Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Installing Exchange Server 2010 : Post-setup configuration (part 2) - Add a certificate to the Client Access Server role

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
10/22/2012 3:45:55 PM

5 . Add a certificate to the Client Access Server role

When the Exchange Server 2010 Client Access Server role is installed, a self-signed certificate is installed automatically, primarily for testing purposes. However, as soon as the installation is finished, a real certificate should be acquired and installed. Exchange Server 2010 uses a Unified Messaging certificate, which holds besides its Subject Name other names as well, called the Subject Alternative Names (SAN). For example, the Subject Name could be webmail. yourdomain.com and Subject Alternative Names could be autodiscover.yourdomain.com and mail.yourdomain.com.

To request a certificate you can either use the Exchange Management Console or the Exchange Management Shell. When using the Exchange Management Console (after all, we are Windows administrators, right?) use the following steps:

  1. Log on to the Exchange Server 2010 Client Access Server and open the Exchange Management Console.

  2. In the navigation pane, expand "Microsoft Exchange On-Premises."

  3. In the navigation pane, click on "Server Configuration."

  4. In the top half of the middle pane you'll see your Exchange Server, including your Edge Transport Server, and in the bottom half you'll see the corresponding certificate. This is the self-signed certificate that's created during the installation of your Exchange server.

  5. In the actions pane click on "New Exchange Certificate," and the New Exchange Certificate wizard is shown. Enter a Friendly Name, for example "Exchange Server". Click Next to continue.

  6. The next page is the Exchange Configuration where you can determine the usage of the certificate. Select the following services:

    • Client Access Server (Outlook Live)

    • Client Access Server (Exchange ActiveSync)

    • Client Access Server (Web Services, Outlook Anywhere and Autodiscover).

  7. In all three options, enter the external hostname for your organization. In the last option also select "Autodiscover used on the Internet" and select the proper URL. The default is the Long URL like autodiscover.yourdomain.com. Click Next to continue.

  8. In the Organization and Location page you have to enter your company specific details like Organization, Organizational Unit, Country, etc. In the Certificate Request File Path click Browse to enter a location for the Certificate Request File. Enter a filename like c:\Exch-Cert.req and click Save. Click Next to continue.

  9. On the Certificate Configuration page check your certificate request details and, if all is OK, click New to generate the request file.

  10. On the completion page you'll see the PowerShell command that was used for generating this certificate request. If needed you can use CTRL-C to copy the contents of this page to the server's clipboard. Click Finish to continue.

You can find the file c:\Exch-Cert.req on your server. This file looks something like this:



To request a new certificate, you have to submit this file to your Certificate Authority. Microsoft has a list on their support website of supported vendors who can supply Unified Communications certificates: HTTP://TINYURL.COM/CERTVENDORS.

On the Exchange Certificates tab in the Exchange Management Console, you'll see a new entry, and the parameters you entered in the previous step can be identified here.

When you receive the certificate from your authority follow these steps:

  1. Save the certificate on the hard disk of your server.

  2. In the Exchange Management Console, on the Exchange Certificates tab, right-click the new certificate and select "Complete Pending Request."

  3. Browse to the file you stored in Step 1 on the hard disk.

  4. Follow the wizard to complete the certificate request and finish the installation.

  5. In the Exchange Management Console, on the Exchange Certificates tab select the original, self-signed certificate, right-click it, and select Remove to remove this certificate from the Exchange Server 2010 server.

  6. Using Internet Explorer open Outlook Web App (using HTTPS://LOCALHOST/OWA) and check the new certificate. Never mind the error message you will receive, this is because the name "localhost" is not in the certificate.

You can also use the Exchange Management Shell to request a new certificate:

  1. Log on to the Exchange Server 2010 server with domain administrator credentials and open the Exchange Management Shell.

  2. Since the –Path option is no longer supported in Exchange Server 2010 you first have to use a variable and in Step 2 you have to write the actual file:



A certificate will be sent by your certificate authority that can be imported on the Client Access Server by using the Import-ExchangeCertificate commandlet in the Exchange Management Shell. The output of this commandlet can be piped into the Enable-ExchangeCertificate to enable the certificate after importing it:

  1. Log on to the Exchange Server 2010 server with domain administrator credentials and open the Exchange Management Shell.

