Documente Academic
Documente Profesional
Documente Cultură
M I C R O S O F T
L E A R N I N G
P R O D U C T
10135A
Lab Instructions and Lab Answer Keys: Configuring, Managing and Troubleshooting Microsoft Exchange Server 2010
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2010 Microsoft Corporation. All rights reserved. Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Released: 01/2010
Module 1
Lab Instructions: Deploying Microsoft Exchange Server 2010
Contents:
Lab A: Installing Exchange Server 2010 Exercise 1: Evaluating Requirements for an Exchange Server Installation Exercise 2: Preparing for an Exchange Server 2010 Installation Exercise 3: Installing Exchange Server 2010 Lab B: Verifying an Exchange Server 2010 Installation Exercise 1: Verifying an Exchange Server 2010 Installation 8 3 5 6
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. In Hyper-V Manager, click 10135A--NYC-DC1, and in the Actions pane, click Start. 3. 4. 10135A- NYC-DC1: Domain controller in the Contoso.com domain.
In the Actions pane, click Connect. Click the CTRL+ALT+DELETE button in the top-left corner of the Virtual Machine Connection window. Log on using the following credentials: User name: Administrator Password: Pa$$w0rd Domain: Contoso
5.
Repeat these steps to start, and log on to the 10135A--NYC-SVR2 virtual machine. 10135A- NYC-SVR2: Member server in the Contoso.com domain.
Lab Scenario
You are working as a messaging administrator in Contoso Ltd. Your organization is preparing to install its first Exchange Server 2010 server. Contoso Ltd. is a large multinational organization that includes offices in Seattle, Washington, in the United States, and in Tokyo, Japan. Contoso Ltd. does not have a previous version of Exchange Server deployed so you do not have to upgrade a previous messaging system. Before installing Exchange Server 2010, you must verify that the Active Directory environment is ready for the installation. You also must verify that all computers that will run Exchange Server 2010 meet the prerequisites for installing Exchange.
Yes or No
Task 1: Install the Windows Server 2008 server roles and features
1. 2. On NYC-SVR2, in Server Manager, install the prerequisite server roles and features for Exchange Server 2010. Configure the Net.Tcp Port Sharing Service to start Automatically.
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-NYC-DC1 and the 10135A-NYC-SVR2 virtual machines are running. 3. 10135A- NYC-DC1: Domain controller in the Contoso.com domain. 10135A- NYC-SVR2: Member server in the Contoso.com domain.
Lab Scenario
You have completed the installation of the first Exchange Server at Contoso Ltd. You now need to verify that the installation completed successfully. You also should ensure that the installation meets the best practices that Microsoft suggests.
6. 7.
Wait for 10135A-VAN-DC1 to start, and then start 10135A-VAN-EX1. Connect to the virtual machine. Wait for 10135A-VAN-EX1 to start, and then start 10135A-VAN-EX3. Connect to the virtual machine.
Module 2
Lab Instructions: Configuring Mailbox Servers
Contents:
Exercise 1: Configuring Mailbox Databases Exercise 2: Configuring Public Folders 3 4
Lab Setup
Important: If required, start the 10135A-VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines. For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-EX3 virtual machines are running. 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain 10135A-VAN-EX3: Exchange 2010 server in the Adatum.com domain
If required, connect to the virtual machines. Log on to the computers as Adatum\Administrator, using the password Pa$$w0rd.
Lab Scenario
You are a new messaging administrator at A. Datum Corporation, and your manager has left instructions indicating that you need to create and configure a database for the executive group, and then move the existing database for the accounting group to a new location. Additionally, you need to add an additional public folder database, and then replicate data to it.
5.
To connect to the virtual machine for the next modules lab, click 10135A-VAN-DC1, and then in the Actions pane, click Connect. Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines.
6. 7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 3
Lab Instructions: Managing Recipient Objects
Contents:
Exercise 1: Managing Recipients Exercise 2: Configuring E-Mail Address Policies Exercise 3: Configuring Address Lists Exercise 4: Performing Bulk Recipient Management Tasks 3 5 6 7
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and 10135A-VAN-CL1 virtual machines are running. 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain. 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain. 10135A-VAN-CL1: Windows 7 client computer in the Adatum.com domain.
If required, connect to the virtual machines. Log on to the computers as Adatum\Administrator, using the password Pa$$w0rd.
Lab Scenario
You are the messaging administrator for A. Datum Corporation. Your company is purchasing a new company called Adventure Works. Adventure Works recipients will need to maintain a separate e-mail domain and address list. You also must create new mailboxes for the new departments employees.
Task 2: Create a resource mailbox, and configure auto-accept settings for the
ProjectRoom
1. 2. In Exchange Management Console, create a new room mailbox named ProjectRoom in the Mailbox Database 1 database. Configure a user logon name of ProjectRoom, and a password of Pa$$w0rd. Enable the Booking Attendant on ProjectRoom.
Task 4: Create and configure a mail-enabled contact for Ian Palangio at Woodgrove
Bank
In Exchange Management Console, create a new mail-enabled contact for Ian Palangio, using an alias of IanPalangioWB and an e-mail address of ian.palangio@woodgrovebank.com.
Task 5: Create a moderated distribution list for the Adventure Works Project, and
delegate an administrator
1. 2. In Exchange Management Console, create a new Distribution group called Adventure Works Project with an alias of AdventureWorksProject. Add the following recipients to the Adventure Works Project group: 3. George Schaller Ian Palangio Wei Yu Paul West
Specify George Schaller as the group moderator, and enable moderation of all messages.
2. 3.
Create and send a new meeting request. Invite the Adventure Works Project group, and specify ProjectRoom as the room. On VAN-EX1, open Outlook Web App, log on as Adatum\George, using the password Pa$$w0rd, and accept the meeting request message. Send the response now. Results: After this exercise, you should have completed all of the assigned tasks, which include creating a mailbox, creating a resource mailbox, moving a mailbox, creating a contact, and creating a moderated distribution group.
Task 5: Create a new offline address book for the Adventure Works address list to
support both Office Outlook 2003 and Outlook 2007 clients
1. 2. On VAN-EX1, open Exchange Management Console. Create a new offline address book named Companies with the Adventure Works and A. Datum address lists, and enable distributions through Web-based distribution and public folders. Use the OAB folder on VAN-EX1 for Web-based distribution. Close the Exchange Management Console. Results: After this exercise, you should have created an address list for the A. Datum and Adventure Works users, and an offline address book for each organization.
3.
The main tasks for this exercise are: 1. 2. 3. 4. 5. Add a header line to the .csv file exported from the Human Resources (HR) system. Modify the CreateUsersLab.ps1 script to Adventure Works users from a .csv file. Create the AdventureWorks OU in the Adatum.com domain Run CreateUsersLab.ps1 to Adventure Works users from a .csv file. Define mailbox limits for all Adventure Works company users.
Task 1: Add a header to the .csv file exported from the HR system
1. 2. On VAN-EX1, open D:\Labfiles\Users.csv in Notepad. Add a header line that defines each column: 3. FirstName LastName Password
Task 2: Modify the CreateUsersLab.ps1 script to import Adventure Works users from a
.csv file
1. 2. Open D:\Labfiles\CreateUsersLab.ps1 in Notepad. Modify CreateUsersLab.ps1 as required to: 3. Configure the database to create users as Mailbox Database 1. Configure the user principal name to be adatum.com. Place users in the AdventureWorks OU. Configure the .csv import file to be D:\Labfiles\Users.csv. Configure the $pwd to be based on the password field in the Users.csv. Configure the first and last name. Configure the user principal name (UPN) as first name@adatum.com. Configure the alias to be the first name and last name, with no space between the names. Configure the display name to be the first name and last name, with a space between the names.
Set mailbox limits by piping the list of mailboxes to the Set-Mailbox cmdlet: IssueWarningQuota 100MB ProhibitSendQuota 150MB
Results: After this exercise, you should have created all of the additional Adventure Works users with an Exchange Management Shell script, and then have set the storage quota.
Module 4
Lab Instructions: Managing Client Access
Contents:
Lab A: Configuring Client Access Servers for Outlook Anywhere Access Exercise 1: Configuring Client Access Servers Exercise 2: Configuring Outlook Anywhere Exercise 1: Configuring Outlook Web App Exercise 2: Configuring Exchange ActiveSync 4 6 9 11
Lab B: Configuring Client Access Servers for Outlook Web App and Exchange ActiveSync
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, 10135A-VAN-EX2, and the 10135A-VAN-CL1 virtual machines are running. 10135A-VAN-DC1: Domain controller in the Adatum.com domain 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain 10135A-VAN-EX2: Exchange 2010 server in the Adatum.com domain 10135A-VAN-CL1: Client computer in the Adatum.com domain
Important: If you are using Windows Server 2008 R2 as the host operating system, you must complete the following steps before starting VAN-CL1. 1. In the Hyper-V Management console, in the Virtual Machines pane, right-click 10135A-VAN-CL1, and click Settings. 2. Click Network Adapter, and select the Enable spoofing of MAC addresses check box. Click OK. This step is required in order for the Windows Mobile Device emulator to communicate on the virtual network. 3. If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1, and VAN-EX2 as Adatum\Administrator, using the password Pa$$w0rd. Do not log on to VAN-CL1 at this point.
Lab Scenario
You are working as a messaging administrator in A. Datum Corporation. Your organization has decided to deploy Client Access servers so that the servers are accessible from the Internet for a variety of messaging clients. To ensure that the deployment is as secure as possible, you must secure the Client Access server, and configure a certificate on the server that will support the messaging client connections. You also need to configure the server to support Outlook Anywhere connections.
Task 1: Prepare the Windows Server 2008 CA to issue certificates with multiple subject
alternative names
1. 2. On VAN-DC1, open a command prompt and use the certutil -setreg policy \EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 command to configure the CA policy. Restart the Certificate Services.
2.
State/province: BC
3. 4.
Close Outlook.
3. 4.
Results: After this exercise, you should have enabled Outlook Anywhere on VAN-EX2, and configured a client profile to use Outlook Anywhere. You also verified the Outlook Anywhere functionality.
Lab B: Configuring Client Access Servers for Outlook Web App and Exchange ActiveSync
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, 10135A-VAN-EX2, and the 10135A-VAN-CL1 virtual machines are running: 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain. 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain. 10135A-VAN-EX2: Exchange 2010 server in the Adatum.com domain. 10135A-VAN-CL1: Client computer in the Adatum.com domain.
Lab Scenario
To enable client access to the server, your organization has decided to enable both Outlook Web App and Exchange ActiveSync for its users. However, the security officer at A. Datum Corporation has defined security requirements for the Outlook Web App and Exchange ActiveSync deployment. Therefore, you need to enable the security features for both Outlook Web App and Exchange ActiveSync.
2. 3. 4. 5. 6.
Task 3: Configure an Outlook Web App Mailbox Policy for the branch managers
1. 2. 3. Create a new Outlook Web App Mailbox policy, and configure the policy with the name Branch Managers Policy. Configure the policy to prevent branch managers from changing their password. Apply the policy to all users in the Branch Managers organizational unit (OU).
10
4. 5.
Connect to OWA again, and log on as Adatum\Johnson using the password Pa$$w0rd. Johnson is in the Branch Managers OU. Verify that the Tasks folder is listed in the user mailbox, but that Johnson is not able to change his password. Results: After this exercise, you should have configured Outlook Web App on VAN-EX2. This configuration includes assigning the internal CA certificate to the Default Web Site, and configuring Outlook Web App settings for all users, as well as for specific users. You also should have verified the Outlook Web App settings.
11
In Windows Mobile 6 Professional, start ActiveSync, and start the process for setting up the device to sync with Exchange Server.
7.
12
8. 9.
E-mail address: ScottMacdonald@adatum.com User name: Scott Password: Pa$$w0rd Domain: Adatum Server address: VAN-EX2.adatum.com SSL: Disabled Synchronize all Calendar and E-mail items
Verify that the synchronization succeeds. On VAN-CL1, connect to https://mail.adatum.com/owa, and log on as adatum\Wei using the password Pa$$w0rd.
10. Send a test message to Scott. 11. On the mobile device, verify that Scott received the message, and reply to it. 12. In Outlook Web App, verify that the reply message was received.
