Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


July 2007

Configuring Exchange Server 2007

You've installed the new software—here's what to do next
From the July 2007 Edition
of Windows IT Pro
Brien Posey
Feature
InstantDoc #96044
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Migration Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Server Configuration Steps for Exchange 2007

Configuring SSL Encryption. An SSL certificate is required for encryption when a Microsoft Outlook Web Access (OWA) client connects to the Client Access server. The only time an SSL certificate wouldn't be required on a Client Access server is when you offload SSL encryption to another device to conserve resources on your Exchange server.

The good news is that Exchange 2007 is flexible in the types of certificates it lets you use. You can use an Exchange 2007 self-signed certificate, purchase an SSL certificate from a Certificate Authority (CA), or get a certificate from a public key infrastructure (PKI) CA. The advantage of using a self-signed certificate is that it's free and easy to deploy. However, no one outside your organization will acknowledge the self-signed certificate as having come from a credible source. A certificate from a commercial CA caries credibility but can be expensive to purchase.

To use a self-signed certificate, you generate the certificate by using the Exchange Management Shell's New-ExchangeCertificate cmdlet, as follows:

New-ExchangeCertificate -GenerateRequest `
  -domainname <yourdomain.com> `
  -FriendlyName <yourdomain.com> `
  -privatekeyexportable:$true `
  -path c:\cert_myserver.txt

In the previous command, you'd replace yourdomain.com with the name of your domain. You can enter multiple domains separated by commas if you want. FriendlyName is the name that's displayed for the certificate being generated; it must be fewer than 64 characters. Figure 4 shows an example of this command and its output.

Regardless of how you obtain an SSL certificate, the procedure for installing the certificate is basically the same. Open Exchange Management Shell and enter the following command, where c:\newcert.cer is the path and filename for the certificate you're importing: 

Import-ExchangeCertificate `
  -path c:\newcert.cer

Now, copy a digest, or thumbprint, of the certificate data to the Clipboard by using the following command: 

Dir cert\LocalMachine\My |fl

If multiple certificates are displayed, select the appropriate certificate by its friendly name. Next, use the information from the Clipboard to enable the certificate on the default Web site by using the following command: 

Enable-ExchangeCertificate -thumbprint `
  <the value stored in the Clipboard> `
  -services "IIS,IMAP,POP"

The last step in the process is to verify that Microsoft IIS is configured to require SSL encryption for virtual directories. Choose Internet Information Services (IIS) Manager from the Administrative Tools menu. In the IIS Manager console tree, navigate to your Default Web site and expand the container to reveal a list of the virtual directories in the default Web site. For each of these directories, right-click the directory and choose Properties from the shortcut menu. In the Properties sheet, click the Directory Security tab, then click Edit in the Secure Communications section to display the Secure Communications dialog box. Select the Require Secure Channel check box and the Require 128-Bit Encryption check box. Click OK twice and move on to the next virtual directory. When you're done, you'll need to restart the POP3 and IMAP services.

Configuring EAS. You'll need to configure EAS only if some users in your organization use mobile devices to send and receive email. For this article, I'll assume that all your mobile users have devices running Windows Mobile 5.0; older versions aren't supported.

First, create a new EAS mailbox policy. Navigate through Exchange Management Console to Organization Configuration\Client Access. Now, click the New Exchange ActiveSync Mailbox Policy link in the Actions pane. Exchange Management Console opens a screen that lets you enter the particulars for your mailbox policy. As Figure 5 shows, you must enter a name for the policy you're creating, and you can set a number of security requirements, most of which are related to the device's password. Select the requirements appropriate for your organization, then click New to create the policy.

Keep in mind that merely creating a policy doesn't activate it; an EAS policy must be assigned to one or more mailboxes to be effective. Therefore, you can create multiple EAS policies and assign different policies to different users.

To assign an EAS policy to a mailbox, click the Exchange Management Console's Recipient Configuration container to display a list of all the mailboxes in the Exchange organization. Display the Properties sheet for the mailbox you want to apply the policy to and click the Mailbox Features tab. Choose the Exchange ActiveSync option from the list of mailbox features, then click Properties to display the Exchange ActiveSync Properties dialog box. Select the Apply an Exchange ActiveSync Mailbox Policy check box, then click Browse to locate and select the policy you want. Click OK twice to associate the policy with the mailbox.

Configuring the Hub Transport Server
You might need to perform as many as three post-installation tasks on servers hosting the Hub Transport role: configuring the domains for which you'll accept email, subscribing to an Edge Transport server, and creating a postmaster mailbox. Depending on the specifics of your Exchange organization, any or all of these tasks might be optional.

   Previous  1  [2]  3  Next 


Top Viewed ArticlesView all articles
Microsoft, News Corp. Discuss Locking Out Google

Microsoft and Rupert Murdoch's News Corp. recently discussed an alliance that would counter Google's fledgling online news service. ...

2009 Windows IT Pro Editors' Best and Community Choice Awards

Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...
Exchange Server and Outlook Whitepapers Email Controls and Regulatory Compliance

Take Control of Your Email: Understand the Business Reasons for Email Storage Management
Related Events Managing IT Across Multiple Locations

Bail Out Your Exchange Environment

Check out our list of Free Email Newsletters!
Exchange Server and Outlook eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003
Related Exchange Server and Outlook Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format

Exchange & Outlook UPDATE eNewsletter
News, strategies, products, and developments in Exchange Server and Outlook messaging.


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Free CDs Offer Fundamental Content for IT Pros
Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Exchange Server 2010: Deploying Unified Communications - Virtual conference
December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement