

Lync Server Mediation service

5070

TCP

Mediation Servers

Lync Server Mediation service

5067

TCP (TLS)

Mediation Servers

Lync Server Mediation service

5068

TCP

Mediation Servers

Lync Server Mediation service

5070

TCP (MTLS)

Required Client Ports

Component

Port

Protocol

Clients

67/68

DHCP

Clients

443

TCP (TLS)

Clients

443

TCP (PSOM/TLS)

Clients

443

TCP (STUN/MSTURN)

Clients

3478

UDP (STUN/MSTURN)

Clients

5061

TCP (MTLS)

Clients

6891-6901

TCP

Clients

1024-65535 *

TCP/UDP

Clients

1024-65535 *

TCP/UDP

Clients

1024-65535 *

TCP

Clients

1024-65535 *

TCP

Aastra 6721ip common area phone

Aastra 6725ip desk phone

Polycom CX500 common area phone

Polycom CX600 desk phone

67/68

DHCP

FF TMG 2010 Reverse Proxy Firewall Rule Configuration:

Edge External Interface

Protocol

Port

Firewall Direction

Description

HTTP

80

Out

Checking certificate revocation lists

DNS

53

Out

External DNS queries

SIP / TLS

443

In

Client to server SIP traffic for remote user access

SIP / MTLS

5061

In / Out

Federation and connectivity with a hosted service

PSOM / TLS

443

In

Remote user access to conferences for anonymous and federated users

RTP / TCP

50,000 – 59,999

Out

Media exchange

RTP / TCP

50,000 – 59,999

In

Media exchange required for Office Communications Server 2007 R2 interoperability

RTP / UDP

50,000 – 59,999

In / Out

Media exchange required for Office Communications Server 2007 interoperability

STUN / MSTURN / UDP

3478

In / Out

External user access to A/V sessions (UDP)

Edge Internal Interface

Protocol

Port

Firewall Direction

Description

SIP / MTLS

5061

In / Out

SIP traffic

PSOM / MTLS

8057

Out

Web conferencing traffic from pool to Edge Server

SIP / MTLS / 5062

5062

Out

Authentication of A/V users (A/V authentication service)

STUN / MSTURN / UDP

3478

Out

Preferred path for media transfer between internal and external users (UDP)

STUN / MSTURN / TCP

443

Out

Alternate path for media transfer between internal and external users (TCP)

HTTPS 4443 (out)

4443

Out

Pushing Central Management store updates to Edge Servers

HTTP

80

Out

Checking certificate revocation lists the YVW Certificate Authority

Reverse Proxy External Interface

Protocol

Port

Firewall Direction

Description

HTTP

80

In

(Optional) Redirection to HTTPS if user accidentally enters http://<publishedSiteFQDN&gt;

HTTPS

443

In

Address book downloads, Address Book Web Query service, client updates, meeting content, device updates, group expansion, dial-in conferencing, and meetings.

Reverse Proxy Internal Interface

Protocol

Port

Firewall Direction

Description

HTTPS 4443 (out)

4443

In

Traffic sent to 443 on the reverse proxy external interface is redirected to a pool on port 4443 from the reverse proxy internal interface so that the pool web services can distinguish it from internal web traffic.

Install Lync Planning Tool: Microsoft Lync Server 2010 Planning Tool is a wizard that interactively asks you a series of questions about your organization, the Lync Server features you want to enable, and your capacity planning needs. It then creates a recommended deployment topology based on your answers, and produces several forms of output to aid your planning and installation.

Create a Topology: Topology Builder is an installation component of Lync Server 2010. You use Topology Builder to create, adjust and publish your planned topology. It also validates your topology before you begin server installations. When you install Lync Server on individual servers, the servers read the published topology as part of the installation process, and the installation program deploys the server as directed in the topology.

  • From the Microsoft Lync Server 2010 program group, open Planning Tool.
  • Start the Planning Tool wizard from the beginning by clicking the Get Started button.
  • Select Yes and click Next on the Audio and Video Conferencing page.
  • Select No and click Next on the Dial-In Conferencing page.
  • Select Yes and click Next on the Web Conferencing page.
  • Select No and click Next on the Enterprise Voice page.
  • Select No and click Next on the Call Admission Control page.
  • Select No and click Next on the Monitoring page.
  • Select No and click Next on the Archiving page.
  • On the Federation page, ensure that both boxes are selected and click Next.
  • Select No and click Next on the High Availability page.
  • Select Shared WAN and click Next on the Network Connection page.
  • Click Design Sites>On the Central Sites page, make the following changes:

Enter a descriptive name for Site Name. Type as MyCompany or your company name

Enter the number of users in your organization. for example 1000

Under Online Collaboration, ensure that Dial-in Conferencing is unchecked.

