Microsoft Exchange Server 2010

Installation and Configuration Guide

Prepared by:
Jason B. Black
APSCN LAN Support
Spring 2012
 Table of Contents
HARDWARE AND OPERATING SYSTEM REQUIREMENTS 4
--Hardware Requirements 4
--Software Requirements 4
--Active Directory Pre-Installation Check 4
--Recommended Installations Before Deployment 5
INSTALLING EXCHANGE SERVER 2010 7
--Setting up the Pagefile Size 7
--Installing the Microsoft Office 2010 Filter Packs 8
--Installing the Exchange Server 2010 Prerequisites 9
--Set the .NET TCP Port Sharing Service to Automatically Start 10
--Installing the Basic Exchange Components 10
--Creating Partitions for the Transaction Logs and Exchange Databases 12
--Moving the Exchange Database and Transaction Logs to Their Respective Partitions 14
INITIAL CONFIGURATION OF EXCHANGE SERVER 2010 16
--Creating the External Receive Connector 16
--Creating the External Send Connector 17
--Creating Database-Wide Mailbox Size Limits 18
--Creating E-Mail Address Policies 19
--Creating OU-Based Dynamic Distribution Lists 20
--Creating a Student Mail Transport Policy 22
--Mail-Enabling Users 23
--Setting Up a Delay for Exchange Services 24
--Setting Up a Scheduled Backup of Exchange 25
--Configuring the Change Password Feature for OWA 26
MANAGING EXCHANGE SERVER 2010 27
Managing User Mailboxes 27
--Mail-Enabling Users 27
--Disabling a User Mailbox 28
--Working with Disconnected/Orphaned Mailboxes 29
--Re-Assigning an Orphaned Mailbox 29
--Creating Mailboxes for Non-User Resources 30
--Creating Mailboxes for Rooms 30
--Creating Mailboxes for Equipment 30
Managing Address Lists, Distribution Groups, and E-Mail Addresses 33
--Creating and Removing Global Address Lists 33

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 2 of 54
--Configuring Dynamic Address Lists Based on Organizational Unit 34
--Applying an Address List 35
--Distribution Lists Overview 35
--Creating a New Mail-Enabled Universal Distribution Group 35
--Distribution Group Management 36
--On Changing a User’s E-Mail Address 37
--Creating E-Mail Aliases 37

APPENDICES:
Appendix A: Setting Up ActiveSync Policies for Mobile Devices 39
Appendix B: DNS Settings 41
Appendix C: Using Exchange 2010 with a Mail Proxy, Filter, or Relay 44
Appendix D: Backing Up Exchange Server 2010 48
Appendix E: Troubleshooting Common Startup Issues 51

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 3 of 54
 HARDWARE AND OPERATING SYSTEM REQUIREMENTS
Hardware Requirements
Processor Intel x64 or AMD64 The Itanium IA64 is not supported.

Memory Minimum of 4 GB Recommended minimum of 8 GB RAM

Disk Space Minimum of 120 GB Recommended
Partitioning All partitions MUST be NTFS and cannot be encrypted.
Operating System Minimum of 40 GB recommended
(C:)
TransactionLogs Minimum of 40 GB recommended
ExchangeDatabases Minimum of 40 GB Recommended
Operating System Requirements
Exchange 2010 with Management Tools Server 2008 Standard 64-bit, Service Pack 2

Exchange 2010 cannot be installed on a Server

Core installation of Server 2008.
Server 2008 Enterprise 64-bit, Service Pack 2
Server 2008 R2 Standard 64-bit, Service Pack 1
Server 2008 R2 Enterprise 64-bit, Service Pack 1
Management Tools Only Server 2008 Standard 64-bit, Service Pack 2

To facilitate everyday operations, the management

tools may be installed on a more accessible
machine, such as the administrator's workstation.
Server 2008 Enterprise 64-bit, Service Pack 2
Server 2008 R2 Standard 64-bit, Service Pack 1
Server 2008 R2 Enterprise 64-bit, Service Pack 1
Windows Vista 64-bit, Service Pack 2
Windows 7, 64-bit
Active Directory Pre-Installation Check
AD Forest Functional Level Windows Server 2003 (or Higher)
On a domain controller, open Active Directory Domains and Trusts
Right-click on the Forest name and choose Properties.
If necessary, you may raise the domain functional level by Right-
Clicking on the Forest name and choosing the option Raise Domain
Functional Level

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 4 of 54
AD Schema Master Must be running Server 2003 SP1 (or higher)
This may be checked on a domain controller

From a domain controller, activate the Schema Management console.

This is done by logging in as an administrator and typing the
following command from the Command Prompt:

regsvr32 schmmgmt.dll
Choose OK. You should receive a success confirmation.

Open an MMC console by going to start > run and typing mmc

In the MMC console, go to File > Add/Remove Snap-in

Press Add and select Active Directory Schema
Click Add, then click Close. Press OK
Click on the Active Directory Schema icon to the left. When it loads,
right-click on it and choose Operation Masters.
Locate that server and log into it (if you're not on it already) and
check its windows version by typing the following command from the
Run dialog:

winver
If this server is beneath the minimum requirements, you may transfer
that role through the Operation Masters option of the Active Directory
Schema MMC.

Recommended Installations Before Deployment

Before attempting to install Exchange 2010, it is best to leave Automatic Updates on and allow it to go
through and get its latest updates. In addition, you may consider downloading and installing the
following additional items, which are requirements for running Exchange 2010.

It is advised for DIS personnel to have the following downloaded prior to performing the onsite

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 5 of 54
installation, in the interests of saving time.
Microsoft .NET Framework 3.5 SP1
Service Pack Appropriate to Windows Version (See Software Requirements, above)
Windows Management Framework Core Packages http://support.microsoft.com/kb/968930
Microsoft Office 2010 Filter Pack, 64-bit

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 6 of 54
 INSTALLING EXCHANGE SERVER 2010
Setting the Pagefile Size
Microsoft recommends that the paging file for an Exchange 2010 system be set manually, to the
amount of physical RAM plus 10 MB.
Click Start. Right-click on My Computer and
choose Properties.

Take note of the Installed Memory, which will be

listed in GB. For the example here, we have 1.79
GB RAM.

Choose Advanced System Settings from the

menu on the left side of the screen

Choose the Advanced tab.

Under the Performance section, choose the

Settings button. This will bring up a window of
Performance Options. Choose the Advanced tab.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 7 of 54
Under the section marked Virtual Memory, click
the Change button.

Next, calculate the amount of virtual memory you Example:

will need. Take the amount of installed memory
(see above) and multiply by 1024. This will give On the test server we built this on, we had 1.79 GB
you the amount of memory in Megabytes. Add 10 of RAM.
to this number. This is the size of the swap file
you will want. 1.79 * 1024 = 1832.96 MB of RAM.

We then add 10 MB to the RAM for the pagefile

size, which gives us 1842.96.

Since we have to use whole numbers here, we can

round that up to 1843 MB.
In the Virtual Memory window, Uncheck
Automatically manage paging file size for all
drives.

Next, choose the radio button marked Custom

Size.

