cbt nuggets-exchange server 2003
TRANSCRIPT
-
8/8/2019 CBT Nuggets-Exchange Server 2003
1/47
Exchange Server2003
-
8/8/2019 CBT Nuggets-Exchange Server 2003
2/47
Chapter 1
Exchange Server 2003 is total Messaging Collaboration & contact Management Solution.
Objective
Security Reliability and performance Improvements. Administration and Management. Server 2003 and Active Directory. Compatibility Issues.
Exchange Server 2003
Enhanced Security. Improved Manageability. More Reliable. Better Productivity. Lower TCO (Total Cost of Organization)
Exchange 2003 Security
Connection Filtering (Block Junk Mail etc.). Distribution list restriction. OWA Forms-based Authentication. Kerberos Authentication. Privacy Protection. Anti-Virus API 2.5 Enhanced Public Folder Security.
Reliability and Performance
8 Nodes Cluster Support (Which was earlier 2 Nodes support for Exchange 2000) Mailbox Recovery Centre Automatic Error Reporting Virtual Memory Reporting Dr. Watson 2.0 (which is a application troubleshooting tool) Outlook Synchronization Performance. Enhanced DNS-Based Internet mail Delivery.
Administration and Management
Exchange System Manager. Volume shadow copy services. Dynamic Distribution Lists Public Folder Management Move Mailbox Utility Deployment Tools.
Server 2003 and Active Directory
-
8/8/2019 CBT Nuggets-Exchange Server 2003
3/47
ADMT 2.0 Replication Improvements. Cross-Forest Trust. Active Directory Manageability Internet Protocol Support.
Compatibility Issues
Exchange 2003 (SP) 3+ can operate in Windows 2003 Active DirectoryEnvironment.
Exchange 2003 runs on either Windows 2003 Server with SP 3 or Windows 2003Operating System.
Although 5.5 and 2000 can be installed on windows 2003 servers, File andPrint servers, Domain Controllers, Global Catalog Serves can all be upgraded
to windows 2003 with no impact on Exchange.
Chapter 2
Installing Exchange 2003
Improvements to setup process. Deployment Tools. Requirements for Exchange 2003. Running FOREST PREP and DOMAIN PREP Running Exchange 2003 setup.
Improvements to Exchange setup
Setup no longer needs full organization permissions. Domain users denied local logon rights on Exchange server itself. The new ChooseDC switch for setup. The default permissions are assigned only at the organizational level. Warning message appears of Exchange groups are moved, deleted or renamed. Mailboxes access permissions. Message Size limits and item size for Public folder set by default (10 MB)
Exchange Server Deployment Tools
Required Tools and documentation. Guide for install, upgrade and migration. Exchange 2003 Tools and updates at www.Microsoft .com Access from Exchange 2003 CD.The Process goes on like this
DCDiag ---- NetDiag ---- ForestPrep ---- DomainPrep ---- Exchange Setup
Requirements for Exchange 2003
-
8/8/2019 CBT Nuggets-Exchange Server 2003
4/47
Domain Controllers and global Catalog Servers running Windows 2000 serverwith SP 3 or Windows Server 2003 . Servers are running Windows 2000 SP 3 or
Windows server 2003 Active Directory.
DNS and WINS configured properly in your Windows Site. Disk Partitions must be formatted for NTFS File System.Following services must be running:
.NET Framework ASP .NET Internet Information System (IIS) 6.0. World Wide Web Publishing Service. Simple Mail Transfer Protocol (SMTP) service. Network News Transfer Protocol (NNTP) serviceHardware Requirement:
Intel Pentium or compatible 133 MHz or faster processor. 256 MB of RAM recommended Minimum, 128 Minimum supported. 500 MB of Available Hard Disk space for installation of Exchange. 200 MB of Available disk space on hard drive. CD Rom SVGA or higher resolution monitor.
Scenario:
Make a Service account svc_exchange in 2000 AD and make this account member of Schema Admin, Domain
Admin and Enterprise Admin.
Exchange 2003 Setup Switches:
Setup.exe /ChooseDC : This is used to choose the DC to and from which read and
write Active Directory during the installation process.
/DisasterRecovery : this is used to recover your Exchange installation after you already configure restoration, you
restored from the backup, when use this switch because setup and skip that process of registering with AD you
need to read or write AD reinstall the binary files of Exchange, Basically you reinstall the information from the
backup to map those Databases.
/?: Shows all the Command line options with brief explanation of all the switches.
/Password : when it reboots during the setup process it will automaticallyauto log on
/ShowUI: this is used with Un attended mode of installation
/NoEventLog: Prevent any log to be written during installation process in Event viewer Application, Security etc.
