Make no mistake — it’s shortly turning into a cloud-driven world. Nevertheless, whereas many organizations transfer their e mail to O365, many others have causes for sustaining extra management over their e-mail, which means many nonetheless want (or need) to leverage Microsoft Change. By internet hosting e mail on Microsoft Change 2019, organizations retain full management of their e-mail environments. Doing so permits organizations to raised management issues like backup options, mailbox sizes, and mail move. In instances the place organizations have already got messaging engineers on employees anyway, a transfer to O365 doesn’t all the time end in any kind of significant value financial savings. As such, these organizations can also choose to host their e mail on Microsoft Trade.
Enter Trade Server 2019.
On this tutorial, we’re going to work via the method of deploying a working Trade group by leveraging Change Server 2019, which will probably be put in on Home windows core. We’ll leverage Microsoft Azure to host our Change setting. As such, this tutorial serves as a implausible strategy to discover ways to deploy a safe Change 2019-based messaging group on Home windows Server 2016 core.
- 1 Conditions
- 2 Put together Home windows 2016 core Azure VM
- 3 Put together server for Change 2019
- 4 Set up Home windows options
- 5 Obtain the required software program
- 6 Set up Visible C++ 2013 Redistributable
- 7 Set up UCMA (Microsoft Unified Communications Managed API four.zero)
- 8 Set up .Internet four.7.1
- 9 Be a part of VM to Lively Listing
- 10 Trade 2019 set up
- 11 Configure Trade 2019
- 12 Configure certs
- 13 Configure DNS
- 14 Check Trade 2019
Earlier than moving into the prep work for deploying Microsoft Change Server 2019 on Home windows core in Azure, we have to first cowl some assumptions and conditions which might be already in place within the lab surroundings that we’ll use to carry out the duties on this tutorial.
In our lab surroundings for this tutorial, we have already got an on-prem Lively Listing forest deployed. The on-prem AD in our lab is known as bluewidgets.native. In Microsoft Azure, we have now a digital community deployed and the DNS for the vNet has been configured to level to the on-prem DNS server (area controller) for DNS decision. We’ve additionally established a site-to-site VPN between the on-prem community and our Azure digital community.
The e-mail area we can be utilizing for our Change 2019 group will probably be bluewidgets.org.
With the conditions and assumptions out of the best way, let’s start the deployment of Trade Server 2019 on a digital machine hosted in Azure.
Put together Home windows 2016 core Azure VM
Step one within the deployment of Change Server 2019 on a digital machine in Azure is to deploy a Home windows Server 2016 core digital machine within the Azure tenant. Since this can be a tutorial on deploying Trade Server 2019, I’m not going to get into element on deploying a VM in Azure. There are many articles on-line that cowl the deployment of a VM in Azure.
Nevertheless, I DO need to level out that the digital machine deployed in Azure ought to be configured with static IP addresses (each private and non-private). The community safety group (NSG) that’s assigned to the digital machine must be configured to permit HTTP (port 80), HTTPs (port 443), and SMTP (port 25) from the web. RDP (port 3389) also needs to be opened from the on-prem community so the digital machine might be managed.
As soon as the digital machine is deployed in Azure (and it meets these necessities), we will transfer into the meat of this tutorial — deploying a working Change 2019 group on a digital machine hosted in Azure.
For our lab on this tutorial, I’ve deployed a Home windows Server 2016 core digital machine in Azure. I’ve referred to as the digital machine EX01 (I do know, not terribly unique). This VM has a static personal IP handle of 10.zero.four.5 and a static public IP handle. The digital machine is reachable from the web by way of ports 80, 443, and 25. The VM can also be accessible from my on-prem community by way of port 3389.
Put together server for Change 2019
After deploying a Home windows Server 2016 core digital machine in Azure and getting ready it per the directions above, hook up with it by way of RDP. As soon as related, launch PowerShell from the command immediate by typing begin powershell and hitting ENTER.
After launching PowerShell from inside the RDP session on the Change digital machine, affirm the personal IP tackle of it through the use of the Get-NetIPAddress (as seen under).