Enter the number that you came up with in the

previous step in both the Initial Size and the
Maximum Size boxes.

Click Set, then OK through the remaining dialog

boxes.
Click OK on each window until you are prompted
to restart. Then choose Restart Later.

Installing the Microsoft Office 2010 Filter Packs

The Microsoft Filter packs allow search services on the server to index content of specific file types,

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 8 of 54
allowing you to search for content within a file. These are heavily utilized by Exchange 2010.

Go to www.microsoft.com and search for Note: This will be provided for you on the
“Microsoft Office 2010 Filter Packs” administrator's desktop for the class.
Download and Run the file named
FilterPackx64.exe

Installing the Exchange Server 2010 Prerequisites

Open an elevated command prompt and navigate to the \scripts folder on the Exchange 2010
installation disc. Then type the following list of commands that work best for your requirements:
If NOT using Unified
Messaging
ServerManagerCmd -ip Exchange-Typical.xml -Restart
If USING Unified Messaging
ServerManagerCmd -i Desktop-Experience
Note that Unified Messaging is not
supported by APSCN LAN Support ServerManagerCmd -ip Exchange-Typical.xml -restart

The Server Will Reboot once

Installation of the Prerequisites
Are Complete.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 9 of 54
 Set the .NET TCP Port Sharing Service to Automatically Start
Click START and type in services.msc to bring
up the Local Services Window.

Choose Standard mode and right-click on

Net.Tcp Port Sharing. Choose Properties.

Make sure that the service is Started and choose

Automatic from the Startup Type. Click OK to
finish.
Note that without performing this step, Exchange 2010 will not function properly and will not pass the
pre-installation checks.

Installing the Basic Exchange Components

Now that the pagefile has been set and the prerequisites have been installed, once the machine reboots you are ready to
begin installing Exchange. Either insert the Exchange 2010 installation DVD-ROM, or alternatively browse to its network
location and run Setup. We can skip to Step 3: Choosing your Language Pack.

Insert the Exchange Server 2010 Installation

DVD. If the setup wizard does not start, navigate
to the CD-ROM drive and run SETUP.EXE.

Choose Step 1: Install .Net Framework 3.5 SP1.

Internet Explorer will open to the download page.

This option may be grayed out. If so, then please

continue to Step 2: Install Windows Powershell v2

Download and run the installer file.

Restart the computer when it is requested. After

the restart, re-run the setup.exe file on the
installation disc to continue.
Notice that the following step is grayed out:

Step 2: Install Windows Powershell v2

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 10 of 54
 This option may be grayed out. If so, then please
continue to Step 3: Choose Languages
From the Setup menu, choose Step 3: Choose
Languages.

Choose Install only languages from the DVD.

Choose Step 4: Install Microsoft Exchange.

Accept the license terms and click Next

Make a selection on the Error Reporting and click
Next

What you choose here is up to you. However, as

Microsoft does send feedback to the server about
known issues, I personally recommend choosing
Yes.

Choose Typical Exchange Organization.

Leave the path for the Exchange programs as it is,

and click Next

Choose a name for your Exchange Organization

Example: My School District

Click Next

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 11 of 54
 Select Client Settings.

Choose NO unless your school is using Outlook

2003 or Entourage, which is a Macintosh Client
for Exchange.

and choose Next.

Check the box that states The Client Access

Server Role Will Be Internet-Facing
When prompted, give your school's external
domain name:

Example: msd.k12.ar.us

Click Next

Make a choice on the Customer Experience The one exception to this is if you receive a
Program and choose Next. warning that there is no A-record in DNS for the
server. You may continue to install, but won't be
The server will then perform a series of checks to able to receive mail until the external DNS records
ensure all prerequisites have been met. Let it have been installed and are propagated globally.
finish and if it does so without errors, you are free
to click Install.

Exchange will begin to install at this point. This may take some time, during which you might
consider contacting the DIS helpdesk to set up your Firewall Feature Set entries, and to set the host,
MX, and autodiscover records for your own domain. See Appendix B: DNS Settings

Once Exchange has finished installing, from the

Exchange Setup window, choose Step 5: Get
Critical Updates for Microsoft Exchange.
Follow the directions in the windows that follow.
Creating Partitions for the Transaction Logs and Exchange Databases
By default, Exchange 2010 places the transaction logs and exchange databases on the system partition. However, as these
can quickly fill up if backups are not regularly done, it is recommended to set up dedicated partitions for the two types of
files. This helps to prevent the system partition from filling up too quickly.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 12 of 54
Go to Start > Administrative Tools > Computer
Management

Expand Storage, then choose Disk Management.

Find the disk that you want to put the volumes on,
then right-click on Unallocated Space.

Choose New Simple Volume

Next, give the amount of space you want for the

Exchange Database volume, in megabytes.
Remember that 1 GB = 1024 MB.
Here, we will be doing two 20-GB volumes in this
example. 20 * 1024 = 20480 MB.

This number will not be sufficient for your

organization's Exchange installations. Simply
take the number of GB that you want to dedicate
to the partition and multiply it by 1024.

Choose Next. Pick a drive letter of your

preference and choose Next

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 13 of 54
 On the Format Partition screen, leave the File
system as NTFS, the allocation size unit as
Default.

Use a descriptor for the Volume Label

Examples:
Exchange Databases
Exchange T-Logs

Check the box for Perform a Quick Format

Choose Next, then Finish.

Use the previous steps to create another volume.

You want to create separate partitions, one to
create the Exchange Databases, the other to hold
the transaction Logs.

Close out of Disk Management when done.

Navigate to each drive and create a folder for each
mail store you want to make.

It's usually recommended to make one for Faculty

and one for students. In this case, we will only be
making one for faculty.
Moving the Exchange Database and Transaction Logs to Their Respective Partitions
Before we start using Exchange, we need to move the database and transaction logs off of the main system partition. This
will keep it from interfering with the normal operations of Server 2008.
Open the Exchange Management Console
(EMC)

Within the EMC, expand Organization

Configuration, then Mailbox.

In the center pane, choose the Database

Management tab.

From the Mailbox pane, choose the Mailbox

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 14 of 54
 Database that you wish to move. Then click on
Move Database from the panel at the lower-right
Next, the Move Database Path wizard will open.

Check to see what drive letters have been

assigned to your partitions that you made for the
databases and the transaction logs.

Change the path accordingly. You may change the

letter and leave the remainder of the path intact, or
you can cut off the first part of it, starting at the
V14. This is useful because it allows you to keep
separate databases on the same partition, for
example if you were separating students from
faculty.

As the database must be taken offline to move,

you will be prompted that it will be temporarily
dismounted. Click Yes.

Upon completion, the database will automatically

re-mount.
Next, you are encouraged to change the name of
the database. You may right-click on the name of
the database and choose Properties.

Give it a descriptive name for this database. In

our case, we are making one for the faculty, so
let's change it to Faculty Mailbox Database.

At this point, you are ready to start configuring Exchange.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 15 of 54
 INITIAL CONFIGURATION OF EXCHANGE SERVER 2010
Creating the External Receive Connector
Open the Exchange Management Console,
which is located at

Start > All Programs > Microsoft Exchange

Server 2010 > Exchange Management Console
In the tree to the left, expand Microsoft Exchange
on-Premises. This will display the four subtrees of
Organization, Server, and Recipient
Configurations, as well as the Toolbox.

