Exchange Server 2007 Deployment Checklists: Technical White Paper

Exchange Server 2007 Deployment Checklists
Technical White Paper

Published: August 2007
CONTENTS
Executive Summary ................................................................................................................................................4 Introduction ................................................................................................................................................6 Exchange Server Deployment Process ................................................................................................................................................8 Pre-Installation Deployment Checklist ................................................................................................................................................11 Hub Transport Server Checklist ................................................................................................................................................14 Edge Transport Server Checklist ................................................................................................................................................17 Mailbox Server Checklist ................................................................................................................................................20 Client Access Server Checklist ................................................................................................................................................23 Unified Messaging Server Checklist ................................................................................................................................................24 Conclusion ................................................................................................................................................26 For More Information ................................................................................................................................................27 Appendix: Deployment Worksheets ................................................................................................................................................28 IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper 28 IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper 30 Exchange 2007 Edge Transport Server Installation and Configuration 34 IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper 35
IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper 37 IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper Installation and Configuration 42
Situation
To drive excellence in server deployments, the Exchange Messaging team within Microsoft Information Technology (Microsoft IT) relies on checklists. Checklists help to ensure consistency and completeness when carrying out deployment tasks, and they minimize deployment risks and save time.
EXECUTIVE SUMMARY
The Exchange Messaging team within Microsoft Information Technology (Microsoft IT) started the production rollout of Microsoft Exchange Server 2007 at full scale in July 2006 using the beta 2 version of the product. For more than a year prior to this event, the Exchange Messaging team had deployed Exchange Server 2007 in the pre-release production environment to help the Exchange Server product group evaluate enterprise readiness. The first server installation took place in the pre-release production environment in February 2005, more than 22 months before the product shipped. To put this time frame into perspective, Microsoft Exchange 2000 Server pre-release verification started three weeks before the release to manufacturing (RTM) date and the Microsoft Exchange Server 2003 pre-release verification period was only six months. This shows how strong the relationship between the Exchange Server Product group and the Exchange Messaging team has grown over recent years. In fact, the Exchange Server Product group does not ship product versions or service packs now until the Exchange Messaging team signs off on the enterprise readiness. To demonstrate the enterprise readiness of the new Exchange Server version to customers, the Exchange Messaging team committed to perform the transition of the entire corporate production mailbox environment prior to the official RTM date. The team only had five months to finish the deployment in a large enterprise messaging environment with demanding power users. The Exchange Messaging team deployed 61 Mailbox servers, 6 Edge Transport servers, 14 Hub Transport servers, 11 Unified Messaging (UM) servers with supporting Voice over Internet Protocol (VoIP) gateways, and 30 Client Access servers. The Mailbox servers correspond to 122 server computers because all Mailbox servers are clustered systems based on Cluster Continuous Replication (CCR) to ensure high availability. There are 130,000 mailboxes in the corporate production environment, which means that during the production rollout, the Exchange Messaging team moved between 1,000 and 1,500 mailboxes per server from Exchange Server 2003 to Exchange Server 2007 every day, including weekends. In this fast-paced project, checklists represented an essential deployment tool. A deployment checklist is a catalog or a structured document with detailed instructions outlining individual installation and configuration tasks to ensure deployment success. The guiding principle is part of every Exchange Server 2007 deployment because the Setup program includes readiness checks to guide administrators through a number of assessment steps prior to the actual server installation. These readiness checks proactively cover the most typical issues to help customers deploy Exchange Server 2007 successfully. In addition, IT organizations can benefit from explicit checklists to coordinate and account for all deployment steps and to apply them consistently. This technical white paper discusses the deployment checklists that the Exchange Messaging team created based on the Exchange Server 2007 architecture and design specifications for the corporate production environment. The first two sections briefly reiterate the reasons why the Exchange Messaging team uses checklists, and the sections explain the Microsoft IT server life-cycle management process. These sections also discuss the usefulness of checklists from a decision maker's point of
Solution
Microsoft IT transitioned the corporate production environment, with 150,000 mailboxes, to Exchange Server 2007 in less than six months, and decommissioned the last Exchange 2003 Mailbox server shortly after Exchange Server 2007 released to manufacturing. The deployment checklists discussed in this technical white paper are a cornerstone of this success.
Benefits Strong project management Improved IT staff productivity Clear communication process Accelerated deployment progress Reduced deployment risks Products & Technologies Microsoft Windows Server 2003 Microsoft Exchange Server 2003 Microsoft Exchange Server 2007 Microsoft Systems Management
Server 2003 Desired Configuration Monitoring v2.0 Clustered servers Cluster Continuous Replication
Page 4
view and highlight the responsibilities of the Exchange Messaging team within the overall Microsoft IT organization. The third section, "Pre-Installation Deployment Checklists," covers the tasks the Exchange Messaging team performs to prepare servers for later installation of a specific server role. In some cases, a server role requires additional configuration. These tasks are role-specific and are listed in checklist form. The next sections provide detailed discussions of the various checklists that the Exchange Messaging team created for the individual server roles. This technical white paper also includes an appendix titled "Deployment Worksheets," which contains a set of worksheet templates that are derived from the Exchange Messaging team checklists. These worksheet templates can serve as a starting point to create custom checklists based on the specific needs of an IT organization. This technical white paper contains information for technical decision makers and IT implementers who are planning to deploy Exchange Server 2007. This paper assumes that the audience is already familiar with the concepts of Windows Server 2003 operating system, the Active Directory directory service, and previous versions of Exchange Server. A high-level understanding of the new features and technologies that are included in Exchange Server 2007 is also helpful. Detailed product information is available in the Microsoft Exchange Server 2007 Technical Library at http://www.microsoft.com/technet/prodtechnol/exchange/2007/library/default.mspx. Note: For security reasons, the sample names of forests, domains, organizations, and other internal resources mentioned in this paper do not represent real resource names used within Microsoft and are for illustration purposes only.
Page 5
INTRODUCTION
The Exchange Messaging team uses checklists for three important reasons:
They help the team to verify the architecture and design specifications They outline the deployment steps in detail They serve reporting purposes
The Systems Engineering group within the Exchange Messaging team creates the architecture and design specifications for the messaging environment, which the systems engineers validate in an engineering lab that closely mirrors the server configurations in the production environment, yet without production users. After the systems engineers finalize the specifications, the Systems Management group within the Exchange Messaging team takes over to produce build documents and deployment checklists based on the chosen architectures and designs. Especially during the first server installations in the corporate production environment, the Systems Engineering group and the Systems Management group collaborate very closely. The Systems Management group reviews the design specifications for acceptance and implementation, performs representative server installations with the help of the Systems Engineering group, and creates the checklists that precisely outline the installation process. The checklists also enable the Systems Management group to manage individual assignments within the deployment project and to track progress. The Exchange Messaging team not only uses the checklists to carry out installation and configuration tasks, it also uses the checklists to document the work that is performed. In this way, the checklists are an important project management tool. The deployment checklists provide the Exchange Messaging team with the following benefits:
Strong project management. The Exchange Messaging team manages projects based on the Microsoft Solutions Framework (MSF). To meet the goal of completing the deployment within project constraints, the project manager uses checklists to track progress, coordinate resources, and manage the overall budget. Clear communication processes. According to the MSF team model, individual team members communicate with the project manager. The project manager then communicates progress to the project sponsor and other stakeholders. Checklists facilitate these communication processes because they are a tool to report progress. Improved IT staff productivity. Deploying Exchange Server 2007 is a team effort, and checklists help to coordinate the team's activities. Checklists also help to ensure reliable and consistent task completion. Reduced deployment risks. Checklists are a means to identify potential issues during the first server deployments and to avoid these issues in all subsequent installations. When operators deploy servers in the corporate production environment based on the checklists, they get it right the first time because all installation steps are tested and proven. Accelerated deployment progress. Less deployment risk directly translates into accelerated deployment progress because the team spends less time troubleshooting installation issues. In the event of an installation problem, such as a hardware configuration issue, the checklists provide the necessary guidelines and contact information to resolve issues.
Page 6
Note: For detailed information about MSF, see the Microsoft Solutions Framework section on Microsoft TechNet, available at http://www.microsoft.com/technet/solutionaccelerators/msf/default.mspx.
Page 7
EXCHANGE SERVER DEPLOYMENT PROCESS

