Microsoft Exchange Server 2003 Install & Configure
This document steps through a Microsoft Exchange server installation. Many steps in the post install of Exchange need to be covered to make sure you have a fully functional Exchange server, so this
document exists to aid as a checklist of things that need to be done to an Exchange server based on a
simple Exchange installation from the original media.
Server Updates
Make sure to have either Windows 2000 or Windows 2003 completely up to date, including daylight
savings time (DST) updates applied. Windows 2000 is currently at service pack 4, found here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1001AAF1-749F-49F4-8010-297BD6CA33A0&displaylang=en
Windows 2003 is currently at service pack 2, found here (32 bit version):
http://www.microsoft.com/downloads/details.aspx?FamilyId=95AC1610-C232-4644-B828-C55EEC605D55&displaylang=en
Also make sure to run Windows updates at http://update.microsoft.com.
Daylight savings time issues are all addressed here for all O/S and applications:
http://support.microsoft.com/gp/DST_topissues
Specifically for Windows 2003, this DST update needs to be applied:
http://www.microsoft.com/downloads/details.aspx?FamilyId=308D599A-164A-40F6-B2A2-5DD5728FE5B4&displaylang=en
Windows 2000 uses the tzedit.exe utility for DST patching, and is referenced under the DST updates
for all O/S and applications above.
Exchange 2003 Installation
If this is the first Exchange installation in your environment, you must run Exchange in Forest Prep
mode. It extends the active directory schema to include Exchange specific classes and attributes. This
procedure is explained here:
http://technet.microsoft.com/en-us/library/bb124110(EXCHG.65).aspx
Domain Prep must also be run if this is the first Exchange server in the organization. It creates the
groups and permissions necessary for Exchange to modify and read user attributes in AD.
http://technet.microsoft.com/en-us/library/aa997526(EXCHG.65).aspx
There are also some useful utilities on the Exchange disc, and a checklist of things you want to verify,
such as verifying domain controllers and roles. See the Exchange Server 2003 CD to run through these
checklists to make sure that AD is correctly configured for your installation. Finally, this guide steps you
though installing Exchange:
http://technet.microsoft.com/en-us/library/bb124186(EXCHG.65).aspx
Exchange 2003 Updates
Service Pack 2
Currently, Exchange 2003 is at service pack 2, which can be obtained here:
http://www.microsoft.com/downloads/details.aspx?familyid=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en
To install it, extract it, and find update.exe. When you run update.exe, it looks a lot like the original CD
installer. Choose to update Exchange.
DST Updates
Beyond service pack 2 for Exchange 2003, you want to make sure that the DST updates are properly
applied, as Exchange uses its own time vs. the system time. Exchange utilizes CDO.dll for all
calendaring. This calendaring seems unified between Outlook Web Access (OWA) and a normal MAPI
client like Outlook, but seems to be separate from the Outlook Mobile Access calendar (OMA). I have
yet to see a fix for OMA. Make sure to run this update first thing!
http://www.microsoft.com/downloads/details.aspx?FamilyId=C16AEA4A-ED33-4CD9-A7C3-8B5DF5471B7A&displaylang=en&displaylang=en
There are also issues where OWA makes you hit the spacebar when tabbing to the body of the
message. This can be fixed here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5BC06E8A-08EB-4976-BC68-A03EBE3A2552&displaylang=en&displaylang=en
Also seen in this KB article:
http://support.microsoft.com/kb/911829
Redirect OWA and enable Forms Based Authentication (FBA)
You also might want to redirect OWA. The default installation point uses, of course, HTTPS, which is a
good secure thing. https://mail.exchange.com/exchange is the default path. This is a pain for users to
type in their browser. Rather, it should be as easy as simply typing in http://mail.exchange.com and
get redirected to the secure site that OWA lives on. This is accomplished with this procedure:
http://support.microsoft.com/kb/555053
If you don’t have a front end server, remember that this has to be done on all Exchange servers if you
have more than one Exchange server! In fact all of these steps need to be performed on all Exchange
servers, with the exception of this step if you have a front end server. The FE server gets information
from the proper back end server, otherwise if you log in to exchange server 1, and your mailbox
resides on exchange server 2, you will be redirected based on your login to exchange server 2, where
you will have to log in all over again.