Review the other Exchange ActiveSync Mailbox policy settings. Apply the Exchange ActiveSync Mailbox policy to Scott MacDonald.
13
7. 8.
On VAN-CL1, in the Windows Professional emulator, modify the ActiveSync settings to use SSL. Verify that the client can synchronize successfully.
Module 5
Lab Instructions: Managing Message Transport
Contents:
Exercise 1: Configuring Internet Message Transport Exercise 2: Troubleshooting Message Transport Exercise 3: Troubleshooting Internet Message Delivery 3 5 6
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-EX2 virtual machines are running: 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain 10135A-VAN-EX2: Exchange 2010 server in the Adatum.com domain
If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1 and VAN-EX2 as Adatum\Administrator, using the password Pa$$w0rd.
Lab Scenario
You are a messaging administrator in A Datum Corporation., which is a large multinational organization that has offices in London, Tokyo, and Vancouver, which is its headquarters. Your organization has deployed Exchange Server 2010 in two of its sites. However, all Internet messages should flow through the main site in Vancouver. As part of your job responsibilities, you need to set up the message transport to and from the Internet and also ensure that the message flow works within and between the various sites.
2. 3. 4.
Switch to the c:\Program Files\Microsoft\Exchange Server\v14\scripts directory and use the install-AntispamAgents.ps1 cmdlet to install the anti-spam agents on the Hub Transport server Restart the Microsoft Exchange Transport Verify that anti-spam configuration options are now available on VAN-EX1 and at the organization level.
Task 1: Check the routing log, and verify that mail delivery works correctly
1. 2. On VAN-EX1, use the Routing Log Viewer to verify that VAN-EX1 is located in the Default-First-SiteName site, and the VAN-EX2 is located in the Site2 site. Log on to Outlook Web App as Wei, and send an email to Anna, whose mailbox is on VAN-EX2. Verify that the mail is received and that Anna can respond to the e-mail.
6. 7. 8.
5.
To connect to the virtual machine for the next modules lab, click 10135A-VAN-DC1, and then in the Actions pane, click Connect. Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines.
6. 7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.
Module 6
Lab Instructions: Implementing Messaging Security
Contents:
Lab A: Configuring Edge Transport Servers and Forefront Protection 2010 Exercise 1: Configuring Edge Transport Servers Exercise 2: Configuring Forefront Protection 2010 for Exchange Servers Lab B: Implementing Anti-Spam Solutions Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers 7 4 5
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-SVR1 virtual machines are running: 3. 4. 5. 6. 7. 8. 9. 10135A-VAN-DC1: Domain controller in the Adatum.com domain 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain 10135A-VAN-SVR1: Standalone server
If required, connect to the virtual machines. Log on to VAN-DC1 and VAN-EX1 as Adatum\Administrator, using the password Pa$$w0rd. Log on to VAN-SVR1 as Administrator, using the password Pa$$w0rd. On the host computer, in Hyper-V Manager, click VANSVR1, and in the Actions pane, click Settings. Click DVD Drive, click Image file, and then click Browse. Browse to C:\Program Files\Microsoft Learning\10135\Drives, click EXCH201064.iso, and then click Open. Click OK. On VAN-SVR1, dismiss the Autoplay dialog box.
Lab Scenario
You are a messaging administrator in A. Datum Corporation, which is a large multinational organization. Your organization has deployed Exchange Server 2010 internally, and now must extend it so that everyone within the corporation can send and receive Internet e-mail. As part of your job responsibilities, you need to set up an Edge Transport server, and then install an antivirus solution to scan all mail.
2.
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-SVR1 virtual machines are running. 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain 10135A-VAN-SVR1: Standalone server
Lab Scenario
You are a messaging administrator in A. Datum Corporation, which is a large multinational organization. After configuring the Edge Transport server and installing an antivirus solution, you must implement an anti-spam solution.
3.
On VAN-EX1, in the Exchange Management Shell, run d:\labfiles\Lab6Prep.ps1. This script will send 11 messages from VAN-SVR1 with the following SCL ratings: Mail Sender Msg1@contoso.com Msg2@contoso.com Msg3@contoso.com Msg4@contoso.com Msg5@contoso.com Msg6@contoso.com Msg7@contoso.com Msg8@contoso.com Msg9@contoso.com Msg10@contoso.com Msg11@contoso.com SCL Level 7 8 7 7 8 6 8 7 6 6 8
4. 5.
Log on to Outlook Web App as Wei and verify that three messages were sent to the user mailbox, and that eight messages were sent to the Junk E-Mail folder. View the message details for one of the messages to verify the SCL value assigned to the message.
Module 7
Lab Instructions: Implementing High Availability
Contents:
Exercise 1: Deploying a DAG Exercise 2: Deploying Highly Available Hub Transport and Client Access Servers Exercise 3: Testing the High Availability Configuration 3 4 5
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, 10135A-VAN-EX2, and the 10135A-VAN-EX3 virtual machines are running: 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain. 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain. 10135A-VAN-EX2: Exchange 2010 server in the Adatum.com domain. 10135A-VAN-EX3: Exchange 2010 server in the Adatum.com domain.
If required, connect to the virtual machines. Log on to the virtual machines as Adatum\Administrator, using the password Pa$$w0rd.
Lab Scenario
You are the messaging administrator for A. Datum Corporation. You have completed the basic installation for three Exchange servers. Now you must complete the configuration so that they are highly available.
Task 1: Create a DAG named DAG1 using the Exchange Management Shell
1. 2. On VAN-EX1, open the Exchange Management Shell. Use the New-DatabaseAvailabilityGroup cmdlet to create a DAG with the following information: 3. 4. 5. Name: DAG1 WitnessServer: \\VAN-DC1\FSWDAG1 WitnessDirectory: C:\FSWDAG1 IP Address: 10.10.0.80
Use the Add-DatabaseAvailabilityGroupServer cmdlet to add VAN-EX1 as a member of DAG1. On VAN-EX2, open the Exchange Management Console. On the Database Availability Groups tab, add VAN-EX2 as a member of DAG1.
Exercise 2: Deploying Highly Available Hub Transport and Client Access Servers
Scenario
The network team used a hardware load balancer to load balance VAN-EX1 and VAN-EX2 for Client Access connections. They have assigned a load balanced IP address of 10.10.0.30, and have created a DNS record for the name CASArray.adatum.com. Now you must complete the Client Access configuration. The main tasks for this exercise are: 1. 2. Create and configure a client access array for CASArray.adatum.com. Assign the client access array to the databases.
Task 5: Start SMTP service on VAN-DC1 to allow delivery of the queued message
1. 2. On VAN-DC1, open Server Manager. Start the SMTP service.
Task 6: Verify that the messages were removed from the shadow redundancy queue
1. 2. On VAN-EX2, open Queue Viewer. Connect to VAN-EX3, where the message was queued in the shadow redundancy queue, and then verify that it is no longer queued.
Task 7: Verify the copy status of the Accounting database, and resume the database
copy
1. 2. 3. On VAN-EX2, open the Exchange Management Console. View the database copy health on the Suspended copy on VAN-EX2. Resume the database copy on VAN-EX2, and wait until the copy status is Healthy.
Task 8: Perform a switchover on the Accounting database to make the VAN-EX2 copy
active
1. 2. 3. On VAN-EX2, open the Exchange Management Console. Verify that the active Accounting database is on VAN-EX1. Select the Accounting database on VAN-EX2, and then activate the copy.
Module 8
Lab Instructions: Implementing Backup and Recovery
Contents:
Exercise 1: Backing Up Exchange Server 2010 Exercise 2: Restoring Exchange Server Data Exercise 3: Restoring Exchange Servers (optional) 3 4 5
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-SVR1 virtual machines are running. 3. 4. 5. 6. 7. 8. 9. 10135A-VAN-DC1: Domain controller in the Adatum.com domain 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain 10135A-VAN-SVR1: Standalone server
If required, connect to the virtual machines. Log on to VAN-DC1 and VAN-EX1 as Adatum\Administrator, using the password Pa$$w0rd. Log on to VAN-SVR1 as Administrator, using the password Pa$$w0rd. In Microsoft Hyper-V Manager, click VANSVR1, and, in the Actions pane, click Settings. Click DVD Drive, click Image file, and then click Browse. Browse to C:\Program Files\Microsoft Learning\10135\Drives, click EXCH201064.iso and click Open. Click OK. On VAN-SVR1, close the AutoPlay dialog box.
Lab Scenario
You are a messaging administrator for A. Datum Corporation. Your organization has deployed Exchange Server 2010. You now want to ensure that all Exchange Server-related data is backed up and that you can restore not only the full server or database, but also a mailbox or mailbox folder.
Task 2: Perform a backup of the mailbox database using Windows Server Backup
1. 2. Use Server Manager to install Windows Server Backup. Perform a custom backup of the C:\ drive using a VSS full backup. Store the backup files on \\VANDC1\Backup.
4. 5.
In the Virtual Machines pane, click 10135A-VAN-DC1, and then in the Actions pane, click Start. To connect to the virtual machine for the next modules lab, click 10135A-VAN-DC1, and then in the Actions pane, click Connect. Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines.
6. 7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 9
Lab Instructions: Configuring Messaging Policy and Compliance
Contents:
Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox Search Exercise 1: Configuring Transport Rules Exercise 2: Configuring Journal Rules and Multi-Mailbox Search Lab B: Configuring Messaging Records Management and Personal Archives Exercise 1: Configuring Messaging Records Management Exercise 2: Configuring Personal Archives 9 12 3 6
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-CL1 virtual machines are running: 3. 4. 10135A-VAN-DC1: Domain controller in the Adatum.com domain. 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain. 10135A-VAN-CL1: Client computer in the Adatum.com domain.
If required, connect to the virtual machines. Log on to VAN-DC1, and VAN-EX1 as Adatum\Administrator using the password Pa$$w0rd. Log on to VAN-CL1 as Adatum\Luca using the password Pa$$w0rd.
Lab Scenario
You are a messaging administrator in A. Datum Corporation. Your organization has deployed Exchange Server 2010. The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. These requirements include applying rights protection to some messages sent inside and outside the organization, restricting message flow based on message classifications, and restricting which messages are sent to critical distribution lists. You also must ensure that you establish a separate and secure mailbox in which to retain all messages that the legal department sends and receives.
The main tasks for this exercise are: 1. 2. 3. 4. 5. 6. 7. Create a transport rule that adds a disclaimer to all messages sent to the Internet. Enable message classifications for Outlook 2007 clients. Create a transport rule that blocks all messages with an Internet Confidential classification from being sent to the Internet. Enable AD RMS integration for the organization. Configure a transport rule that applies the Do Not Forward AD RMS template to all messages with the words confidential or private in the subject. Configure a moderated group. Test the transport rule configuration.
Task 1: Create a transport rule that adds a disclaimer to all messages sent to the Internet
On VAN-EX1, create a new transport rule with the following settings: Name: Internet E-Mail Disclaimer Conditions: Sent to users outside the corporation Actions: Add a disclaimer
Disclaimer text: This e-mail is intended solely for the use of the individual to whom it is addressed
Task 2: Configure and enable message classifications for Outlook 2007 clients
1. On VAN-EX1, use the new-messageclassification -Name CompanyConfidential displaynameCompany Confidential -senderdescription Do not forward to the Internet cmdlet to configure a new message classification. Use the Export-Classification.ps1 script in the c:\Program Files \Microsoft\Exchange Server\v14\scripts folder to export the message classifications to the C:\Classifications.xml file. Copy the Classifications.xml file to drive C on VAN-CL1. On VAN-CL1, import the EnableClassifications.reg file from \\van-ex1\d$\Labfiles.
2.
3. 4.
Task 3: Create a transport rule that blocks all messages with a Company Confidential
classification from being sent to the Internet
Create a new transport rule with the following settings: Name: Company Confidential Rule Condition: Marked with classification Company Confidential Actions: Send rejection message to sender with enhanced status code Rejection message text: Company confidential e-mail messages cannot be sent to the Internet Enhanced status code: 5.7.1
Task 5: Configure a transport rule that applies the Do Not Forward AD RMS template to
all messages with the words confidential or private in the subject
Create a new transport rule with the following settings: Name: Confidential E-Mail Rule Condition: Where the subject contains the words Confidential or Private Actions: protect the message with the Do not Forward template
3.