Expand Organization Configuration, then click on

Hub Transport.

Choose the Accepted Domains tab and then click

New Accepted Domain from the action pane to
the right.

Give it the name External E-Mail

Give it the Accepted Domain
msd.k12.ar.us

And as you are wanting to receive this mail to this

server, choose the radio button marked
authoritative domain.

Click OK to finish.
Expand Server Configuration, then choose Hub
Transport.

Right-click on Default (*) Receive Connector and

choose Properties

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 16 of 54
Choose the Permission Groups tab, then check
the box marked Anonymous Users.

Click OK to finish.

The reason we do this is to tell Exchange that it

can accept mail from other servers that don't have
accounts on your domain. If it is not checked,
then the mail will be rejected.

Creating the External Send Connector

Now that we have set up Exchange to receive mail for your domain, the next step is to set it to be able
to send mail for your domain. That is accomplished through the use of Send Connectors.

Send connectors are not based on the server itself,

but on the organization. You will need to open
EMC and choose Organization Configuration,
Hub Transport.

Next, choose the tab marked Send Connectors,

and click New Send Connector from the Action
pane on the right.

Name the new send connector “Outbound e-Mail

Send Connector”.

Change the drop-down to Internet

Next you have to give an Address space. Click the

ADD button. In the address field, type *

Check the box marked Include all Subdomains

Click OK.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 17 of 54
 Click Next on the Network Settings page.

Click Next through the next few screens, then You've created the Send Connector now. You
choose New should be set to both send and receive mail.
Note: If your site is using the state spam filter or another filtering and relaying service, don't forget
that your send and receive connectors need to be modified to only receive from the approved filters
and to only send through the relay. For instructions on how to do this, please consult Appendix C:
Locking Down Exchange to a Relay Filter.

Creating Database-Wide Mailbox Size Limits

It is best to limit down the size of the users' mailboxes at the database level. This ensures that no users
are allowed to exceed this limit without special authorization.
Open the Exchange Management Console.

Navigate to Organization Configuration >

Mailbox.

Choose the Database Management tab. Right-

click on the database you would like to configure
limits on, and choose Properties.
In the Properties window that opens, choose the
Limits tab.

Exchange can be configured to perform specific

actions at three size thresholds. These thresholds
are specified in Kilobytes.

The Issue Warning sends an e-mail to the user

that he/she is approaching his or her mailbox size
limit.

The Prohibit Send option, if activated, will

restrict a user's ability to send new mails when
his/her mailbox has exceeded a certain size.

The Prohibit send and receive option, if

activated, will deny both sending mail and
receiving the new mail, and will send a message
back to the sender stating that their message could
not be delivered due to a full mailbox.

For the deletion settings, please consult your

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 18 of 54
 organization's data retention policies.
Note that the settings here are the most restrictive that would apply at your organization. For users
that need larger mailboxes, you may override these settings at a user level.
Creating E-Mail Address Policies
E-mail address policies allow you to automatically assign consistent mail addresses and aliases to
users. This becomes active when the users are mail-enabled, which can save a lot of work.
In the EMC console tree, navigate to
Organization Configuration > Hub Transport

Click on the E-Mail Address Policies tab.

In the Actions pane in the upper-right, choose

New E-Mail Address Policy

In the wizard that opens, call the new policy,

Faculty Mail Address Policy.

Click Browse and navigate to the Faculty

organizational unit. Click OK, then click Next.

Don't check ANY of the conditions. Choose Next.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 19 of 54
The next window will ask about e-mail addresses.
Choose the Add button.

Choose the First name.last name (john.smith)

radio button.

Choose the Select the accepted domain for the

e-mail address. Choose Browse, then choose
your External e-mail domain. Click OK

Note: If you are moving from Novell, you may

also want to allow the legacy first initial last name
naming standard (jsmith). To do this, click Add
again, choosing the first name initial and last
name (jsmith) radio button. Make certain to
choose the Select the accepted domain for the e-
mail address radio button and browse again to the
external container.

Choose Next when you are finished setting e-mail

address names.
Continue to click Next until you see the
Configuration Summary. Click New. Once this
completes, click Finish.
Recommendation: You can allow students the ability to have e-mail accounts for messaging the
teachers, while limiting both their ability to receive e-mail from the outside world and from one
another. If you would like to allow this, create another e-mail address policy for the students, setting
their addresses to the myschooldistrict.local domain. Not granting them an external domain (such as
msd.k12.ar.us) prevents external mail from being utilized. Once this is done, you will need to create
transport rules that limit their abilities to contact one another or from sending out mail through
Exchange.
Creating OU-Based Dynamic Distribution Lists
Dynamic Distribution Lists create an easy method of sorting users within Exchange, based on their
location in Active Directory. The use of these lists are helpful for both creating mail policies (such as
limiting the students' ability to mail one another or any distribution lists) or for the faculty to send
mail to the entire student body, the faculty, or even to students or faculty from a specific campus or
graduating year. In this example, we will create distribution lists for the faculty and for the students.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 20 of 54
 In the Exchange Management Console, navigate
to Recipient Configuration, then choose
Distribution Group.

In the Action pane to the right, click on New

Dynamic Distribution List to open the New
Dynamic Distribution List Wizard.

Check the box marked Specify the

Organizational Unit, and click the Browse
button.

Choose the Faculty organizational unit, then click

OK.

For the Name use All District Faculty

For the Alias, use AllDistrictFaculty

Click Next
Under the Filter Settings, choose the radio button
marked The Following Specific Types, then
check the box for Users With Exchange
Mailboxes.

Click Next.

On the Conditions page, leave the conditions

alone and choose Next.

Click New to create the Dynamic Distribution

List.

When it has completed, click Finish

Repeat the previous steps to create an All District Students Dynamic Distribution Group, using the
Organizational Unit called Students. This will be used in creating the Student Mail Transport Policy
that limits the student's e-mail abilities.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 21 of 54
 Creating a Student Mail Transport Policy
The default behavior with Exchange thus far is to send through mail as it is sent or received. This isn't
always optimal behavior; for example, it may not be in the district's best interest to allow the students
to e-mail one another, or distribution lists, for fear of abuse. In cases like these, policies can be set
through the use of Transport Rules, which are a series of filters that prevent the delivery of any
undesirable mail. This segment is optional, and covers the creation of such a list of rules.

Open the Exchange Management Console (if it

is not already open) and navigate to Organization
Configuration > Hub Transport.

In the Hub Transport main window, select the tab

marked Transport Rules.

In the Actions pane (to the right), click on New

Transport Rule

This will open up the New Transport Rule Wizard

Name the new transport rule:
Default Student Outbound Mail Rule

For the comment, use:

This rule limits students to only being able to
contact the faculty.

Check the box marked Enable Rule, then hit Next

Under the Actions page, choose Send Rejection

Message to Sender with Enhanced Status Code.

