All posts by sheldon

Add an Exchange 2010 Receive Connector to Use a Smart Host

Having your email collected using a perimeter server and forwarded to your local network exchange server?

Did you get this error yet when sending to your exchange domain?

Reason: Remote SMTP Server Returned: 550 5.7.1 Unable to relay

Then, try adding a Receive Connector like this.

To permit a non-Exchange server to relay mail to your internal exchange server, create a new Receive Connector on the Hub Transport server.

  • Launch the Exchange Management Console, expand +”Server Configuration” and select “Hub Transport.”  Click Add new receive connector.
  • in the wizard dialog, under “Name:” enter the a descriptive name, like RelayFromPerimMail, and for Intended use, select “Custom” and click Next.
  • Enter the FQDN response from the exchange server to any ELLO or EHLO from the perimeter relay server: such as ExchMail.YourDomain.com (rather than .lan or .local). Next.
  • Delete the 0.0.0.0-255.255.225.0 network setting offered.
  • Click +Add, select IP Address. Enter the IP address of the perimeter server that is relaying mail to this exchange server.  Click OK, click Next, click New, and click Finish.
  • Your Receive Connector is created but it is not ready to allow the perimeter server to relay incoming mail to the exchange server.  You must finish configuration as follows:
  • Return to the Exchange Management Console and right click this new Receive Connector and select Properties.  Select the “Permission Groups” tab and check the box next to “Exchange servers.” Then, select the “Authentication” tab, leave the check in the checkbox next to Transport Layer Security (TLS) and also check the checkbox next to “Externally Secured” and apply these changes.
  • Now, test everything by sending a test email from gmail, yahoo or hotmail, to your local email address on the exchange server.  See if it arrives using your OWA interface.

Note:  Since the remote IP address (or range) has been restricted to the single IP address of the perimeter server, then any other servers trying to connect from a different IP addresses still will NOT be able to relay through the Exchange Server (which is as it is intended).  In other words, relay will be denied from any other IP address not included in the remote IP address/range on the Receive Connector.  If necessary, you can later try to add more IP addresses, IP ranges, or subnets to this receive connector, or possibly even add multiple IP addresses, but you may need to script this latter action.

Add an Exchange 2010 Send Connector to use a Smart Host

If you have installed Exchange Server 2010 and want to send outgoing mail through your smart host or non-exchange perimeter server which already has MX records in DNS associated with the smart host, then add a Send Connector to Exchange as follows:

  • Open your Exchange Management Console.
  • Expand +”Organization Configuration” and select the sub-item named “Hub Transport.”  Select the tab entitled “Send Connectors.”
  • From the menu on the right side, select the link for “New Send Connector” and the New Send Connector wizard dialog will appear.
  • Enter a “Name:” such as “OutgoingHost” and under “Intended Use for this send connector” select “custom” from the list box and click Next.
  • Click Add the type “SMTP” and the “SMTP Address Space” will appear.  Under “Address:” insert an * (asterisk), check the box next to “Include all sub-domains” and leave the Cost: as 1.  Click the OK button to close the Address space, and then Click the NEXT button.
  •  Network Settings appears.  Click the radio button next to “Route mail through the following smart hosts”
  • Click +Add and either enter the IP address of the smart host server, or select the radio button next to Fully qualified domain Name (FQDN), and enter the hostname.domainname.com of your smart host in the input text box, such as Mail1.MySmartHostnet.  Click OK to close this dialog, and Click NEXT.
  • Configure smart host authentication settings will appear.  For many servers that won’t require exchange authentications, you can select “Basic Authentication” and input the username and password of the smart host’s postmaster or other account that has access to the postmaster outgoing smtp transport.  Click Next, Next, New and Finish buttons.
  • Tidy up by right clicking this new “OutgoingHost” Send Connector, and left click on properties.  Under the “General” tab, insert the fully qualified “internet” hostName.domain name.com that your server will echo in response to HELO or EHLO when connecting to the smart host, for example: Exchg1.MyInternetDomainName.com (not your .lan or .local FQDN).  Change the maximum message size if you like.  Click Apply, and click OK.
  • Test it by logging into you administrator account using OWA interface and send a test message to yourself at hotmail or gmail or yahoo.

