Professional Documents
Culture Documents
Exchange 2007 Install and Configuration From The Command Line
Exchange 2007 Install and Configuration From The Command Line
(Part 1)
• Exchange 2007 Install and Configuration from the command line (Part 2)
• Exchange 2007 Install and Configuration from the command line (Part 3)
Brief
This two part series will run you through the setup of Exchange 2007 on a clean Windows 2008 server. Exchange
2003 already exists in the environment. The difference from previous articles is that the setup will be done entirely
(well mostly) from the command line. Given that there are so many other articles that describe the installation of
Exchange 2007 I am not going to detail every single step, but rather am going to focus on the command line steps
required.
Once the basic install is done I will show how to get the server into a working state so that it can serve a simple one
server organization.
Where relevant I will expand the methods used to discuss how these methods could be used in a larger setup. I will
also touch on how this can be used as a method for both documentation and DR. To conclude I will give some info
about the areas I consider as part of configuring an Exchange 2007 system.
Introduction
With the advent of PowerShell, Exchange 2007 is the first version of Exchange which is really easy to work with
from the command line. However, before we get to working with Exchange we must install it. This is easy to do
from the command line, however before that there are some preparatory steps that must be undertaken.
Before we start, I should explain a little about my lab environment. It consists of a root domain called Gaots.co.uk
and a child domain called Child.gaots.co.uk. Each domain has a single domain controller. The only service in the
root domain is the Enterprise Root CA. In the Child domain, Exchange 2003 is running on a Windows Server 2003
machine. Figure 1 below details the environment.
Preparation
The steps below are not necessarily exhaustive but are things I would commonly carry out before deploying
Exchange 2007.
• Verify the domain is in a minimum of Windows 2000 Native Mode
• Verify that the Exchange 2003 organization is in Native Mode
• Build the host operating system to standard build specifications and join to the domain
• Install the Exchange 2007 prerequisites as per the below links:
○ Exchange 2007 System Requirements
○ How to Install Exchange 2007 SP1 Prerequisites on Windows Server 2008 or Windows Vista
Essentially there are two elements to the preparation for Exchange 2007; the Active Directory preparation and the
software prerequisites on the Exchange server. I will prepare AD on the domain controller in the Root domain as
discussed later.
To prepare for the installation of Exchange 2007 on the Windows Server 2008 machine, first install PowerShell
using the command below:
ServerManagerCmd -i PowerShell
Next, the following IIS components must be installed:
ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-ISAPI-Ext
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Basic-Auth
ServerManagerCmd -i Web-Digest-Auth
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Dyn-Compression
Finally if you plan to support Outlook Anywhere users on the server you will need to install the RPC over HTTP
proxy components using the command below:
ServerManagerCmd -i RPC-over-HTTP-proxy
All these steps should be run from the standard Windows command line, and I usually put them all together into a
batch file which obviously prevents you having to type each one in one by one!
• Patch the server with Microsoft Update.
• Create OUs for Exchange server objects in AD (these OUs could be used for Group Policies specifically
related to the Exchange servers).
• Move server machine accounts in to correct OUs.
• Create Exchange Full Administrator Account (this is the account which will install Exchange).
• To prepare AD you will need Domain, Enterprise and Schema Administrator rights, and where Exchange
2003 exists, make the account and Exchange 2003 Full Administrator. To install Exchange in the child
domain you will need to be an Exchange Organization Administrator or an Enterprise Administrator.
• Copy the install files to each server - c:\software\Exchange2007.
• Create updates dir on each server - c:\software\Exchange2007Patches.
• Copy the latest Rollup Update to the updates directory created above.
• If not already in existence create an Internal Certificate Authority usually of the Enterprise Root variety.
This will be used to provide certificates for securing internal access to Exchange.
• Where Exchange 2003 exists Implement Link State suppression to prevent routing loops as described
in How to Suppress Link State Updates.
• As is often the case when making a large change to an environment now is a good time to clean up. In this
case I would take a look at the accepted email domains and recipient policies and make sure you do not
have anything unrequired.
• Make a final verification of server builds including: Network config, Patching, IE version, Prerequisites.
• Run the Exchange Best Practise Analyzer (ExBPA) Readiness Assessment and address any issues raised.
Installation
Having completed all the prerequisite steps described above, we are ready to move on to actually deploy the
Exchange 2007 server. The first step is to prepare Active Directory (AD) for Exchange 2007. In my lab I will
perform this on the root DC by running the commands below from the Windows command prompt:
Setup.com /PrepareAD
Setup.com /PrepareAllDomains
Having performed the Active Directory preparation and ensured that AD has replicated fully, the install of Exchange
can be performed.
Note:
The script entries from here on in can be run individually in a PowerShell window or sequentially by saving them in
a text file with a .PS1 extension.
Before running the script below you will need to enable the ability to run scripts on the server. So long as you create
the scripts on the server where you will run them, the following setting is suggested as it maintains the security of
PowerShell. Run the command to set the execution policy to RemoteSigned.
Set-ExecutionPolicy RemoteSigned
Finally to begin the install of Exchange run the script below:
#First Create the install directory
New-Item -Type directory -Path "C:\Program Files\Microsoft\Exchange Server"
#Run Setup
C:\software\exchange2007\Setup.com
/mode:install /roles:"ClientAccess,HubTransport,Mailbox"
/TargetDir:"C:\Program Files\Microsoft\Exchange Server"
/SourceDir:C:\Software\Exchange2007 /EnableErrorReporting
/LegacyRoutingServer:Exch2003.child.gaots.co.uk
/UpdatesDir:C:\Software\Exchange2007Patches
So let's dissect the command above. We are running the Exchange command line setup program (Setup.com) from
the software directory where we copied the install files.
Note:
The first Exchange 2007 server to be installed will use a slightly different script to any which follow as you must
specify the Legacy Routing Server which allows setup to create the first Routing Group Connector to link the
Exchange 2003 and 2007 routing groups.
For a definitive guide to all the parameters available with setup.com see White Paper: Description of the Parameters
Used With the Exchange 2007 Setup.com Tool.
Having installed Exchange 2007, you should run another Microsoft Update scan to ensure that the server is fully
patched before rebooting.
After the reboot it is worth checking out the event and setup logs to ensure that setup completed successfully. The
first thing to check is to run the Get-ExchangeServer command from the Exchange Management Shell. This will
return a list of Exchange servers with the roles that are installed. Check that all the roles you intended to install are
listed and then move on.
Next check the setup logs. The main log file tracks the progress of each task that is performed during the Exchange
2007 installation and configuration. The file contains information about the status of the prerequisite and system-
readiness checks that are performed before installation starts, the application installation progress, and the
configuration changes that are made to the system. It is located at the path below:
<system drive>\ExchangeSetupLogs\ExchangeSetup.log
Alongside the above log, is the ExchangeSetup.msilog file which contains information about the extraction of the
Exchange 2007 code from the installer file.
<system drive>\ExchangeSetupLogs\ExchangeSetup.msilog
To parse these logs for errors, you can of course open them in notepad and scroll through. However, as this article is
about using the command line, let's use that! Microsoft ship a script with Exchange to use for this which is located in
the scripts folder in the Exchange install directory. Open the Exchange Management Shell, change directory to the
scripts folder, and run the following command:
Get-SetupLog c:\exchangesetuplogs\exchangesetup.log - error -tree
This will generate a list of only the errors and warnings logged during setup and present the results in an indented
tree format.
For a more information about checking the setup logs see Exchange 2007 setup logs and how to use them to
troubleshoot setup.
Finally the last step is to run the Exchange Best Practice Analyzer to give you an overall view of the health of the
Exchange organisation.
For this part we are done. The install is complete and verified and we can now move onto the configuration of the
server which is described in Part 2 of this article.
Summary
In this article we have covered the prerequisite steps to install Exchange and begun the process by preparing AD
from the command line. We have then installed Exchange 2007 with the Hub, CAS and Mailbox roles and verified
that the install completed successfully. In Part 2 we will cover the commands needed to configure Exchange 2007 to
get things to the point of actually serving users!
Introduction
In Part 1 of this series, I described the prerequisites required to install Exchange and then described the installation
of Exchange and its verification. Now in Part 2, I will move on to describe some of the general configuration steps
required to get the system operational.
License Key
The first step is to enter the license key details for each server. This is done using the script below which allows you
to specify which Exchange server to apply the license key to by using the -Identity parameter.