4. 5. 6. 7. 8. 9.
On VAN-DC1, open Windows Explorer. Browse to the C:\inetpub\mailroot \queue folder. Open the EML file with Notepad. Scroll to the middle of the message, and verify that the disclaimer has been added to the message. On VAN-CL1, confirm that Luca received a message from the postmaster account stating that the second message could not be delivered. In Outlook, create a new message, and send it to the All Company distribution group. Connect to the Outlook Web App site on VAN-EX1. Log on as Andreas. Approve the message. In Outlook, verify that the message to the All Company distribution list has arrived. In Outlook Web App, logged on as Andreas, create a new message with a subject of Private. Send the message to Luca. In Outlook, verify that Luca received the message and that it has the Do Not Forward template applied. Verify that the Forward option is not available on the message. Results: After this exercise, you should have configured a transport rule that ensures that all messages sent to users on the Internet includes a disclaimer of which the legal department approves. Additionally, you should have configured a transport rule that ensures that messages with an Company Confidential classification are not sent to the Internet, and you should have configured a transport rule that applies the Do Not Forward AD RMS template to all messages with the words confidential or private in the subject. Lastly, you should have configured a moderated group using the All Company distribution group.
The main tasks for this exercise are: 1. 2. 3. 4. Create a mailbox for the Executives department journaling messages. Create a journal rule that saves a copy of all messages sent to and from Executives department members. Create and configure the MailboxAuditor account. Test the journal rule and Multi-Mailbox Search configuration.
Task 2: Create a journal rule that saves a copy of all messages sent to and from
Executives department members
Create a new journal rule with the following attributes: Rule name: Executives Department Message Journaling Journal mailbox: Executives Journal Mailbox Scope: Global Recipient: Executives distribution group
Grant the Mailbox Auditor account full access to the Executives Journal Mailbox and Discovery Management Mailbox mailboxes. Add the Mailbox Auditor account to the Discovery Management Active Directory group.
5.
Connect to the Exchange Control Panel as the MailboxAuditor. Create a new search named Customer Number Discovery. Configure the search to look for the phrase customer number in George Schaller and Luca Dellamores mailboxes. Wait until the search finishes, and then in the bottom right pane, click the Open link. In Outlook Web App, verify that the discovery folder named Customer Number Discovery contains two subfolders and contains the discovered messages. Results: After this exercise, you should have created a mailbox for the Executives department journaling messages, and then created a journal rule that saves a copy of all messages sent to and from Executives department members. You also should have created and configured the MailboxAuditor account.
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-CL1 virtual machines are running. 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain. 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain. 10135A-VAN-CL1: Client computer in the Adatum.com domain.
Lab Scenario
You are the messaging administrator for A. Datum Corporation. Your organization has deployed Exchange Server 2010. The legal and audit departments at A. Datum provided you with several requirements for implementing messaging policy and compliance. These requirements include configuring rules that will ensure that some messages are retained for an extended period, while other messages are deleted when they expire. Finally, you must enable Personal Archives for all of the users in the Executives department.
A. Datum Corporation would like to automate message management in user mailboxes. To test this implementation, the executives have approved a pilot project to use retention policies for the ITAdmins group. The main tasks for this exercise are: 1. 2. 3. 4. 5. 6. 7. 8. 9. Create a managed custom mailbox folder named Executives Confidential. Configure content settings for the Executives Confidential folder. Configure content settings for all mailbox folders. Configure a managed folder mailbox policy that applies to all users. Configure a managed folder mailbox policy that applies to the Executives department. Start the managed folder assistant process. Test the managed custom folder implementation. Configure Retention Tags and a retention policy. Apply the retention policy to the Marketing group.
10
Messages will be retained for 90 days. Retention period starts when messages are delivered. Delete messages, and allow recovery.
Task 4: Configure a managed folder mailbox policy that applies to all users
1. Create a new managed folder mailbox policy with this attribute: 2. 3. Name: Default Policy All Users
Associate the Entire Mailbox with the policy. Use the following command to assign the policy to all users: Get-Mailbox | Set-Mailbox ManagedFolderMailboxPolicy Default Policy All Users.
Task 5: Configure a managed folder mailbox policy that applies to the Executives
department
1. Create a new managed folder mailbox policy with the following attribute: 2. 3. Name: Executives Department Policy
Associate the Entire Mailbox and the Executives Confidential mailbox to this policy. Use the following command to assign the new policy to the users in the Finance OU: Get-Mailbox | where-object {$_.distinguishedname -ilike *ou=executives,dc=adatum,dc=com} | SetMailbox ManagedFolderMailboxPolicy Executives Department Policy
Task 7: Confirm that the managed custom folder is created for the Executives
department users
1. 2. 3. In the Exchange Management Console, confirm that the managed folder mailbox policy is assigned to Marcel Truempy. On VAN-EX1, open Internet Explorer, and then connect to https://VAN-EX1.adatum.com/owa. Log on as Adatum\Marcel with the password of Pa$$w0rd. Confirm that the Finance Confidential folder was created in Marcels mailbox.
11
2. 3.
12
Task 1: Create an archive mailbox for all members of the Marketing group
On VAN-EX1, in the Exchange Management Console, under Recipient Management, click Mailbox. Sort the mailbox list by organizational unit, select all of the users in the Marketing OU, and then create an archive mailbox for them.
Task 2: Verify that the archive mailbox was created for members of the Marketing group
Log on to Outlook Web App as Manoj, and then verify that the archive mailbox was created. Results: After this exercise, you should have configured archive mailboxes for all members of the Marketing group.
Module 10
Lab Instructions: Securing Microsoft Exchange Server 2010
Contents:
Exercise 1: Configuring Exchange Server Permissions Exercise 2: Configuring a Reverse Proxy for Exchange Server Access 3 5
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1, 10135A-VAN-EX1, and the 10135A-VAN-EX2 virtual machines are running. 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain 10135A-VAN-EX2: Exchange 2010 server in the Adatum.com domain
If required, connect to the virtual machines. Log on to VAN-DC1 and VAN-EX1 as Adatum\Administrator, using the password Pa$$w0rd. Do not log on to VAN-EX2 at this point.
Lab Scenario
A. Datum Corporation has deployed Exchange Server 2010. The company security officer has provided you with a set of requirements to ensure that the Exchange Server deployment is as secure as possible. The specific concerns included in the requirements include: Exchange Server administrators should have minimal permissions, which means that, whenever possible, you should delegate Exchange Server management permissions. Ensure that client connections to the Client Access servers are as secure as possible by deploying a TMG server.
The main tasks for this exercise are as follows: 1. 2. 3. Configure permissions for the ITAdmins group. Configure permissions for the Support Desk and HRAdmins groups. Verify the permissions.
4. 5.
3.
On VAN-EX1, open Internet Explorer and connect to https://van-ex1.adatum.com/ecp. Log on as Adatum\Anna, and verify that the account has the following permissions: Can modify mailbox settings for users by using the Exchange Control Panel. For example, try modifying the department attribute for Andreas Herbinger. Can modify distribution groups using the Exchange Control Panel. For example, add a group description for the Accounting group.
Note: You cannot create or delete user accounts and mailboxes in Exchange Control Panel. If you want to test whether Anna can create user accounts and mailboxes, add Anna to the local Administrators account on VAN-EX2, and log on to VAN-EX2 as Anna. Then open Exchange Management Console and verify that you can create a mailbox. In a production environment, you could install the Exchange Management tools on a Windows 7 client computer.
4. Close Internet Explorer, and open it again and connect to https://van-ex1.adatum.com/ecp. Log on as Adatum\Paul, and verify that the account has the following permissions: Can modify mailbox settings for users by using the Exchange Control Panel. Cannot modify distribution groups using the Exchange Control Panel.
Results: After this exercise, you should have configured and verified permissions in the Exchange Server deployment.
Task 1: Prepare the Windows Server 2008 CA to issue certificates with multiple SANs
1. 2. On VAN-DC1, use the certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 command to configure the CA to issue certificates with multiple SANs. Stop and restart the Certificate Services service.
Task 2: Request a server certificate with multiple SANs on the Client Access server
1. On VAN-EX1, run the New Exchange Certificate Wizard using the following configuration options: 2. 3. 4. Friendly name: Adatum Mail Certificate Outlook Web App: Outlook Web App is on the intranet and uses a host name of VANEX1.adatum.com Outlook Web App: Outlook Web App is on the Internet and uses a host name of mail.adatum.com Exchange ActiveSync: Enabled and uses a host name of mail.adatum.com Autodiscover: Used on the Internet Long URL: Used for AutoDiscover with a host name of Autodiscover.adatum.com Organization: A Datum Organizational Unit: Messaging Country/region: Canada City/locality: Vancouver State/province: BC
Save the file using the name CertRequest.req. Copy the text of the certificate request file to the clipboard. Connect to http://van-dc1.adatum.com/certsrv, and create an advanced certificate request using a certificate request file. Paste the contents of the certificate request file into the Saved Request field. Request a Web server certificate. Download the certificate and save it to the C: drive.
5.
6. 7.
In the Exchange Management Console, use the Complete Pending Request Wizard to import the Adatum Mail certificate. In the Exchange Management Console, use the Assign Services to Certificate Wizard to assign the Adatum Mail certificate to IIS.
Create a new Web Listener with the following settings: Name: HTTPS Listener Client Connection Security: Require SSL secured connections with clients Web Listener IP Addresses: External Listener SSL Certificates: mail.adatum.com Authentication Settings: HTML Form Authentication Single Sign On Settings: Enabled SSO domain name: Adatum.com
4.
Note: During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not accessible.
2.
Results: After this exercise, you should have configured a Forefront Threat Management Gateway server to enable access to Outlook Web App on the Client Access server. You will also have verified that the access is configured correctly.
Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines.
6. Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
Module 11
Lab Instructions: Maintaining Microsoft Exchange Server 2010
Contents:
Exercise 1: Monitoring Exchange Server 2010 Exercise 2: Troubleshooting Database Availability Exercise 3: Troubleshooting Client Access Servers 3 5 7
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must: 1. 2. On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager. Ensure that the 10135A-VAN-DC1 and the 10135A-VAN-EX1 virtual machines are running: 3. 10135A-VAN-DC1: Domain controller in the Adatum.com domain. 10135A-VAN-EX1: Exchange 2010 server in the Adatum.com domain.
If required, connect to the virtual machines. Log on to the virtual machines as Adatum\Administrator, using the password Pa$$w0rd.
Lab Scenario
You are the messaging administrator at A. Datum Corporation. You need to configure basic monitoring by using the Performance and Reliability Monitor. You also must troubleshoot issues with a mailbox database and a Client Access server.
Task 2: Create a new performance counter data collector set for monitoring basic
Exchange Server performance
1. 2. Create a performance data collector set named Base Exchange Monitoring. Add the following performance counters to monitor basic Exchange Server performance on VAN-EX1: Object Processor Counter % Processor Time % User Time % Privileged Time Available Megabytes (MB) Page Reads/sec Pages Input/sec Pages/sec Pages Output/sec Pool Paged Bytes Transition Pages Repurposed/sec LDAP Read Time LDAP Search Time LDAP Searches timed out per minute Long running LDAP operations/Min Processor Queue Length
Memory
System
Task 3: Create a new performance counter data collector set for monitoring Mailbox
server role performance
1. 2. Create a performance data collector set named Mailbox Role Monitoring. Add the following performance counters to monitor basic Exchange Server performance on VAN-EX1:
Object LogicalDisk
Counter Avg.Disk sec/Read Avg.Disk sec/Transfer Avg.Disk sec/Write RPC Averaged Latency RPC Num Slow Packets RPC Operations/sec RPC Requests Messages Queued for Submission Messages Queued for Submission
MSExchangeIS
Results: After this exercise, you should have created a data collector set for monitoring VANEX1 that uses the performance counters that this module recommends.
Preparation
Before you begin this exercise, complete the following steps: 1. 2. 3. On VAN-EX1, open a Exchange Management Shell. At the prompt, type d:\ Labfiles\Lab11Prep2.ps1, and then press ENTER. When prompted, type N, and press ENTER. Close the Exchange Management Shell.
Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
List the problems and possible solutions: Problem Possible solution
Problem
Possible solution
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Mailbox server problem.