Under Server Applications, uncheck Call Admission Control.

Click Next to continue.

  • On the SIP Domain page, enter the primary SIP domain. For example microsoftguru.com.au. Click Add then click Next.
  • On the Bandwidth Capacity Planning page, accept the default settings and continue.
  • On the Branch Office page, leave each field blank and continue.
  • On the External User Access page, uncheck Enable high availability for external users, click Finish, and then click Draw.
  • From the File menu, select Save Topology.
  • Create a backup of this topology named MyCompany.xml

If you would like to create a design document then you can export the topology to Microsoft Visio or Microsoft Excel

From the File menu, select Export>Select Export to Visio or Export to Excel.

View Site Topology you just created by using topology builder

1. From the Planning Tool Actions pane, view the hardware resources required in this global topology.

2. Double-click on the MyCompany site.

3. Notice the three tabbed pages: Site Topology, Edge Network Diagram, Edge Admin Report at the bottom of the page.

4. On the Site Topology page, move the mouse pointer over icons for a description of each role.

5. Click an icon to see server and port requirements.

Modify Edge Network Diagram: Click on the Edge Network diagram, update the FQDN and IP addresses of each server role in the network diagram by double-clicking the sample data in red.

Role

FQDN

IP Address

FrontEnd Lync Server

FrontEnd.microsoftguru.com.au

192.168.1.6

Director

director.microsoftguru.com.au

192.168.1.8

Reverse Proxy Server

proxy.microsoftguru.com.au

192.168.1.12

203.9.x.4

Edge Server

edge.microsoftguru.com.au

192.168.1.11

203.9.x.1 (access)

203.9.x.5 (web)

203.9.x.3 (av)

Reverse Proxy External FQDN

proxy.microsoftguru.com.au

203.9.x.4

External Access Edge service URL

external.microsoftguru.com.au

203.9.x.1

External Web Conferencing Edge service URL

external.microsoftguru.com.au

203.9.x.5

External A/V Edge service URL

External1.microsoftguru.com.au

203.9.x.3

Review Edge Admin Report

  • Select the Edge Admin Report tab, and then click View to open the report in a browser window.
  • Review the certificate, firewall, and DNS entries.

Export Topology to Topology Builder

  • From the Planning Tool, select File>Export> Export to Topology Builder.
  • Click Yes on the Sample Data Warning dialog.
  • Save the file to the local machine. This lab will save the file as MyCompany.tbxml. Exit the Planning Tool.

Modify the Topology Using Topology Builder: Now import the topology from the Planning Tool and modify it in Topology Builder, in preparation for publishing the topology. Install Topology Builder and Import the Topology from the Planning Tool

  • From the Standard Edition Server, open the Lync Server Deployment Wizard.
  • Select Install Topology Builder.
  • From the Microsoft Lync Server 2010 program group, open Lync Server Topology Builder.
  • Select Open Topology from a local file
  • From the Open dialog, navigate to the file you saved earlier. This lab used MyCompany.tbxml.

Edit Topology: After importing the topology file from the Planning Tool into Topology Builder, you must make some edits to the topology before you can publish the topology. In the left hand pane of Topology Builder, you will see a few small red-X, indicating errors in the topology. To begin resolving these topology issues, follow the guidance below.

Modify Topology in Topology Builder

  • Open Topology Builder. Choose to open an existing file and select MyCompany.tbxml.
  • Expand the top node Lync Server 2010 and navigate to the Standard Edition Front End Servers node.
  • Select Front End Pool>From the Actions pane, select Edit Properties.
  • Under the General section, update the FQDN entry to the name of your Standard Edition Server. For this lab, specify FrontEnd.microsoftguru.com.au.
  • Under the Web Services section, update the External Web Services FQDN. For this lab, specify external.microsoftguru.com.au.
  • Navigate to the Director pools node>Expand the node and select Director.microsoftguru.com.au.
  • Select Edit Properties.Under the Web Services section, update the External Web Services FQDN. For this lab, specify external1.microsoftguru.com.au
  • Click OK to exit the Edit Properties page.