Under Step 2, click Rejection Message. Set the

Bounce Message to Rejected: Students are only
permitted to e-mail faculty members.

Although the Enhanced Status Codes are not used,

it is required for the rule. Select it and use the
arbitrary number 5.7.1.

Click Next, then Next through the Exceptions

Note: You may wish to create more rules that likewise deny
page. Click on New. students from directly mailing to each of the distribution

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 22 of 54
 groups.
After the rule has been created, click on Finish.

Mail-Enabling Users
From the Exchange Management Console,
expand Recipient Configuration, then Mailbox.

Click on Mailbox.
In the Action pane to the right, click New Mailbox
to bring up the New Mailbox Wizard.

Select User Mailbox.

Click Next

Choose Existing Users

Click Add

Select the AD account(s) and click OK and Next

Click Next on the Mailbox Settings page

Finally, click New to begin creating the

mailboxes.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 23 of 54
 Once Exchange finishes creating the mailboxes,
you may click Finish.

Setting Up A Delay For Exchange Services

There is a known issue with the Exchange 2007 and 2010 that can cause difficulties in starting up or
shutting down the System Attendant service. This is especially noticeable in cases where Exchange is
also working as a Global Catalog server (not a recommended configuration) or in cases where the
Exchange 2010 server starts before the Domain Controllers are fully functional (such as after a power
surge). These registry tweaks cause certain Exchange services to have a slight delay in starting,
which gives the AD servers on the domain to come up.

In this portion, we set a delay on the Exchange Service Attendant. There are also two services that do
not normally wait for the Service Attendant to start—the Information Store and the Active Directory
Topology services. We set these to wait on the Service Attendant to start before attempting to start.

For more information, consult Microsoft's knowledge base at http://support.microsoft.com/kb/940845

Open the Registry editor with the command:

Regedit
Navigate to the following key:
HKEY_LOCAL_MACHINE\System\CurrentCont
rolSet\Services\MSExchangeSA\Parameters
Right-click in the right-hand pane and choose
New > DWORD (32-Bit value)

Name the value BootPause and give it the

decimal value of 120

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 24 of 54
 Next, navigate to
HKEY_LOCAL_MACHINE\System\CurrentCont
rolSet\Services\MSExchangeADTopology\

Right-click in the values. Choose New > Multi-

string Value

Name the new value DependOnService

Edit it and change the value to MSExchangeSA

Finally, navigate to:

HKEY_LOCAL_MACHINE\System\CurrentCont
rolSet\Services\MSExchangeIS\

Right-click in the values. Choose New > Multi-

string Value

Name the new value DependOnService

Edit it and change the value to MSExchangeSA

Exit out of the Registry Editor.

Setting Up a Scheduled Backup of Exchange
One of the critical ways that Exchange 2010 maintains data is that it ensures that the database it has
on hand can always be kept up to current. As a result, every transaction—e-mails, et cetera—is kept
in an exchange transaction log file. These can and will fill up a drive, and until they are backed up,
Exchange will NOT purge them.

IMPORTANT: Do NOT delete the log files manually. It is important that they be played back into the
latest backup of the database in case of failure, to ensure that nothing is lost. However, if they fill up
the drive, then the Exchange services will not start.

To correct this and prevent it from recurring, it's important to set up a regular backup of the Exchange
database. The backup MUST be run while Exchange is in a running state. Once this is in place,
Exchange will detect the backups and purge the log files accordingly.

You will find instructions on creating a backup solution in Appendix D: Backing Up Microsoft
Exchange 2010

Configuring the Change Password Feature for OWA

The Outlook Web Access page can be used so that users may change their passwords remotely. In
many cases, it is advantageous to set this up so that when a user's password is expired, that they can
set a new password through OWA.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 25 of 54
 Open the registry editor. You may do this by
going to Start, typing regedit in the search box,
and pressing Enter.

Navigate to the following registrey subkey:

HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\
Services\MSExchange OWA

Within MSExchange OWA, create a new

DWORD value: Right-click in the right-hand
pane and choose New > DWORD (32-bit value)
Give the new value the following name and value:

Name: ChangeExpiredPasswordEnabled
Value: 1

Click OK and exit the Registry Editor.

This registry change must be made on each Client Access Server that utilizes Outlook Web Access.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 26 of 54
 MANAGING EXCHANGE SERVER 2010
Managing User Mailboxes
User Mailbox Overview
In Exchange 2010, the user accounts and the The advantage of this is that the accounts are
mailboxes are two discrete objects. The mailbox modular. While this may seem to be unnecessarily
itself is stored within the Exchange 2010 Mailbox complicated, it does have its uses: If a person
database, and is not tied to any particular user. leaves his or her position, his or her mailbox can
be assigned to his or her successor.
The user account is stored within Active
Directory. This is the same account that is used If the user's Active Directory account is
for file permissions, logging onto the system, accidentally deleted, the mailbox and its contents
printing, et cetera. still exist, and can be easily recovered.

When Exchange 2010 is installed, there are The purpose of this section will be to demonstrate
specific extensions made to the Active Directory how to mail-enable a new user, how to re-assign a
Schema, which gives a new set of attributes to the mailbox to an accidentally-deleted user, how to
user accounts. Among these is a field that links a disable a user's mailbox, and how to delete
specific Exchange mailbox to a particular user orphaned mailboxes.
account.

Mail-Enabling Users
In this example, we have a new user that has joined the faculty. His account has been created as
clayton.stallings.

Before Clayton can receive mail, Exchange 2010 must be instructed to create a database for this user.
Open the Exchange Management Console and
navigate to Recipient Configuration > Mailbox
On the Action pane to the right, click on New
Mailbox.

Choose User Mailbox

Click Next

In the User Type window, choose the radio button

marked Existing Users.

Click the green Add button, then choose the user

or users you would like to create mailboxes for
and choose OK. Click Next.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 27 of 54
If you are doing this for multiple users, Exchange
2010 will attempt to design an alias name for the
mailboxes automatically, based on the username.
These fields may be used to match up
accidentally-orphaned accounts to their respective
owners.

If you are mail-enabling a single user, then you

may be asked to create the alias on your own.
Typically it is recommended to use
FirstnameLastname.

If your policies have already been set, then you

may leave the remaining boxes unchecked. A mailbox alias is a field on the mailbox that contains an
easy way of identifying the user that it was last assigned to.
Click Next, then New, then Finish

Disabling A User's Mailbox

Let's assume that Clayton has worked for the district for quite some time, then chosen other
employment. It is decided that his e-mail is full of information that would be invaluable to his
replacement.
Open the Exchange Management Console and
navigate to Recipient Configuration > Mailbox
Choose the mailbox to be disabled, then click
Disable in the action pane.
A warning box will appear. Click Yes.