Preparation
Before you begin this exercise, complete the following steps: 1. 2. On VAN-EX1, open Exchange Management Shell. At the prompt, type d:\ Labfiles\Lab11Prep3.ps1, and then press ENTER. Close the Exchange Management Shell.
3.
Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
List the problems and possible solutions: Problem Possible solution
Problem
Possible solution
Note: During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not accessible.
2. Take the necessary actions to fix the problem. Run IISReset after fixing the problem.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Client Access server problem.
Important: Start the VAN-DC1 virtual machine first, and ensure that it starts fully before starting the other virtual machines.
6. 7. Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
Module 1
Lab Answer Key: Deploying Microsoft Exchange Server 2010
Contents:
Lab A: Installing Exchange Server 2010 Exercise 1: Evaluating Requirements for an Exchange Server Installation Exercise 2: Preparing for an Exchange Server 2010 Installation Exercise 3: Installing Exchange Server 2010 Lab B: Verifying an Exchange Server 2010 Installation Exercise 1: Verifying an Exchange Server 2010 Installation 5 2 3 4
10. In the Connection Settings dialog box, in the Connection Point section, in the Select a well known Naming Context list, click Configuration, and then click OK. 11. In the left pane, expand Configuration[NYC-DC1.Contoso.com], and then click CN=Configuration,DC=Contoso,DC=com. 12. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created. 13. Close ADSI Edit.
5. 6. 7. 8. 9.
Verify that Internet Information Services (IIS) Management is not listed. Click Start, click All Programs, click Accessories, click Windows PowerShell, and then click Windows PowerShell. At the PS prompt, type help about_windows_powershell, and then press ENTER. Verify that about_Windows_PowerShell_2.0 is listed. It is installed with Windows PowerShell v2. Close Windows PowerShell. Click Start, and then click Control Panel.
10. In the Control Panel, click Programs. 11. In the Programs window, click Programs and Features. Verify that Microsoft Filter Pack 1.0 is installed. Close the Programs and Features window. Results: After this exercise, you should have evaluated the requirements for Active Directory directory service, DNS, and servers.
3. 4. 5. 6. 7. 8. 9.
10. Under IIS 6 Management Compatibility, select the IIS 6 Management Console check box. 11. Click Next, and then click Install. 12. Click Close. 13. Click Start, point to Administrative Tools, and click Services. 14. In the Services list, double-click Net.Tcp Port Sharing Service. 15. In the Net.TCP Port Sharing Service Properties dialog box, in the Startup type drop down list, click Automatic, then click Apply. 16. Click Start, wait for the service to start, click OK, and then close the Services console.
1. 2. 3. 4. 5. 6. 7.
In the 10135A-NYC-SVR2 on localhost Virtual Machine Connection window, on the File menu, click Settings. Click DVD Drive, and then click Image File. Click Browse, and browse to C:\Program Files\Microsoft Learning \10135\Drives. Click EXCH201064.iso, and click Open. Click OK. On NYC-SVR2, click Close to close the AutoPlay dialog box. On NYC-SVR2, open a Command Prompt. Type D:\setup.com /PrepareAD /OrganizationName:Contoso, and then press ENTER. Close the command prompt window when the task is complete. Results: After this exercise, you should have installed the Windows Server 2008 server roles and features, and prepared AD DS for an Exchange Server 2010 installation.
10. On the Configure Client Access server external domain page, click Next. 11. On the Customer Experience Improvement Program page, click I dont wish to join the program at this time, and click Next. A readiness check takes place to ensure that Exchange is ready to install on the server. This check takes several minutes to complete. 12. Click Install. The installation begins, and takes approximately 15-20 minutes to complete. 13. Click Finish. 14. Click Close and Yes to exit Exchange Server 2010 Setup. You are not obtaining the critical updates for Exchange Server 2010 because the virtual machine does not have Internet connectivity. Results: After this exercise, you should have installed Exchange Server 2010.
3. 4.
10. Click Next. 11. On the Mailbox Settings page, in the Alias box, type TestUser, and then click Next to accept the mailbox settings. 12. On the Archive Settings page, click Next. 13. Click New to create the new mailbox. 14. Click Finish.
15. Click Start, point to All Programs, and then click Internet Explorer. 16. In the Address bar, type https://NYC-SVR2/owa, and then press ENTER. 17. Click Continue to this website (not recommended) to proceed. 18. Log on as Contoso\TestUser with a password of Pa$$w0rd. 19. Click OK to accept the default Outlook Web App settings. 20. Click New to create a new message. 21. Click Continue to this website (not recommended). 22. In the To box, type Administrator. 23. In the Subject box, type Test Message, and then click Send. 24. Close Internet Explorer. 25. Click Start, point to All Programs, and then click Internet Explorer. 26. In the Address bar, type https://NYC-SVR2/owa and press ENTER. 27. Click Continue to the website (not recommended) to proceed. 28. Log on as Contoso\Administrator with a password of Pa$$w0rd. 29. Click OK to accept the default Outlook Web App settings. 30. Double-click the message from TestUser to read it. Click Continue to this website (not recommended). 31. Close the message from TestUser. 32. Close Internet Explorer.
10. When the scan is complete, click the View a report of this Best Practices scan link. 11. On the Critical Issues tab, click Unrecognized Exchange signature. This gives you the option to get information about how to fix the problem or hide the message. 12. Click Tell me more about this issue and how to resolve it. This opens the Microsoft Exchange Server Best Practices Analyzer Help, and provides specific information about the warning and troubleshooting it. 13. Close Exchange Server Best Practices Analyzer Help.
14. Close the Exchange Server Best Practices Analyzer Tool. Results: After this exercise, you should have verified the successful installation of Exchange Server 2010 by viewing the Exchange Server services and folders. You should also have created a new user and sent a test message to that user. Finally, you should have used the Exchange Server Best Practices Analyzer tool to view information about any installation issues.
Module 2
Lab Answer Key: Configuring Mailbox Servers
Contents:
Exercise 1: Configuring Mailbox Databases Exercise 2: Configuring Public Folders 2 3
Results: After this exercise, you should have created a new database, set the specified limits, and moved the existing Accounting database to a new folder.
2. 3. 4. 5. 6. 7. 8.
In the Select Public Folder Servers dialog box, select VAN-EX3, click OK, and then click Connect. In the Console Tree, expand Public Folders, and then select Default Public Folders. In the Content pane, right-click Executives, and then choose Properties. On the General tab, note the Total Items and Size of the items in the public folder. Click OK. Close the Public Folder Management Console. Close the Exchange Management Console.
Results: After this exercise, you should have created a new public folder database on VAN-EX3 and added replicas for each public folder.
Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines. 6. 7. Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 3
Lab Answer Key: Managing Recipient Objects
Contents:
Exercise 1: Managing Recipients Exercise 2: Configuring E-Mail Address Policies Exercise 3: Configuring Address Lists Exercise 4: Performing Bulk Recipient Management Tasks 2 5 6 7
Click Next. Type AdventureWksQ as the Alias. Select the Specify the mailbox database rather than using a database automatically selected check box, and click Browse. Click Mailbox Database 1, click OK, and then click Next.
10. Click Next. 11. Click New. 12. Click Finish. 13. In the Results pane, select the Adventure Works Questions mailbox, and then in the Actions pane, click Manage Full Access Permission. 14. In the Manage Full Access Permission Wizard, click Add. 15. In the Select User or Group dialog box, choose George Schaller, and then click OK. 16. Click Manage. 17. Click Finish.
Task 2: Create resource mailboxes, and configure auto-accept settings for the
ProjectRoom
1. 2. 3. 4. 5. In the console tree, under Recipient Configuration, click Mailbox. In the Actions pane, click New Mailbox. In the New Mailbox Wizard, select Room Mailbox, and then click Next. Verify New user is selected, and then click Next. Fill in the following information: Name: ProjectRoom User logon name (User Principal Name): ProjectRoom Password: Pa$$w0rd Confirm Password: Pa$$w0rd
Click Next. Type ProjectRoom as the Alias. Select the Specify the mailbox database rather than using a database automatically selected check box, and then click Browse. Click Mailbox Database 1, click OK, and then click Next. Verify that the Create an archive mailbox for this account check box is not selected, and then click Next. Click New, and then click Finish. In the Results pane, click ProjectRoom, and in the Actions pane, click Properties. Click the Resource General tab. Select the Enable the Resource Booking Attendant check box. If you do not enable this option, the resource will not process meeting requests, even if you configure other settings. Click OK.
Note: If the mailbox move fails, and the error indicates that no MRS service is available, start the Microsoft Exchange Mailbox Replication service, and try the mailbox move again.
Task 4: Create and configure a mail-enabled contact for Ian Palangio at Woodgrove
Bank
1. 2. 3. 4. 5. In the console tree, under Recipient Configuration, click Mail Contact. In the Actions pane, click New Mail Contact. Verify that New contact is selected. Click Next. Fill in the following information: 6. 7. 8. 9. 10. First Name: Ian Last name: Palangio Alias: IanPalangioWB
To set the e-mail address, click Edit. In the E-mail address box, type ian.palangio@woodgrovebank.com, and then click OK. Click Next. Click New. Click Finish.
Task 5: Create a moderated distribution list for the Adventure Works Project, and
delegate an administrator
1. In the console tree, under Recipient Configuration, click Distribution Group.
2. 3. 4. 5. 6.
In the Actions pane, click New Distribution Group. Verify New group is selected. Click Next. Under Group Type, verify that Distribution is selected. Fill in the following information: Name: Adventure Works Project Alias: AdventureWorksProject
Click Next. Click New. Click Finish. In the Work pane, select the Adventure Works Project group. In the Actions pane, click Properties. Click the Members tab. Click Add, and then select the following users by holding down CTRL: George Schaller Ian Palangio Wei Yu Paul West
Click OK. Click the Mail Flow Settings tab. Select Message Moderation, and then click Properties. Select the Messages sent to this group have to be approved by a moderator check box. In the Specify group moderators section, click Add. Select George Schaller, and then click OK. Click OK. Click OK.
Note: If you receive an error message when you click To, click Cancel. Start or restart the Microsoft Exchange Address Book Service on VAN-EX1, and then try this step again. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Select the Adventure Works Project group, and then click Required. Select the ProjectRoom, and then click Resources. Click OK. Select a time. Type Project Kickoff as the subject. Click Send. Close Outlook. Log off from VAN-CL1. On VAN-EX1, click Start, click All Programs, and then click Internet Explorer. Type https://VAN-EX1.Adatum.com/OWA in the address bar.
Log on to Microsoft Outlook Web App as Adatum\George with a password of Pa$$w0rd. Click OK. Double-click the message with the subject of Project Kickoff. Click Accept. Choose to send the response now. Close Windows Internet Explorer.
Results: At the end of this exercise, you will have completed all of the assigned tasks, including creating a mailbox, creating a resource mailbox, moving a mailbox, creating a contact, and creating a moderated distribution group.
7.
Results: At the end of this exercise, you will have created an e-mail address policy for Adventure Works users.
Task 4: Verify the new address list is available in Microsoft Office Outlook
1. 2. 3. 4. On VAN-CL1, log on as Administrator with a password of Pa$$w0rd. Open Office Outlook 2007. Click the Tools menu, and then click Address Book. Under Address Book, click the down arrow to display the options. You can see that under All Address Lists, the Companies container is listed and includes the address lists Adventure Works and A. Datum. Close all open windows, and log off VAN-CL1.
5.
Task 5: Create a new offline address book for the Adventure Works address list to
support both Office Outlook 2003 and Outlook 2007 clients
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. On VAN-EX1, in Exchange Management Console, under Organization Configuration, click Mailbox, and then click the Offline Address Book tab. In the Actions pane, click New Offline Address Book. In the Name box, type Companies. Click Browse, select VAN-EX1, and then click OK. Clear the Include the default Global Address List check box. Select the Include the following address lists check box. Click Add, expand Companies, click Adventure Works, and then click OK. Click Add, expand Companies, click A. Datum, and then click OK. Click Next. Select Enable Web-based Distribution and Enable public folder distribution. Click Add, and in the Microsoft Exchange dialog box, click OK. Click OAB (Default Web Site), click OK, and then click Next. Click New, and then click Finish.
