On Premises Exchange Integration Windows Server 2012 Essentials
July 11, 2012 65 Comments
Yes, you heard me right. Hopefully by now the news of the end of development, shall we say, of SBS 2011 Standard has settled in, and you are ready for how to tackle the void left in the market. I know many partners and folks are talking about alternatives, Kerio, Hosted Exchange or any number of other solutions, but i wanted to demonstrate how easy it is to setup the OnPrem (OP) integration with an Exchange server, and how it is possible to access both, using 1 single public IP address.
I have no idea how much it would actually cost to do in production though!
So, first of all, this is all based on the beta code recently released, so i do reserve the right to look stupid when they pull the code out due to ‘feedback’.
Second of all, this is based on Windows Server 2012 Essentials, with a second server running Windows 2008 R2 Standard, w/SP1 and Exchange 2010.
What will you need?
- A server running WSE
- A server running Windows 2008 R2 SP1
- Exchange 2010 Media
- SSL Certificate
- Dare i suggest, an Internet Connection?
Modify Group Membership
The very first step is to make our Domain Administrator a member of the Enterprise Admins group.
From the WSE server, go to Start, then Administrative tools.
- Open up Active Directory Users and Computers (ADUC), then under the Users container, find your Domain Administrator account.
- Go to the properties of the account.
- Go to the Member Of tab, and click Add.
- Type in Enterprise Admins, then click OK and close down ADUC.
Install WSE Connector Software
I’ll assume you have installed your 2008R2 server, and it is in a workgroup ready to go.
You may not know, that the WSE Dashboard now supports Servers. That means we can install the connector!
If you’re thinking that means WSE will backup a server, It won’t.
First of all, open up a web browser on your Server2008R2 box, and go to the connect site of the WSE server, this would be http://wseserver/connect
Click on the button to download software, and run when prompted.
Those of you already familiar with SBS Essentials, will have seen this all before.
The connect to server wizard will start, and run through a few steps.
Ordinarily we would enter a standard user account here, but i am using the Domain Admin account.
After a reboot we have to chose whether this computer is for us, or another user, and also to enter a description.
After a short time the wizard should complete, and you will see your server now shows up in the dashboard.
See, i told you it would appear in the dashboard.
Now we need to do some prep in order to get Exchange installed.
First off you will need some Exchange media, i just used the trial download that is available.
I extracted the Exchange media out to a folder called EX in the downloads folder of my profile.
Second you need to install some server roles.
Install Server Roles required for Exchange
We need to install a few server roles in order for Exchange to function. I prefer PowerShell for this because i think its easier. I found a really useful blog post on exactly this topic here.
So, go ahead and open up an Administrative PowerShell window.
Then run the following:
Add-WindowsFeature NET-Framework, RSAT-ADDS, Web-Server, Web-Basic-Auth, Web-Windows-Auth, Web-Metabase, Web-Net-Ext, Web-Lgcy-Mgmt-Console, WAS-Process-Model, RSAT-Web-Server, Web-ISAPI-Ext, Web-Digest-Auth, Web-Dyn-Compression, NET-HTTP-Activation, RPC-Over-HTTP-Proxy –Restart
Your server will install those roles and reboot.
Install Exchange & Configure
Now, for a little customisation of my own. I wrote a script that will use the Exchange command line installation method, and then run through a ‘wizard’ to add the crucial components to make Exchange work as you would expect.
I will make the script available for download soon.
My custom script is called Install.ps1, as you can see below, you have to modify PowerShells Execution Policy to run scripts, which is easily done by typing:
If you are downloading a script from the internet, you will usually need to ‘unblockit’ by right clicking the file, going to properties and clicking Unblock.
Install.ps1 – Running…
I have cropped the above slightly, and not going to explain each step, however the script installs Exchange, installs the Office 2010 Filter pack, then asks the Administrator some basic questions about the environment (coloured sections) and then Sets up Accepted Domains, Email Address Policy, Receive Connectors and Send Connectors. The Send Connector section will support a smart host that requires Authentication as well, and you can also change the SMTP port number, all from this one script.
