MCTS 70-662 Rapid Review: Installing and Configuring Exchange Servers

  • 3/15/2012

Objective 1.3: Install Exchange roles

In this exam objective, you might be tested on adding and modifying roles, adding server roles to existing Exchange 2003 or 2007 organizations, and verifying Exchange installation. You need to know when to use the Security Configuration Wizard (SCW), the port requirements for Windows Firewall, and how to install Exchange Server by using standard and custom installation. You should also know how to install Exchange Server by using the command line; provision an Exchange Server; delegate server installation; troubleshoot a failed installation; and add Exchange Server roles after an initial installation.

Exam need to know

  • Adding and modifying roles from the command line and the GUI

    For example: Do you know what the prerequisites are for installing Exchange Management tools on a workstation running Windows 7?

  • Add server roles to existing Exchange 2003 or 2007 organizations

    For example: What do you first need to configure before you add the Exchange Server 2010 Edge Transport server role to an existing Exchange Server 2003 organization?

  • Verify Exchange installation

    For example: How do you access the setup log?

  • Security Configuration Wizard

    For example: Which tool can you use to roll back a security policy?

  • Windows firewall, including port requirements

    For example: Which TCP port is used for Mailbox server MAPI access?

  • Installing Exchange Server by using standard and custom installation

    For example: Which Exchange server roles do you deploy on a single server during a standard installation?

  • Installing Exchange Server by using the command line

    For example: Which command do you use to start the installation of an Exchange Server 2010 server and deploy the Mailbox server role?

  • Provisioning an Exchange Server and delegating server installation

    For example: Which command would you issue to provision a server?

  • Troubleshooting a failed installation

    For example: Which tools are available to troubleshoot a failed installation?

  • Adding Exchange Server roles after an initial installation

    For example: Which command would you use to add the Client Access server role?

Adding and modifying roles from the command line and the GUI

You should know what permissions are required to install Exchange Server 2010 by running setup.exe (which implements the Exchange Installation Wizard GUI) from within an appropriately configured server. You should be aware that you can also run setup.exe automatically when you insert the Exchange Server 2010 installation media. You should know that another option is to run setup.com from an elevated command prompt. Commands such as Setup /PrepareSchema and Setup /PrepareAD were discussed earlier in this chapter. Installing Exchange Server 2010 from the command prompt and managing server roles after installation are described later in this Objective.

In a production network, application servers such as messaging servers are often administered from administrative workstations, and you need to know how to install Exchange Administrator tools on such a workstation.

True or false? The Exchange Installation Wizard lets you perform only a typical installation.

Answer: False. When you run the Exchange Installation Wizard you are given the choice between performing a typical (or standard) Exchange Server installation and performing a custom Exchange Server installation. When you perform a typical installation, the Hub Transport, Client Access, and Mailbox server roles are deployed on the host server.

True or false? You can administer Exchange from a client workstation.

Answer: True. You can install only the Exchange Management tools but not Exchange itself. Typically, you would do this on an administrative workstation running Windows Vista SP2 (or later) or Windows 7. The prerequisites for installing Exchange Management tools on a workstation running Windows 7 are IIS6 Management Console and Microsoft .NET Framework 3.5.1. On a Windows Vista workstation, you need these prerequisites plus Microsoft .NET Framework 3.5 Family Update for Windows Vista x64 and Windows Server 2008 x64, WinRM 2.0, and PowerShell 2.0.

True or false? You can create a public folder database and configure Internet-facing addresses during installation.

Answer: True. If you choose to deploy the Mailbox server role, you are asked whether there are any client computers that are running Outlook 2003 or Entourage. If such computers are present, setup creates a public folder database. You can also create a public folder database retrospectively if the need arises.

True or false? If you run setup.exe, the wizard performs a readiness check.

Answer: True. The Exchange Installation Wizard performs a set of readiness checks based on the roles that you have chosen to install on the server. If these readiness checks complete successfully, then you can proceed with the installation. Otherwise, you must address the specified issues.

Add server roles to existing Exchange 2003 or 2007 organizations

You should be aware that you can deploy the Exchange Server 2010 Edge Transport server role in an Existing Exchange 2003 organization before upgrading to Exchange 2010. Keep in mind that by doing this, you can provide anti-spam, antivirus, and transport rules processing for your Exchange organization. You are expected to know what steps to take to deploy and configure an Edge Transport server to act as a smart host in the perimeter network before you start upgrading your existing Exchange 2003 servers to Exchange Server 2010. When you install the first instance of Exchange Server 2010 into an existing Exchange Server 2007 organization, you should install the Client Access server role first, followed by the Hub Transport server role, followed by the Unified Messaging server role, and last, the Mailbox server role.