Results: At the end of this exercise, you will have created an address list for the A. Datum and Adventure Works users, and an offline address book for each organization.
6. 7.
Task 2: Modify the CreateUsersLab.ps1 script to import Adventure Works users from a
.csv file
1. Click Start, point to All Programs, click Accessories, and then click Notepad.
Click the File menu, click Open. Change the Files of Type to All Files. Select D:\Labfiles\CreateUsersLab.ps1, and then click Open. In Section 1, define $db as Mailbox Database 1. In Section 1, define $upndom as adatum.com. In Section 1, define $ou as Adventureworks. In Section 1, define $csvFile as D:\Labfiles\Users.csv. In Section 4, replace all instances of property1 with firstname. In Section 4, replace all instances of property2 with lastname. In Section 4, replace property3 with password. Click the File menu, and then click Save. Close Notepad.
Results: After this exercise, you should have created all of the additional Adventure Works users with an Exchange Management Shell script and set the storage quota.
Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines.
6. 7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
Important: If you are using Windows Server 2008 R2 as the host operating system, complete the following steps before starting VAN-CL1. 1. In the Hyper-V Management console, in the Virtual Machines pane, right-click 10135A-VAN-CL1, and click Settings. 2. Click Network Adapter, and select the Enable spoofing of MAC addresses check box. Click OK. This step is required in order for the Windows Mobile Device emulator to communicate on the virtual network. 8. Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 4
Lab Answer Key: Managing Client Access
Contents:
Lab A: Configuring Client Access Servers for Outlook Anywhere Access Exercise 1: Configuring Client Access Servers Exercise 2: Configuring Outlook Anywhere Lab B: Configuring Client Access Servers for Outlook Web App and Exchange ActiveSync Exercise 1: Configuring Outlook Web App Exercise 2: Configuring Exchange ActiveSync 6 7 2 4
State/province: BC
11. Click Browse, type CertRequest as the File name, and then click Save. 12. Click Next, click New, and then click Finish.
Task 5: Import and assign the IIS Exchange Service to the New Certificate
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. In the Exchange Management console, click Server Configuration. Click ADatum Mail Certificate, and in the Actions pane, click Complete Pending Request. On the Complete Pending Request page, click Browse. Under Favorites, click Downloads. Click certnew.cer and click Open. Click Complete, and then click Finish. In the Exchange Management console, click Server Configuration. In the results pane, click VAN-EX2. In the bottom pane, click Adatum Mail Certificate. In the Actions pane, click Assign Services to Certificate. On the Select Servers page, verify that VAN-EX2 is listed, and then click Next. On the Select Services page, select the Internet Information Services check box, click Next, click Assign, and then click Finish.
4. 5. 6.
On the E-Mail Accounts page, click Next. On the Auto Account Setup page, click Next. On the Configuring page, click Finish. Note: If Microsoft Office Outlook cannot connect to the server, ensure that all of the Microsoft Exchange Server services on VAN-EX2 that are set to Automatic start are started. Start all services that have not started, and try connecting again.
In the User Name dialog box, click OK. On the Privacy Options page, clear all check boxes, and then click Next. On the Sign up for Microsoft Update page, click I dont want to use Microsoft Update, and then click Finish. In the Microsoft Office Outlook dialog box, click No. In Office Outlook, click Tools, and then click Account Settings. Click MollyDempsey@adatum.com, and then click Change. Verify that the user mailbox is located on VAN-EX2, click Cancel, and then click Close. Close Outlook.
7.
In the Microsoft Exchange Proxy Settings dialog box, complete the following information: Use this URL (https://): mail.adatum.com Connect using SSL only: enable (default) On fast networks, connect using HTTP first, then connect using TCP/IP: enable On slow networks, connect using HTTP first, then connect using TCP/IP: enable (default) Proxy authentication setting: NTLM Authentication (default)
8. 9. 10. 11.
Click OK, and then click OK again to close the Microsoft Exchange dialog box. On the Microsoft Exchange Settings page, click Next. On the Change E-mail Account page, click Finish. On the E-mail Accounts page, click Close, and then click Close again to close the Mail Setup Outlook dialog box.
Lab B: Configuring Client Access Servers for Outlook Web App and Exchange ActiveSync
Exercise 1: Configuring Outlook Web App
Task 1: Configure IIS to use the Internal CA certificate
1. 2. 3. 4. 5. 6. 7. On VAN-EX2, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. Expand VAN-EX2 (ADATUM\Administrator), expand Sites, expand Default Web Site, and then click owa. In the center pane, and under IIS, double-click SSL Settings. Notice that SSL is required by default. Under Sites, click Default Web Site, and in the Actions pane, click Bindings. In the Site Bindings dialog box, click https, and then click Edit. In the SSL Certificate drop-down list, verify that Adatum Mail Certificate is selected Click OK, click Close, and then close the Internet Information Services (IIS) Manager.
Task 3: Configure an Outlook Web App Mailbox Policy for the Branch Managers
1. 2. 3. 4. 5. 6. On VAN-EX2, in Exchange Management Console, expand Organization Configuration, and then click Client Access. In the Actions pane, click New Outlook Web App Mailbox Policy. In the New Outlook Web App Mailbox Policy page, type Branch Managers Policy as the policy name. In the list of features, click Change Password, and then click Disable. Click New, and then click Finish. Right-click Branch Managers Policy, and then click Properties.
On the Public Computer File Access tab, clear all check boxes. On the Private Computer File Access tab, clear all check boxes, and then click OK. Under Recipient Configuration, click Mailbox. Click the Organizational Unit column heading to sort the view by organizational units (OU). Select all the users in the Branch Managers OU, right-click, and then click Properties. On the Mailbox Features tab, click Outlook Web App, and then click Properties. Select the Outlook Web App mailbox policy check box, and then click Browse. Click Branch Managers Policy, and then click OK four times.
On the Name Servers tab, type 10.10.0.10 as the Domain Name System (DNS) server address, and then click OK twice. Close the Settings window.
10. In Windows Mobile 6 Professional, click Start, click Programs, and then click ActiveSync. 11. Read the Microsoft ActiveSync information, and then click the set up your device to sync with it link. 12. On the Enter Email Address page, in the Email address box, type ScottMacDonald@adatum.com, and then click Next. The device will attempt to use Autodiscover to configure the user settings. 13. On the User Information page, type Scott in the User Name field, type Pa$$w0rd in the Password field, and Adatum in the Domain field, and then click Next. 14. On the Edit Server Settings page, in the Server Address field, type VAN-EX2.adatum.com. Clear the This server requires an encrypted (SSL) connection check box. In the ActiveSync message, click OK, and then click Next. 15. In the Choose the data you wish to synchronize box, click Calendar, and then click Settings. 16. In the Synchronize only the past list, click All, and in the upper-right corner, click OK. 17. In the Choose the data you wish to synchronize box, click E-mail, and then click Settings. 18. In the Download the past list, click All, and in the upper-right corner, click OK. 19. Confirm that the Contacts, Calendar, E-mail, and Tasks check boxes are selected, and then click Finish. 20. In the ActiveSync dialog box, click OK. After synchronization is complete, click the X in the upperright corner to close ActiveSync. Close the Programs window. 21. On VAN-CL1, open Internet Explorer, and connect to https://mail.adatum.com/owa. 22. Log on as Adatum\Wei using the password Pa$$w0rd. Click OK. 23. Click New, and then in the To field, type Scott, and then press CTRL+K to resolve the name.
24. In the Subject line, type Test Message from Wei. 25. In the message body, type Testing mobile messaging, and then click Send. 26. On VAN-CL1, in Windows Mobile 6 Professional, wait for a minute and then notice the animated Synchronization arrows indicating that the device is synchronizing automatically, triggered by the arrival of a message in Scotts mailbox. Wait for the Windows Mobile device to complete synchronization. 27. At the bottom of the Today screen, view the notification stating that a new message has arrived. Click View. 28. Open the message. Click Reply at the bottom of the message window. 29. In the message body, type Test Reply, and then click Send. 30. Wait until the device finishes synchronizing, and then, on VAN-EX1, in Outlook Web App, click the Check Messages icon or press F5 to refresh the screen, and then confirm that the message from Scott was received. Close Internet Explorer.
10. Right-click EAS Policy 1, and then click Properties. Notice that the General tab has additional options. 11. Click the Password tab. Notice the additional password-option list that was not available when creating the mobile mailbox policy. 12. On the Sync Settings tab, review the configuration options. 13. On the Device tab, review the configuration options. 14. On the Device Applications tab, review the configuration options. To implement these settings, you must have an Enterprise Client Access License for each mailbox. 15. On the Other tab, review the options for allowing or blocking specific applications, and then click OK. 16. In the console tree, expand Recipient Configuration, and then click Mailbox. 17. In the result pane, right-click Scott MacDonald, and then click Properties. 18. Click the Mailbox Features tab, click Exchange ActiveSync, and then click Properties. 19. In the Exchange ActiveSync Properties dialog box, click Browse. 20. Select EAS Policy 1, and then click OK.
10
10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20.
11
In the action pane, click Manage Mobile Phone. On the Manage Mobile Phone page, click Perform a remote wipe to clear mobile phone data, and then click Clear. 10. In the Microsoft Exchange warning message, click Yes, and then click Finish. 11. In Windows Mobile 6 Professional, and wait for the device to synchronize. You can also force synchronization by opening Exchange ActiveSync, and then clicking Sync. Confirm that the device is wiped. If the device goes blank, it is rebooting after performing the remote wipe. 12. On the Windows Mobile 6.1.4 Professional window, click File, and then click Exit.
8. 9.
Module 5
Lab Answer Key: Managing Message Transport
Contents:
Exercise 1: Configuring Internet Message Transport Exercise 2: Troubleshooting Message Transport Exercise 3: Troubleshooting Internet Message Delivery 2 4 5
Note: These preparation steps move VAN-EX2 to a second site defined in AD DS.
10. In the Fully qualified domain name (FQDN) box, type van-dc1.adatum.com, click OK, and then click Next. 11. On the Configure smart host authentication settings page, click Next. 12. On the Source Server page, ensure that VAN-EX1 is listed, and then click Next. 13. On the New Connector page, click New, and then click Finish.
5. 6. 7. 8. 9.
On the Local Network Settings page, click Next. On the Remote Network Settings page, click the red X to delete the entry, and then click Add. In the Address or address range box, type 10.10.0.10, click OK, and then click Next. On the New Connector page, click New, and then click Finish. In the VAN-EX1 pane, double-click Internet Receive Connector.
10. In the Internet Receive Connector window, on the General tab, in the Protocol logging level list, click Verbose. 11. On the Permission Groups tab, select the Anonymous users check box, and then click OK.
10. At the command prompt, type telnet van-ex1 smtp, and then press ENTER. 11. Type helo, and press ENTER. 12. Type info@internet.com, and press ENTER. Response: 250 2.1.0 Sender OK 13. Type rcpt to:WeiYu@adatum.com, and press ENTER. Response: 250 2.1.5 Recipient OK 14. Type data, and press ENTER. Response: 354 Start mail input; end with <CRLF>.<CRLF> 15. Type Subject: Test from Internet, and press ENTER. 16. Press the PERIOD key, and then press ENTER. 17. Type Quit, and press ENTER. 18. On VAN-EX1, start Internet Explorer, and connect to https://VAN-EX1.adatum.com/OWA. 19. Log on as Adatum\Wei with the password Pa$$w0rd. 20. Verify that the mail with the subject Test from Internet mail has arrived in the Junk E-Mail folder. Close Internet Explorer. Results: After this exercise, you should have configured Internet message transport by configuring Send and Receive connectors, enabling anti-spam functionality, and verifying Internet message delivery.
10. On VAN-EX2, start Internet Explorer, and connect to https://VAN-EX2.adatum.com/OWA. 11. Log on as Adatum\Anna with the password Pa$$w0rd. 12. On the Microsoft Outlook Web App page, click OK. 13. Reply to the mail Test Mail to VAN-EX2 from Wei. 14. Switch back to VAN-EX1, and check the Inbox in Microsoft Outlook Web App to see if the mail has arrived.