Working With Disconnected Mailboxes

The next two examples deal with mailboxes that are orphaned, that is to say, disconnected from any
users. However, these are not always visible. To force them to show, it is important to run the Clean-
MailboxDatabase commandlet.
This commandlet is ran within the Microsoft Exchange 2010 Management Shell, which is a special
instance of Powershell that has extra plugins used to interface with the Exchange 2010 system.
Open the Exchange Management Shell by going
to Start > All Programs > Microsoft Exchange
Server 2010 > Exchange Management Shell.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 28 of 54
 Once in the Exchange Management Shell, get a
list of the mailbox databases using this
commandlet:

Get-MailboxDatabase
Next, issue the Clean-MailboxDatabase
commadlet, using the name of the database (from
the previous step) within quotes. Here we are
assuming that the name is Faculty Mailbox
Database:

Clean-MailboxDatabase “Faculty Mailbox Database”

Note that you will not receive any feedback once this completes; it will return to the prompt.

Re-Assigning An Orphaned Mailbox

Building from our example above, let's assume that Clayton has worked for the district for quite some
time and moved on to other employment. However, his mailbox is full of information that his
replacement, Jane French, will need access to. You will need to open up Active Directory Users and
Computers and create an account for Jane. We will then assign Clayton's mailbox to her.
In the Exchange Management Console, navigate
to Recipient Configuration > Disconnected
Mailbox.
Select the mailbox, then choose Connect from the
Action pane.

Choose the appropriate type of mailbox; in this

case it will be a User Mailbox

Click Next.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 29 of 54
Choose the radio button marked Existing User
and use the Browse button to find Jane French's
account.

Give an easy-to-index alias here—I do

FirstnameLastname, and choose any policies that
apply.

Alias: JaneSmith

Click Next, then Connect, then Finish

Creating Mailboxes for Non-User Resources

A room mailbox is a resource mailbox assigned to a meeting location, such as a conference room,
auditorium, or training room. An equipment mailbox is a resource mailbox assigned to a resource
that's not location specific, such as a portable computer, projector, microphone, or a company car.

These are handy for scheduling, as it allows all users the ability to check out resources as needed in a
centralized calendar.
Creating Mailboxes for Rooms
Open the Exchange Management Shell. Navigate
to Recipient Configuration > Mailbox.
We'll begin our example by adding one for the
science lab.

In the Actions/Mailbox pane, click on New

Mailbox

In the wizard, choose the radio button marked

Room Mailbox

Click Next
Choose New User and click Next

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 30 of 54
 Fill out the information:
Name: HS Science Lab
User Logon Name: hs-scilab-101
Give it a generic password and confirm it.

Click Next.

On the Mailbox Settings page, give it the

following alias:

Alias: HS-SciLab-101

Leave the remaining defaults, then click Next

On the Archive Settings window, leave the

checkbox unchecked and click Next.

Finally, click New and Finish

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 31 of 54
 Creating Mailboxes for Equipment
Open the Exchange Management Shell. Navigate
to Recipient Configuration > Mailbox.
In this example, we make a mailbox for a
projector

In the Actions/Mailbox pane, click on New

Mailbox

In the wizard, choose the radio button marked

Equipment Mailbox

Click Next

Choose New User and click Next

Fill out the information:

Name: 1018 HS-projector
User Logon Name: 1018-HS-Projector
Give it a generic password and confirm it.

Click Next.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 32 of 54
On the Mailbox Settings page, give it the
following alias:

Alias: 1018-HS-Projector

Leave the remaining defaults, then click Next

On the Archive Settings window, leave the

checkbox unchecked and click Next.

Finally, click New and Finish

Managing Address Lists, Distribution Groups, and E-mail Addresses

Address Lists Overview
Address lists are a collection of recipient and other Active Directory objects. Each address list can
contain one or more types of objects (for example, users, contacts, groups, public folders,
conferencing, and other resources).

Address lists also provide a mechanism to partition mail-enabled objects in Active Directory for the
benefit of specific groups of users, such as faculty at a specific campus.
Creating a Global Address List
The Global Address List (also called a GAL) is a directory that contains entries
for every group, user, and contact within an Exchange 2010 organization.
Open the Exchange Management Shell by going Note: This
to Start > All Programs > Microsoft Exchange cannot be
Server 2010 > Exchange Management Shell. done through
the Exchange Management Console.

Issue the following one-line command:

New-GlobalAddressList -Name "District GAL”

-IncludedRecipients MailboxUsers

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 33 of 54
 Removing a Global Address List:
Issue the following one-line command:
Remove-GlobalAddressList -Identity "District GAL”
Note: This cannot be done through the Exchange Management Console.

Listing the Current Global Address Lists:

Issue the following one-line command:
Get-GlobalAddressList
Note: This cannot be done through the Exchange Management Console.

Creating a Dynamic Address List Based on Organizational Unit

Aside from global address lists, you may also consider using site-specific or organizationally separate
address lists. This could be used so that students may find faculty addresses, but not one another's
addresses, or to keep address lists specific to campuses.

In this example, we will show how to create an address list out of the entire Faculty organizational
unit of the myschooldistrict.local domain.
Open the Exchange Management Shell. Navigate
to Organizational Configuration > Mailbox.
In the Action pane, click New Address List.
On the Introduction Page, give the following
information:

Name: Faculty Address List

Container: (leave as the default)

Click Next

On the Filter Settings page, browse to the Faculty

container and click OK. Then you may choose All
Recipient Types. If there are only certain types
you wish to include in the list, choose The
following specific types and check the
appropriate boxes.

Click Next

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 34 of 54
In most cases, you may click Next through the
Conditions page and the Schedule page.

Click New, then Finish.

Applying an Address List
Address lists are a collection of recipient and other Active Directory objects. You apply an address list
when the address list filter rule has been edited. To update the membership of the address list to
include new recipients and remove those who no longer meet the filtering criteria, you must apply the
address list.
Changes that you make to an address list aren't applied to recipients until you apply the list. You can
apply changes to address lists immediately or at a scheduled time by using the New Address List
wizard or the Edit Address List wizard.

Open the Exchange Management Shell. Navigate

to Organizational Configuration > Mailbox.

Click on the Address Lists tab.

Click on the address list you want to apply—in
this case, the Faculty Address List we created in
the last step.

In the Actions pane, click Apply to launch the

wizard.

In the Introduction page, choose Immediately

Click Next, then Apply.

Click Finish

Distribution Lists Overview

Distribution groups come in two varieties with Exchange Server 2010. A Mail-Enabled Universal
Distribution Group can only be used to relay messages in bulk. A Mail-enabled Universal Security
Group can also perform this function, as well as grant access permissions to resources that exist
within Active Directory.
Creating a New Mail-Enabled Universal Distribution Group
Open the Exchange Management Shell. Navigate
to Organizational Configuration > Recipient

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 35 of 54
Configuration > Distribution Group
In the Action pane, click New Distribution
Group

Choose New Group and choose Next.

You also may mail-enable an existing group at

your discretion. If you have security groups in
place for things such as access to special shares
(such as yearbook) or

In the Group Information window, choose

Distribution as the group type. You may leave
the Specify Organizational Unit checkbox
unchecked.

Name: Faculty Mailing List

Alias: faculty.list

The Pre-Windows 2000 name will auto-complete

Click Next, then New, then Finish.

Note: If you would also like to use this group to

assign permissions within Active Directory, such
as to shares, choose Security rather than
Distribution.
Distribution Group Management
Open the Exchange Management Shell. Navigate
to Organizational Configuration > Recipient
Configuration > Distribution Group

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 36 of 54
 Select the distribution group you wish to add or
remove members from.