True or false? If you want to create an Edge Subscription, you must deploy at least one Exchange 2010 Hub Transport server in the Exchange organization and configure the organization for coexistence.

Answer: True. Because no computers running Microsoft Exchange Server 2010 are currently deployed in the Exchange organization before you introduce the Edge Transport server role, you cannot use features that rely on Edge Subscription, for example, recipient lookup and safelist aggregation.

True or false? To deploy the Exchange Server 2010 Edge Transport server role, you must first create a Send connector from the Edge Transport server to the Internet.

Answer: True. You can use the New Send Connector Wizard in the EMC on the Edge Transport server to create this Send connector. You select Internet as the intended use and specify all (an asterisk) in the SMTP Address Space dialog box. You can also use the EMS New-SendConnector cmdlet. For example, the following command creates a Send connector named Internet that uses DNS to route messages:

New-SendConnector -Name "Internet" -AddressSpaces * -Usage Internet
-DNSRoutingEnabled $true

True or false? When you introduce the Exchange Server 2010 Client Access server role into an Exchange Server 2007 organization, you need to perform additional configuration steps on your Client Access server.

Answer: True. Because the Client Access server role is the first Windows Server 2010 role introduced into the Exchange Server 2007 organization, you need to enable Outlook Anywhere (if used), configure the virtual directories for the Offline Address Book (OAB), Exchange Web Services, Microsoft Exchange ActiveSync, OWA, and Exchange Control Panel (ECP). You also need to configure OWA settings and Exchange ActiveSync authentication settings.

Verify Exchange installation

You should be aware that when you run the Exchange Installation Wizard, the completion summary indicates whether each step of the setup process has completed successfully. You need to know that you can view the setup log when setup completes by clicking View Setup Log on the Completion page. The exam might test that you know how to view this file directly by using a text editor such as Notepad. The log is stored at C:\ExchangeSetupLogs\ExchangeSetup.log.

True or false? You can use EMS commands to verify installation.

Answer: True. You can verify that Exchange Server 2010 has been deployed successfully by using the EMS Get-ExchangeServer cmdlet. For example, the following command displays information about Exchange Server VAN-EX1:

Get-ExchangeServer -Identity VAN-EX1 | Format-List

The output of this command will inform you of which roles have been deployed, the path where Exchange files have been installed, the network name of the Exchange server, and the location of the Exchange Server’s Active Directory object.

Security Configuration Wizard

You should know that the Security Configuration Wizard (SCW) guides you through the process of creating, editing, applying, or rolling back a security policy. You should know what steps to take to create or modify a security policy for a server, based on its role.

True or false? You can use the SCW to minimize the attack surface of a computer.

Answer: True. By using the SCW, you can minimize the attack surface of a computer by disabling functionality that is not required by the server in performance of its roles.

Windows firewall, including port requirements

The Exchange Server 2010 setup process configures Windows Firewall with Advanced Security so that all necessary ports required to support the roles that you deploy are open for server and client communication. You should be aware that because this process occurs automatically, it is not necessary to use the SCW tool to configure these settings.

True or false? If an additional hardware firewall is installed, you might need to configure its ports.

Answer: True. In some cases, it will be necessary to configure the ports on a separate hardware-based firewall—for example, if you have a hardware firewall separating subnets on your organization’s internal network. The most commonly used ports for each role are as follows:

  • 25 Hub Transport, Edge Transport server SMTP traffic

  • 135 Mailbox server MAPI access

  • 80 Client Access server Autodiscover, availability, OWA, Outlook Anywhere, Exchange ActiveSync

  • 443 Client Access server secure (SSL) Autodiscover, availability, OWA, Outlook Anywhere, Exchange ActiveSync

Installing Exchange Server by using standard and custom installation

You should know that typically you install Exchange Server 2010 and deploy the Hub Transport, Client Access, and Mailbox server roles on a single server. However, you should also know what steps you need to take to customize your Exchange deployment and, for example, deploy only one server role. You might want to automate the process and perform unattended installations of Exchange Server 2010. You also might want to delegate installation tasks to your team members without giving them unnecessary privileges in your Exchange organization.

True or false? You must prepare the environment before you install Exchange Server 2010.

Answer: False. In general, it is preferable to perform environmental preparation steps separately so that you can ensure that changes replicate successfully before attempting to deploy the first Exchange server in your organization. You can, however, choose to prepare Active Directory as a part of the setup process on the first Exchange Server 2010 server deployed in the forest. If you take this approach, the user account used to deploy Exchange Server 2010 must be a member of the Enterprise Admins, Schema Admins, and Domain Admins groups, as well as a member of the local Administrators group on the server that will host Exchange. When you perform this type of deployment, you also need to install Exchange in the same site and domain as the computer that hosts the Schema Master.