As for generating your own self-signed certificate for SSL use, you can either install a local CA, or use the instructions found here:
RPC over HTTP
Almost a whole new document can be created around getting RPC over HTTP to work. This is one of
the best articles I’ve found to get RPC over HTTP working:
http://www.amset.info/exchange/rpc-http-server.asp
The main thing for a successful RPC over HTTP implementation is getting a certificate installed, which
you already have performed on the server at least above, in securing OWA. You need to also get this
certificate installed on the client as well, and this is fairly easy in Windows XP, and a bit more
convoluted in Vista. Further supporting documentation can be found on our intranet site under the
Information Technology department, email topics.
Set up Change Password for OWA
The change password option in OWA options doesn’t work by default. Follow the knowledgebase article to set this up:
http://support.microsoft.com/kb/297121
Memory Optimization
Very important to optimize memory utilization for the Information Store process (store.exe). It can and will eat all the memory it can get its hands on, so big or small you need to follow this article to the letter:
http://support.microsoft.com/kb/815372
Anti-virus
You need to make sure to configure anti-virus accordingly. File and folder exclusions have to be in place, or the scanner could destroy your database and render your Exchange installation in-operable. Follow these guides to configure the exclusions:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2007030609490354
http://support.microsoft.com/kb/823166
http://www.msexchange.org/articles/Properly-Configure-file-system-antivirus-Exchange.html
Recovery
When recovering Exchange there are a few steps to make the process go more smoothly. Exchange
has tools, eseutil.exe and isinteg.exe that can recover database files. It is good to have tools to work
with Exchange, but don’t spend too much time on it. The first order of business is to get mail
functional again, so make sure to create a dial tone database and get mail flowing again.
In the case that eseutil.exe is incapable of recovering a database with the /r and/or /p options, a
restore from backup must be performed. Once restored, transaction log files must be replayed in
order to bring the database into a consistent state up to the failure point. To begin, you want to get
email functional first. To do so, find the database files for the database that is down. You can do so by
right clicking the database and clicking on properties, database tab. Once located, rename the file with
a .bak extension, to preserve the database in case it can be used. Mount the database, and you will
be prompted that a new database is about to be installed. This will get email functional again. The
following article goes into detail about this as well. The best way to recover is what is known as a “dial-
tone restore”. Follow this article to restore, everything necessary is in it, with the exception of
manually replaying transaction logs, which I will cover later:
http://www.msexchange.org/tutorials/Exchange-Dial-tone-Restore-Method-Part1.html
The end of this article discusses replaying the transaction logs by simply having them in the recovery
storage group, but this did not work for me, as the database was “victimized”. Keep in mind, that one
set of log files is used for all stores within a storage group. So if you have several corrupted stores
(databases), you will use the same set of log files for replay. If you are restoring from tape, restore
ONE store at a time, and don’t try to restore the public folders. When you perform the restore in
Symantec or any other backup software DO NOT choose to replay log files and/or mount the store!!!
Once the store is restored, the restore.env file will appear in the temporary directory that is used for
replaying the log files. If you perform a eseutil /cm c:\temp\us for example, you can view the
restore.env file, which will tell you which store it’s working against, as well as the logs that will be
replayed. This only includes the logs that were part of the last full backup, not the logs up to the point
of failure. You will need to locate the old log files, and copy them over to the recovery storage group
folders, as seen in the properties of the recovery storage group. Now you are ready to replay the log
files into the database. Use eseutil /cc c:\temp\us (or wherever the restore.env resides). This will
play back the log files within the restore.env (usually only 2 or 3 files), then it will look for any new log
files in the recovery storage group and replay those as well. This will bring the database up to the
point of failure. You can now mount the database and look at the mailboxes, and see the last logon
date, and some mailboxes should be close to the date and time of failure. You may need to refresh
the view to see this properly.
This is a very good TechNet article that describes transaction logs in detail, but they leave out where
the log file are replayed from (recovery storage group):
http://technet.microsoft.com/en-us/library/aa997761(EXCHG.65).aspx
If you have other stores to restore, dismount the last recovered store! Make sure to delete the
r00.log and r00.chk files before performing the above steps on the next database, otherwise you will
see failure!
Also to note, before mounting the store, make sure to right click the store in the Exchange System
Manager (ESM), and click on properties, database tab. Put a check in the box to allow restores to
overwrite this database, otherwise the database will not mount.
ESEUtil
Good article on ESEUtil here:
http://www.computerperformance.co.uk/exchange2003/exchange2003_eseutil.htm
Some useful uses for eseutil are to look at the consistency of the database. Use eseutil /k, eseutil /m,
and eseutil /mh against the databases to find any corruption. With /mh you can see if it’s in a dirty
shutdown state or a clean shutdown. Dirty shutdown can mean that the database has been restored
and log files need to be replayed, so don’t freak out.
No Comments »