Click Properties from the Action pane.

In the Mailing List Properties window that opens,

you may add or remove users as needed. When
finished, click OK.

On Changing User E-Mail Addresses

Generally, there will be a few instances during which a user's name changes and therefore his or her
e-mail address will need to also be changed. It is generally recommended that the user's existing e-
mail address be left in place, and an alias added with the new address. This alias should then be
made into the primary e-mail address.
Creating E-Mail Aliases
Open the Exchange Management Shell. Navigate
to Recipient Configuration > Mailbox.

Select the user's mailbox that you wish to add an

additional e-mail alias for.

In the Action pane to the right, click Properties.

Note: You may have to scroll down the Action

Pane in order to see the Properties option.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 37 of 54
Click the tab marked E-Mail Addresses, then the
Add button.

Enter the new e-mail alias in the E-Mail Address

box.

Click OK, then OK to close out of the user's

properties.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 38 of 54
 APPENDIX A:
Setting up ActiveSync Policies for Mobile Devices
ActiveSync is a method of setting up smartphones and other web-enabled devices (such as iPads or
Android tablets) to easily connect with your Exchange server. Through the use of policies, you can
have greater control over how these devices are to behave.

It is recommended that passwords be required for devices, as these may contain student data. As the
standards are currently not set for mobile devices for schools, it is important to cover these with the
district's administration.

Note that prior to using ActiveSync, you MUST purchase and install a multi-site UCC certificate from
a third-party trusted authority. The installation and purchase of this certificate is currently beyond the
scope of this document.
In the Exchange Management Console, navigate
to Organization Configuration > Client Access

In the Action pane, choose New Exchange

ActiveSync Mailbox Policy

For the Mailbox Policy Name, use District Mobile

Device Policy

Select the checkbox marked Allow Non- Not all devices will support all of the features that
Provisional Devices ActiveSync currently offers. Those that do not
support all of these features are called non-
provisional devices. As these are
recommendations that are being pushed from the
server, at this time it is safe to allow them.
Leave the box marked Allow attachments to be Again, this depends on your district's policies, and
downloaded to the device checked. should be set after consulting with the
administrative staff.
Select the box marked Require Password. Select
the options that are required.

Click New, then Finish.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 39 of 54
 Next, right-click on the policy you created, and
choose Properties.
Take a moment to look through the tabs, enabling Note that the Device and Device Applications tabs
and disabling the various options to tune it. Then have options that require Exchange Enterprise
click OK to exit. CALs for each mailbox on which policies are
restricted or file controls imposed.
Finally, right-click on the policy again and choose
Set As Default

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 40 of 54
 APPENDIX B: DNS Settings

DNS Settings for Exchange Server 2010

When setting up your Exchange Server, there are a number of settings that will need to be made within
your external DNS systems. These will need to be made for the server to work properly. The MX
record is used to tell outside mail servers which machine is responsible for handling the mail for your
entire domain.

Also, there is the matter of the Autodiscover service. Autodiscover allows you to rapidly get clients set
up both internally and externally. When you set up a user on a machine, it looks to DNS to find
autodiscover.msd.k12.ar.us. If this record is set up, it will point to your mail server, which will then
send the basic information of how the clients are to connect to it. Autodiscover is also critical for other
services, such as ActiveSync, which allow you to easily set up secure remote access to the mailserver
for many mobile devices, such as smartphones.

The following table is for msd.k12.ar.us, who are using myschooldistrict.local as their local domain.
The EXTERNAL IP address of their mailserver is 170.211.1.98 and the INTERNAL address is
10.10.103.8. By looking at the following tables, you can see how these records need to be set up:

(Figure B.1: Standard setup with mail server, no external filtering)

DNS RECORDS FOR EXTERNAL SYSTEMS
Record Type Name Data TTL
A (Host) mail.msd.k12.ar.us 170.211.1.98 (default)
A (Host) autodiscover.msd.k12.ar.us 170.211.1.98 (default)
MX (Mail Exchange) msd.k12.ar.us mail.msd.k12.ar.us (default)
SENDER PROTECTION FRAMEWORK (SPF) RECORD
TXT msd.k12.ar.us v=spf1 mx a:mail.msd.k12.ar.us ~all (default)
DNS RECORDS FOR INTERNAL SYSTEMS
A (Host) Autodiscover.msd.k12.ar.us 170.211.1.98 (default)
A (Host) Autodiscover.msd.k12.ar.us 10.10.103.8 (default)
A (Host) Autodiscover.myschooldistrict.local 170.211.1.98 (default)

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 41 of 54
A (Host) Autodiscover.myschooldistrict.local 10.10.103.8 (default)

In some cases, such as sites that are using a mail filtering device such as a Barracuda filter or
SpamAssassin server. In that case, you will want to use the same table as above, with some minor
modifications. An A-record will also need to be assigned to the mail filter, and the MX record will
need to point to it. Assuming that msd.k12.ar.us purchases and installs a mail filter at 170.211.1.99,
this is how their DNS records would be set up:

(Figure B.1: Standard setup with mail server, using an external filter)
DNS RECORDS FOR EXTERNAL SYSTEMS
Record Type Name Data TTL
A (Host) mail.msd.k12.ar.us 170.211.1.98 (default)
A (Host) autodiscover.msd.k12.ar.us 170.211.1.98 (default)
A (Host) filter.msd.k12.ar.us 170.211.1.99 (default)
MX (Mail Exchange) msd.k12.ar.us filter.msd.k12.ar.us (default)
SENDER PROTECTION FRAMEWORK (SPF) RECORD
TXT msd.k12.ar.us v=spf1 mx a:mail.msd.k12.ar.us ~all (default)
DNS RECORDS FOR INTERNAL SYSTEMS
A (Host) Autodiscover.msd.k12.ar.us 170.211.1.98 (default)
A (Host) Autodiscover.msd.k12.ar.us 10.10.103.8 (default)
A (Host) Autodiscover.myschooldistrict.local 170.211.1.98 (default)
A (Host) Autodiscover.myschooldistrict.local 10.10.103.8 (default)

Next, there is Unified Communicator. Most sites do not use this, but for those that do, these SRV
records will need to be added. The sipfederation SRV record is only necessary if you have signed up to
federate with Microsoft's servers, which would make your users available to external users of Microsoft
Live/MSN Messenger. If you choose to federate, you will also need to register with Microsoft, which
is beyond the scope of this document.
DNS SRV RECORDS FOR EXTERNAL SYSTEMS
SRV Priority Weight Port Target
_sip._tls.msd.k12.ar.us 10 2 443 mail.msd.k12.ar.us
_sipfederation._tls.msd.k12.ar.us 10 2 5061 federation.messenger.msn.com
DNS SRV RECORDS FOR INTERNAL SYSTEMS

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 42 of 54
_sip._tls.myschooldistrict.local 10 2 443 mailserver.myschooldistrict.local
_sip._tls.msd.k12.ar.us 10 2 443 mailserver.myschooldistrict.local

Regarding The SPF records:

An SPF (Sender Protection Framework) has not been traditionally used. However, as mail
administrators struggle with spam daily, it is becoming more of a widespread requirement. An SPF
record is a specially formatted text record (TXT) that lists the servers that are authorized to get mail for
a domain. When a message is received, the receiving server checks the alleged sender’s mail domain
for an SPF record in DNS. If it finds one, then it checks the servers listed on it to ensure that there is a
match. If the sending address is not on the list, then the mail is discarded as spam. If no SPF record is
found, then often the sending address is compared against the MX, however more domains increasingly
reject them.

