dean suzuki blog...2012/11/28 · dean suzuki blog title: basic exchange 2013 configuration...

Dean Suzuki Blog (http://deansuzuki.net) 1

Dean Suzuki Blog

Title: Basic Exchange 2013 Configuration

Created: 11/28/2012

Description:

This post documents the basic steps that should be performed after installing Exchange 2013. I perform

the following steps:

Setup a SMTP (Send Connector) to send mail to the Internet

Create an e-mail address policy to give my users an SMTP address in the format that I want

Create an SSL certificate to provide encrypted access to Outlook Web App, Exchange Admin

Center (new ECP), and Autodiscover.

Configure the external URLs for the above services.

References:

http://technet.microsoft.com/en-us/library/jj218640.aspx ; Configure Mail Flow and Client Access

Disclaimer:

Contents of this blog and article represent the opinions of Dean Suzuki, and do not reflect the views of my employer. (C) 2012 Dean Suzuki, All Rights Reserved

Procedure:

Table of Contents 1 Assumptions: ......................................................................................................................................... 2

2 Configure Mailflow to/from Internet .................................................................................................... 2

2.1 Create a Send Connector .............................................................................................................. 2

2.2 Create an Email Address Policy ..................................................................................................... 6

2.3 Create Exchange Certificate .......................................................................................................... 8

2.4 Complete the Certificate Request ............................................................................................... 13

2.5 Configure External URLs .............................................................................................................. 15

2.6 Create DNS records for Exchange ............................................................................................... 17

http://technet.microsoft.com/en-us/library/jj218640.aspx


1 Assumptions:

The following sections assume that the Exchange 2013 server has been installed.

2 Configure Mailflow to/from Internet

2.1 Create a Send Connector Before you can send mail to the Internet, you need to create a Send connector on the Mailbox server.

Do the following.

1. Open the (EAC) by browsing to https://<fully qualified domain name (FQDN) of Client Access

server>/ECP.

For example: https://lab2012-e2013.contoso2012.com/ecp

2. Enter your user name and password in Domain\user name and Password and then click Sign in.

https://lab2012-e2013.contoso2012.com/ecp


3. Go to Mail flow > Send connectors. On the Send connectors page, click Add .

4. In the New send connector wizard, specify a name for the Send connector and then select

Internet. Click Next.


5. Verify that MX record associated with recipient domain is selected. Click Next.

6. Under Address space, click Add . In the Add domain window, make sure SMTP is selected in

the Type field. In the Fully Qualified Domain Name (FQDN) field, enter *. Click Save.


7. Make sure Scoped send connector isn't selected and then click Next.

8. Under Source server, click Add . In the Select a server window, select a Mailbox server that will

be used to send mail to the Internet via the Client Access server. After you've selected the

server, click Add and then click OK.


9. Click Finish.

2.2 Create an Email Address Policy

1. Go to Mail flow > Email address policies. On the Email address policies page, click + to Create A

New Address Policy.


2. On the Email address format page in the Email address parameters field, specify the SMTP

recipient domain you want to apply to all recipients in the Exchange organization. This domain

must match the accepted domain you added in the previous step. Click Save.

3. Click Save


4. In the Email Address Policies pane, click Apply.

2.3 Create Exchange Certificate Some services, such as Outlook Anywhere and ActiveSync, require certificates to be configured

on your Exchange 2013 server. The following steps show you how to configure an SSL certificate

from a third-party certificate authority (CA):

1. Go to Servers > Certificates. On the Certificates page, make sure your Client Access server is

selected in the Select server field, and then click Add .


2. In the New Exchange certificate wizard, select Create a request for a certificate from a

certification authority and then click Next.

3. Specify a name for this certificate and then click Next.


4. If you want to request a wildcard certificate, select Request a wild-card certificate and then

specify the root domain of all subdomains in the Root domain field. If you don't want to request

a wildcard certificate and instead want to specify each domain you want to add to the

certificate, leave this page blank. Click Next.

5. Click Browse and specify an Exchange server to store the certificate on. The server you select

should be the Internet-facing Client Access server. Click Next.


6. For each service in the list shown, specify the external or internal server names that users will

use to connect to the Exchange server. For example, for Outlook Web App (when access from

the Internet), you might specify owa.contoso.com. For OWA (when access from the Intranet),

you might specify CAS02.corp.contoso.com. These domains will be used to create the SSL

certificate request. Click Next.

7. Add any additional domains you want included on the SSL certificate. Click Next.


8. Provide information about your organization. This information will be included with the SSL

certificate. Click Next.

9. Specify the network location where you want this certificate request to be saved. Click Finish.


2.4 Complete the Certificate Request

Take the certificate request to your certificate authority and get the certificate. Bring the certificate

back to the Exchange server and let’s complete the process.

Note: In another article, I’ll walk through the creation of a Certificate Authority running on Window

Server 2012.

1. On the Server > Certificates page in the EAC, select the certificate request you created in the

previous steps.

2. In the certificate request details pane, click Complete under Status.

3. On the complete pending request page, specify the path to the SSL certificate file and then click

OK.


Note: I had to do a gupdate /force from a command prompt for the Exchange server to get the

new Certificate Authority that I built added to its list of valid CA’s.

4. Select the new certificate you just added, and then click Edit .

5. On the certificate page, click Services.

6. Select the services you want to assign to this certificate. At minimum, you should select SMTP

and IIS. Click Save.


7. If you receive the warning Overwrite the existing default SMTP certificate?, click OK.

2.5 Configure External URLs

After you've chosen your external domains and installed your certificate, you need to configure the

external domains on the Client Access server's virtual directories and then configure your domain name

service (DNS) records.

1. Go to Servers > Servers and then click Configure external access domain (the wrench in the

picture below).

2. Under Select the Client Access servers to use with the external URL, click Add


3. Select the Client Access servers you want to configure and then click Add. After you’ve added all

of the Client Access servers you want to configure, click OK.

4. In Enter the domain name you will use with your external Client Access servers, type the

external domain you want to apply. Click Save.

5. Go to Servers > Servers, select the name of the Internet-facing Client Access server and then

click Edit .

6. Click Outlook Anywhere.

7. In the Specify the external hostname field, specify the externally accessible FQDN of the Client

Access server. For example, mail.contoso.com.


8. Click Save.

2.6 Create DNS records for Exchange

Create DNS records for Exchange:

Mail.contoso2012.com

Owa.contoso2012.com

Autodiscovery.contoso2012.com

dean suzuki blog...2012/11/28 · dean suzuki blog title: basic exchange 2013 configuration...

Documents