Installing and Configuring Exchange Server 2010

1. Choose Computer Name, like MAIL1. If the domain controller has already been established, then the name will already be something like MAIL1.yourdomain.lan. [NOTE: To establish and configure a domain controller on Server 2008 (64-bit) upon which Exchange 2010 can be installed (like a “One Box” setup), see this article at: http://www.sheldonsblog.com/index.php/configure-windows-server-2008-r2-sp1-for-exchange-server-2010/ ]
2. Make sure Administrative user is member of: Enterprise Admins and Schema Admins. Open Active Directory Users and Computers, under the windows domain, click Users folder, double click Administrator (or other logged in user account) and click properties, then click the tab Member Of, and make sure the user is a member of Enterprise Admins and Schema Admins..
3. Setting up Pre-requisite Roles. Open server management console, right click features and click add features, ADD FEATURES WIZARD opens, Select Features: add .NET Framework 3.5.1 (but this was already added when installing Active Directory services on server 2008 to convert to a domain controller), add RPC over HTTP Proxy and also click button to Add Required Role Services including Web Server (IIS) and Management Tools, Remote Server Admin Tools with Role Admin Tools; for Internet Framework expand the +WCF Activation and check HTTP Activation and Add Required Role Services (Web Server and Windows Process Activation Model), expand +Remote Server Administration Tools, expand Role Administration Tools (installed), make sure Web Server (IIS) Tools in checked, and Check AD LDS Snap-Ins And Command line tools. Next
4. Select Role Services link on Wizard left menu: Add ASP .NET +Add Required Role services, In security, make sure Basic Authentication checked, Make sure Windows Authentication checked, and check Digest Authentication, ALL IIS 6 Management Compatibility, including check IIS 6 Metabase compatibility, IIS 6 WMI Compatibility, IIS 6 Scripting Tools, and IIS 6 Management Console. Click NEXT (leads to confirmation), Click INSTALL button. When done installing, click Close button.
5. Set Net.tcp Port Sharing Service Startup Type to Automatic (with Delayed Start). Go to Start, Administrative Tools, Select Services, Select Net.tcp Port Sharing Service, Properties, It is set to Disabled by default. Change Startup type to “Automatic (Delayed Start)” and click Apply and click OK. Close Services
6. Install Microsoft Office 2010 Filter Pack (index content of attachments, docx, xlsx). Note Adobe has its own filter pack for exchange. Office Filter Pack download 64-bit version: http://www.microsoft.com/download/en/details.aspx?id=17062
Microsoft filter pack 2.0 has completed successfully.
7. Install Exchange 2010
1. Insert Exchange 2010 DVD Install Disk in DVD drive. Run Setup.EXE
2. Step 3, Choose Exchange language option – Select install only languages from the DVD
3. Step 4, Click Install Microsoft Exchange, [echo: Microsoft Exchange Server 2010 Setup Initializing]
4. Exchange Server 2010 Setup screen, click Next.
5. Accept License Agreement (radio button), click Next.
6. Enable Error Reporting (this automatically sends error reports to Microsoft). It’s up to you to select Yes or No.
7. Installation Type: Select “Typical Exchange Server Installation” click Next (rather than custom which includes 2 extra items called Unified Messaging, and Edge Transport), and with Typical Installation these items are setup (along with path to Exchange Program Files):
1. Hub Transport
2. Client Access
3. Mailbox
4. Exchange Management Tools
8. Specify Name for Exchange Organization. Default is First Organization. Organization Name: Stored in Mail Database. First Organization – Use the name of your company.
9. Client Setting Do you have any client computers running Outlook 2003 or Entourage in your organization? Yes or No. Next. (Outlook 2003 clients will require setup of public folder database) Recommended: Select Yes. (Just in case), Click Next
10. Configure Client Access server external domain. For internet facing services, for example Exchange ActiveSync, Outlook Web App, Outlook Anywhere. This will allow clients to connect to your exchange deployment outside of your (internal windows) domain.
1. Check the box for The Client Access server role will be internet facing.
2. Enter the domain name you will use with your external Client Access Servers (for example, mail1.yourdomain.com. Click Next button.
11. Customer Experience Improvement Program –
1. The industry that best represents you organization. (Select drop down or not specified)
2. Join the Exchange Customer Experience Improvement Program (CEIP)
3. I don’t wish to join the program at this time.
4. Next button
12. Readiness Checks. Warnings.
1. Warning such as “Setup is going to prepare the organization for Exchange Server 2010 by using ‘Setup /PrepareAD’ and no Exchange Server 2007 roles have been detected in this topology. After this operation, it will be impossible to install any Exchange Server 2007 roles.” If you decide that you need to deploy an Exchange 2007 server prior to deploying Exchange 2010, the deployment of a single Exchange 2007 with all server roles is sufficient to enable the deployment of future Exchange 2007 servers in the organization. I doubt this warning is fatal. It applies mostly to 3rd party or custom apps built on Exchange 2007.
2. Setup cannot verify that the ‘Host’ (A) record for this computer exists within the DNS database on server 127.0.0.1. Check your internet connection. Also, verify on IP v4 connection the following DNS entries dns1 = 127.0.0.1 and dns 192.168.x.x of this servers NIC. Don’t use forwarders in DNS. Just show bind to all IP addresses of server.
13. Install. Click Install. Go find something to drink. It will take quite a while. 00:33:47
8. Finalize this Installation using the Exchange Management Console. (Configure Exchange.) Leave Checkbox Checked (to Finalize). And Click Finish Button which will close Exchange Server 2010 Setup, and will ADD Snap-in to Console.
1. Finalize Deployment Tasks (Checklist)
2. Enter Product Key. Exchange Management Console. Expand +Microsoft exchange On Premises; Click Organization Configuration, Exchange unlicensed, has 119 days remaining. Click Server configuration, and under the Exchange server node name on the right side menu, Click Enter Product Key, and enter it. The product key has been validated and the product ID has been successfully created. This change won’t take effect until the Information Store service has been restarted. Click Finish button, then go to Administrative Tools, Services, and restart the “Microsoft Exchange Information Store” service. Right click the name of the service and left click “Restart.”