An SPF record is formatted as follows:

v=spf1 mx a:mail.msd.k12.ar.us ip4:165.29.200.101 ~all
This is what the sections mean:
 v=spf1 notifies the receiving mail server that this record is the SPF record.
 mx indicates that if the sending server is the same server that receives mail for the domain, to
accept it. Usually this is desirable.
 a:mail.msd.k12.ar.us means to accept mail from any server that is pointed to by this DNS
record.
 ip4:165.29.200.101 (optional) means also to accept mail from this IP address. You may also do
this as a subnet (165.29.200.101/24) or by using multiple IP addresses separated by commas.
(ip4:165.29.200.101,165.29.200.102) However, we greatly recommend that A-records be used
instead.
 ~all finally means to reject mail from any other source. Please note that the mark is a tilde,
located to the left of the ‘1’ key, not a minus sign. This closes the record.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 43 of 54
 APPENDIX C: Using an External Mail Filter or Relay
Exchange 2010 may be used with external mail filtering devices, such as the State Spam filter or
external devices such as a barracuda device. It is very important in these cases to ensure that
Exchange is set up correctly, as well as the appropriate changes made in the filtering device. The
device will need to hold the MX record for the mail. If it is capable of relaying for the server, this
needs to be configured on Exchange.

Note: While the example below uses the state mail relay. While this was once the preferred method
for systems that used the state spam filter, this is NO LONGER RECOMMENDED. Instead, for users
of the state mail filter, it's recommended to send out mail directly by MX (which is the default) and to
add an SPF record into your external DNS to prevent bounces. Instructions for creating an SPF record
can be found in Appendix B.

Setting Up the Send Connector

Open the Exchange Management Console.
Navigate to Organization Configuration > Hub
Transport

Click on the Send Connectors tab.

If there is a send-connector already installed,

DELETE it by right-clicking on it and choosing
Remove.
In the Action pane, choose New Send Connector

Call the new connector:

External Mail Through Smarthost

Set the Intended Use to Custom

Click Next

For the Address space, use an asterisk (*) for the

address. Check the box that allows all
subdomains. Click Next.
For the network settings screen, choose the radio
button marked Route Mail Through The
Following Smart Hosts.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 44 of 54
 Click the Add button and use the correct IP range
for the outbound SPAM relay.

Click Next when you are done

Add the addresses for your outbound mail filtering

device. .

Set up the authentication settings as required and

click Next.

NOTE: If you are using a mail filtering device or third-

party service, you WILL need to set up an SPF record that Click Next, New, and Finish.
details which IP addresses are allowed to send mail for your
domain. Consult APSCN LAN Support for assistance in
developing these if not provided.

Limiting Default Receive Connector to the Filter

Another component of efficient spam control is to not only have all mail destined for the domain itself
to be sent to the state spam filter, but to limit the incoming external mail to only be accepted from the
state filter. This prevents spammers from sending mail directly to your server, rather than through the
MX, which is common for botnets.
Open the Exchange Management Console.

From the Microsoft Exchange On-Premises

window,

Navigate to Server Configuration > Hub

Transport.

In the Actions pane, click New Receive

Connector.
In the New Receive Connector dialog, give the
connector the following values:

Name: External Mail Via State Filter

Intended Use: Custom

Leave the Local Network Settings set to the

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 45 of 54
 default (All Available Ipv4, Port 25).

Use your External name of your mailserver for the

FQDN: mail.msd.k12.ar.us

Click Next

Under Remote Network Settings, remove the

default setting of 0.0.0.0. Next, add the server by
IP address or cluster by IP range in CIDR
notation.

Click Add and give the IP address (or cluster in

CIDR format, which we will be using here)

IP addresses: 165.29.1.128/25

Choose Next
Next, choose New, then Finish.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 46 of 54
Finally, ensure that the Default connector is set for
Disabled. .

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 47 of 54
 APPENDIX D: Backing Up Exchange Server 2010
Exchange Server 2010 is highly dependent on backups. Transaction logs are kept until Exchange is
certain that the latest backup of the database has these transactions. This is great as it helps to keep
lost mail to a minimum, but presents challenges of its own. Namely, the partition that contains the
transaction logs can—and will—fill up quite rapidly if the database is not backed up often.

If the partition does become full, then you will need to expand that drive space, obtain a full backup of
the database and transaction logs, then enable circular logging temporarily to clear out the logs.
Preparation: Installing the Windows Backup Service
Open the Windows Server Manager by going to Start >
Administrative Tools > Server Manager

Click Features from the tree menu to the left, then choose Add
Features from the upper-right corner of the Features Summary
window.
Check the box next to Windows
Server Backup Features.

Ensure that both sub-items,

Windows Server Backup and
Command-line Tools are checked.

Click Next, then Install.

Finally, click Close. You may exit out of Server Manager.
Create the Scripts for the Backup
One of the issues that the Windows server backup utility has is that it wants to create a full backup of
the system partition every time. That may take up an extra 20-30+ gigabytes of space than the
Exchange databases. While this is great from a recovery standpoint, it's not the most efficient means
of getting the regular Exchange backups. The other option is to create a batch file that uses specific
command-line code to only back up the drives that contain the database and transaction logs.

Note: If you are backing up to a removable drive, it's best to share out this drive, then use the same
directions below for backing up to a shared network location.
If backing up to a shared network location
Open My Computer and navigate to the C: drive. It is easier to manage scripts if they
are held in a common location. It is
Create a new directory on C: called AdminScripts the preference of the author to call
it AdminScripts. You may change
this to your preference.
In AdminScripts, create a new text
document with Notepad.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 48 of 54
@echo off
wbadmin start backup -include:E:\,F:\ -backuptarget:\\backup\exchange -
Type this script exactly, replacing
systemstate
-quiet (NOTE: -quiet is not on a separate line.) \\backup\exchange with whatever
share you'll be sharing out to, and
the drive letters for your Exchange
databases and Transaction logs.

This will also back up the system

state.
Choose File > Save As

Navigate to the C:\AdminScripts

folder.

File Name:
Make certain you change the Save as Type to All Files.
Otherwise it will be saved as BackupExchange.cmd.txt, which BackupExchange.cmd
will NOT kick off the backup job.
Save as Type:
All Files

Click Save and exit Notepad.

Setting Up the Script to Run as a Scheduled Task
Navigate to Start > Administrative Tools > Task Scheduler.
In the Actions Pane, choose Create
a Basic Task.

Give the task the following data:

Name:
Exchange Full Backup

Data:
Performs a full backup of the
Exchange Databases, T-Logs, and
System State.