Across the entire IT organization, Microsoft IT provisions approximately 200 servers each month. Accordingly, Microsoft prefers to purchase hardware in bulk, requesting bids from multiple vendors for the entire order volume to get the best price. This process can take from 30 through 60 days to install an ordered server in a data center. Only in urgent cases does Microsoft order directly from a supplier, accepting additional expenses of from 6 through 8 percent to shorten the procurement process. Note: For detailed information about the Exchange Server 2007 deployment process and options, see the Deployment section on Microsoft TechNet, available at http://technet.microsoft.com/en-us/library/bb123895.aspx. The Exchange Messaging team has implemented the following process to design and deploy computers for Exchange Server 2007 in the data centers: 1. Server design. The Exchange Systems Engineering group creates the architectures and designs for all Exchange Serverrelated components and technologies. This work includes the server designs, which the systems engineers define based on a list of approved hardware components that the Hardware Engineering team maintains. For each individual server type, the systems engineers create stock keeping unit (SKU) documents that precisely outline the hardware and storage configuration. The SKU document is a Microsoft Office Excel workbook. On separate worksheets, the SKU document lists the hardware parts, memory configuration, physical disk arrangement, and logical storage configuration. By default, SKU documents expire after six months, yet systems engineers can extend this time or update the designs to keep pace with evolving hardware technologies. The Exchange Messaging team maintains the SKU documents in a document library based on Microsoft Office SharePoint Server 2007. Note: The typical Microsoft IT server procurement process makes use of a standard server configuration, which for most servers is a dual-core x64 system with 4 gigabytes (GB) of memory and two 146 GB disks. This is a utility server, designed to be integrated into a storage area network (SAN). Microsoft teams that need a file server or database server can order this system without having to specify a custom design. Minor modifications are possible, such as additional processors or memory, yet substantial engineering exceptions, such as those required for Exchange Server 2007, go beyond the scope of the standard configuration. 2. Server ordering. The Exchange Program Management team is responsible for managing the server deployments. For each server role, an individual program manager works with stakeholders to determine business and technical requirements, organize the necessary resources, and guide the project to completion. It is the task of the Exchange Program Management team to order new server hardware for deployment in the data centers. To order a new server, the Exchange Program Management team informs a release manager in the Infrastructure Management team, who then places a server order. The server order includes a link to the corresponding SKU document with the hardware configuration details.
Page 8
3.
Lifecycle management. Within Microsoft IT, the Infrastructure Management team is responsible for managing the entire server life cycle. This team coordinates the server provisioning processes and maintains an internal line-of-business (LOB) application, called the Microsoft Service Enterprise Change Tracking tool, to keep track of the servers as they are purchased, moved between data centers, or decommissioned. For new server orders, the release manager creates an ordering ticket in the changetracking tool. The ordering ticket includes among other information an internal order number to track expenses against budgets, the name of the approving manager, and a link to the SKU document. Functional approval and right-sizing processes. Before the order reaches the hardware-purchasing desk, the ordering ticket goes through functional approval and right-sizing processes in the Data Center Operations group to ensure that the server hardware is properly designed for the intended purposes. The Data Center Operations group maintains all production servers worldwide, including physical hardware and operating systems. A data center manager verifies the order ticket to ensure that the purchase is justified and that rack space is available in the data center to accommodate the new server. Hardware purchasing. Upon approval through the Data Center Operations group, the order reaches the hardware purchasing desk, which generates a purchasing order within an internal LOB application, called MS Market. MS Market notifies a group manager in the Exchange Messaging team for final approval. Order and delivery confirmation. Approved purchase orders reach the vendor, who informs the Microsoft release manager through e-mail about the exact costs of the ordered server and the shipping date. MS Market only provides estimated information regarding the costs. To help the Exchange Program Management team track exact expenses, the release manager updates the cost information on the order ticket with the actual amount that the vendor communicated. The release manager also handles data centerrelated configurations, such as registering the new server in the IT configuration (IT config) database. IT config is an internal configuration management solution to track details about each server in the data centers, including server name, SKU, and other configuration information. Hardware and operating system installation. The Data Center Operations group uses the IT configuration and SKU information to verify that the delivered hardware is correct. The group mounts the hardware in the data center; configures the disks and partitions the storage as outlined in the SKU document; connects the new server to the network; installs the operating system, including all relevant updates; adds the new server to the appropriate domain; and deploys any required management software. The Exchange Messaging team uses the Standard Server Platform, which is a standard server configuration that includes required service updates for applications and operating systems, plus other Microsoft and third-party services or tools that are necessary to manage servers in an enterprise environment. Following the installation of the operating system and relevant updates through the Standard Server Platform, a second engineer from the Data Center Operations group verifies the system configuration, and then informs the backup team to start configuring the backup solution. Exchange Server 2007 installation. Up to this point, the Exchange Messaging team has not yet modified the server configuration. When the Data Center Operations group
4.
5.
6.
7.
8.
Page 9
marks the server installation as completed, the release manager informs the program manager, who originally ordered the hardware, that the new server is ready for the Exchange Messaging team to continue the server installation process. The program manager, in turn, informs the Exchange Systems Management team to perform the installation of Exchange Server 2007 and the latest security updates. All Exchange Server administrators are located in Redmond, Washington. The Exchange Systems Management team performs the Exchange Server 2007 deployment remotely, by using a remote desktop connection.
Page 10
PRE-INSTALLATION DEPLOYMENT CHECKLIST

Prior to performing the configuration tasks that are unique to each server role, the Exchange Messaging team prepares servers by installing prerequisite components, making initial configuration changes, and generally ensuring that servers are ready for installation of a specific server role. For each server, the Exchange Messaging team follows a preinstallation checklist that includes the following items: 1. Verify general server configuration. In a large-scale deployment with different teams acquiring and installing the server hardware, it is important to check that the general server configuration matches the Exchange Server 2007 requirements prior to installing a server role. For example, the Exchange Messaging team checks CPU, memory, network adapters, disk configuration, and drive letter assignments, as documented in SKUs. The Exchange Messaging team runs a custom script to verify that the server configuration matches SKU specifications. Note: The Microsoft IT Showcase Note on IT "Going 64-bit with Microsoft Exchange Server 2007" (http://www.microsoft.com/technet/itshowcase/exchange.mspx) provides detailed information about the hardware configuration that the Exchange Messaging team selected for each server type. 2. Configure the page file size. According to product recommendations, the page file size on the C drive must be set to "total" amount of physical memory, plus 10 megabytes (MB). For example, for servers with 8 GB of memory, the Exchange Messaging team sets the size of the page file to 8,192 MB (8 GB + 10 MB). Verify installation of current service pack. In addition to installing Windows Server 2003 or Windows Server 2003 R2, the Exchange Messaging team installs the latest service pack for Windows Server as a best practice. To verify the service pack version, the Exchange Messaging team engineers log on to the server, click Start, click Run, and then type Winver. Note: The Exchange Messaging team uses the srvinfo tool from the Windows Server 2003 Resource Kit to collect information about the service pack level. 4. Configure a static IP address. According to product documentation, Exchange servers must be configured with a static IP address, subnet mask, and default gateway. In addition, because Exchange Server 2007 is heavily dependent on Domain Name System (DNS) functioning correctly, at least one valid DNS address and valid DNS suffix must be specified. When configuring these network settings, the Exchange Messaging team also verifies that both the network interface card (NIC) and the switch are enabled for full duplex communication. Verify domain and site. The Exchange Messaging team checks each server to verify that the server is in the proper domain and site by entering the following commands in a Command Prompt window: NLTEST /parentdomain and NLTEST /dsgetsite. This step is critical to ensure proper Hub Transport routing. Note: The NLTEST tool is included in the Windows Server 2003 Support tools package on the Windows Server 2003 media.
3.
5.
Page 11
6.
Verify security and organizational unit (OU) membership. After obtaining the proper security groups that are developed during the permissions and administration model design for the environment, the Exchange Messaging team adds security groups as members of the local administrators group on the Exchange Server. Additionally, the Exchange Messaging team verifies that the server is in the correct OU within the Messaging path by checking the path in Active Directory Users and Computers. Verify installation of .NET Framework version 2.0. According to the Exchange Server 2007 requirements, Microsoft .NET Framework version 2.0 must be installed on the server. Microsoft .NET Framework version 2.0 Redistributable Package can be downloaded at the following URL: http://www.microsoft.com/downloads/details.aspx? familyid=B44A0000-ACF8-4FA1-AFFB-40E78D788B00&displaylang=en. When .NET Framework version 2.0 is installed, the hotfix that is mentioned in Microsoft Knowledge Base (KB) article 924895 must also be applied. Note: When using Windows Server 2003 R2, Microsoft .NET Framework version 2.0 can be installed via Add/Remove Windows Components.
7.
8.
Verify installation of Microsoft Management Console (MMC) 3.0. Because the Exchange Server 2007 Management Console relies on features that are specific to MMC 3.0, MMC 3.0 must be installed on the server. To verify the installation of MMC 3.0, Exchange Messaging team engineers click Start, click Run, and then type MMC.exe. In the MMC window, they click Help, and then click About. If MMC 3.0 has not been installed, you can download the required update at the following URL: http://support.microsoft.com/kb/907265. Note: When using Windows Server 2003 R2, MMC 3.0 is installed by default.
9.
Install Windows PowerShell 1.0. Both the Exchange Server 2007 Management Console and the Exchange Management Shell make extensive use of Windows PowerShell, therefore Windows PowerShell must be installed on the server. You can download Windows PowerShell from the following URL: http://www.microsoft.com/downloads/details.aspx?familyid=22E607F4-F854-497F-9548770477E4B71D&displaylang=en.
10. Configure antivirus. To help protect the operating system, the Exchange Messaging team uses an operating system antivirus solution that is configured through a script to ensure that the antivirus program does not scan the Exchange extensions and directories. After installing Exchange Server 2007, the Exchange Messaging team installs, configures, and optimizes Microsoft Forefront Security for Exchange Server on Edge Transport and Hub Transport servers to ensure messaging-level antivirus protection. 11. Verify installation of regional code pages. The Exchange Messaging team verifies the installation of all regional code pages in Windows in order to eliminate any potential language issues with non-U.S. clients. Team members accomplish this verification by clicking Start, clicking Control Panel, clicking Regional and Language Options, and then verifying that all code page check boxes have been selected under the Advanced and Language tabs.
Page 12
12. Install Internet Information Services (IIS) snap-in. In order for the Exchange Management Console to work properly, the IIS snap-in should be installed on the Mailbox, Client Access, Hub, and UM servers. For Mailbox and Client Access servers, the Exchange Messaging team installs IIS with the World Wide Web Publishing Service, whereas for Hub and UM servers the Exchange Messaging team installs IIS without the World Wide Web Service. 13. Verify installation of mandatory security updates. The Exchange Messaging team verifies that no mandatory post-SP2 security updates are still needed by using Microsoft Windows Update or Windows Server Update Services (WSUS). For more information about the required hotfixes per role, see the Exchange Server TechNet Library at http://technet.microsoft.com/en-us/library/aa996719.aspx. 14. Enable monitoring. The Exchange Messaging team uses Microsoft Operations Manager to monitor Exchange servers. Correspondingly, all Exchange servers are enabled for Microsoft Operations Manager monitoring. To avoid false alerts, the Exchange Messaging Team enables monitoring after placing each server in the production environment.
Page 13
HUB TRANSPORT SERVER CHECKLIST