Edit Edge pools

  • From Topology Builder, in the left hand pane, select Lync Server 2010 .
  • Navigate down the tree until you reach Edge pools>Expand Edge pools and select the Edge Server edge.microsoftguru.com.au.
  • From the Actions pane, select Edit Properties>On the Edit Properties page, verify the following settings:

Parameter

Value

Internal Server FQDN

edge.microsoftguru.com.au

Internal IP address

192.168.1.11

Enable federation for this Edge pool (Port 5061)

Enabled

NAT enabled public IP address used

203.9.x.1, 203.9.x.5, 203.9.x.3

Internal Configuration Replication Port (HTTPS)

4443

Next hop pool

director.microsoftguru.com.au (MyCompany)

Enable separate FQDN and IP address for web conferencing and A/V

enabled

SIP Access

internal.microsoftguru.com.au

203.9.x.1

443

Web Conferencing Edge service

external.microsoftguru.com.au

203.9.x.5

443

A/V service

External1.microsoftguru.com.au

203.9.x.3

443

  • Click OK to close the Edit Properties page

Configure Administration URL

  • In Topology Builder, click Lync Server 2010 from the left hand pane.
  • Click Edit Properties>Click Simple URLs.
  • Under Administrative access URL: type https://admin.microsoftguru.com.au.
  • Click OK to close the Edit Properties window.

Review and Save Topology: The topology file should now be ready to be published. Let’s validate the topology settings are valid prior to publishing.

  • In Topology Builder, click on Lync Server 2010. You should have the following settings configured:

· Default SIP domain: microsoftguru.com.au

· Phone access URLS: https://dialin.microsoftguru.com.au

· Meeting URLs: https://meet.microsoftguru.com.au

· Administrative access URL: https://admin.contos.net

· Central Management Server: FrontEnd.microsoftguru.com.au

  • In the left pane of Topology Builder, navigate to Standard Edition Front End Servers.
  • Expand the node and select the FrontEnd.microsoftguru.com.au pool.
  • Verify the following settings:

Parameter

Value

FQDN

FrontEnd.microsoftguru.com.au

IP addresses

Use all configured

Instant messaging and presence

Enabled

Conferencing

Enabled

SQL Store

FrontEnd.microsoftguru.com.aurtc

File store

\FrontEnd.microsoftguru.com.aushare

Edge pool

myedge.microsoftguru.com.au (MyCompany)

Internal web services

Listening Ports: HTTP 80 , HTTPS: 443

External web services

FQDN: external.microsoftguru.com.au

FQDN: external1.microsoftguru.com.au

Listening Ports: HTTP 8080 , HTTPS: 4443

Conferencing

All four services enabled

Collocated Mediation Server

Disabled

Prepare first Standard Edition Server

  • On the Standard Edition Server, open the Lync Server Deployment Wizard.
  • Select Prepare first Standard Edition Server and click Next to install the initial Central Management Store.

Publish Topology

  • From Topology Builder, select Lync Server 2010.
  • From the Actions pane, select Publish Topology and click Next.
  • On the Select Central Management Server page, ensure that FrontEnd.microsoftguru.com.au is selected and continue.

The following URL would be handy for you once you build your topology:

Deploy Lync Edge Server

Deploy Lync Director Server

Install and Configure Lync Front End Server

Lync 2010 Planning Tool

Download Microsoft Lync Server 2010
180-Day Trial

Microsoft Lync Server 2010 Mobility Service and Microsoft Lync Server 2010 Autodiscover Service

Microsoft Lync Server 2010 Mobility Guide

Install and Configure Lync Server 2010—Step by Step

Microsoft Lync Server is the next generation unified communication server. In this article, I will design and deploy Lync Server 2010 on a test platform. You can follow through this article to make up your own Lync Server and modify your design according to your need.

Windows Server 2012 Step by Step

Step1: Prepare a Design Download Microsoft Lync Server 2010, Planning Tool and assess your need for Unified Communication in your company.

image

In this design, I have shown a full scale deployment of Lync Server. However, you can choose to deploy a standard version of Lync. Once you design Lync Server. you need to create a list of IP address, FQDN and Certificate or you might write project documents and Visio design, Sample as follows.

