dean suzuki blog...2012/11/28 · dean suzuki blog title: basic exchange 2013 configuration...
TRANSCRIPT
Dean Suzuki Blog (http://deansuzuki.net) 1
Dean Suzuki Blog
Title: Basic Exchange 2013 Configuration
Created: 11/28/2012
Description:
This post documents the basic steps that should be performed after installing Exchange 2013. I perform
the following steps:
Setup a SMTP (Send Connector) to send mail to the Internet
Create an e-mail address policy to give my users an SMTP address in the format that I want
Create an SSL certificate to provide encrypted access to Outlook Web App, Exchange Admin
Center (new ECP), and Autodiscover.
Configure the external URLs for the above services.
References:
http://technet.microsoft.com/en-us/library/jj218640.aspx ; Configure Mail Flow and Client Access
Disclaimer:
Contents of this blog and article represent the opinions of Dean Suzuki, and do not reflect the views of my employer. (C) 2012 Dean Suzuki, All Rights Reserved
Procedure:
Table of Contents 1 Assumptions: ......................................................................................................................................... 2
2 Configure Mailflow to/from Internet .................................................................................................... 2
2.1 Create a Send Connector .............................................................................................................. 2
2.2 Create an Email Address Policy ..................................................................................................... 6
2.3 Create Exchange Certificate .......................................................................................................... 8
2.4 Complete the Certificate Request ............................................................................................... 13
2.5 Configure External URLs .............................................................................................................. 15
2.6 Create DNS records for Exchange ............................................................................................... 17
Dean Suzuki Blog (http://deansuzuki.net) 2
1 Assumptions:
The following sections assume that the Exchange 2013 server has been installed.
2 Configure Mailflow to/from Internet
2.1 Create a Send Connector Before you can send mail to the Internet, you need to create a Send connector on the Mailbox server.
Do the following.
1. Open the (EAC) by browsing to https://<fully qualified domain name (FQDN) of Client Access
server>/ECP.
For example: https://lab2012-e2013.contoso2012.com/ecp
2. Enter your user name and password in Domain\user name and Password and then click Sign in.
Dean Suzuki Blog (http://deansuzuki.net) 3
3. Go to Mail flow > Send connectors. On the Send connectors page, click Add .
4. In the New send connector wizard, specify a name for the Send connector and then select
Internet. Click Next.
Dean Suzuki Blog (http://deansuzuki.net) 4
5. Verify that MX record associated with recipient domain is selected. Click Next.
6. Under Address space, click Add . In the Add domain window, make sure SMTP is selected in
the Type field. In the Fully Qualified Domain Name (FQDN) field, enter *. Click Save.
Dean Suzuki Blog (http://deansuzuki.net) 5
7. Make sure Scoped send connector isn't selected and then click Next.
8. Under Source server, click Add . In the Select a server window, select a Mailbox server that will
be used to send mail to the Internet via the Client Access server. After you've selected the
server, click Add and then click OK.
Dean Suzuki Blog (http://deansuzuki.net) 6
9. Click Finish.
2.2 Create an Email Address Policy
1. Go to Mail flow > Email address policies. On the Email address policies page, click + to Create A
New Address Policy.
Dean Suzuki Blog (http://deansuzuki.net) 7
2. On the Email address format page in the Email address parameters field, specify the SMTP
recipient domain you want to apply to all recipients in the Exchange organization. This domain
must match the accepted domain you added in the previous step. Click Save.
3. Click Save
Dean Suzuki Blog (http://deansuzuki.net) 8
4. In the Email Address Policies pane, click Apply.
2.3 Create Exchange Certificate Some services, such as Outlook Anywhere and ActiveSync, require certificates to be configured
on your Exchange 2013 server. The following steps show you how to configure an SSL certificate
from a third-party certificate authority (CA):
1. Go to Servers > Certificates. On the Certificates page, make sure your Client Access server is
selected in the Select server field, and then click Add .
Dean Suzuki Blog (http://deansuzuki.net) 9
2. In the New Exchange certificate wizard, select Create a request for a certificate from a
certification authority and then click Next.
3. Specify a name for this certificate and then click Next.
Dean Suzuki Blog (http://deansuzuki.net) 10
4. If you want to request a wildcard certificate, select Request a wild-card certificate and then
specify the root domain of all subdomains in the Root domain field. If you don't want to request
a wildcard certificate and instead want to specify each domain you want to add to the
certificate, leave this page blank. Click Next.
5. Click Browse and specify an Exchange server to store the certificate on. The server you select
should be the Internet-facing Client Access server. Click Next.
Dean Suzuki Blog (http://deansuzuki.net) 11
6. For each service in the list shown, specify the external or internal server names that users will
use to connect to the Exchange server. For example, for Outlook Web App (when access from
the Internet), you might specify owa.contoso.com. For OWA (when access from the Intranet),
you might specify CAS02.corp.contoso.com. These domains will be used to create the SSL
certificate request. Click Next.
7. Add any additional domains you want included on the SSL certificate. Click Next.
Dean Suzuki Blog (http://deansuzuki.net) 12
8. Provide information about your organization. This information will be included with the SSL
certificate. Click Next.
9. Specify the network location where you want this certificate request to be saved. Click Finish.
Dean Suzuki Blog (http://deansuzuki.net) 13
2.4 Complete the Certificate Request
Take the certificate request to your certificate authority and get the certificate. Bring the certificate
back to the Exchange server and let’s complete the process.
Note: In another article, I’ll walk through the creation of a Certificate Authority running on Window
Server 2012.
1. On the Server > Certificates page in the EAC, select the certificate request you created in the
previous steps.
2. In the certificate request details pane, click Complete under Status.
3. On the complete pending request page, specify the path to the SSL certificate file and then click
OK.
Dean Suzuki Blog (http://deansuzuki.net) 14
Note: I had to do a gupdate /force from a command prompt for the Exchange server to get the
new Certificate Authority that I built added to its list of valid CA’s.
4. Select the new certificate you just added, and then click Edit .
5. On the certificate page, click Services.
6. Select the services you want to assign to this certificate. At minimum, you should select SMTP
and IIS. Click Save.
Dean Suzuki Blog (http://deansuzuki.net) 15
7. If you receive the warning Overwrite the existing default SMTP certificate?, click OK.
2.5 Configure External URLs
After you've chosen your external domains and installed your certificate, you need to configure the
external domains on the Client Access server's virtual directories and then configure your domain name
service (DNS) records.
1. Go to Servers > Servers and then click Configure external access domain (the wrench in the
picture below).
2. Under Select the Client Access servers to use with the external URL, click Add
Dean Suzuki Blog (http://deansuzuki.net) 16
3. Select the Client Access servers you want to configure and then click Add. After you’ve added all
of the Client Access servers you want to configure, click OK.
4. In Enter the domain name you will use with your external Client Access servers, type the
external domain you want to apply. Click Save.
5. Go to Servers > Servers, select the name of the Internet-facing Client Access server and then
click Edit .
6. Click Outlook Anywhere.
7. In the Specify the external hostname field, specify the externally accessible FQDN of the Client
Access server. For example, mail.contoso.com.
Dean Suzuki Blog (http://deansuzuki.net) 17
8. Click Save.
2.6 Create DNS records for Exchange
Create DNS records for Exchange:
Mail.contoso2012.com
Owa.contoso2012.com
Autodiscovery.contoso2012.com