The installation checklist that the Exchange Messaging team developed for Hub Transport server deployment includes the following items: 1. Verify that the Network News Transport Protocol (NNTP) and Simple Mail Transfer Protocol (SMTP) services are not installed. According to product requirements, the NNTP and SMTP services must not be installed on the server. The NNTP service has been discontinued with Exchange Server 2007 and the product now includes its own SMTP transport stack. This means Exchange Server 2007 is no longer dependent on the Windows SMTP component. Install the Hub Transport role by using Unattended Setup. Although the new Exchange Server 2007 Installation wizard substantially simplifies the steps necessary to install Exchange Server 2007, the Exchange Messaging team installed each of the 12 Hub Transport servers that are deployed at Microsoft by using Unattended Setup through the following command: Setup.com /m:install /r:h /targetdir:<drive\installation path> /DoNotStartTransport According to Exchange partitioning best practices, the Exchange Messaging team installs the operating system and Exchange Server 2007 binaries on separate partitions. This setup increases performance and reduces the data that have to be recovered, for example, during a disk failure. Note: The /DoNotStartTransport parameter ensures that the Microsoft Exchange Transport Service is not started after the Hub Transport server role has been installed. This makes sure the server does not accept e-mail messages, so any additional configuration settings can be performed. Delete the default Receive connectors. The Exchange Messaging team deletes the two default Receive connectors that are created during the installation of the Exchange 2007 Hub Transport server role. To delete the default Receive connectors, the Exchange Messaging team opens the Exchange Management Shell by clicking Start, clicking All Programs, clicking Microsoft Exchange, clicking Exchange Management Shell, and then runs the Get-ReceiveConnector -server <server name> cmdlet to obtain the list of connectors. This procedure produces an output similar to the following. Identity -------<server name>\Default <server name> <server name>\Client <server name> Bindings -------{0.0.0.0:25} {0.0.0.0:587} Enabled ------True True
2.
To delete the two Receive connectors, Exchange Messaging team members run the following command. It should be noted that if this command is improperly formed, the command can remove all Receive connectors in the Exchange organization. Exercise extreme care when executing this command. Get-ReceiveConnector -server <server name> | Remove-ReceiveConnector
Page 14
3.
Create new Receive connector by using custom Windows PowerShell script. With the two default Receive connectors deleted, the Exchange Messaging team runs a custom Windows PowerShell script, which creates a new Receive connector with values similar to those in Table 1, and configures the server settings of the Hub Transport server with the values that are listed in Table 2.
Table 1. Receive Connector Configuration

Object property name AuthMechanism Bindings FQDN MaxInboundConnection MaxMessagesPerConnection MaxRecipientsPerMessage MaxHopCount PermissionGroups RemoteIPRanges ProtocolLoggingLevel Value ExchangeServer 0.0.0.0:25 Server FQDN 5000 50 10000 30 ExchangeServers, ExchangeLegacyServers {0.0.0.0-255.255.255.255} Verbose
Table 2. Hub Transport Server Configuration

Object property name MessageTrackingLogEnabled MessageTracjingLogSubjectLoggingEnab led MaxOutboundConnections MessageTrackingLogMaxAge MessageTrackingLogMaxDirectorySize MessageTrackingLogMaxFileSize MaxPerDomainOutboundConnections ReceiveProtocolLogMaxAge ReceiveProtocolLogMaxDirectorySize ReceiveProtocolLogMaxFileSize SendProtocolLogMaxAge SendProtocolLogMaxDirectorySize SendProtocolLogMaxFileSize ExternalDsnReportingAuthority Value $true $true 1000 10:00:00:00 150 GB 100 MB 50 30:00:00:00 (Default) 15 GB 100 MB 30:00:00:00 (Default) 15 GB 100 MB domain.com
Page 15
Object property name ExternalPostmasterAddress InternalPostmasterAddress OutboundProtocolLoggingLevel TotalQueuedMessagesEnableDehydration PickupDirectoryMaxRecipientsPerMessag e
Value postmaster@domain.com postmaster@domain.com Verbose Default 10000
4.
Change the location for the transaction logs. The Hub Transport servers deployed across Microsoft handle approximately 2.5 million messages per day. To achieve optimal performance on the Hub Transport servers, the Exchange Messaging team moved the queue database transaction log files to a separate partition. The Exchange Messaging team accomplished moving the transaction logs in conjunction with using the /DonotstartTransport flag. Because the transport services do not start, the services do not create the log files or database. In case the logs need to be moved later, the Exchange Messaging team first stops the MSExchangeTransport service by running Stop MSExchangeTransport in the Exchange Management Shell. Then, the team copies the trnxxxx.log and *jrs files from C:\Program Files\Exchange Server\TransportRoles\data\queue to the new location on the other partition, and then opens the EdgeTransport.exe.config file located in C:\Program Files\Exchange Server\bin. In EdgeTransport.exe.config, Exchange Messaging team members change the following key under <appSettings> so that the key refers to the new path: <add key="QueueDatabaseLoggingPath" value = "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue" /> After changing the path, the Exchange Messaging team saves the file, and then starts the MSExchangeTransport service again by running the Start MSExchangeTransport command in the Exchange Management Shell. Additionally, the Exchange Messaging team grants the BuiltIn\Network Service account read and write permissions to the new transaction log directory because the permissions are not granted by default.
5.
Verify mail flow. When a Mailbox server has been deployed in the same Active Directory site as the respective Hub Transport server, the Exchange Messaging team tests the mail flow by running the Test-MailFlow command. The team also completes the following tests: A. B. C. D. Create a new test mailbox on the Mailbox server. Send a few sample messages from a couple of test mailboxes to a few recipients located on other Mailbox servers in the corporate production environment. Verify successful delivery of the e-mail messages. Send a few sample e-mail messages from test mailboxes to Internet e-mail addresses and verify successful delivery.
Page 16
EDGE TRANSPORT SERVER CHECKLIST

