Installing Exchange 2016 in the lab

Hello all,

I want to have Exchange in my lab so I could show off some interesting things that Veeam Availability Orchestrator can do with Exchange as part of a failover or test failover.  But my old article on installing Exchange 2013 is likely not good any longer. But in doing the Google thing, I could only find a range of articles that might help, but not sure how much, and often they were in way too much detail so here we are with my article now!  In fact one very good article I found was an upgrade article so that was not good either.

Prerequisites

There are a number of things to be done once you have your VM - or physical machine - ready for installing Exchange.  That is, before you install Exchange.

• Windows 2016, fully patched, with a static IP, and a member of the domain.  It should have healthy DNS and time.
• Make sure you update Microsoft, reboot, and try again.
• My virtual machine has 10 GB of RAM, 2 vCPU, and a single 80 GB disk.  This is not what you would do for production, but will work fine in my lab.
• You will need to execute the following in your PowerShell - started as admin - prompt. Copy and paste from here is what I did, and it works fine.  It takes a few minutes.

 Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering,RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell,
Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth,
Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging,
Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console,
Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor,
Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI,
Windows-Identity-Foundation

• This is what it looks like when you copy and paste.

• And when it is done successfully it looks like this.

• There is a possibility that you might need to restart.  But I did not need too.
• Next, we need to add the AD Remote Server Admin Tools. At the PowerShell prompt execute:

Install-WindowsFeature RSAT-ADDS

• Once successfully installed it looks like below.

• I suggest you restart your server here.  I did not and the next step said there was an outstanding restart so avoid that and do it now.
• Now we need to prep our domain for Exchange.  Since we have a simple Exchange environment for our lab we can do this from our Exchange server.  Be aware you need to use an account to do this which is in both Enterprise and Schema admin groups. I do not have the Exchange files locally hosted, so we will do this from the CD. Execute this command:

setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

• This will take a few minutes to complete. Once complete you will see something like below.

• Now we need to prepare the Exchange Organization.

setup.exe /PrepareAD /OrganizationName: “thewhites” /IAcceptExchangeServerLicenseTerms

• This will take a few minutes and will look something like below when done.

• Next we need to prepare the domain. We use the following command.

setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

• This doesn’t take too long and it looks like below when done.

We need to install an API Runtime called the Unified Communications Managed API 4.0 Runtime which you can find here.

This wraps up our pre-req’s and next we move to the actual install.

Important Note - I just learned that the steps above (except for the PowerShell ones and the Unified one) are for a big AD infrastructure, or when the Exchange and AD people are separate.  In a small environment, or a lab it can be all done in the install wizard.  Oops.

Install

So we start setup.exe from the image.

• I definitely leave it at check for updates and hit next.
• Fairly quickly it has no issue with disk space available, and there is no updates.  So we continue.

• Next we see an Intro page with options to learn.

• Accept the license - again.
• Next we will use the Recommended Settings.

• Now we decide about roles.  As you can see I have chosen Mailbox and Management which has greyed out Edge for some reason.  I also leave selected the automatically install Windows Server roles and features as necessary.

• Now we confirm the install path.

• On our next screen there is an couple of things.  Our organization which I dealt with at the command line but also the option for a split permissions model.  Which would be pretty nice in a big org but pretty poor in my lab so I am not going to select it.

• Next is Malware Protection Settings and I usually leave it on to help protect things!

• The next screen is Readiness Checks.

• I have nothing found or suggested and the Next button has changed into the Install button.

• Once the install is done, we restart.  It seems like the install takes 25 minutes or so. But on fast storage and fast servers I bet it flies.
• After restarting do a Windows Update check. I had several updates including a security update for this version of Exchange I just installed.

Now we are ready to see how it looks. BTW, just in case, the setup logs are in c:\ExchangeSetupLogs.

Configuration

The first thing to do is to log into the Exchange Admin Center. Nice quick way to confirm at least a little - like the install worked.

https://fqdn/ecp

So things are looking good.

• Log in as your domain admin and you should be asked about language and timezone.

• Once you save your selection you are at the main admin screen. In this screen I can see I am the only user which makes sense at this time.
• We should license Exchange first, so change to the Server screen.

• Here you can enter your license key.
• Email can be received by default, but we need to enable outbound. So change to the mail flow section and  send connectors tab.

• We use the + sign seen above.
• We end up in a wizard and I name the send connector - Outbound. Also I make sure Type is Internet.

• On the next screen it is likely the defaults are acceptable and we will use them.  But I like how it has the Smart Host option as I have often used that at customer sites in the past. A smart host is often a security appliance that does things like deal with spam.

• After we hit Next, we are on a screen where we need to add a domain to send too.  Sounds odd but not too worry.  Use the + sign again.

• I have added the * to the FQDN so that we can route our email to wherever we need via SMTP.
• Now save what we just did, then use Next.

• Now we use the + sign again to select our server.

• Since our server is highlighted we can just hit OK.

• Now we hit Finish.

We have now a working Exchange server. But some little work is left.

Enabling internal relay

This is important to me as I will have non - human application accounts dropping off mail to send to me.  In case I want it sent to me outside this mail sever - such as at my work account I need to enable relay.

• Change to the mail flow and receive connectors.
• We will need to create a new connector so lets start with the + sign.

• So we need to name, and select Frontend Transport,

• You will also need to select Client seen above to allow other software to drop off email.
• Next screen is Network Adapter Bindings and we can just leave it at the defaults.
• Our next screen is an important one.

• As this screen is currently configured it is an open relay. So use the minus and delete it.
• Now use the + to add your own IP address range than hit Save.

• Now you use Finish to complete.

Ok, we are good now!  Working mail server and relay from the inside only.

Testing

BTW, the Outlook Web Access (OWA) is at https://fqdn/owa.

1. Can you have an app like Veeam send a report through the mail server to an outside email?
2. Can you send an email to another user on this same server?
3. Can that other user reply to your email and you get it?

The points above are enough for a test lab.  But for a more full feature test lab you could continue.

1. Can you send email to an outside email address?
2. Can you receive an email from the outside?

Links

• Article about Exchange exclusions in Defender, including a script to help - link
• Microsoft article on Exchange exclusions for anti-malware software - link - this is for Exchange 2013 but I am told it is darn similar to Exchange 2016 so it is good to follow.
• Install Exchange 2016 in your lab (Part 1) - link - a 6 or 7 part article series on installing Exchange but really detailed with more than I need!  But a great reference.
• PowerShell Scripts for your Exchange Server Toolkit - can do some interesting reports - link.
• Exchange v15 Unattended Setup (updated) - this will work for Exchange 2013 or 2016 - link - but I am not using it as I have not installed Exchange for a long time, and I want to see how it goes.  Next time, the script is the way to go! This script is very impressive in the range of things it does. Definitely worth using once I am more familiar with things.
• Want to learn what is new in Exchange 2019 whjen you upgrade from 2016?  Check out in this link.
• Looking where to find the updates for Exchange 2016 - link?

Updates

• 12/1/18 - added a note about selecting Client in the Front End Relay to allow other software to drop off email.

So things are working now and that is good.  I am not really an Exchange guy so I am glad this works.  I will be doing an article soon on applying updates to the Exchange server.  Maybe other things.  Let me know if you have questions.  BTW, I used the script in the first link above to do the Defender exclusions - since there is 84 of them that was far easier.

Michael

=== END ===