10. Click Start, point to All Programs, point to Accessories, and then click Command Prompt. 11. At the command prompt, type telnet van-ex2 smtp, and press ENTER. Verify that you receive a Connect failed error. 12. On VAN-EX2, open the Exchange Management Console. Expand Microsoft Exchange On-Premises, expand Server Configuration, click Hub Transport, and then click VAN-EX2 in the Hub Transport pane. 13. On the Receive Connectors tab, notice that only the Client VAN-EX2 connector exists. This is the reason the server does not accept a port 25 connection. 14. In the Actions pane, click New Receive Connector. 15. In the New Receive Connector window, in the Name box, type Internal VAN-EX2. 16. In the Select the intended use for this Receive connector list, click Internal, and then click Next. 17. On the Remote Network settings page, click Next. 18. On the New Connector page, click New, and then click Finish. 19. Switch to VAN-EX1, and in Exchange Management Console, click Toolbox. 20. In the Toolbox pane, under Mail flow tools, click Queue Viewer. 21. Right-click site2, and then click Retry to force an immediate retry of the message delivery. Verify that the queue now has a message count of 0. 22. Switch to VAN-EX2, and check Annas Inbox in Outlook Web App to see that the message is now delivered. Results: After this exercise, you should have verified routing logs, and used the other troubleshooting tools in Exchange Server to troubleshoot message transport.
21. On the Basic Server Information page, review the information, and then click Next. 22. On the Initial Queue Analysis Results page, click the displayed item, review the information, and then click Next. 23. On the Remote Delivery Queue(s) Initial Analysis Results page, review the information, scroll down, and then click Next.
24. On the DNS Availability Check Results, review the information, and then click Next. 25. On the DNS Record Analysis Results, review the information, and then click Next. 26. On the Remote Delivery Queue(s) DNS Records Analysis Results, notice that the wizard has identified a possible root cause, and then click Next. 27. On the Remote Delivery Queue(s) Connectivity Test Results page, review the information, and then click Next. 28. On the Remote Delivery SMTP Instance Configuration Analysis Results page, click Next. 29. On the Remote SMTP Service Diagnosis Results page, click Next. 30. On the Remote Delivery Queue(s) Message Tracking Log Analysis Results page, click Next. 31. On the Remote Delivery Queue(s) SMTP Commands Analysis Results page, click Next. 32. On the Third-Party Application Analysis Results, click Next. 33. On the View results page, click the Root Causes tab, review the displayed information, and then close the Troubleshooting Assistant. 34. Switch to VAN-DC1, click Start, point to All Programs, point to Accessories, and then click Command Prompt. 35. At the command prompt, type nslookup, and then press ENTER. 36. Type set querytype=MX, and press ENTER. 37. Type internet.com, and press ENTER. The query will timeout, which indicates that the domain name cannot be resolved. This means that the host cannot directly resolve a Domain Name System (DNS) domain and has to use a smart host to send a message to the internet. 38. On VAN-EX1, in Exchange Management Console, expand Organization Configuration, and then click Hub Transport. 39. On the Send Connectors tab, double-click Internet Send Connector. 40. Click the Network tab, select Route mail through the following smart hosts, and then click Add. 41. In the Add smart host dialog box, in the Fully qualified domain name (FQDN) box, type vandc1.adatum.com, click OK, and then click OK again. 42. In Exchange Management Console, click Toolbox. 43. In the Toolbox pane, under Mail flow tools, double-click Queue Viewer. 44. Right-click internet.com, and then click Retry to force message delivery retry. Results: After this exercise, you should have identified and resolved issues in Internet message delivery by using the Exchange Server troubleshooting tools such as Message Tracking and Mail Flow Troubleshooter.
6. 7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.
Module 6
Lab Answer Key: Implementing Messaging Security
Contents:
Lab A: Configuring Edge Transport Servers and Forefront Protection 2010 Exercise 1: Configuring Edge Transport Servers Exercise 2: Configuring Forefront Protection 2010 for Exchange Servers Lab B: Implementing Anti-Spam Solutions Exercise 1: Configuring an Anti-Spam Solution on Edge Transport Servers 6 2 4
3. 4.
5. 6. 7. 8. 9.
10. Beside Subscription file, click Browse. Browse to the C:\ click VAN-SVR1.XML click Open, and then click New. 11. On the Completion page, click Finish.
Task 3: Verify that EdgeSync is working and that Active Directory Lightweight Directory
Services contains data
1. 2. 3. 4. 5. 6. 7. 8. 9. On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click Exchange Management Shell. In Exchange Management Shell, at the command prompt, type Start-EdgeSynchronization, and then press ENTER. At the command prompt, type Test-EdgeSynchronization, and then press ENTER. Ensure that the result displayed includes SyncStatus: Normal, otherwise you need to wait for another minute and run Test-EdgeSynchronization again. At the command prompt, type Get-User -Identity Wei | ft Name, GUID, and then press ENTER. Write down the first eight characters of the globally unique identifier (GUID) in your notes. Switch to VAN-SVR1, click Start, point to All Programs, point to Accessories, and then click Command Prompt. At the command prompt, type LDP, and then press ENTER. In the LDP window, click Connection on the menu bar, and then click Connect.
10. In the Connect window, type VAN-SVR1 in the Server box, type 50389 in the Port box, and then click OK. 11. Click Connection on the menu bar, and then click Bind. 12. In the Bind window, in the Bind type pane, click Bind as currently logged on user, and then click OK. 13. Click View on the menu bar, and then click Tree. 14. In the Tree View dialog box, clear any entry in the BaseDN field, and then click OK. 15. In the LDP window, in the left pane, double-click OU=MSExchangeGateway to expand it. 16. Double-click CN=Recipients,OU=MSExchangeGateway. 17. By using the GUID you entered in previous steps, you can locate the recipient. It starts with CN=<GUID>. After you find it, double-click the recipient GUID, and review the data that is available for this recipient. Close LDP.
11. Create and send a new e-mail to Info@Internet.com with the subject Test Mail to Internet. 12. Verify that you do not get a non-delivery report message. Results: After this exercise, you should have installed an Edge Transport server role, and configured Edge Synchronization between a Hub Transport and an Edge Transport server.
10. On the Antispam Configuration page, click Enable antispam later, and then click Next. 11. On the Microsoft Update page, click I dont want to use Microsoft Update, and then click Next. 12. On the Customer Experience Improvement Program page, click Next. 13. On the Confirm Settings page, click Next. Wait for the installation to finish. It will take about five minutes. 14. On the Installation Results page, click Finish. Close Windows Explorer.
8. 9.
In the Policy Management pane, expand Global Settings, and then click Advanced Options. On the Global Settings - Advanced Options page, in the Threshold Levels pane, increase the value of Maximum nested depth compressed files to 10 and Maximum nested attachments to 50.
10. Under Intelligent Engine Management, select Manual in the Engine management drop-down list. 11. In the Update scheduling table, click Norman Virus Control, and then click Edit Selected Engines button. 12. In the Edit Selected Engine dialog box, in the Update frequency pane, verify that the Check for updates every check box is selected, type 00:30 in the box, and then click Apply and Close. 13. On the Global Settings - Advanced Options page, click Save. Results: After this exercise, you should have installed Forefront Protection 2010 for Exchange and configured it. You also should have tested the antivirus functionality of Forefront Protection 2010 for Exchange.
10. On VAN-EX1, start Internet Explorer, and connect to https://VAN-EX1.adatum.com/OWA. 11. Log on as Adatum\Wei using the password Pa$$w0rd. 12. In the Mail pane, click Inbox. You should see three new messages in the Inbox. If not, wait for another minute until they arrive. 13. In the Inbox pane, double-click the message from Msg10@contoso.com. 14. In the message window, click Message Details on the toolbar. 15. In the Message details window, identify the SCL level of this message by looking for X-MSExchange-Organization-SCL in the Internet Mail Headers box. Then click Close to close Message Details. Close the message window. 16. In the Mail pane, click Junk E-Mail. You should see eight new messages in the Junk E-Mail folder that have been identified as junk mail as their SCL level was more than six. You can verify this by looking at the Message Details of the messages. 17. Delete all messages in the Inbox and Junk E-Mail folders.
8. 9.
10. In the Mail pane, click Inbox. Notice the three new messages in the Inbox. 11. To delete all messages in the Inbox, select them, and then click Delete.
8. 9.
On VAN-EX1, start Internet Explorer, and connect to https://VAN-EX1/OWA. Log on as Adatum\Wei using the password Pa$$w0rd.
10. In the Mail pane, click Inbox. You should see 11 new messages in the Inbox. 11. Double-click one message, and review the Message Detail. The SCL rating should be -1. When the sending SMTP server is added to the IP Allow List, content filtering is not applied to the messages. 12. To delete all messages in the Inbox, select them, and then click Delete.
Module 7
Lab Answer Key: Implementing High Availability
Contents:
Exercise 1: Deploying a DAG Exercise 2: Deploying Highly Available Hub Transport and Client Access Servers Exercise 3: Testing the High Availability Configuration 2 3 3
Results: After this exercise, you should have created a DAG and a mailbox database copy of the Accounting database. The Accounting database copy on VAN-EX2 should remain in a suspended state.
Exercise 2: Deploying Highly Available Hub Transport and Client Access Servers
Task 1: Create and configure a client access array for CASArray.adatum.com
On VAN-EX1, in the Exchange Management Shell, at the PS prompt, type New-ClientAccessArray FQDN casarray.adatum.com Name CASArray.adatum.com Site Default-First-Site-Name, and then press ENTER.
Results: At the end of this exercise, you should have created a client access array and assigned it to the databases.
10. In the Fully qualified domain name (FQDN) box, type van-dc1.adatum.com, and then click OK. 11. On the Network settings page, click Next. 12. On the Configure smart host authenticates settings page, ensure None is selected, and then click Next. 13. On the Source server page, click Add. 14. On the Select Hub Transport or Subscribed Edge Transport Server dialog box, hold the CTRL key, click VAN-EX1 and VAN-EX2, and then click OK. 15. On the Source server page, click Next. 16. Click New to create the connector, and then click Finish to close the wizard.
In the Actions pane, click Connect to Server. On the Connect to Server dialog box, click Browse. On the Select Exchange Server dialog box, click VAN-EX3, click OK, and then click Connect. Click the Queues tab, and then click Create Filter. In the first drop-down menu, select Delivery Type. In the second drop-down menu, select Equals. In the third drop-down menu, select Shadow Redundancy. Click Apply Filter. Examine the shadow-redundancy queue contents. Click on the Messages tab, and then click Create Filter. In the first drop-down menu, select From Address. In the second drop-down menu, select Equals.
16. In the third drop-down menu, type JasonCarlson@adatum.com. 17. Click Apply Filter. 18. Examine the message in the VAN-EX3\Shadow queue.
Task 5: Start SMTP service on VAN-DC1 to allow delivery of the queued message
1. 2. On VAN-DC1, in Server Manager, expand Configuration, and then click on Services. In the Results pane, click Simple Mail Transport Protocol (SMTP), and then in the Actions pane, under Simple Mail Transfer Protocol (SMTP), click More Actions, and then click Start.
Task 6: Verify that the messages were removed from the shadow redundancy queue
1. 2. 3. On VAN-EX2, in the Queue Viewer, verify that you are connected to VAN-EX3. Click the Queues tab, and verify that the Shadow Redundancy filter is still being applied. Examine the contents of the shadow redundancy queue.
Note: You may need to wait a few minutes for the message to be removed from the Shadow redundancy queue.
Task 7: Verify the copy status of the Accounting database, and resume the database
copy
1. 2. 3. On VAN-EX1, in the Exchange Management Console, locate the Console Tree, expand Organization Configuration, and then click Mailbox. In the Results pane, click the Database Management tab, and then click Accounting. In the bottom Work pane, view the Copy Status column for each database copy, click the Accounting entry that has a Suspended copy status, right-click on it, and then choose Properties from the context menu. View the Status, Copy queue length, and Replay queue length on the General tab, and then click on the Status tab. On the Status tab, view the Seeding, Latest available log time, Last inspected log time, Last copied log time, and Last replayed log time properties, and then click OK. Click the Accounting entry that has a Suspended copy status, right-click on it, and then choose Resume Database Copy from the context menu. On the Resume Mailbox Database Copy dialog box, click Yes. Wait until the copy status of the Accounting database copy on VAN-EX2 is Healthy. You may need to refresh the display.
4. 5. 6. 7. 8.