In the perimeter network, the Extranet Services team manages the underlying network and related configuration, whereas the Exchange Messaging team manages the Edge Transport servers. The Exchange Messaging team developed an installation checklist to ensure the completion of all required steps. The installation checklist that the Exchange Messaging team developed for Edge Transport server deployment includes the following items: 1. Verify the Edge Transport servers are deployed in the perimeter network and are not part of an internal Active Directory domain. The Exchange Server 2007 Edge Transport server is the only server role that must be deployed in the perimeter network, not on the internal network like the rest of the Exchange 2007 server roles. The Exchange Messaging team installs the Edge Transport role in the external Active Directory domain to facilitate administration and monitoring. Configure DNS suffix. The DNS suffix must be created on the server before the Edge Transport server role is installed. To create the DNS suffix, the Exchange Messaging team engineers click Start, click Control Panel, and then double-click System to open the System Properties. Then, they click the Computer Name tab, and then Change. On the Computer Name Changes page, the engineers click More. In the Primary DNS suffix of this computer field, they type a DNS domain name and suffix for the server, and then click OK three times. Install the Edge Transport server role using Unattended Setup. The Exchange Messaging team installed each of the six Edge Transport servers by using Unattended Setup. To install the Edge Transport server role by using Unattended Setup, open a Command Prompt window, navigate to the share or media that contains your Exchange Server 2007 Setup files, and then run the following command: Setup.com /m:install /r:e /targetdir:<drive\installation <path>/DoNotStartTransport The Exchange Messaging team uses the /DoNotStartTransport flag while installing the Edge Transport server role in order to stop the Edge Transport server after the server is installed. This procedure prevents the server from accepting e-mail messages in the Active Directory site before the Exchange Messaging team completes configuring the server. 4. Subscribe the Edge Transport server. The Exchange Messaging team subscribes an Edge Transport server by creating an Edge subscription XML file on the Edge Transport server through the following command: New-EdgeSubscription -Filename <path to XML File> -CreateInternetSendConnector $false -CreateInboundSendConnector $false Next, the Exchange Messaging team transfers the XML file to a Hub Transport server in the organization and imports the XML file by running the following command: New-EdgeSubscription -FileName <Path to local XML file> -CreateInternetSendConnector $false -CreateInboundSendConnector $false -Site <local AD Site>
2.
3.
Page 17
5.
Deleting the default Receive connector. The Exchange Messaging team deletes the default Receive connectors that are created during the installation of the Exchange 2007 Edge Transport server role by first retrieving the current Receive connectors, and then deleting them. Create a new Receive connector by using a custom PowerShell script. With the two default Receive connectors deleted, the Exchange Messaging team runs a custom PowerShell script, which creates new Receive connectors with values similar to those in Table 3, and configures the server settings of the Edge Transport server with the values listed in Table 4.
6.
Table 3. Receive Connector Configuration

Object property name Bindings FQDN MaxInboundConnection MaxRecipientsPerMessage MaxHopCount RemoteIPRanges ProtocolLoggingLevel Usage Value 0.0.0.0:25 Server FQDN 5000 10000 30 {192.168.0.1, 192.168.0.2, 192.168.0.3} Verbose Internal
Note: The Exchange Messaging team uses Verbose logging for troubleshooting. Verbose logging requires significantly more disk space than other logging options. The logs in the enterprise production environment reach approximately 70 GB for every two weeks of logging per server.
Table 4. Edge Transport Server Configuration

Object property name MessageTrackingLogEnabled MessageTrackingLogSubjectLoggingEnabled MaxOutboundConnections MessageTrackingLogMaxAge MessageTrackingLogMaxDirectorySize MessageTrackingLogMaxFileSize MaxPerDomainOutboundConnections ReceiveProtocolLogMaxDirectorySize ReceiveProtocolLogMaxFileSize Value $true $true 1000 10:00:00:00 100 GB 10 MB 50 15 GB 10 MB
Page 18
Object property name SendProtocolLogMaxDirectorySize SendProtocolLogMaxFileSize ExternalDsnReportingAuthority ExternalPostmasterAddress OutboundProtocolLoggingLevel PickupDirectoryMaxRecipientsPerMessage
Value 15 GB 10 MB domain.com postmaster@domain.com Verbose 10000
Page 19
MAILBOX SERVER CHECKLIST

The Exchange Messaging team deployed Cluster Continuous Replication (CCR)-based Mailbox servers in the production environment, which included installing and configuring Exchange Server 2007 on both active and passive nodes. The installation checklist that the Exchange Messaging team developed for Mailbox server deployment includes the following items: 1. Gather prerequisites. Before installing clustered Mailbox servers, the Exchange Messaging team gathers prerequisite details, such as the location of the share where the Exchange Server 2007 installation file is located, as well as the name and IP address of the clustered Mailbox server on which to install the CCR Mailbox server. Install clustering services. Next, the Exchange Messaging team installs Windows Clustering. Set specific cluster settings. The Exchange Messaging team configures two settings on the clustered servers, one for the cluster log size and one to disable event log replication, as follows.
2. 3.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment] "ClusterLogSize"="32" C:\Documents and Settings\<localmachine>cluster /cluster:<server name> /prop EnableEventLogReplication=0 4. Enable and configure Majority Node Set (MNS) quorum with file share witness. After deploying Cluster Service, the Exchange Messaging team changes the quorum to a MNS and sets a private property on the majority node set to access a file share. This procedure is accomplished through the cluster res Majority Node Set /priv MNSFileShare=\\Servername\Directory command. Install the Mailbox server role on the active node. To install the Mailbox server role first on the active node, the Exchange Messaging team uses the Exchange 2007 graphical user interface (GUI) setup, selects Custom Exchange Server Installation on the Installation Type screen, and checks Active Clustered Mailbox Role on the Server Role Selection screen. The setup requests the server name and IP address, which the team retrieved in Step 1. Install the Mailbox server role on the passive node. The passive node installation is similar to the active server node installation. The Exchange Messaging team uses the Exchange 2007 setup GUI, selects Custom Exchange Server Installation on the Installation Type screen, and selects Passive Clustered Mailbox Role on the Server Role Selection screen. The setup requests the server name and IP address, which the team retrieved in Step 1. Delete the first storage group and mailbox database. When the Mailbox server role is installed, the Exchange Messaging team deletes the first storage group and mailbox database, in preparation for creating multiple storage groups and mailbox databases by using a custom PowerShell script. To delete the Mailbox database, open the Exchange Management Shell and run the following command:
5.
6.
7.
Page 20
Remove-MailboxDatabase -Identity "Mailbox Database" To delete the Storage group, run the following command: Remove-storagegroup -Identity "First Storage group" 8. Create storage groups and mailbox databases. The Exchange Messaging team uses a custom PowerShell script to create storage groups and mailbox databases. The Exchange Messaging team has three different types of Mailbox servers, each with its own hardware specifications. The number of mailboxes that are to be stored on a particular Mailbox server depends on the Mailbox server type. The Exchange Messaging team creates either 28 or 42 storage groups (with 1 Mailbox database per storage group) on a Mailbox server. The storage groups point to a Public Folder database on a dedicated Public Folder server. The settings for a Mailbox server and the Mailbox databases created on a Mailbox server type two, are listed in Table 5 and Table 6. Note: For more information about the three different Mailbox server types that the Exchange Messaging team uses, see the Microsoft IT Showcase Note on IT "Going 64bit with Microsoft Exchange Server 2007" at http://www.microsoft.com/technet/itshowcase/exchange.mspx.
Table 5. Mailbox Database Settings on Mailbox Server Type Two

Object property name IssueWarningQuota ProhibitSendReceiveQuota ProhibitSendQuota DeletedItemRetention MailboxRetention Value 1700 MB 2090 MB 1900 MB 14.00:00:00 30.00:00:00
Table 6. Mailbox Server Settings on Mailbox Server Type Two