Affirm that the digital machine factors to the Lively Listing DNS servers which are configured on the Azure digital community to which the VM is related. Do that by operating the get-DNSClientServerAddress -interfaceindex three command. On this instance, I used interfaceindex three as a result of that’s the interface index of the NIC with the personal IP tackle assigned to it. In your personal surroundings, specify the InterfaceIndex that matches your digital machine.
After confirming that the DNS is correctly configured, set the time zone of the digital machine by operating the TZUTIL command under:
TZUTIL /s “Japanese Normal Time
With the time zone correctly set, you possibly can start putting in vital home windows options.
Set up Home windows options
Earlier than starting the set up of Change Server 2019, use the PowerShell command under to put in the OS elements required for Microsoft UCMA four.zero and the OS elements required for Lively Listing Preparation:
Set up-WindowsFeature Server-Media-Basis, RSAT-ADDS
Set up will take a couple of minutes.
On the completion of the set up of the Home windows Options, restart the machine by typing restart-computer -force and hitting ENTER.
After the digital machine reboots, reconnect to it by way of RDP and create a listing referred to as c:software program, utilizing the md software program command on the command immediate:
After creating the software program listing, relaunch PowerShell by typing begin powershell and hitting ENTER.
Obtain the required software program
From one other machine, obtain the next software program and replica it over to software program listing on the digital machine being ready for the Change 2019 set up:
If the Home windows Firewall on Home windows core blocks connection for file copy, disable it, utilizing the PowerShell command under:
After copying the required software program to the home windows core server in Azure, you possibly can start putting in the software program.
Set up Visible C++ 2013 Redistributable
Earlier than putting in the Visible C++ Redistributable, create a temp listing within the root of the C drive, if it doesn’t exist already.
Change to the c:software program listing and run the installer by typing .vcredist_x64.exe and hitting ENTER. Comply with the wizard to finish the set up.
Set up UCMA (Microsoft Unified Communications Managed API four.zero)
The UCMA installer is situated on the Change Server 2019 media itself. Use the next PowerShell command to mount the Change Server media:
The UCMA installer is situated beneath the UCMARedist folder on the Change Server 2019 .ISO.
Launch the UCMA set up by switching to the drive that was mounted (must be E or F, relying on the VM’s measurement) and operating .setup.exe from the ucmaredist folder.
Comply with the wizard to finish the set up of UCMA.
Set up .Internet four.7.1
Change Server 2019 requires .Internet four.7.1. As such, you could or might not want to put in it. Nevertheless, earlier than doing so, examine the .Internet model that’s already put in by following this hyperlink.
In case you are not on .Internet model four.7.1 already, use the next command to put in the .Internet four.7.1 (not required on Home windows Server 2019 Server Core):
.NDP471-KB4033342-x86-x64-AllOS-ENU.exe /q /log c:tempndp.log
The .Internet set up will proceed in quiet mode; there will probably be no progress bar displayed. Nevertheless, on the finish of profitable set up, the pc will restart.
As soon as the .Internet set up completes, and the digital machine restarts, you’ll be able to be a part of the machine to the Lively Listing area.
Be a part of VM to Lively Listing
To hitch the Azure digital machine to the on-prem Lively Listing, run the command under. In our case, right here, we’re becoming a member of the VM to the bluewidgets.native AD area. Remember to specify a website admin account when becoming a member of the area:
Add-Pc -DomainName bluewidgets.native -DomainCredential bluewidgetsadministrator
After becoming a member of the digital machine to the area, restart it by operating the command under:
As soon as the machine has restarted, you’ll be able to start the set up of Trade 2019.
Trade 2019 set up
After rebooting, log in with an enterprise admin account that’s additionally a schema admin, launch PowerShell, and mount the Trade .ISO picture once more utilizing Mount-DiskImage as you probably did earlier than.
Observe the drive letter that the mount-diskimage command makes use of.
Run the PowerShell command under to launch the Trade Server 2019 set up. The PowerShell command may even set up the required OS elements for Change 2019:
.Setup.exe /m:set up /roles:m /IAcceptExchangeServerLicenseTerms /OrganizationName:bluewidgets /InstallWindowsComponents
As you possibly can see within the command above, the group identify for our lab org is “bluewidgets”.