Task 8: Perform a switchover on the Accounting database to make the VAN-EX2 copy
active
1. In the bottom Work pane, view the Copy Status column for each database copy, click the Accounting entry that has a Healthy copy status, right-click on it, and then choose Activate Database Copy from the context menu. In the Activate Database Copy dialog box, verify None is selected, and then click OK.
2.
3.
View the status of the Accounting database in the Results pane. The database copy on VAN-EX1 will change to a Mounted status, and the database copy on VAN-EX2 will have a ServiceDown status. Results: After this exercise, you should have verified that the mailbox databases could fail over and switch between DAG servers, and that Hub Transport shadow redundancy is working properly.
Module 8
Lab Answer Key: Implementing Backup and Recovery
Contents:
Exercise 1: Backing Up Exchange Server 2010 Exercise 2: Restoring Exchange Server Data Exercise 3: Restoring Exchange Servers (optional) 2 3 4
Task 2: Perform a backup of the mailbox database using Windows Server Backup
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Server Manager. In Server Manager, click Features, and then on the Features Summary pane, click Add Features. In the Add Features Wizard, expand Windows Server Backup Features, click Windows Server Backup, and then click Next. On the Confirm Installation Selections page, click Install. When the installation finishes, click Close. Click Start, click All Programs, click Administrative Tools, and then click Windows Server Backup. In Windows Server Backup, on the Actions pane, click Backup Once. In the Backup Once Wizard, on the Backup Options page, select Different options, and then click Next. On the Select Backup Configuration page, select Custom, and then click Next. On the Select Items for Backup page, click Add items, check Local disk (C:) in the Select Items window, and then click OK. On the Select Items for Backup page, click Advanced Settings, click on the VSS Settings tab, select VSS full Backup, click OK, and then click Next. On the Specify Destination Type page, select Remote shared folder, and then click Next. On the Specify Remote Folder page, in the Location field, type \\VAN-DC1\Backup, and then click Next. On the Confirmation page, click Backup. The backup will take approximately 15 to 20 minutes On the Backup Progress page, click Close.
Open Internet Explorer and connect to https://VAN-EX1.adatum.com/owa, and then press ENTER. Log on as Adatum\Parna with a password of Pa$$w0rd. Click Sent Items, and delete all messages in the folder. In the left pane, right-click Deleted Items, and then click Empty Deleted Items. In the Empty Deleted Items box, click Yes. Close Internet Explorer.
Results: After this exercise, you should have created a backup of an Exchange Server database, and deleted messages.
8. 9.
2.
3. 4. 5.
5. 6. 7. 8.
Log on as Adatum\Parna with a password of Pa$$w0rd. Verify that the deleted message is available in the Sent Items folder. Close Internet Explorer. At the Exchange Management Shell prompt, type Remove-Mailboxdatabase -Identity RecoverDB, and then press ENTER. Type Y, and then press ENTER. Results: After this exercise, you should have created a recovery database, and restored a complete mailbox from the recovery database to their original locations.
3. 4. 5. 6. 7. 8.
In Exchange Management Console, expand Microsoft Exchange On-Premises, expand Organization Configuration, and then click Mailbox. In the Mailbox pane, on the Database Management tab, right-click Accounting, and then click Properties. In Accounting Properties, click on the Maintenance tab, click This database can be overwritten by a restore, and then click OK. Repeat steps 4 and 5 for Mailbox Database 1. In the Mailbox pane, on the Database Management tab, right-click Public Folder Database 1, and then click Properties. In Public Folder Database 1 Properties, on the General tab, click This database can be overwritten by a restore, and then click OK.
4. 5.
In the Virtual Machines pane, click 10135A-VAN-DC1, and then in the Actions pane, click Start. To connect to the virtual machine for the next modules lab, click 10135A-VAN-DC1, and then in the Actions pane, click Connect. Important: Start the VAN-DC1 virtual machine first, and ensure that it starts fully before starting the other virtual machines.
6. 7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 9
Lab Answer Key: Configuring Messaging Policy and Compliance
Contents:
Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox Search Exercise 1: Configuring Transport Rules Exercise 2: Configuring Journal Rules and Multi-Mailbox Search Lab B: Configuring Messaging Records Management and Personal Archives Exercise 1: Configuring Messaging Records Management Exercise 2: Configuring Personal Archives 8 11 2 5
Task 1: Create a transport rule that adds a disclaimer to all messages sent to the Internet
On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, click Hub Transport, and then click New Transport Rule. 2. On the Introduction page, in the Name box, type Internet E-Mail Disclaimer, and then click Next. 3. On the Conditions page, in the Step 1: Select condition(s) area, select the sent to users that are inside or outside the organization, or partners check box. 4. In the Step 2: Edit the rule description by clicking an underlined value area, click Inside the organization. 5. In the Select scope dialog box, under Scope, click Outside the organization, and then click OK. 6. On the Conditions page, click Next. 7. On the Actions page, in the Step 1: Select Action(s) area, select append disclaimer text and fallback to Action if unable to apply. 8. In the Step 2: Edit the rule description by clicking an underlined value area, click disclaimer text. 9. In the Specify disclaimer text box, type This e-mail is intended solely for the use of the individual to whom it is addressed., and then click OK. 10. On the Actions page, click Next. 11. On the Exceptions page, click Next, review the rule description, click New, and then click Finish. 1.
Task 2: Configure and enable message classifications for Outlook 2007 clients
1. 2. On VAN-EX1, open the Exchange Management Shell. At the PS prompt, type new-messageclassification -Name CompanyConfidential displaynameCompany Confidential -senderdescription Do not forward to the Internet, and then press ENTER. At the PS prompt, type cd c:\Program Files\Microsoft\Exchange Server \v14\scripts, and then press ENTER. At the PS prompt, type .\Export-OutlookClassification.ps1 > c:\classifications.xml, and then press ENTER.
3. 4.
5. 6. 7. 8. 9.
On VAN-CL1, click Start, type \\van-ex1\c$, and then press ENTER. Copy the \\VAN-EX1\c$\classifications.xml file to the C: drive. Provide the administrator credentials to complete the copy. Click Start, type \\van-ex1\d$\Labfiles, and then press ENTER. Double-click EnableClassification.reg. Click Yes, and then click OK. Close Windows Explorer.
Task 3: Create a transport rule that blocks all messages with a Company Confidential
classification from being sent to the Internet
On VAN-EX1, in the Exchange Management Console, in the Actions pane, click New Transport Rule. On the Introduction page, in the Name box, type Company Confidential Rule, and then click Next. On the Conditions page, in the Step 1: Select condition(s) area, select the marked with classification check box. 4. In the Step 2: Edit the rule description by clicking an underlined value area, click classification. 5. In the Select message classification dialog box, click Company Confidential, and then click OK. 6. On the Conditions page, click Next. 7. On the Actions page, in the Step 1: Select Action(s) area, select the send rejection message to sender with enhanced status code check box. 8. In the Step 2: Edit the rule description by clicking an underlined value area, click rejection message. 9. In the Specify rejection message dialog box, type Company confidential e-mails cannot be sent to the Internet, and then click OK. 10. Click enhanced status code, type 5.7.1, and then click OK. 11. On the Actions page, click Next. 12. On the Exceptions page, click Next, review the rule description, click New, and then click Finish. 1. 2. 3.
Task 5: Configure a transport rule that applies the Do Not Forward AD RMS template to
all messages with the words confidential or private in the subject
1. On VAN-EX1, in the Exchange Management Console, under Organization Configuration, click Hub Transport.
2. 3. 4. 5. 6. 7. 8. 9.
In the Actions pane, click New Transport Rule. On the Introduction page, in the Name field, type Confidential E-Mail Rule. Verify that Enable Rule is selected, and then click Next. On the Conditions page, under Step 1, select the when the Subject field contains specific words check box. Under Step 2, click the specific words link. In the Specify words dialog box, type Confidential, click Add, type Private, click Add, and then click OK. Click Next. On the Actions page, under Step 1, select rights protect message with RMS template.
10. Under Step 2, click the RMS Template link. 11. In the Select RMS template dialog box, click Do not Forward, and then click OK. 12. Click Next twice, click New, and then click Finish.
15. In Outlook, verify that Luca received the message with the subject Private. If prompted for credentials, enter Luca as the user name and Pa$$w0rd as the password. Verify that the message has the Do Not Forward template applied. Verify that the Forward option is not available on the message. Results: After this exercise, you should have configured a transport rule that ensures that all messages sent to users on the Internet includes a disclaimer of which the legal department approves. Additionally, you should have configured a transport rule that ensures that messages with a Company Confidential classification are not sent to the Internet, and you should have configured a transport rule that applies the Do Not Forward AD RMS template to all messages with the words confidential or private in the subject. Lastly, you should have configured a moderated group using the All Company distribution group.
Click Next. On the Mailbox Settings page, type ExecutivesJournal as the Alias. Select the Specify the mailbox database rather than using a database automatically accepted check box, click Browse, click Mailbox Database 1, click OK, and then click Next. 9. On the Archive Settings page, click Next. 10. On the New Mailbox page, click New, and then click Finish.
Task 2: Create a journal rule that saves a copy of all messages sent to and from
Executives department members
1. 2. 3. 4. 5. 6. 7. 8. In the Exchange Management Console, in the Organization Configuration work area, click Hub Transport. In the Actions pane, click New Journal Rule to start the New Journal Rule Wizard. On the New Journal Rule page, in the Rule name box, type Executives Department Message Journaling. Beside Send Journal reports to e-mail address, click Browse, click Executives Journal Mailbox, and then click OK. Under Scope, ensure Global all messages is selected. Select the Journal messages for recipient check box, and then click Browse. In the Select Recipient dialog box, click Executives, and then click OK. On the New Journal Rule page, click New, and then click Finish.
Click Next. On the Mailbox Settings page, type MailboxAuditor as the Alias. Select the Specify the mailbox database rather than using a database automatically accepted check box, click Browse, click Mailbox Database 1, click OK, and then click Next. On the Archive Settings page, click Next. On the New Mailbox page, click New, and then click Finish. In the recipient list, click Executives Journal Mailbox, and then click Manage Full Access Permission. On the Manage Full Access Permission page, click Add, click Mailbox Auditor, and then click OK. Click Manage, and then click Finish. On VAN-DC1, open Active Directory Users and Computers, and then in the Microsoft Exchange Security Groups OU, double-click the Discovery Management group. In the Discovery Management Properties dialog box, on the Members tab, click Add. Type Mailbox Auditor, and then click OK twice.
4. 5. 6. 7.
In the Microsoft Outlook Web App session where you are logged on as MailboxAuditor, click Options. 9. In the Select what to manage drop-down list, ensure that My Organization is listed. 10. In the left pane, click Reporting, and then under Multi-Mailbox Search, click New.
11. In the Keywords box, type Customer Number. 12. Expand Mailboxes to Search. 13. Under Select the mailboxes to search, click Add. In the Select Mailbox window, click Luca Dellamore and click Add. Click George Schaller, click Add, and then click OK. 14. Expand Search Name and Storage Location. 15. In the Search name field, type Customer Number Discovery. 16. Next to Select a mailbox in which to store the search results, click Browse. 17. In the Select Mailbox window, click Discovery Search Mailbox, and then click OK. 18. Select the Send me an e-mail when the search is done check box, and then click Save. 19. Wait until the search finishes, and then in the bottom right pane, click the Open link. 20. In the Outlook Web App window, click OK. 21. In the Navigation pane, notice the new discovery folder named Customer Number Discovery. Expand the folder. 22. Note the two folders created that correspond to the mailboxes added to the search criteria. 23. Expand Luca Dellamore, expand Primary Mailbox, expand Sent Items, and then verify that the email was discovered using the search criteria. 24. Expand George Schaller, expand Primary Mailbox, expand Inbox, and then verify that the e-mail was discovered using the search criteria. 25. Close Internet Explorer. Results: After this exercise, you should have created a mailbox for the Executives department journaling messages, and then created a journal rule that saves a copy of all messages sent to and from Executives department members. You also should have created and configured the MailboxAuditor account.
5. 6.