Object property name ManagedFolderAssistantSchedule Value "Sun.6:00 PM-Sun.8:00 PM," "Mon.6:00 PM-Mon.8:00 PM," "Tue.6:00 PM-Tue.8:00 PM," "Wed.6:00 PM-Wed.8:00 PM," "Thu.6:00 PM-Thu.8:00 PM," "Fri.6:00 PM-Fri.8:00 PM," "Sat.6:00 PM-Sat.8:00 PM." True 10.00:00:00 3 GB 10 MB True
MessageTrackingLogEnabled MessageTrackingLogMaxAge MessageTrackingLogMaxDirectorySize MessageTrackingLogMaxFileSize MessageTrackingLogSubjectLoggingEnabled
Page 21
Object property name RetentionLogForManagedFoldersEnabled JournalingLogForManagedFoldersEnabled FolderLogForManagedFoldersEnabled SubjectLogForManagedFoldersEnabled LogFileAgeLimitForManagedFolders LogDirectorySizeLimitForManagedFolders LogFileSizeLimitForManagedFolders AutoDatabaseMountDial
Value True True True True 7.00:00:00 1 GB 10 MB BestAvailability
9.
Create test mailboxes and verify mailbox functionality. The Exchange Messaging team creates test mailboxes and verifies that the mailbox can be accessed by using the different mail clients, such as Microsoft Office Outlook, Microsoft Office Outlook Web Access, and Exchange ActiveSync.
10. Verify mail flow. The Exchange Messaging team also verifies that the test mailboxes can send e-mail messages to other users on the Mailbox server in the same Active Directory site, in other Active Directory sites in the Active Directory forest, and to and from Internet hosts, and that the process works as expected. 11. Configure backup and Microsoft Operations Manager. As a last step, Microsoft configures the server for backups and enables Microsoft Operations Manager clients to monitor the server.
Page 22
CLIENT ACCESS SERVER CHECKLIST

The installation checklists that the Exchange Messaging team developed for Client Access server deployments include the following items: 1. Install RPC over HTTP Proxy component. Microsoft users have the option of connecting to their mailboxes using Outlook Anywhere directly over the Internet, without the need to establish a secure virtual private network (VPN) connection. Outlook Anywhere relies on the Windows Server 2003 RPC over HTTP Proxy component; therefore, the Exchange Messaging team installs the RPC over HTTP Proxy component, Windows Components wizard. Install Client Access server role using Unattended Setup. The Exchange Messaging team installs each of the 30 Client Access servers by using the Unattended Setup method by running the following command:
2.
Setup.com /m:install /r:c /targetdir:<drive\installation path> According to Exchange partitioning best practices, the Exchange Messaging team installs the operating system and Exchange Server 2007 binaries on separate partitions. This setup increases performance and reduces the data that has to be recovered, for example, during a disk failure. 3. Customize Client Access server role by using a PowerShell script. When the Client Access server role has been installed on the respective server, the Exchange Messaging team runs a custom PowerShell script in order to configure Client Access services and to fulfill the requirements that are specified in the Exchange Messaging team design documents. For example, the Exchange Messaging team configures per-server specific settings, such as Outlook Anywhere access, Outlook Web Access authentication mechanisms, external URLs for Outlook Web Access, Exchange ActiveSync, Exchange Web Services, UM IIS virtual directories, and the internal URL for the Autodiscover service. Restart server. After the Exchange Messaging team configures the Client Access services by using a PowerShell script, the Exchange Messaging team restarts the server in order to apply all changed configuration settings. Verify Client Access server availability. When the Client Access server has been configured according to the requirements that are specified in the messaging design documents, the Exchange Messaging team verifies the availability of each service provided by the Client Access. Among other things, the team verifies access to Outlook Web Access, Exchange ActiveSync, Post Office Protocol 3 (POP3)/Internet Message Access Protocol 4 (IMAP4), Outlook Voice Access, and Outlook Anywhere access. Test cross-forest free/busy information. Because Microsoft consists of two Exchange Server 2007 organizations (corporate and pre-release production), free/busy information availability between users with mailboxes stored on a mailbox server in the site where the Client Access server is deployed and users with mailboxes stored on mailbox servers in the other forest are also verified. The Exchange Messaging team performs this step for each server installation or upgrade. Testing free/busy information availability entails logging in as a test user and verifying that calendar items and users from other forests are available.
4.
5.
6.
Page 23
UNIFIED MESSAGING SERVER CHECKLIST

The checklist the Exchange Messaging team developed for Unified Messaging (UM) server deployment includes the following items: 1. Install Windows Media Encoder. Prior to installing the UM server roles, the Exchange Messaging team installs the most recent version of Windows Media Encoder 9 on the server. You can download the Windows Media Encoder at the following URL: http://go.microsoft.com/fwlink/?LinkId=67406. Install Windows Media Audio Codec update. Prior to installing the UM server roles, the Exchange Messaging team installs the Windows Media Audio Codec update on the server. You can download the fix at the following URL: http://support.microsoft.com/? kbid=917312. Install Microsoft XML (MSXML) Core Services 6.0. Prior to installing the UM server roles, the Exchange Messaging team installs the MSXML Core Services 6.0. You can download the MSXML Core Services 6.0 at the following URL: http://go.microsoft.com/fwlink/?LinkId=70796. Verify that mandatory security updates are installed. The Exchange Messaging team ensures that no mandatory post-SP2 security updates are still needed by using Microsoft Windows Update. Restart server. The Exchange Messaging team restarts the server to apply all changed configuration settings. Install the UM server role by using Unattended Setup. The Exchange Messaging team installed each of the 12 UM servers by using Unattended Setup. To install the UM server role by using Unattended Setup, open a Command Prompt window and navigate to the share or media containing your Exchange Server 2007 Setup files, and then run the following command:
2.
3.
4.
5. 6.
Setup.com /m:install /r:u /targetdir:<drive\installation path> 7. Generate speech grammars. UM servers use speech grammars to help recognize speech commands and spoken voice. To generate the initial grammars, the Exchange Messaging team runs the following commands from the exchsrvr\bin folder:
galgrammargenerator.exe -g -x speechgrammarfilterlist.xml Galgrammargenerator.exe d <dialplan1> -x speechgrammarfilterlist.xml 8. Install UM language packs. When the UM server role is installed, only US-English textto-speech and Outlook Voice Access is supported by default. In order to support additional languages, a UM language pack for each respective language must be installed. UM language packs are offered in 16 different languages, and all 16 language packs are included on the Exchange 2007 DVD. Note: The UM language packs can be downloaded at the following URL: http://technet.microsoft.com/en-us/exchange/2007/bb330845.aspx.
Page 24
In order to allow non-English Microsoft employees to use their mailboxes in their native language, the Exchange Messaging team installs all 16 UM language packs. The Exchange Messaging team installs the UM language packs using a custom batch file, similar to the one shown in the following command: exsetup /addumlanguagepack:<language> /s:\\<path>\umlangpacks\<language>e\retail\amd64 Note: The Exchange Messaging team replaces <path> with the actual installation path and <language> with the language descriptor. For a full list of the batch file commands, see the appendix. After the UM language packs have been installed, the Exchange Messaging team stops and restarts the MSExchangeUM service.
Page 25
CONCLUSION
In an Exchange environment, such as the one the Exchange Messaging team designed, deployed, and maintains, with multiple types of servers, configurations, datacenters, teams, connectivity links, business units, and Exchange forests, keeping track of activities, components, and ensuring order and consistency is vital. For the Exchange Messaging team, the process entails planning and designing server specifications and documenting the specifications to use across the infrastructure. Server roles provide a convenient method to separate specification documentsone set of documents per role. The Exchange Messaging team continues the systematic process of deployment by creating checklists for each server role that include specific guidance for configuration and settings. Using these checklists for all teams across the enterprise production environment results in tremendous time savings, increased productivity, and perhaps most importantly, helps maintain order and organization for multiple teams through a complex deployment process.
Page 26
FOR MORE INFORMATION

For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information through the World Wide Web, go to http://www.microsoft.com http://www.microsoft.com/technet/itshowcase.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. 2007 Microsoft Corporation. All rights reserved. Microsoft Active Directory, ActiveSync, Excel, Outlook, SharePoint, Windows, Windows Media, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Page 27
APPENDIX: DEPLOYMENT WORKSHEETS