THE REMAINDER OF THIS ARTICLE STILL WORK IN PROCESS:
3. Install Forefront Protection 2010 for Exchange Server. (Optional.  MS download. Look into it.)
4. Another author reports that you may need to enable Exchange Search to index Microsoft Office 2007 file formats by registering the installed iFilters for Exchange 2010 by modifying the registry. It is suggested to perform this step after installing Exchange 2010. Ask yourself, did I not already install the 2010 filter pack? Note, the other author offered some script to save to file and run. Look into this.
5. Organization configuration, Mailbox. Client Access, Hub Transport most important to configure.
6. Send Connector, New Send Connector, name = internet, add type smtp, *, dns mx record. Next pick a server, this one. New, finish.
7. Server config, client access, owa, enable Outlook Anywhere.  External hostname, same as previously named.
8. Exchange active sync.
9. Imap and pop3, enable. But still need to enable the services under admin tools, services. Change from manual to automatic, delayed start.
10. Allow Anonymous Access on the Server’s Default Receive Connector. Exchange Management Console, expand Server Configuration. Select “Hub Transport” Under “Receive Connectors” right click the “Default” Receive Connector, select Properties, select Permission Groups tab, to configure receiving on TCP Port 25 by enabling anonymous users (Specify who is allowed to connect to this Receive connector). Check the Anonymous Users checkbox, and click Apply button and click OK. DONE. Caution: My first guess is that this anonymous connectivity may create an open relay, unless mail can only be delivered to local exchange mailboxes from this Receive connector. Note: Port 587 will have no anonymous access on the other Receive connector here.
11. Recipient configuration. Mailbox. Where you configure all email accounts.
1. New mailbox, next, existing users, add, select the usernames to create mailboxes.
9. Configure Port forwarding on router, for ports 25, 80, 443.
10. Configure some things in IIS.
1. Certificates. Exchange creates default certificates for itself.
2. Default website.  http redirect: ./owa checkbox only redirect requests to content in this directory (not subdirectory). This redirect works only with https not http, unless you put full url redirect in like this: https://etc/owa.