Choose Next.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 49 of 54
 Choose Weekly, then Next.

For the purpose of this tutorial, we

will be doing the Exchange backup
every Saturday night at 6:00 PM.

On the Action page, choose the

radio button marked Start a
Program, then choose Next.

For the Program/Script, browse to

the BackupExchange.cmd script
you created in the previous
segment.

Choose Next, then Finish.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 50 of 54
 APPENDIX E: Troubleshooting Startup Issues
There are many things that can cause an Exchange Database to not start up correctly. Usually when
dealing with these, the number of errors in the event log will increase exponentially and it will be
difficult to determine which ones to work with. The best rule of thumb is to make sure all Exchange
services are stopped, clear out the logs, then restart it. Begin with fixing the first error in the list, then
clear and re-try. Usually one error early will cause many various ones later as the component
services attempt to start up.

Most startup issues with Exchange 2010 are based on three things: Availability of Active Directory,
adequate drive space, and database integrity.
Availability of Active Directory
In many cases, such as the event of a building-wide power failure, the Exchange server will be booted
at the same time as the site's domain controllers. Because Active Directory is one of the last few items
on a Windows server to start, this can cause the following errors:

Event ID : 1005
Source : MSExchangeSA
Category : General
Type : Error
Description : Unexpected error The Local Security Authority cannot be contacted ID no: 80090304 Microsoft Exchange System Attendant occurred.
Event ID: 2601
Source: MSExchange ADAccess
Category: General
Type: Warning
Description: Process MSEXCHANGEADTOPOLOGY (PID=1624). When initializing a remote procedure call (RPC) to the Microsoft Exchange Active
Directory Topology service, Exchange could not retrieve the SID for account <WKGUID=DC1301662F547445B9C490A52961F8FC,CN=Microsoft
Exchange,CN=Services,CN=Configuration,...> - Error code=80040934. The Microsoft Exchange Active Directory Topology service will continue
starting with limited permissions.
Event ID: 1121
Source: MSExchangeIS
Category: General
Type: Error
Description: Error 0x96e connecting to the Microsoft Active Directory.
Event ID: 5000
Source: MSExchangeIS
Category: General
Type: Error
Description: Unable to initialize the Microsoft Exchange Information Store service. - Error 0x96e.

To fix this, wait for the Domain Controllers to start, then reboot the Exchange server. Also, the
following registry entries may be added to the Exchange 2010 server to create an additional delay
before attempting to start. These will help as they give Active Directory adequate time to start before
the various Exchange services begin. The server will need to be rebooted prior to these taking effect:
Registry Path Registry Subkey (Multi_SZ) Registry Values
HKEY_LOCAL_MACHINE\Sy DependOnService EventLog, RPCSS,
stem\CurrentControlSet\Services LanmanWorkstation,
\MSExchangeSA LanmanServer, Netlogon
HKEY_LOCAL_MACHINE\Sy DependOnService Netlogon
stem\CurrentControlSet\Services

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 51 of 54
\MSExchangeADTopology
HKEY_LOCAL_MACHINE\Sy DependOnService Netlogon
stem\CurrentControlSet\Services
\MSExchangeIS
HKEY_LOCAL_MACHINE\Sy DependOnService MSExchangeSA
stem\CurrentControlSet\Services
\MSExchangeADTopology
HKEY_LOCAL_MACHINE\Sy DependOnService MSExchangeSA
stem\CurrentControlSet\Services
\MSExchangeIS
HKEY_LOCAL_MACHINE\\Sy BootPause 180120
stem\CurrentControlSet\Services
\MSExchangeSA\Parameters

Adequate Drive Space

Many of the components of Exchange 2010 cannot start without adequate space. One of the most
common pertains to the log files on the system volume, and another to the transaction logs that are
utilized by Exchange itself.

The transaction logs will automatically be deleted by Exchange once it is convinced that the mail store
has been backed up. It is imperative that these not be deleted manually if at all possible, with the
exception of certain cases, because these contain every single transaction that has occurred on the
Exchange system prior to the last backup of the database. In the event of the database being crashed
beyond repair, these can be played back to the backup to prevent lost mail.

Reclaiming Drive Space on the Transaction Log Partition OR Repairing the Database:
In order to claim the transaction log space, you will need an external drive roughly equivalent to 115%
of your mail store. Plug the drive into the server. For purposes of demonstration, we will refer to this
external drive as H: although the actual letter mapped to it will differ depending on your server
configuration.

This procedure is also the same as the one used if the database is in a corrupt state, such as a Dirty
Shutdown caused by power loss before changes can be committed.
First, check the state of the mailbox databases to
ensure that they are Not Mounted:

Open the Exchange Management Console and

navigate to Organization Configuration >
Mailbox.

Select the tab marked Database Management.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 52 of 54
Looking at the figure to the right, you'll notice that
there is one mailbox database. The database itself
is located on the F: drive, with the logs located on
the G: drive. Looking at the bottom pane, we see
the details of the database. The copy status has it
listed as Dismounted.

If the database is NOT dismounted, you must do

so by clicking on the database in the bottom pane,
then choosing Dismount Database from the
Action pane to the right.

It is HIGHLY recommended that you grab a

full backup of the Exchange database and
transaction logs before proceeding
Next, open a command prompt. You will need to
navigate to the drive and directory that the log
files for the database are kept in.

cd G:\path\to\exchange\logfiles
Once you are in the directory that contains the log
Eseutil /p F:\path\to\exchange\database.edb /t h:\tempfile
files, issue the command to the left, adjusting
Eseutil /d F:\path\to\exchange\database.edb /t h:\tempfile paths and filenames as required for your own
Exchange organization. You can make typing in
the path to the database easier by using the TAB
key after the first couple of characters of each
directory.

Do not interrupt the Exchange server. Each step

will take one to several hours to complete.
Once it completes, you may delete all of the Del *.log
transaction log files.
Finally, perform a full backup of the Exchange 2010 database immediately, then reboot the server.
Also schedule regular backups to prevent recurrence. The methods for doing so may be found in
Appendix E:
If the System Volume (C:) is Full: Tuning Audit Logs
Another common cause of Exchange system failure is if the Windows System volume—usually the C:
drive—is full. This is commonly caused on Exchange 2010 servers due to mistuned audits for object
access. This may be corrected as follows:

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 53 of 54
On the Exchange server, open the Local Security
Policy Editor. The easiest way to accomplish this
is to go to Start > Run then type secpol.msc

Within the Local Security Policy screen, navigate

to Local Policies > Audit Policy

Check to ensure that Audit Object Access is set

to either No Auditing or Failure, then click OK

Since Exchange uses object access every time a

mailbox is accessed by a user or by the Exchange
backend, if Success is checked, the logs can
quickly grow out of control.

Close the Local Security Policy, then navigate to

C:\Windows\System32\winevt\Logs

Delete all .evtx files within this folder. They are

listed with the Type Event Log

Reboot the Exchange 2010 server so that the new

audit settings can take effect.

Arkansas Department of Information Systems – APSCN LAN Support

Last Revision 2011-05-18; Jason B. Black Page 54 of 54