The Exchange Messaging team follows a series of checklists and worksheets for gathering the data necessary for deployment, as well as deploying and configuring Exchange Server 2007 server roles. In most cases, the tasks in the worksheets can be completed independently of one another; however, the pre-build worksheet is required in each case before installation and configuration. This appendix includes the following worksheets:
Pre-installation checklist. The Exchange Messaging team completes the tasks in this worksheet before installing and configuring each server role. Hub Transport server. The tasks in this worksheet include instructions for installing and configuring Hub Transport servers. Edge Transport server. The tasks in this worksheet include instructions for installing and configuring Edge Transport servers. Client Access server. The tasks in this worksheet include instructions for installing and configuring Client Access servers. CCR Mailbox server. The Exchange Messaging team separates the Mailbox server installation into two worksheets: one for installing passive and active node CCR clusters and one for configuring mailbox servers. The first worksheet deals with installation. The second worksheet includes post-installation tasks for CCR Mailbox servers. UM server. The tasks in this worksheet include instructions for installing and configuring UM servers.
IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper

This worksheet provides an overview of deployment steps that the Exchange Messaging team performs before installing and configuring an Exchange 2007 server for use in the Microsoft IT environment. Table 7. Pre-Installation Checklist Worksheet
Case 1 2 3 Task Verify that the server hardware, network, and drive configuration are correct for CPU, memory, logical disk, and so on. Verify ILO and DCRA for the Mailbox server. On the C drive, set pagefile equal to "total" amount of physical RAM, plus 10 MB. For example, with 8 GB of RAM, set the pagefile to 8 GB + 10 MB. Clear the Automatic System Reboot (ASR) check box. Navigate to My Computer/Properties/Advanced/Startup and Recovery, and then clear the Automatically Restart check box. Install the x64 Mission Critical Server Support (MCSS) hotfix on all CCR and SCC mailbox clusters. Verify that Windows Server 2003 SP1 is installed with IPAK 5.26 (64bit) and service packs. Run the following command: Chec k Initia l
5 6
Srvinfo
Page 28
Case 7
Task Verify that the server has a static IP address assigned. If not assigned, request an IP address to be provisioned and assign it. There is no default gateway needed on the second NIC card. Verify that the duplex speed settings on all Network Adapters that are installed in the server match the switch port settings. (These are typically set to auto.) Send an e-mail message to notify the production team that the server will be going into production. Verify that the server is in the correct domain and site. At a command prompt on the server, type the following:
Chec k
Initia l
9 10
C:\> nltest /parentdomain C:\> nltest /dsgetsite

11 After obtaining the proper security groups that are developed during the permissions and administration model design for your environment, add security groups as members of the local administrators group on the Exchange Server. Verify that the computer is in the correct OU within the Messaging path. Open Active Directory Users and Computers and browse through the list. Set server principal names on the Hub Transport server by using the following command:
12
13
setspn -A servername
14 Add the server to the IPSec OU. This change takes up to 12 hours to be applied, and requires that the computer is restarted. 15 Verify that all regional code pages are installed in Windows. in Control Panel openRegional Options. Select both the Advanced tab and the Language tab (under Supplemental Language Support), and verify that all code page check boxes are selected. Do not restart the computer if prompted to do so. 16a 16b Install IIS for Mailbox and Client Access servers.
Open Add/Remove Windows Components. Double-click Application Server. Double-click Internet Information Services (IIS). Click World Wide Web Service. This will auto-select Internet Information Services Manager and Common Files. Click Next to complete the installation. Install IIS for Edge, Hub, and UM servers. The IIS snap-in must be installed for Exchange Management Console to work correctly.
17a
Page 29
Case 17b
Task
Chec k
Initia l
Open Add/Remove Windows Components. Click Application Server. Click Details. Highlight to select Internet Information Services (IIS). Click Details. Clear the World Wide Web Service check box. Click OK. Click OK. Click Next to complete the installation.
18 19 20 21 22 23 24a
Optimize and lock down ETrust AV Settings. Send an e-mail message to notify appropriate team that the server is as an asset for tracking. Send an e-mail message to mark the server in any routing or firewall policies. Verify that .NET Framework 2.0 is installed by checking Add/Remove Programs. Verify the MMC version by checking the version under Help/About. If the program is not installed, install MMC 3.0. Install F1. Enable Edge Transport cache scripts on Client Access, Edge Transport, and Hub Transport servers by adding Network Server permissions to the D drive.
24b
Right-click D:\. Click the Security tab, and then add Network Service. Highlight and select Full Control.
Stop and disable the Windows Firewall/Internet Connection Sharing (ICS) service. Enable Microsoft Operations Manager monitoring of Watson. Run the Disk Defragmenter program on the C drive. Run HFinstaller and make sure that no mandatory security updates are needed. Install hotfix MS06-033 - KB917283. This hotfix is for servers with ASP.NET 2.0, which includes all of the 64-bit systems. Restart the server.
25 26 27 28 29 30

Microsoft Exchange Server 2007 Hub Transport servers are deployed inside your organization's Active Directory environment. Hub Transport servers handle all mail flow inside the organization, apply organizational mail flow routing rules, and are responsible for delivering messages to a recipient's mailbox.
Page 30
This worksheet provides an overview of deployment steps for installing and configuring an Exchange 2007 Hub Transport server for use in the Microsoft IT environment. The worksheet provides a high-level overview of deployment steps and configuration settings for an Exchange 2007 Hub Transport Server role in standalone mode. This worksheet does not provide instructions for configuring routing group connectors or SMTP connectors to the Internet or to other Microsoft IT-managed Exchange forests. Table 8. Hub Server Worksheet
Chec k Initial
Pre-installation tasks
1 2 Complete the pre-installation checklist. Verify that the disk drives are configured as follows: Disk 0 C drive 50 GB, E drive 18 GB Disk 1 D drive, 270 GB 3 4 Verify that the NNTP and SMTP services are not installed. Verify that the server is part of the correct Active Directory site by running the following command:
Nltest /SERVER:<server name> /DSGETSITE

5 6 7 Verify the specific build to install. Verify whether the build has been staged to the appropriate region (if necessary). Install and configure Powershell. When prompted with "Do you want to run software from the untrusted publisher?" select Always Run.
Installation and configuration tasks

1 2 Open a Command Prompt window and change the current directory to the setup directory of the current Exchange build. Run the following command to install the server role:
setup.com /m:install /r:h /t:d:\exchsrvr /DoNotStartTransport

3 4a 4b Open the Exchange Management Shell from the Start menu. Click Start, click Programs, and then click Microsoft Exchange. Delete the existing Receive connectors. Get the current Receive connector information and verify that the following command returns only the Receive connectors for the server that is under consideration:
Get-ReceiveConnector -server <Server Name>
Page 31
Chec k 4c Delete the Receive connector with the following command:
Initial
Get-ReceiveConnector -server <Server Name> | remove-ReceiveConnector

You will be prompted to remove each connector. Enter Y to delete each connector. Make sure that you are only being asked to remove the two connectors that are specified by the previous GetReceiveConnector command. If you are being asked to delete additional connectors, enter L (No to All) and reenter the last command at the Exchange Management Shell prompt to attempt to delete the correct connectors. 5a Create the Receive connector and configure the TransportServer object according to the Exchange Messaging team standard configuration. Receive connector configuration object property name and recommended value:
5b
MessageTrackingLogEnabled $true MessageTrackingLogSubjectLoggingEnabled $true MaxOutboundConnections 1000 MessageTrackingLogMaxAge 10:00:00:00 MessageTrackingLogMaxDirectorySize 150 GB MessageTrackingLogMaxFileSize 100 MB MaxPerDomainOutboundConnections 50 ReceiveProtocolLogMaxAge 30:00:00:00 (Default) ReceiveProtocolLogMaxDirectorySize 15 GB ReceiveProtocolLogMaxFileSize 100 MB SendProtocolLogMaxAge 30:00:00:00 (Default) SendProtocolLogMaxDirectorySize 15 GB SendProtocolLogMaxFileSize 100 MB ExternalDsnReportingAuthority domain.com ExternalPostmasterAddress postmaster@domain.com InternalPostmasterAddress postmaster@domain.com OutboundProtocolLoggingLevel Basic TotalQueuedMessagesEnableDehydration Default PickupDirectoryMaxRecipientsPerMessage 10000
Page 32
Chec k 5c Transport server configuration object property name and recommended value:
Initial
AuthMechanism ExchangeServer Bindings 0.0.0.0:25 FQDN Server FQDN MaxInboundConnection 5000 MaxMessagesPerConnection 50 MaxRecipientsPerMessage 10000 MaxHopCount 30 PermissionGroups ExchangeServers, ExchangeLegacyServers ProtocolLoggingLevel Basic RemoteIPRanges {0.0.0.0-255.255.255.255} ProtocolLoggingLevel Basic
Post-installation tasks
1a 1b 1c Share the tracking log directory: (d:\exchsrvr\transportroles\logs\MessageTracking) Remove all access granted to "Everyone." Grant these groups read access to the share:
< Domain>\groupA < Domain>\groupY < Domain>\groupZ < Domain>\groupX
Grant these same groups access via the Security tab. 2a 2b 2c 2d Move transaction log queue database to E:\Data\QueueLog. Create the folder E:\data\QueueLog. This is where you will move the database log. Grant full access to this folder to the user Network Service via the Security tab. If the MSExchangeTransport is not already stopped, stop the service with this command in the Exchange Management Console:
Stop MSExchangeTransport
2e Copy these files from D:\exchsrvr\TransportRoles\data\queue to the new location on the E drive:
trnxxxx.log *.jrs files