#Enter the License Key
Set-ExchangeServer -Identity Exch2007 -ProductKey 12345-12345-12345-12345-
12345
#Restart the Information Store Service
Restart-Service msexchangeis
Enable OOF to the Internet from both Exchange 2003 and Exchange 2007
Finally, I ensure that Exchange 2007 will allow both Outlook 2003 and Outlook 2007 clients to send Out of Office
messages to the Internet using the script below:
#Get all the Remote Domain types (equal to the Internet Message formats from
#Exchange 2003 and set the AllowedOOFType to ExternalLegacy which allows
#both Outlook 2003 and 2007 clients to send OOF out
Get-RemoteDomain | Set-RemoteDomain -AllowedOOFType ExternalLegacy
Outlook Anywhere
As I mentioned above we have setup the client access server, however one access method that most will be using is
not yet available. That is Outlook Anywhere, formerly known as RPC over HTTP. Before enabling Outlook
Anywhere, you must ensure that the RPC Proxy component is installed on the Client Access server. Also it is
recommended to disable Kernel Mode Authentication when running the Client Access role on a Windows Server
2008 machine as otherwise if you use Outlook Anywhere with the NTLM authentication options users may be
prompted repeatedly for login information. The script below disables Kernel Mode Authentication and then enabled
Outlook Anywhere with Basic Authentication enabled and SSL Offloading disabled:
#Disable Kernel Mode Authentication for IIS7
C:\Windows\SysWOW64\inetsrv\AppCmd.exe set config
/section:system.webServer/security/authentication/windowsAuthentication
/useKernelMode:false
#Enable Outlook Anywhere with Basic Auth and SSL Offloading disabled
Enable-OutlookAnywhere -Server:Exch2007.child.gaots.co.uk
-ExternalHostname:email.gaots.co.uk -DefaultAuthenticationMethod:Basic
-SSLOffloading:$false
Summary
At this point, we have completed the basic steps needed to configure the client access server. I have tried not only to
demonstrate the bare minimum, but also added configuration steps for some of the more common requirements
which I have come across in the field. In the third and final part of this series, I will configure the mailbox server
role and summarise some of the thought processes I use when approaching an Exchange server build.
Introduction
In Part 1 of this series, I described the prerequisites required to install Exchange and then described the installation
of Exchange and its verification. In Part 2, I moved on to describe some of the general configuration steps required
to get the system operational, in particular focusing on the Client Access and Hub Transport roles. In this final part, I
will complete the configuration of the single server Exchange organization by focusing on the Mailbox role.
Mailbox Configuration - Mailbox Server Preparation
Disable Scalable Network Pack
There have been various issues with the Scalable Network Pack (SNP) updates that have been released in the last
year or so. The way I understand it, the SNP aims to offload processing to suitable Network Cards to improve
performance. It would appear that these updates have caused Exchange to see connectivity problems. In order to
ensure that the Scalability Networking Pack is disabled open a command prompt on all mailbox servers and run the
following command:
Netsh int ip set chimney DISABLED
I should point out that this issue only affects Windows Server 2003 machines running Exchange because Windows
Server 2008 machines have these enhancements disabled by default.
For much more info about the problems see the links below:
Windows 2003 Scalable Networking pack and its possible effects on Exchange
Windows 2003 Scalable Networking pack and its possible effects on Exchange (Part 2)
Global Mailbox Server Setup
Having completed the preparation steps above, I would now configure any global mailbox settings. In this case, that
basically means ensuring any permission settings are correct to allow various add-on services to run properly.
Create Databases
Having created new storage groups, next I will create some new databases using the script below which first creates
the directories for storage and then creates the databases. You will note that I create the public folder database first
so I can set it as the default Public Folder store when creating the mailbox database.
#Create folders for Databases
New-Item C:\DBs -Type Directory
New-Item C:\DBs\MBD-01 -Type Directory
New-Item C:\DBs\PFD-01 -Type Directory
#Create new public and mailbox databases
New-PublicFolderDatabase -Name PFD-01 -StorageGroup SG-PFD-01 -EdbFilePath
C:\DBs\PFD-01\PFD-01.edb
New-MailboxDatabase -Name MBD-01 -StorageGroup SG-MBD-01 -EdbFilePath
C:\DBs\MBD-01\MBD-01.edb -OfflineAddressBook "Default Offline Address List"
-PublicFolderDatabase Exch2007\SG-PFD-01\PFD-01