SIP Domain Microsoftguru.com.au
Lync Pool MyLync.Microsoftguru.com.au
FQDN Internal IP Address External IP Address
Lync.Microsoftguru.com.au 192.168.1.6 x
Mediation.Microsoftguru.com.au 192.168.1.7 x
Director.Microsoftguru.com.au 192.168.1.8 x
Archiving.Microsoftguru.com.au 192.168.1.9 x
Monitor.Microsoftguru.com.au 192.168.1.10 x
Edge.Microsoftguru.com.au 192.168.1.11 192.168.100.11

Necessary URLs and Ports

Name URL Port
Administrative Access https://admin.microsoftguru.com.au 443
Meeting https://meet.microsoftguru.com.au 443
Phone Dialin https://dialin.microsoftguru.com.au 443
Edge Access https://edge.microsoftguru.com.au (internal)
http://web.microsoftguru.com.au (External-SIP, Web, AV)
4443

4061
444
443DNS SRV Service record

SRV Service: _sipinternaltls

Protocol: _TCP

FQDN: Lync.Microsoftguru.com.au

5061

 

 

Important! All the CANME and HOST (A) records must be present at internal DNS server. For external client access you must host all CNAME and public IP through your ISP. Don’t worry about the IP addresses I mentioned here. On a practical project, it will be different for sure.

Windows Server 2012 Step by Step

SQL & File

Name FQDN Instances/Share
SQL Lync.Microsoftguru.com.au RTC
File Lync.Microsoftguru.com.au Share

Other Servers

Domain Controller DC.Microsoftguru.com.au
Certificate Authority MyCA.Microsoftguru.com.au
Frontend TMG TMG1.Microsoftguru.com.au
Backend TMG TMG2.Microsoftguru.com.au
Reverse Proxy TMG3.Microsoftguru.com.au

 

Step2: Collect Prerequisites

Before you can actually deploy Lync Server 2010 you need to download following prerequisites, install and prepare environment.

  • Windows Server 2008 R2 x64 Lync Server Roles
  • Windows 7 installed on client computers.
  • .NET 3.5 SP1 installed on all servers.
  • Microsoft Silverlight browser plug-in installed on Standard Edition Server and Director
  • Active Directory Administrative tools feature installed on Standard Edition Server and Director
  • All clients and servers are up to date with patches from Windows Update.
  • Domain controller is running Windows Server 2008 R2 or Windows Server 2008 configured as a DC, DNS and CA
  • FF TMG 2010 is running on Windows Server 2008 R2
  • Service Account or Management user account as Domain Admin

A typical Installation of Lync Server involves completion of the following installation Wizard shown as 1, 2 and 3.

3

Step3: Understanding Lync Server Roles

Internal Users: Lync Server Standard can provide IM, A/V Conferencing, Web Conferencing

External Users: Edge Server, Director and reverse-proxy server provide remote user access, federation, and conferencing

Step4: DNS Creationyou must create all the DNS records, CNAME record, SRV Service Location. I am showing DNS SRV Record here but you can create an Alias records and Host A record yourself.  To create a DNS SRV record

  • On the DNS server, click Start Menu >click Control Panel>click Administrative Tools>click DNS
  • In the console tree for your SIP domain, expand Forward Lookup Zones>right-click the SIP domain in which your Lync Server will be installed> Click Other New Records.
  • In Select a resource record type>click Service Location (SRV)>click Create Record>Click Service and type _sipinternaltls.
  • Click Protocol and type _tcp.
  • Click Port Number, and type 5061
  • Click Host offering this service> type the FQDN of the pool
  • Click OK>Click Done.

Step5: Prepare Environment Prior to deployment, you must install all the servers as their required platform and join domain. On Lync Server, install following windows roles and features

  • IIS 7.0
  • Active Directory Admin Tools
  • SQL Server 2008 with Native Tools (Available in Lync ISO )
  • Windows PowerShell
  • Enable Remote Admin
  • Prepare File Share

On the Standard Edition server, create a file share named share. Configure the administrator account to have full rights. Configure everyone else to have read only privileges. On the Standard Edition server and Director, enable remote administration of the server. Allow Firewall Rules exception for SQL Server and remote administration. Open Command Prompt in Lync Server as an Administrator and Type as follows

netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT

and

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN

To create an exception for SQL Server in Windows Firewall, follow these steps:

  • In Windows Firewall, click the Exceptions tab>click Add Program.
  • In the Add a Program window, click Browse.
  • Click the C:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe executable program, click Open, and then click OK.