2f Edit the file EdgeTransport.exe.config located in D:\exchsrvr\bin, and add or replace the following entry under <appsettings>:
<add key="QueueDatabaseLoggingPath" value="e:\data\queuelog\" />
Page 33
Chec k 2g Start the MSExchangeTransport service with this command in the Exchange Management Console:
Initial
Start MSExchangeTransport
3a After first mailbox server is installed in the same site as the Hub Transport server, complete following tests before moving production mailboxes to that server. Create a new test mailbox on the mailbox server. Send sample messages from test mailboxes to any user in the enterprise forest and verify successful e-mail message delivery. Send sample e-mail messages from test mailboxes to an Internet email address and verify successful e-mail message delivery.
3b 3c 3d
Exchange 2007 Edge Transport Server Installation and Configuration

This worksheet provides an overview of deployment steps for installing and configuring an Exchange 2007 Edge Transport server for use in the Microsoft IT environment. The worksheet provides a high-level overview of deployment steps and configuration settings for an Exchange 2007 Edge Transport server. Table 9. Edge Transport Server Worksheet
Chec k Initial

1 2 3 Verify the Edge Transport is deployed in perimeter network and is not part of an Active Directory domain. Configure the DNS suffix. Install the Edge Transport server role by running the following command:
Setup.com /m:install /r:e /targetdir:<drive\installation path>

4 Subscribe the Edge Transport server by running the following command:
New-EdgeSubscription -file "C: \EdgeSubscriptionExport.xml" New-EdgeSubscription -FileName "C:\EdgeServerSubscription.xml" -site "AD-Site-Name"
Page 34
Chec k 5 Delete the default Receive connector by running the following command:
Initial
Get-ReceiveConnector -server <server name> | Remove-ReceiveConnector

6 Create new Receive connector with the following settings:
Bindings 0.0.0.0:25 FQDN Server FQDN MaxInboundConnection 5000 MaxRecipientsPerMessage 10000 MaxHopCount 30 RemoteIPRanges {65.53.213.91,65.53.213.92,65.53.213.93} ProtocolLoggingLevel Verbose Usage Internal MessageTrackingLogEnabled $true MessageTrackingLogSubjectLoggingEnabled $true MaxOutboundConnections 1000 MessageTrackingLogMaxAge 10:00:00:00 MessageTrackingLogMaxDirectorySize 100 GB MessageTrackingLogMaxFileSize 10 MB MaxPerDomainOutboundConnections 50 ReceiveProtocolLogMaxDirectorySize 15 GB ReceiveProtocolLogMaxFileSize 10 MB SendProtocolLogMaxDirectorySize 15 GB SendProtocolLogMaxFileSize 10 MB ExternalDsnReportingAuthority domain.com ExternalPostmasterAddress postmaster@domain.com OutboundProtocolLoggingLevel Verbose PickupDirectoryMaxRecipientsPerMessage 10000

This worksheet provides an overview of deployment steps for installing and configuring an Exchange 2007 client access server for use in the Microsoft IT environment. Table 10. Client Access Server Worksheet
Chec k Initial
1a Traffic to the Client Access server must be drainstopped before upgrading. To drainstop a Client Access server fronting, follow these steps:
Page 35
Chec k 1b
Initial
Connect via Terminal Server to the server to be upgraded. Run the Network Load Balancing Manager and manually
drainstop the server.
Create an e-mail message to the proper team requesting that the

team drainstop the server by including the following information: Server name, IP address or farm name for the various services, and ISA array name.

1 2 3 Connect via Terminal Server to the server that is being upgraded. Using Task Manager, log off any active users except for yourself. Start the Exchange Management Shell in Windows PowerShell. Remove all virtual directories that are associated with mail.public by using these commands and typing Enter at each confirmation prompt:
Remove-OWAVirtualIDirectory Remove-Exchange Remove-ExchangeWeb

4 Run the following command:
exsetup.exe /m:uninstall
Note: The computer may restart at this point. If it does, reconnect via Terminal Server after the computer restarts. 5 6 7 Go to Add/Remove Programs in the Control Panel. Remove the program Windows PowerShell. At a Command Prompt window, map a drive to the install directory for the current build (see the following example):
net use * \\server\build

8 9 Connect to the newly mapped drive. Navigate to the depapps directory:
cd depapps
10 11 Run msh_setup.msi to reinstall Windows PowerShell, accepting all defaults during installation. Navigate back to the root directory:
cd \
12 Enter the following command:
setup.com /m:install /r:c /targetdir:d:\exchsrvr
Page 36
Chec k 13 Copy the custom script cas_config.ps1 and the file corp-params.xml to a local directory, and then run the following PowerShell command:
Initial
config_cas.ps1 -configfile corp-params.xml -showusage $false

14 Restart the server.
Post-installation tasks
1a 1b Check for the availability of Office Outlook Web Access on the server by navigating to the URL http://<server name>/owa. Create a meeting request through OWA and try to view the free/busy information for another user, preferably one on a different forest than the current computer.

This worksheet provides an overview of deployment steps for installing and configuring Exchange 2007 clustered mailbox server for use in the Microsoft IT environment. Table 11. Mailbox Server Worksheet
Chec k Initial
1a Before beginning, gather the following:
The location of the share where the Exchange Server 2007

installation file is located.
The name and IP address of the clustered mailbox server where

you will install the CCR Mailbox. 1b 1c Establish a Terminal Server connection to the active node of the cluster where you want to install the CCR Mailbox. When you have established the connection, do the following to verify that clustering is set up:
Click Start. Click Cluster Administrator. In the Open Connector to Cluster box, type a period, and then press Enter.
1d If clustering is set up, the Cluster Administrator window will display information about the cluster, including cluster IP address, cluster name, and majority node set.
Installing on the active node

1 Run the Exchange 2007 setup, Setup.exe. The setup GUI opens.
Page 37
Chec k 2 3 4 5 6 At the Security warning, click Run. On the following screen, click Step 4: Install Microsoft Exchange. On the Introduction screen, click Next. On the License Agreement screen, accept the license agreement, and then click Next. On the Error Reporting screen, accept the default response of Yes (Recommended), and then click Next. The Installation Type screen appears. On the Installation Type screen, click anywhere in the Custom Exchange Server Installation box. To specify the path for the Exchange Server installation, click Browse. In the Browse For Folder window, expand My Computer. Click D_Drive, then click Make New Folder. Name the folder Exchsrvr. Click OK. On the Installation Type screen, verify that D:\Exchsrvr is entered in the Specify the path for the Exchange Server installation box, and then click Next. The Server Role Selection screen appears. Select the Active Clustered Mailbox Role check box. Click Next. The Cluster Settings screen appears. Accept the default setting of Cluster Continuous Replication. In the Clustered Mailbox Server Name box, enter the name of the clustered mailbox server. In the Clustered Mailbox Server IP Address box, enter the IP address of the clustered mailbox server. Click Next. The Readiness Checks screen appears. Note: You can ignore the warnings that appear on this screen. When the screen indicates that prerequisites are complete, click Install. The Progress screen, which monitors the progress of your installation, appears. Note that installation may take several minutes, depending on the rate of Active Directory replication. When the screen indicates that installation is complete, click Next. The Completion screen appears. The Completion screen confirms that the installation is complete. Click Finish to exit the Exchange Server 2007 Setup program.
Initial
7 8
9 10
11 12 13 14 15 16 17
18
19
Installing on the passive node