The set up can take a substantial period of time to finish. As soon as Trade is put in, you’ll be able to launch the Change Administration Shell utilizing LaunchEMS command from the command line:
Nevertheless, you may also use an internet browser from an admin machine to entry the Trade Admin Middle. On this lab right here, we might browse to https://ex01.bluewidgets.local/ecp.
Till correct certs are put in, the EAC URL will show a cert error.
Configure Trade 2019
With Change 2019 put in, it’s time to configure the appliance. You can begin by including an accepted area. An accepted area is an e mail area that can be serviced by Change. In our case right here, we’re utilizing bluewidgets.org.
So as to add an accepted area, browse to Mail Move after which Accepted Domains, within the Change EAC. Click on the “+” signal and add the brand new area as an Authoritative area — and save the brand new settings.
After including the brand new accepted area, add an tackle coverage for the brand new area. The tackle coverage will guarantee new mailboxes obtain an e-mail tackle for the newly-added area. In our lab setting, I’ve chosen to make use of the [email protected] format for brand spanking new e mail addresses. Use no matter works for you.
Making a coverage doesn’t imply it’s utilized. To use the brand new coverage, click on Apply.
Subsequent, create a ship connector so customers within the new Change group can ship emails to the web. Achieve this by clicking Mail Move within the left pane, after which Ship Connectors within the prime menu.
Present a reputation for the brand new connector and choose the Web choice. Click on Subsequent to proceed. Depart the Community Settings on the default “MX” setting.
Within the Add Area display, depart the Sort at “SMTP” and the Value at “1”. Within the FQDN area, enter an asterisk
Click on Save after which choose the brand new Change server because the “Supply” server (as seen under).
Click on End to finish the configuration of the Ship Connector.
After configuring the Ship Connector, transfer on to the configuration of the Exterior entry area, which is actually the FQDN by which the server might be referenced publicly (ie. mail.bluewidgets.org).
To configure the exterior entry area, browse to Servers within the left pane after which click on Digital Directories within the prime menu.
Click on the little wrench icon and supply the exterior FQDN that you simply want to use to entry the server. In our lab right here, we’re utilizing mail.bluewidgets.org.
Click on the “+” signal and add the Trade server after which click on Save.
After configuring the exterior entry area, you’ll be able to configure Outlook Anyplace. To take action, click on Servers within the left pane, after which Servers within the prime menu.
Spotlight the brand new Trade server after which click on the “pencil” icon to edit it. Click on Outlook Anyplace and supply a publicly accessible FQDN. In our case, we’re utilizing mail.bluewidgets.org.
Click on Save, after which transfer on to configuring the digital directories. Achieve this by clicking Servers within the left pane, after which Digital Directories within the prime menu.
To make life straightforward on your self (so far as certificates go), be sure that inner URLs match the exterior URLs for every listing. Use the exterior FQDN that you simply used beforehand. For this lab, we used mail.bluewidgets.org.
Click on on every digital listing and set each inner and exterior URLs to level to the publicly accessible FQDN. By setting each the interior and exterior URLs to be the identical public FQDN, it turns into a lot simpler to arrange the required certificates (because you’ll solely want one as a result of there is just one area on it).
NOTE: There isn’t any exterior URL to set for autodiscover.
To accommodate an inner URL that factors to a website aside from the AD area (bluewidgets.org vs bluewidgets.native on this case), you’ll have to create a DNS area in your AD area controller to match the exterior area you used. On this case, I created a ahead lookup zone on my AD DNS for bluewidgets.org and added a single “A” report for mail.bluewidgets.org and pointed it on the personal IP tackle of the Change 2019 server. Doing so permits inner customers (on the interior LAN) to entry e mail without having to exit to the Web.
When you’ve configured all the digital listing URLs, you possibly can configure the certificates for the Trade server. In the event you’ve adopted the recommendation on this tutorial, you solely want a single cert that features three names: area.com, mail.area.com, and autodiscover.area.com. Within the case of my lab, the certificates required three names: bluewidgets.org, mail.bluewidgets.org, and autodiscover.bluewidgets.org.