/NoErrorLog: It disabled any error logging in event viewer
-
8/8/2019 CBT Nuggets-Exchange Server 2003
5/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
6/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
7/47
You can use ADSI Edit tool to rename the Exchange server name, which is very typical process and experienced
Administrators are only responsible for that.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
8/47
And the process starts for installation of Exchange server.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
9/47
Chapter 3 Upgrading from Exchange 2000 to Exchange 2003
Upgrading and Migration essentials. Front-End servers Vs Back-End Servers. Mixed mode and Native Mode. Post Installation issues. Removing and Exchange 2003 server.
Upgrading and Migration essentials
This will tell you upgrading from Exchange 5.5 to 2003, which is considered to be much easier and much simpler
Some of the things which need to be done prior to the upgrade
There is no support for Cc:Mail and MSFT Mail
First you have to remove following services from Exchange 20001. Instant Messaging2. Microsoft Chat.3. Key Management service.4. Lotus CC: mail connector5. Microsoft mail connector.
We have to just make sure that we have to remove some of the components because server 2003 doest not support
those components but we need to follow and adhere to the following requirements for operating system and
Exchange 2000 server.
Things needs to adhere to
Install Ex 2000 SP3 or later. Install Win 2000 server SP 3 or later. Same Language. Front-End server first.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
10/47
Front-End servers that deal with primarily incoming Client connection, Protocol handling,
Where as Back-End servers are specifically for Mail box databases and public folder storage and the matter of fact
dedicated front end server in exchange cant post public folder and mail box databases this is an important
consideration pre deployment. The main benefits of front end and back end servers are:
Front End servers:1. Unified Namespace to the users outside and inside the organization accessing the exchange servers they
dont have to remember the names of the servers. E.g., WWW.Nuggetlab.com gives the Web access to all
over the enterprise.
2. Firewalls: also, firewalls allow placing your front end servers behind the firewalls which prevents severs fromDOS attacks and any other vulnerability from the Internet.
3. Lower SSL overhead: this is used basically for encrypting and decrypting on any activity.
Exchange 2000 overview which is running on Win Advance server 2000
-
8/8/2019 CBT Nuggets-Exchange Server 2003
11/47
We have to make sure before upgrading Exchange 2000, not running Exchange management and any other type of
management tool for Exchange 2000. We have to got o following path
We have delete the contents for this folder Bad Mail before we start our upgrade, this folder contains the
undeliverable contents of SMTP stores the undeliverable messages that cant be returned to the sender. These
folders can also some messages from outside users who are trying to SPAM for your exchange organization. We
have to delete the contents for this folder because Exchange 2003 has to re stamp the ACL for all of the exchange
server folders. If this folder contains whole of the bunch of messages your setup will take whole lot longer then the
usual time.
Third Pre installation test which you test and investigate thoroughly, to check for any vendor upgrade all the
compatibility issues and any third party software, any third part programs and Add-ons for Exchange 2000. All the
patches and upgrades are available before the complete step. Also, if there is any third party softwares services are
running you have to manually stop those one before start installation.
To Start the migration:
-
8/8/2019 CBT Nuggets-Exchange Server 2003
12/47
Exchange Migration Factoids:
If you are moved from one organization to another:
You must have Administrative permissions into source and target Domains. May need to setup a two way trust between those domains. Can use migration wizard only.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
13/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
14/47
For Domain Prep
-
8/8/2019 CBT Nuggets-Exchange Server 2003
15/47
Install and Upgrade Exchange
-
8/8/2019 CBT Nuggets-Exchange Server 2003
16/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
17/47
Steps for post installation:
If you go back to the Exchange server Deployment Tool Wizard
Click on perform post-installation steps
Change to Native Mode:
System Manager
-
8/8/2019 CBT Nuggets-Exchange Server 2003
18/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
19/47
Since we have upgraded Exchange 2000 to 2003 its already in Native mode, otherwise there is an option of making
this from Mixed to Native Mode.
After up gradation all of the mail boxes automatically transferred into Mailbox Store (server name) which is the
Database of the Exchange Server. If we are upgrading other servers we have tool to do that i.e., Deployment Tool
Migration Wizard.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
20/47
We have a wide variety of options
If we choose Migrate from Microsoft Exchange that means we are migrating from other Exchange servers. This is
basically migrating from other Exchange server which is not part of this organization/system.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
21/47
This step guides you to make sure after Exchange installation all of the services are running and all necessary tools
are installed on the system.
Microsoft Exchange Information Store is very important service if that service stops no mail box stores no folders
are available for the server.
Microsoft Exchange management: this is basically for WMI; if this service stops WMI is not available.
MTA Stacks: this is for X.400 services.
Routing Engine: this is also one of the core services for Exchange this provides the routing information Topologyinformation to all 2003 servers for optimal routing of messages.
Site Replication Service: If you are in 5.5 environments you have SMS or SRS is disabled for 2003 only used in 5.5
servers.
Exchange System Attendant: This service provides 5 things that it handles. Those are
Monitoring, Monitoring your Connectors, Monitoring your Services, Maintainace like defragmenting your Exchange
store your database, connectors or monitoring connectors forwarding AD lookups to GC servers AD functions.