1 2 Run the Exchange 2007 setup, Setup.exe. The setup GUI opens. At the Security Warning, click Run. On the following screen, click Step 4: Install Microsoft Exchange.
Page 38
Chec k 3 4 5 6 On the Introduction screen, click Next. On the License Agreement screen, accept the license agreement, and then click Next. On the Error Reporting screen, accept the default response of Yes (Recommended), and then click Next. The Installation Type screen appears. On the Installation Type screen, click anywhere in the Custom Exchange Server Installation box. To specify the path for the Exchange Server installation, click Browse. In the Browse For Folder window, expand My Computer. Click D_Drive, and then click Make New Folder. Name the folder Exchsrvr. Click OK. On the Installation Type screen, verify that D:\Exchsrvr is entered in the Specify the path for the Exchange Server installation box, and then click Next. The Server Role Selection screen appears. On the Server Role Selection screen, select the Passive Clustered Mailbox Role check box instead of the check box for the active clustered mailbox role. Click Next. The Cluster Settings screen appears. Accept the default setting of Cluster Continuous Replication. In the Clustered Mailbox Server Name box, enter the name of the clustered mailbox server. In the Clustered Mailbox Server IP Address box, enter the IP address of the clustered mailbox server. Click Next. The Readiness Checks screen appears. Note: You can ignore the warnings that appear on this screen. When the screen indicates that prerequisites are complete, click Install. The Progress screen, which monitors the progress of your installation, appears Note that the installation may take several minutes, depending on the rate of Active Directory replication. When the screen indicates that the installation is complete, click Next. The Completion screen appears. The Completion screen confirms that the installation is complete. Click Finish to exit the Exchange Server 2007 Setup program.
Initial
7 8
9 10
11
12 13 14 15 16 17
18
19
Page 39
Chec k
Initial
CCR post-installation steps

1 Open Powershell. Delete the default first storage group and database by running the following commands:
Removemailboxdatabase -id:<database name> Removestoragegroup -id:<storage group name>

2 Run the following Powershell script to create storage groups.
newStorageGroup Name:SG01 server:<server name> logfolderpath:l:\LOG01 SystemFolderPath:l:\LOG01 newStorageGroup Name:SG02 server:<server name> logfolderpath:l:\LOG02 SystemFolderPath:l:\LOG02 newStorageGroup Name:SG03 server:<server name> logfolderpath:l:\LOG03 SystemFolderPath:l:\LOG03
Repeat this step sequentially for the number of storage groups you are creating. 3 Run the following Powershell script to create databases.
newmailboxdatabase Name:"<server name> MBX Store 01" PublicFolderDatabase:"<database location> PUB Store 1A" OfflineAddressBook:"Default Offline Address List <Location>" StorageGroup:<name> EdbFilePath:e:\MDB01\priv01.edb newmailboxdatabase Name:"<server name> MBX Store 02" PublicFolderDatabase:"<database location> PUB Store 1A" OfflineAddressBook:"Default Offline Address List <Location>" StorageGroup:<name> EdbFilePath:e:\MDB02\priv02.edb
Repeat this step sequentially for the number of storage groups you are creating.
Page 40
Chec k 4 Enable message tracking by running the following command:
Initial
set-transportserver <servername> -MessageTrackingLogMaxAge:10.00:00:00 -MessageTrackingLogMaxDirectorySize:20GB -MessageTrackingLogMaxFileSize:10MB -MessageTrackingLogPath:d:\exchsrvr\Messa geTracking -MessageTrackingLogEnabled: $true -MessageTrackingLogSubjectLoggingEnabled: $true
5 Set specific cluster settings.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Control\Session Manager\Environment] "ClusterLogSize"="32" C:\Documents and Settings\<localmachine>cluster /cluster:<server name> /prop EnableEventLogReplication=0
6 7 Enable LossLess. Verify failover/back with the following move-clustered mailbox Powershell command.
move-clusteredmailboxserver -id <servername> -targetmachine <servername> -movecomment test move for post install validation
8 Run the following Powershell script to set mailbox limits.
get-MailboxDatabase -server:<server name> | set-mailboxdatabase -IssueWarningQuota:419840KB -ProhibitSendReceiveQuota:512000KB -ProhibitSendQuota:460800KB -ItemRetention:14.00:00:00 -MailboxRetention:30.00:00:00

9 10 11 Request test accounts to be created. Configure backups. Configure Microsoft Operations Manager.
Page 41
IT Showcase: Exchange Server 2007 Deployment Checklists Technical White Paper Installation and Configuration
This worksheet provides an overview of deployment steps for installing and configuring an Exchange 2007 UM server for use in the Microsoft IT environment. Table 12. UM Server Worksheet
Chec k Initial
1 2 Verify that the server you will be installing to resides in the appropriate Active Directory site. Verify that the installation prerequisites in the pre-installation checklist have been completed.

1 2 3 Connect to the subject computer via Terminal Server. Open a Command Prompt window. Run the following command to start the setup program:
\\msgweb\e12\rtm\<df folder>\<build number>\build\setup.com /mode:install /roles:um /targetdir:d:\exchsrvr

Replace the values for <df folder> and <build number> based on the current build. 4 From another computer with a current UM server installation, obtain copies of the file speechgrammarfilterlist.xml from d:\exchsrvr\bin and the file gal.cfg from d:\exchsrvr\unifiedmessaging\grammars\en. Place the copies of these files in the corresponding directories of the computer on which you are installing the new UM server. From the folder d:\exchsrvr\bin, run the following command:
5 6
galgrammargenerator.exe -g -x speechgrammarfilterlist.xml
Then run galgrammargenerator.exe for each dial plan to which this server belongs:
Galgrammargenerator.exe d <dialplan1> -x speechgrammarfilterlist.xml Galgrammargenerator.exe d <dialplan2> -x speechgrammarfilterlist.xml

And so on.
Page 42
Chec k 7a Install the language packs by creating a batch file with the following commands:
Initial
exsetup /addumlanguagepack:de-DE /s:\\<path>\umlangpacks\de\retail\amd64 exsetup /addumlanguagepack:en-AU /s:\\<path>\umlangpacks\enau\retail\amd64 exsetup /addumlanguagepack:en-GB /s:\\<path>\umlangpacks\engb\retail\amd64 exsetup /addumlanguagepack:es-ES /s:\\<path>\umlangpacks\es\retail\amd64 exsetup /addumlanguagepack:es-MX /s:\\<path>\umlangpacks\esmx\retail\amd64 exsetup /addumlanguagepack:fr-CA /s:\\<path>\umlangpacks\frca\retail\amd64 exsetup /addumlanguagepack:fr-FR /s:\\<path>\umlangpacks\fr\retail\amd64 exsetup /addumlanguagepack:it-IT /s:\\<path>\umlangpacks\it\retail\amd64 exsetup /addumlanguagepack:ja-JP /s:\\<path>\umlangpacks\ja\retail\amd64
Page 43
Chec k 7b Continue adding language packs.
Initial
exsetup /addumlanguagepack:ko-KR /s:\\<path>\umlangpacks\ko\retail\amd64 exsetup /addumlanguagepack:nl-NL /s:\\<path>\umlangpacks\nl\retail\amd64 exsetup /addumlanguagepack:pt-BR /s:\\<path>\umlangpacks\pt\retail\amd64 exsetup /addumlanguagepack:sv-SE /s:\\<path>\umlangpacks\sv\retail\amd64 exsetup /addumlanguagepack:zh-CN /s:\\<path>\umlangpacks\zhchs\retail\amd64 exsetup /addumlanguagepack:zh-TW /s:\\<path>\umlangpacks\zhcht\retail\amd64
Replace <path> with the installation path for the current build.
Upon completion, restart the MSExchangeUM service in the Exchange Management Console.
Page 44

Exchange Server 2007 Deployment Checklists: Technical White Paper

Uploaded by

Copyright:

Available Formats

Exchange Server 2007 Deployment Checklists: Technical White Paper

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Exchange Server 2007 Deployment Checklists: Technical White Paper

Uploaded by

Copyright:

Available Formats

Exchange Server 2007 Deployment Checklists

Technical White Paper