Since the whole lot falls underneath one area identify, I can use both wildcard cert or a typical UCC cert from nearly any public certificates supplier.
For this lab, I opted to only use a typical UCC cert from GoDaddy.
To create a certificates request, click on on Servers within the left pane after which Certificates from the highest menu. Click on the “+” icon and create a brand new certificates request.
Make sure that all domains listed are the identical (in my case right here, bluewidgets.org). For those who’ve adopted this tutorial, it is best to solely require mail.yourdomain.com, autodiscover.yourdomain.com, and yourdomain.com.
Click on Subsequent
Full the knowledge on your new certificates request (firm identify, location, blah, blah, blah).
After clicking Subsequent once more, you’re prompted to save lots of your cert request someplace (utilizing a UNC path). I simply saved the request to the C: drive of my Trade 2019 server.
After clicking End, your certificates request is saved and created. Take the saved certificates request to your favourite certificates supplier and request a UCC certificates. Whenever you obtain your shiny new cert, full the request. To take action, open the EAC and click on Servers within the left pane, and Certificates within the prime menu.
Choose the Change server, after which click on on the pending certificates request from the listing. You’ll see a “Full” hyperlink within the particulars pane.
Click on the “Full” hyperlink. On the Full Pending Request web page that opens, within the File to import from subject, enter the UNC path and filename for the certificates file that you simply downloaded out of your cert supplier and click on OK.
With the brand new cert put in, you possibly can assign the providers to the cert. To take action, click on on the newly-installed certificates after which click on the pencil icon (edit). Choose all 4 providers (SMTP, IMAP, POP, IIS) and click on Save.
Doing so tells Change to make use of the brand new certificates to safe communications for all 4 providers.
With the certificates configured, now you can configure your Public and Inner DNS in order that customers can entry e-mail from inside and outside the native LAN.
To configure the interior AD-hosted DNS, just remember to’ve created a ahead lookup zone that matches the general public area identify on the AD DNS server. Create the next data:
- “A” Report: mail.yourdomain.com (factors to non-public IP handle of the Trade server)
- “CNAME” Report: autodiscover.yourdomain.com (factors to mail.yourdomain.com)
Making the modifications above within the AD-based DNS ensures customers can entry mail internally, without having to traverse out to the web, after which again in once more.
To configure public DNS, browse to the DNS supplier in your e mail area. In my case within the lab, my DNS for bluewidgets.org is hosted by GoDaddy. Open the DNS administration device and create the next data:
- “A” Report: mail.yourdomain.com (factors to public IP handle of the Trade server)
- “CNAME” Report: autodiscover.yourdomain.com (factors to mail.yourdomain.com)
- “MX” Document: factors @ to mail.yourdomain.com (set precedence to zero)
- “SPF” Report: ought to look one thing like this v=spf1 mx ip4:22.214.171.124 ~all
After creating the required public DNS data, await them to propagate all through the web (often an hour or two) earlier than testing Trade entry from outdoors the native LAN.
Modify mx report
Check Trade 2019
As soon as all DNS data (private and non-private) have been created, browse to OWA, utilizing the Outlook Anyplace URL that you simply configured. For this lab, we used mail.bluewidgets.org so, to check, I might browse to https://mail.bluewidgets.org/owa.
Affirm that there are not any cert errors and which you can entry your mailbox. When you haven’t created any customers but, check in with the account you used to put in Change. There must be a mailbox already arrange for it. Ensure you can ship and obtain emails.
Assuming there are not any cert points or mail supply issues (there shouldn’t be), you ought to be good to go. Different checks which you can carry out embrace accessing the Change Admin Middle and operating the Microsoft Distant Connectivity Analyzer software. Make sure the software runs clear and that there are not any errors.
Lastly, affirm that Outlook works. Create a brand new Outlook profile and use autodiscover to create the profile. If autodiscover works as anticipated, you need to simply have to provide the e-mail tackle in your account. Autodiscover ought to so the remaining, and immediate you on your password.
Until there are points, your inbox will pop up and you’ll be prepared to make use of your new Trade 2019 server.