  2. Enter the following command:



The Client Access Server role is responsible for handling all client requests with respect to mailbox access. This means Outlook Web App, POP3 and IMAP4, Outlook Anywhere and ActiveSync all have to be configured on the Client Access Server role. New in Exchange Server 2010 is the fact that the Client Access Server now also handles all MAPI requests. So Outlook clients no longer connect to the Mailbox Server role directory, but rather to the Client Access Server. This functionality is called "RPC Client Access." The codename for this was "MAPI on the Middle Tier" or MoMT.

In this section, I will briefly focus on Outlook Web App, Outlook Anywhere and ActiveSync. A prerequisite for proper functioning of these services is that a valid Unified Communications certificate from a trusted vendor, with proper Subject Alternative Names is installed as described in Section 2.7.5. Since the Client Access Server is on the same box as the Mailbox Server, no special configuration is needed for the MAPI clients.

  1. Log on to the Exchange Server 2010 server with domain administrator credentials and open the Exchange Management Console.

  2. In the navigation pane expand "Microsoft Exchange On-Premises."

  3. In the navigation pane expand "Server Configuration."

  4. Click on "Client Access."

  5. In the lower part of the results pane you can select the tabs for Outlook Web App, Exchange ActiveSync, Offline Address Book Distribution and POP3 and IMAP4. From here, you can now configure the various aspects of the Client Access Server.

Outlook Web App
  1. To configure Outlook Web App select the Outlook Web App tab, right-click on OWA (Default Website) and select its properties.

  2. In the External URL field, enter the URL that users will use when connecting to the OWA site from the Internet. Make sure that this name corresponds to the name used in the certificate you installed in the previous section.

  3. Click OK to close the properties page.

Exchange ActiveSync
  1. On the Exchange ActiveSync tab, right-click the Microsoft-Server-ActiveSync and select its properties.

  2. In the External URL field, enter the URL that users will use when connecting to the OWA site from the internet. Make sure that this name corresponds to the name used in the certificate you installed in the previous section.

  3. Click OK to close the properties page.

NOTE

Testing your Exchange Server 2010 ActiveSync setup is always difficult. To avoid needing a real mobile device you can use an emulator for testing purposes. Microsoft has several emulators available on the Microsoft download site, and you can download the Windows Mobile 6.5 emulator here: HTTP://TINYURL.COM/WINMOB6. Just install it on your computer or laptop, connect it to your local network adapter and start configuring the device. When you have the proper connectivity you can even test it from home – this works great!

Figure 1. Windows Mobile 6.5 working with an Exchange Server 2010.

Outlook Anywhere

Outlook Anywhere uses the HTTP protocol to encapsulate RPC information for sending between the Outlook client (version 2003 and 2007) and the Exchange Server 2010 server. For this service to run properly the RPC over HTTP Proxy service has to be installed on the Client Access Server. This can be achieved either by adding this as a feature via the Server Manager, or by entering the following command on a PowerShell Command Prompt:



  1. Open the Exchange Management Console.

  2. In the navigation pane, expand "Microsoft Exchange On-Premises."

  3. In the navigation pane, expand "Server Configuration."

  4. Click on "Client Access" and select your Client Access Server.

  5. In the Actions pane, click on "Enable Outlook Anywhere."

  6. On the Enable Outlook Anywhere page enter the External host name. Make sure that this name is also available in the certificate you created on the previous Paragraph. Select the authentication methods used by clients, i.e. Basic Authentication or NTLM authentication. For now leave these settings on default and click Enable to continue.

  7. This will activate the Outlook Anywhere service on this service, and it may take up to 15 minutes before the service is actually usable on the Client Access Server. Click Finish to close the wizard.

Other -----------------
- Installing Exchange Server 2010 : Installing the Edge Transport Server
- BizTalk Server 2009 Operations : Scalability and High Availability
- BizTalk Server 2009 Operations : Configuration and Management
- Windows Server 2003 on HP ProLiant Servers : Migration Methodologies (part 2) - Restructure
- Windows Server 2003 on HP ProLiant Servers : Migration Methodologies (part 1) - ProLiant Migration
- Windows Server 2003 on HP ProLiant Servers : Windows Server 2003 Functional Levels
- Sharepoint 2010 : Aggregating External Data Sources - Understanding the BCS Security Options
- Sharepoint 2010 : Aggregating External Data Sources - Using the Business Data Connectivity Service Application and Model
- Microsoft Dynamic CRM 2011 : Using the Knowledge Base - Creating Article Templates
- Microsoft Dynamic CRM 2011 : Removing an Article from the Knowledge Base
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server