Configure Windows Server 2008 R2 SP1 for Exchange Server 2010

  1. Install Windows Server 2008 R2 64 bit version

    1. Exchange Server 2010 is a 64 bit application and requires a 64 bit Server Operating System

    2. After Server 2008 installation, then set the clock and set the name of the Server

    3. The server is presently configured as standalone with default settings

  2. Configure a static IP address because the server will be configured as a domain controller

    1. Go to the server manager screen and click View Network Connections

    2. Double click the icon for the active network adapter (local area connection) to display the adapter status

    3. In the Status screen, click the Properties button

    4. Click to highlight the Internet Protocol Version 4 (TCP/Ipv4) and Click the Properties button

    5. Click the radio button next to “Use the following IP address:” and then enter the IP address that you want to use for this server, for example, 192.168.1.2

    6. After entering the IP address, click the “tab” key and the subnet mask 255.255.255.0 should appear in the entry boxes of the next line (which is fine)

    7. Click the “tab” key and enter the default gateway IP address (which is the gateway address on the local network “LAN” side of you router which provides the network address translation “NAT” over to the public IP side “WAN side” of the router). This number is usually something like 192.168.1.1

    8. Click the radio button next to “Use the following DNS server addresses:” and, under preferred DNS server, enter the same server IP address (that you chose) for the IP address of the server. It is important to include this server’s IP in the DNS server list as the first entry in the list of DNS servers. You can add other alternated DNS servers that you maintain or as provided by your ISP. Note that later when installing Exchange Server, it may be necessary to correct the first DNS to 127.0.0.1 (your server’s localhost) and secondary DNS to the local IP assigned to the network interface of the server, such as 192.168.1.2.  Otherwise, Exchange installation wizard will give you a warning that an MX record or an Address (A) record cannot be verified on the IP address 127.0.0.1 (or on 192.168.1.1 as the case may be at the time).

    9. Note: Exchange 2010 requires that you leave IP v6 enabled. So, do NOT disable IP v6 or else the Exchange Hub Transport Service will not start when exchange is installed.

    10. Close the network connections screen

  3. Install Active Directory. When Active Directory is both installed and configured (a two step process), then Windows Server will be a Domain Controller

    1. Go to “Computer Management” screen and press the “Add Roles” link. Under “Server Roles” it says “Select one or more roles to install on this server.”

    2. Check the box next to “Active Directory Domain Services” at which time the add roles wizard says that “you cannot install Active Directory Services unless the required features are also installed. The “Features:” list will include .NET Framework 3.5.1 Features

    3. Click the Button for “Add Required Features” and acknowledge by clicking “Next”

    4. The installation will scan and inform of any other prerequisites. If there are other prerequisites or errors, please correct these and repeat the add roles installation

    5. When the Setup program says that all prerequisites are met, then click the install button to commence this installation process. The setup program will now install Active Directory on your Server

    6. When the installation is completed, there should be a message indicating that the “Installation Succeeded”

    7. Click “Close” to close the Add roles wizard’s “Installation Results” screen in order to return to the Server Management screen.

  4. Configure Active Directory. You should see that the role of Active Directory Domain Services is installed when you are viewing the Server Manager page. It will show a red “x” to indicate the Active Directory Domain Services have errors, namely, that these Services have not been configured.

    1. Click on the line under Roles that is labeled “Active Directory Domain Services” and the Server Manager will show you a page about the status of the Active Directory Role.

    2. Click on the link that says “Run the Active Directory Services Installation Wizard (dcpromo.exe)” and click “Next” when the Active Directory Domain Services Installation Wizard appears.

    3. The Active Directory Domain Services Installation Wizard will display information about Server 2008 domain controllers having a new more secure default for the security setting named “Allow cryptography algorithms compatible with Windows NT 4.0” (which setting is disabled or not configured by default). It explains that this setting prevents Windows and non-Microsoft SMB clients from using weaker NT 4.0 style cryptography algorithms. As a result, applications that require a security channel serviced by Server 2008 domain controllers might fail, for example, certain NAS devices that do not support stronger cryptography algorithms, and certain operations on clients running versino of Windows earlier than Vista SP1 are also impacted. If this is going to be a problem, see KB Article 942564 http://go.microsoft.com/fwlink/?LinkId=104751 The following hotfix package may be applied to computers that are running Windows XP or Windows Server 2003 to resolve this issue: http://support2.microsoft.com/kb/944043 Description of the Windows Server 2008 read-only domain controller compatibility pack for Windows Server 2003 clients and for Windows XP clients and for pre-sp1 Windows Vista. CLICK NEXT.