Task 4: Configure a managed folder mailbox policy that applies to all users
1. 2. 3. 4. 5. 6. 7. 8. In the Actions pane, click New Managed Folder Mailbox Policy to start the New Managed Folder Mailbox Policy Wizard. On the New Mailbox Policy page, in the Managed Folder mailbox policy name box, type Default Policy All Users. In the Specify the managed folders that you want to link to this policy section, click Add. In the Select Managed Folder dialog box, click Entire Mailbox, and then click OK. On the New Mailbox Policy page, click New, and then click Finish. Open the Exchange Management Shell. At the prompt, type Get-Mailbox | Set-Mailbox ManagedFolderMailboxPolicy Default Policy All Users, and then press ENTER. As the confirmation, type A, and then press ENTER. This command links the policy to all users in the organization.
Task 5: Configure a managed folder mailbox policy that applies to the Executives
department
1. 2. 3. 4. 5. 6. 7. 8. 9. In the Exchange Management Console, in the Organization Configuration work area, click Mailbox. In the Actions pane, click New Managed Folder Mailbox Policy to start the New Managed Folder Mailbox Policy Wizard. On the New Mailbox Policy page, in the Managed folder mailbox policy name box, type Executives Department Policy. In the Specify the managed folders that you want to link to this policy section, click Add. In the Select Managed Folder dialog box, click Executives Confidential, and then click OK. In the Specify the managed folders that you want to link to this policy section, click Add. In the Select Managed Folder dialog box, click Entire Mailbox, and then click OK. On the New Managed Folder Mailbox Policy page, click New, and then click Finish. In the Exchange Management Shell, type Get-Mailbox | where-object {$_.distinguishedname ilike *ou=Executives,dc=adatum,dc=com} | Set-Mailbox ManagedFolderMailboxPolicy Executives Department Policy, and then press ENTER. This command links the policy to all users in the Executives organizational unit (OU).
Task 7: Confirm that the managed custom folder is created for the Executives
department users
1. 2. In the Exchange Management Console, click the Recipient Configuration node. In the Results pane, right-click Marcel Truempy, and then click Properties.
10
3.
4. 5.
On the Mailbox Settings tab, click Messaging Records Management, and then click Properties. Confirm that the Managed folder mailbox policy check box is selected, and that the Executives Department Policy is assigned to the mailbox. Click OK twice. On VAN-EX1, open Internet Explorer and connect to https://VAN-EX1.adatum.com/owa. Log on as Adatum\Marcel with a password of Pa$$w0rd. Click OK. Confirm that the Executives Confidential folder was created in Marcels mailbox under the Managed Folders node. Close Internet Explorer.
3.
4.
5.
2. 3.
Read the confirmation statement, type A, and then press ENTER. At the PS prompt, type the following, and then press ENTER: Start-ManagedFolderAssistant
4. 5. 6. 7.
Open Internet Explorer, and connect to https://van-ex1.adatum.com/owa. Log on as Adatum\Manoj using a password of Pa$$w0rd. Click a message in the Inbox, and then in the reading pane, point out the expiration time for the message. Right-click the message, and review the options under the Retention Policy and Archive Policy menu items. Close Internet Explorer.
Results: After this exercise, you should have configured a managed folder policy that ensures that all messages in the default mailbox folders are deleted after 90 days. You also will have configured a custom managed folder to ensure that all members of the Executives department have a custom folder
11
in their mailbox that will contain confidential messages. You also should have configured Retention Tags and retention policies for the Marketing group.
Task 2: Verify that the archive mailbox was created for members of the Marketing group
Open Internet Explorer, and then connect to https://VAN-EX1.adatu.com/owa. Log on as Adatum\Manoj with a password of Pa$$w0rd. Click OK. Verify that the archive mailbox is visible through Outlook Web App. Results: After this exercise, you should have configured archive mailboxes for all members of the Marketing group.
Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before starting the other virtual machines. 6. 7. Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
Module 10
Lab Answer Key: Securing Microsoft Exchange Server 2010
Contents:
Exercise 1: Configuring Exchange Server Permissions Exercise 2: Configuring a Reverse Proxy for Exchange Server Access 2 3
12. Click Public Groups. Click Accounting, and then click Details. Verify that you can modify the group properties by typing a group description, and then clicking Save. Close Internet Explorer. Note: You cannot create or delete user accounts and mailboxes in Exchange Control Panel. If you want to test whether Anna can create user accounts and mailboxes, add Anna to the local Administrators account on VAN-EX2, and log on to VAN-EX2 as Anna. Then open Exchange Management Console and verify that you can create a mailbox. In a production environment, you could install the Exchange Management tools on a Windows 7 client computer. 13. 14. 15. 16. 17. On VAN-EX1, open Internet Explorer, and connect to https://van-ex1.adatum.com/ecp. Log on as Adatum\Paul using a password of Pa$$w0rd, and then click OK. On the Mailboxes tab, click Franz Kohl, and then click Details. Click Organization, in the Department field, type Customer Service, and then click Save. Verify that the Groups tab is not visible. Close Internet Explorer.
Results: After this exercise, you should have configured and verified permissions in the Exchange Server deployment.
Task 2: Request a server certificate with multiple SANs on the Client Access server
1. 2. 3. 4. 5. On VAN-EX1, in the Exchange Management Console, click Server Configuration. In the Actions pane, click New Exchange Certificate to open the New Exchange Certificate Wizard. On the Introduction page, type Adatum Mail Certificate as the friendly name for the certificate, and then click Next. On the Domain Scope page, click Next. On the Exchange Configuration page, expand Client Access server (Outlook Web App), select the Outlook Web App is on the Intranet check box, and then type VAN-EX1.adatum.com in the domain name box. Select the Outlook Web App is on the Internet check box, and then type Mail.adatum.com in the second text box. Expand Client Access server (Exchange ActiveSync), and then verify that the Exchange Active Sync is enabled check box is selected. Type mail.adatum.com as the domain name.
6. 7.
Expand Client Access server, (Web Services, Outlook Anywhere, and Autodiscover), and then enter mail.adatum.com as the external host name. 9. Ensure that both the Autodiscover used on the Internet check box and the Long URL option are selected. In the Autodiscover URL to use field, delete all entries except for autodiscover.adatum.com, and then click Next. 10. On the Certificate Domains page, click Next. 11. On the Organization and Location page, enter the following information: 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. Organization: A Datum Organizational Unit: Messaging Country/region: Canada City/locality: Vancouver State/province: BC
8.
Click Browse, type CertRequest as the File name, and then click Save. Click Next, click New, and then click Finish. Click the Folder icon in the task bar, and then click Documents. Right-click CertRequest.req, and then click Open. In the Windows dialog box, click Select a program from a list of installed programs, and then click OK. In the Open with dialog box, click Notepad, and then click OK. In the CertRequest.req Notepad window, select CTRL+A to select all of the text, select CTRL+C to save the text to the clipboard, and then close Notepad. Click Start, click All Programs, and then click Internet Explorer. Connect to https://van-dc1.adatum.com/certsrv. Log on as Adatum\administrator using a password of Pa$$word. On the Welcome page, click Request a certificate. On the Request a Certificate page, click advanced certificate request. On the Advanced Certificate Request page, click Submit a certificate request by using a base64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded CMC or PKCS#7 file. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request field, and then press CTRL+V to paste the certificate request information into the field. In the Certificate Template drop-down list, click Web Server, and then click Submit. In the Web Access Confirmation dialog box, click Yes. On the Certificate Issued page, click Download certificate. In the File Download dialog box, click Save. In the Save As dialog box, browse to the C: drive, and then click Save. In the Download complete dialog box, click Close. Pending Request.
32. In the Exchange Management Console, click Adatum Mail Certificate, and then click Complete 33. On the Complete Pending Request page, click Browse. 34. Browse to the C: drive, click certnew.cer, click Open, click Complete, and then click Finish. 35. On the Exchange Certificates tab, click Adatum Mail Certificate, and then click Assign Services to Certificate. 36. On the Select Servers page, click Next. 37. On the Select Services page, select the Internet Information Services check box, click Next, click Assign, and then click Finish.
19. On the Authentication Delegation page, accept the default of Basic authentication, and then click Next. 20. On the User Sets page, accept the default, and then click Next. 21. On the Completing the New Exchange Publishing Rule Wizard page, click Finish. 22. Click Apply twice to apply the changes, and then click OK when the changes have been applied.
Results: After this exercise, you should have configured a Forefront Threat Management Gateway server to enable access to Outlook Web App on the Client Access server. You also will have verified that the access is configured correctly.
Module 11
Lab Answer Key: Maintaining Microsoft Exchange Server 2010
Contents:
Exercise 1: Monitoring Exchange Server 2010 Exercise 2: Troubleshooting Database Availability Exercise 3: Troubleshooting Client Access Servers 2 3 5
Task 2: Create a new performance counter data collector set for monitoring basic
Exchange Server performance
1. In the Performance Monitor, in the Navigation pane, expand Data Collector Sets, expand User Defined, click Exchange Monitoring, click the Action menu, click New, and then click Data Collector. In the Create New Data Collector Wizard, in the Name box, type Base Exchange Monitoring, select Performance counter data collector, and then click Next. Click Add. In the Available counters object list, expand Processor, and then click % Processor Time. Press and hold the CTRL key, click % User Time, click % Privileged Time, and then click Add. In the Available counters object list, expand Memory, and then click Available Mbytes. Press and hold the CTRL key, click Page Reads/sec, click Pages Input/sec, click Pages/sec, click Pages Output/sec, click Pool Paged Bytes, click Transition Pages Repurposed/sec, and then click Add. In the Available counters object list, expand MSExchange ADAccess Domain Controllers, and then click LDAP Read Time. Press and hold the CTRL key, and click LDAP Search Time, click LDAP Searches timed out per minute, click Long running LDAP operations/Min, and then click Add. In the Available counters object list, expand System, click Processor Queue Length, and then click Add. Click OK. In the Create New Data Collector Wizard, in the Sample interval box, type 1, and then in the Units dropdown menu, select Minutes and click Finish to create the data collector set.
2. 3. 4. 5.
6.
7. 8. 9.
Task 3: Create a new performance counter data collector set for monitoring Mailbox
server role performance
1. 2. 3. 4. In the Reliability and Performance Monitor, in the Navigation pane, click Exchange Monitoring, click the Action menu, click New, and then click Data Collector. In the Create New Data Collector Wizard, in the Name box, type Mailbox Role Monitoring, select Performance counter data collector, and then click Next. Click Add. In the Available counters object list, expand LogicalDisk, and then click Avg.Disk sec/Read. Press and hold the CTRL key, and click Avg.Disk sec/Transfer, click Avg.Disk sec/Write, and then click Add. In the Available counters object list, expand MSExchangeIS, and then click RPC Averaged Latency. Press and hold the CTRL key, and click RPC Num Slow Packets, click RPC Operations/sec, click RPC Requests, and then click Add.
5.
6. 7. 8. 9.
In the Available counters object list, expand MSExchangeIS Mailbox, click Messages Queued for Submission, and then click Add. In the Available counters object list, expand MSExchangeIS Public, click Messages Queued for Submission, and then click Add. Click OK. In the Create New Data Collector Wizard, in the Sample interval box, type 1, and in the Units dropdown menu, select Minutes, and then click Finish to create the data collector set.
4. 5.
5. 6. 7. 8. 9.
Task 4: List the probable causes of the problem, and rank the possible solutions, if
multiple options exist
List the problems and possible solutions: Problem Disk errors are preventing access to the database. Database path is incorrect because of storage changes. Possible solution Replace disks and restore from backup. Change storage or database configuration.
6. 7.
Move-DatabasePath MailboxDB100 LogFolderPath C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\MailboxDB100 EdbFilePath C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\MailboxDB100\MailboxDB100.edb ConfigurationOnly force 3. 4. 5. Type Y, and then press ENTER. In the Exchange Management Shell, type Mount-Database MailboxDB100, and then press ENTER. Close Exchange Management Shell. Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Mailbox server problem.
Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
List the problems and possible solutions:
Microsoft Outlook Web App authentication Modify Outlook Web App is not configured correctly. authentication configuration.
4. 5. 6. 7.
5.
To connect to the virtual machine for the next modules lab, click 10135A-VAN-DC1, and then in the Actions pane, click Connect. Important: Start the VAN-DC1 virtual machine first, and ensure that it starts fully before starting the other virtual machines.
6. 7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine. Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.