You can read more about the Script here http://wp.me/p1i7Su-128
Moving on, we can now go ahead and enable the integration.
Install SSL Certificate for Exchange
For Exchange to work correctly over the internet, we will need an SSL certificate.
This needs to be a different SSL certificate (different common name) than the certificate used for RWA on the WSE server.
That suits me because i gave up using Third Party domain names on my SBSE or WSE servers, and now always use the free *.remotewebaccess.com domain provided by Microsoft. It also means i am free to use my existing SBSE SSL for Exchange.
You will need your SSL Certificate in PFX Format (this means it includes the private key)
On your Exchange Server, open up an MMC.
Use the File menu to add snapin, and then add the Certificates Snapin for the Local Computer.
Expand Certificates, Personal, and in the free space, right click, then choose All Tasks, Import.
Complete the wizard to install your PFX file.
You will see your certificate shows up.
Now, we need to load the Exchange Shell.
Enter this command:
You will see several results returned, one of which should easily be identifiable as the certificate we just installed.
Copy the ‘Thumbprint’ of that certificate.
Enable-ExchangeCertificate –Thumbprint XXXXXXXXXXXXX –Services IIS,SMTP
This command will import your certificate onto the Default Website for use with OWA / OA and also enable it for use with SMTP if needed.
If we run the ‘Get’ command again, we can now see the services are enabled for that certificate.
Enable Outlook Anywhere
Now we just need to quickly enable Outlook Anywhere, which we can do easily from the Exchange Management Console (EMC), proof if you needed it i am not 100% committed to PowerShell yet.
Open up the EMC, Expand Server Configuration, then choose Client Access. On the right hand side Choose Enable Outlook Anywhere.
Enter the address you will use to access your server remotely.
Then click Enable.
Install Application Request Routing to WSE
Now we can switch over to the WSE server and install the magic component.
You will likely need to install the Web Platform Installer, which gave me an error about .NET2 (which i ignored and refreshed the page) it then continued as normal. I have screen shots of the process but not the error as i was scratching my head for a moment. You will also most likely need to adjust your security zones and add a site to trusted sites.
Hopefully you can get through that, and get ARR installed.
Another side note as you can see below, it says it failed, and it also says it succeeded. I chose to ignore the failure, and it turned out ok for me.
You will need to copy the PFX file over to your WSE server and have it in a easy to type path.
Just for Phillip Elder, the location of ARRConfig in 2012 R2 is now, %systemroot%\System32\Essentials
Open up c:\program files\windows server\bin in an administrative command prompt.
Enter the following:
ARRConfig Config –Cert <path to cert> –hostnames <common name in SSL>
ARRConfig Config –Cert c:\users\dfunk\desktop\ssl.pfx –hostnames remote.sbsessentials.co.uk
You are then prompted for the password on the certificate and then it should complete for you.
Wait, no, you now have an error.
We need to enable Exchange Integration in the Dashboard (almost forgot)
Enable WSE Exchange Integration
Load up the Dashboard, and follow the prompts under ‘Email’ to enable Integration to your Exchange Server.
The Dashboard will reload, and you should have a nice green tick!
We can go back to our command prompt, run the same command, and this time it completes.
And that’s it!
Finish and Test Connectivity
Assuming you have the correct DNS records in place, ie an MX record and an A record that point to the right public IP address you have now integrated your on premises Exchange Server.
Don’t forget to open port 25 on your router and point to your Exchange servers internal IP.
(Just to show these both go to the same IP)
You can also now go to www.testexchangeconnectivity.com and run a test to make sure everything is ok!
I got a green check, and also a warning about a certificate chain, but i am just focussing on the green check.
I am very interested to hear comments about this integration feature/idea and also any comments on the beta as a whole!
Update 15/08/201 : Microsoft has now made public it’s own steps which are available here.