Open SQL Server Configuration Manager>Expand SQL Server Network Configuration>Select Protocols>Enable TCP/IP

49

Step6: Prepare Domain, Forest and Schema

Insert Lync Server DVD>Run Lync Server 2010 Setup

1

2

Click on Prepare Active Directory. Follow the screenshots. Run Prepare Schema, Prepare Domain, Prepare Forest.

3

4

5

6

7

8

9

10

11

12

Step7: Lync Server Privileged Access

Now Open Active Directory Users and Computer Console.  Add Users Account whoever installing Lync Server and will be administering Lync Server to the following Groups.

  • CSAdministrator
  • RTCUniversalServerAdmins

50

Step8: Create a Topology using Topology Builder

image

In this step, we’ll use the Planning Tool to define our initial topology. The Planning Tool populates the topology with some initial sample data that will be exported to Topology Builder. Once you import .xml file in Topology Builder, you can edit Topology according to desired IP, Port and URLs.

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

To configure Admin Site, In Topology Builder, click Lync Server 2010 from the left hand pane>Click Edit Properties>Click Simple URLs. Under Administrative access URL: type https://admin.contoso.net. Click OK to close the Edit Properties window.

37

38

39

40

Step9: Deploy Lync Server 2010 Standard Edition

Now that the topology has been published to the Central Management Store, you must install a local replica on the Standard Edition Server, followed by the Director. Additionally, you can install the core components and start the services.

On the Deployment Wizard page, click Install or Update Lync Server System. On the Lync Server 2010 page, Install Local Configuration Store, click Run. On the Local Server Configuration page, ensure that the Retrieve configuration automatically from the Central Management Store option is selected, and then click Next. When the Local Server Configuration installation is complete, click Finish.

41

Setup or Remove Lync Server Components, click Run. On the Setup Lync Server Components page, click Next to set up components as defined in the published topology. When Lync Server components setup completes, click Finish.

42

44

In the Lync Server Deployment Wizard, Request, Install or Assign Certificates, click Run.

On the Certificate Wizard page, click Request>click Next.

Immediate Requests page, accept the default Send the request immediately option, and then click Next>accept the default. On the Certification Authority Account page, click Next. On the Name and Security Settings page, for Friendly Name enter Lync Server, accept the remaining defaults, and then click Next.

On the Organization Information page, optionally provide organization information>click Next. On the Geographical Information page>provide State, Country, City, click Next>click Next. On the SIP Domain setting page, select the SIP Domain and then click Next>click Next. On the Certificate Request Summary page, click Next>click Next>click Finish. On the Certificate Assignment page, click Next>click Next>click Finish>click Close.

45

In the Lync Server Deployment Wizard, on the Lync Server 2010 page, click the Run button>Click Start Services. On the Start Services page, click Next to start the Lync Server services on the server. On the Executing Commands page, after all services have started successfully, click Finish.

46

In the Lync Server Deployment Wizard, Start Services>Click Run

Open Command Prompt>Type Services.msc hit Enter. Now check all the services related Lync Server are running.

47

Click on Start Menu>Click All Program>Click Lync Server 2010>Click Lync Server Control Panel

54

51

Click Users>Find Active Directory test users>Enable users for Lync Server.

52

Define SIP Domain, Log on format and Lync Pool. Click Enable.

53

 

55

Step10: Install Lync Client and Test Lync

Install Lync Client on any Windows7 SIP domain client. Click Start Menu>Click All Program>Click Microsoft Lync Client>Click Tools>Click Option as shown on the picture.

56

Click Manual Configuration>Type Lync.Microsoftguru.com.au>Click Ok.

57

Type sign-in address as test.account@microsoftguru.com.au

Type users name as microsoftgurutest and password. Hit Sign-in. you are not logged on to Lync Client.

58

59

Relevant References:

Microsoft Lync Server 2010

Lync Server 2010 AD Guide

SQL Server 2008 SP1

Microsoft Lync Server 2010, Planning Tool

How to Configure Reverse proxy Using TMG 2010

Install and Configure TMG 2010

Exchange 2010 UM

Back to Back DMZ