    4. Choose a Deployment Configuration. At this point, you can create a domain controller for an existing forest or for a new forest.

      1. If this Exchange Server will be the first Domain Controller, then choose the radio button for “create a new domain in a new forest” and click the Next button.

      2. If there is an existing Domain Controller and you want to continue the same domain name, then you may wish to choose the radio button “Existing Forest” and the sub-radion button for either: “Add a domain controller to an existing domain” or “Create a new domain in an exiting forest” in which case this server will become the first domain controller in the newly created domain.” Click the Next button.

    5. Enter the name of your local Domain, which will be the domain name that Exchange will associate with all of your email. When creating a new domain name in a new forest, this domain name becomes the “Name of the Forest Root Domain” because the first domain in the forest is the forest root domain. It’s name is also the name of the forest. Note: If you are on a local network (LAN) behind a router’s NAT firewall, then you may want to distinguish your local network domain name from your public domain name by using either the suffix “.local” or “.lan” instead of a public network domain suffix like “.com” or “.net.” Once you have decided on the name of your internal domain, this name will be your Active Directory Domain and the domain that is serviced by Exchange.

      1. You will enter this internal domain name in the input box under the heading “FQDN of the forest root domain.” Click the Next button.

    6. Set Forest Functional Level. The Installation Wizard will now ask you about compatibility of domain controller active directory servers at the forest level. If you plan to have domain controllers running various versions of Active Directory, then you will want to chose a function level to include the lowest version of Windows Server that you are using for domain controllers. For example, if you have and plan to keep a Windows 2003 domain controller in service, then select “Windows Server 2003” from the drop down list and click Next.

    7. Set Domain Functional Level. The Installation Wizard will now ask you a similar question about domain controller active directory server compatibility at the domain level. Include the same function level namely the lowest version of Windows you plan to use for domain controllers. For example, if you have and plan to keep a Windows 2003 domain controller in service, then select “Windows Server 2003” from the drop down list and click Next.

    8. Additional Domain Controller Options. The installation wizard recommends to install the DNS Server service on the first domain controller. So, if this is the first domain controller, check the box to add DNS Server service and make this domain controller a DNS server running locally. Note: The first domain controller in a forest must be a global catalog server and cannot be an RODC. The Installation Wizard will also automatically make this computer a global catalog server if a new forest and first domain are being created. Press Next.

    9. Specify Location for Database, Log Files, and SYSVOL. You can specify where you want Active Directory to store its data. If you only have one drive in your Server, then it is recommended to use the prepopulated defaults. If you have multiple drives, you can select which drive to use. Click Next.

    10. Directory Services Restore Mode Administrator Password. The Directory Services Restore Mode Administrator account is different from the domain Administrator account. Assign a password for the Adminstrator account that will be used when this domain controller is started in Directory Services Restore Mode. Write down the password. It is different than the domain Adminstrator password, and will not change when the domain Adminstrator password is changed.

    11. Review Your Selections. The Installation Wizard will summarize the configuration that it is about to create. To start the process of configuring your new Domain Controller, click Next.

      1. The Installation Wizard will show its progress as it configures your Server. This will take a long time. The installation wizard dialog says “The wizard is configuring Active Directory Domain Services. This process can take from a few minutes to several hours, depending on your environmnet and the options that you selected. . . . Installing Group Policy Management Console . . . ” No need to check the box that says Reboot on completion.

      2. When the installation is complete, you will be shown a final screen. Click Finish.

      3. Then, restart your computer. Click “Restart Now” to restart your computer so that the changes made by the Active Directory Domain Services Installation wizard will take effect.

      4. After restarting, Windows should show the Server Manager. The Server Manager screen should show that Active Directory and DNS Server roles are installed. Also the process of installing Active Directory will add the features “Group Policy Management” and “Remote Server Administration Tools.”