True or false? You must deploy Mailbox and Hub Transport roles in each Active Directory site. You must deploy the Client Access role in each site that has a Mailbox server.

Answer: True. For email messages to flow correctly, you need at least one Hub Transport server and one Mailbox server at each site. You need at least one Client Access server in each site that has a Mailbox server.

True or false? You can deploy the Unified Messaging and Edge Transport roles on a single Exchange server.

Answer: False. You cannot deploy the Edge Transport role on the same server as other roles.

Installing Exchange Server by using the command line

You should know how to start installation and optionally specify an answer file with a command such as Setup.com /Mode:Install /Roles:Mailbox.

True or false? You can use setup.com in an unattended installation script.

Answer: True. You can use setup.com to specify the location of a local directory that hosts updates, install language packs, and specify installation options such as whether Exchange supports legacy Outlook clients. You can include the setup.com command with all required options in an unattended installation script. The user account used to uninstall or modify Exchange must be a member of the Organization Management role as well as a member of the local Administrators group on the host server.

Provisioning an Exchange Server and delegating server installation

The exam might test that you know what steps to take to delegate the Organization Management role to enable another user to deploy Exchange Server 2010 in an existing Exchange 2010 organization. If, however, you want someone at a remote branch office to install Exchange Server 2010 and do not want to add this user to this role group, you should be aware that you can configure a Delegated Setup role group so that an account in that group is permitted to install a single, specified Exchange server in the domain. This allows the local administrator to complete the designated task without conferring unnecessary administrative privileges.

True or false? Members of the Delegated Setup role group can provision servers.

Answer: False. Local administrators who are members of the Delegated Setup role group are able to deploy Exchange Server 2010, provided the host server has been provisioned by a member of the Organization Management role group. Members of the Organization Management role group can provision servers by using the following command:

Setup.com /NewProvisionedServer:ServerName

The first server in the domain must be installed by using a user account that is a member of the Organization Management role group as well as the local Administrators group. Members of the Delegated Setup role are also unable to uninstall an Exchange Server. It is only possible to uninstall or remove Exchange Server 2010 by using an account that is a member of the Organization Management role as well as the local Administrators group on the host server.

Troubleshooting a failed installation

You should be aware that if you carry out a GUI-based installation, the Exchange Installation Wizard indicates whether each task you perform completes successfully, and why a task failed. You should know how to troubleshoot a failed installation by using the same procedures that you employ to verify a successful one, namely, running the Get-ExchangeServer cmdlet or viewing the setup log.

Adding Exchange Server roles after an initial installation

The exam might test that you know how to use setup.com to deploy and remove Exchange Server 2010 roles. The setup.com options that you are most likely to be tested on in the 70-662 exam involve installing, adding, or removing roles. You should know that you can also use the Programs And Features item in Control Panel to add or remove roles from a computer running Exchange Server 2010 after setup has completed.

True or false? You cannot use abbreviations in a setup.com command.

Answer: False. Setup.com commands for installing roles can use abbreviations. For example, you can specify roles by using the following terms:

  • HubTransport, HT, or H

  • Mailbox, MB, or M

  • ClientAccess, CA, or C

  • EdgeTransport, ET, or E

  • UnifiedMessaging, UM, or U

You can also abbreviate the option /mode:install to /M:Install.

For example, the command

Setup.com /mode:install /role:Mailbox,HubTransport

accomplishes the same thing as the command:

Setup.com /mode:install /r:M,H

This can be further abbreviated as follows:

Setup.com /M:Install /r:M,H

In all its formats, this command installs the Mailbox and Hub Transport server roles.

True or false? You can use the setup.com command to remove roles.

Answer: True. The /mode:uninstall option removes a role. If no specific roles are selected, this option removes the Exchange installation. For example, the following command removes the Hub Transport server role:

Setup.com /M:Uninstall /r:HT

Can you answer these questions?

You can find the answers to these questions at the end of this chapter.

  1. What command do you issue from an elevated command prompt to add the Hub Transport server role on a computer running Exchange Server 2010 SP2?

  2. You have just completed the installation of Exchange Server 2010 SP2 on a server running Windows Server 2008 R2, and you want to view the setup log by using Notepad. By default, where is this file stored?

  3. What are the prerequisites for installing Exchange Management tools on a workstation running Windows 7?

  4. You are a member of the Organization Management role group and you want another user who is a member of the Delegated Setup role group to deploy Exchange Server 2010 SP2 on the server VAN-SRV1. What command do you issue to provision this server?

  5. You want to deploy the Exchange Server 2010 Edge Transport server role in an Exchange Server 2003 organization that currently has no servers running Exchange Server 2010 configured. What is the first step you should take?