All these particular services have dependencies
-
8/8/2019 CBT Nuggets-Exchange Server 2003
22/47
This will tell you the core services on which the specific service depends on.
Removing Exchange server 2003
Best Practice: The Wiz
Move all mailboxes first (or Remove)
Transfer roles of Bridgehead server or Routing group master
No Connection Agreement or Installed Connectors.
TIP: Delete Mailbox for Administrator
Chapter4 Configuring Exchange 2003 for Proactive Management
Delegation of Authority. Administering from Client Workstation The Magic MMC Tour. Administrative; Routing groups in Nutshell.
Delegating Authority (Organization level or Administrative group level):
Install user account given full Admin rights. Need to track/audit each exchange Admin. Delegate Authority to user and groups.
Permissions which can be applied on Organization level or Administrative group level
Exchange Full Administrator: have the ability to do everything in Exchange organization including modifying
permissions.
Exchange Administrator: they can also do everything except for modifying permissions.
Exchange View only Administrator: This is only fro view only or read only role.
Make All the above Global Security groups in AD
-
8/8/2019 CBT Nuggets-Exchange Server 2003
23/47
Delegation of control to the groups:
-
8/8/2019 CBT Nuggets-Exchange Server 2003
24/47
Only Exchange Full Administrator having the full control on Exchange Organization by default. After Clicking ADD you
can get the three roles in that:
Select the group and ADD the Exchange Full Admin in this way you can delegate the control for any user or Group.
Administering from Client WorkStation
Shouldnt Administer Via server console May limit logon locally rights Install Exchange System management Tool. Workstation must be in same Forest/Domain.
XP Pro SP1, SP2, SP3, Win 2000 server with SP3, Windows server 2003
How to Install System Management Tool on XP Machine:
First you need windows server 2003 Admin pack installed on that Machine for viewing AD users and computers.
Install that from i386/adminpak.msi
-
8/8/2019 CBT Nuggets-Exchange Server 2003
25/47
Insert Exchange server disk
Click on Exchange System management tools only.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
26/47
Magical MMC
Start Runmmc
Which is used as Exchange and Windows administrator
Save this Console on your desktop. This MMC will be the combination for your Windows as well as your Exchange
Administration.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
27/47
Administrative Groups in Nutshell:
Sites were limited and inflexible Administrative Groups define the Administrative Topology Separated from physical (SITE) structure Administrative Groups contain: servers, policies, routing groups, public
folder trees
A collection of objects for simpler control
To build up Administrative or routing groups:
-
8/8/2019 CBT Nuggets-Exchange Server 2003
28/47
We can create Administrative groups for each of the locations
-
8/8/2019 CBT Nuggets-Exchange Server 2003
29/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
30/47
Internet connection firewall (ICF) Using MAPI (Messaging API) through firewall (RPC over HTTP) Virus protection measures
Connecting Exchange over Firewall
Firewalls are designed in this way to stop malicious intruders and other attackers to get inside into our internal
Network. A firewall is one or more systems combined with each other which is generally a combination of hardware
or Software. By Definition a firewall is a security mechanism that prevents unauthorized Access into trustednetworks and un-trusted networks and generally it is a line of defense between Exchange organization between
Internal System and Internet. The firewall is a primary tool that will in act the overall security policy of the network.
Prevents External users from accessing your internal network
A Combo of Hardware and Software
First Line of defense to the Internet
Packet filtering: Firewall look into all the data packets that comes into the edge of your organization or it leaves the
network at the edge of your organization and you can basically permit or deny packets based on wide variety like
resource, IP Address or even port numbers (TCP\UPD).
Scanning: It is also use to scan viruses which is combined with other softwares to scan worms viruses and malicious
code.
Proxy Server (NAT): it is also used as Proxy server to hide the internal network list and only expose only one single
Address on the internet filtering packets like web pages and accept only those which is according to business needs.
A firewall has to protect our back end Exchange server that keeps our Public folder stores, our Mailbox store, and
our Mailbox databases. Also we have to protect our Front end servers e.g., Exchange Server, web Server, AD etc.
It is recommended that we may keep our front end server in a DMZ Zone and or you may also call it as perimeter
network. Exchange itself is not a firewall product but it can be defined as application proxy server this is because
exchange comprehends protocols like mail protocols depends on data type and they can figure out the data sourcethat you doing to be acceptable or even corrupted, and if you have set Exchange 2003 properly you wont need a
separate proxy server you dont need a firewall.
TCP Port Filtering:
SMTP : 25 this is the mail protocol which we are using to transfer mail and routing mail to different
systems.
HTTP : 80 for Web Access
-
8/8/2019 CBT Nuggets-Exchange Server 2003
31/47
Kerberos : 88 this handles the Authentication system/ Ticketing System.
MTA-X.400 over TCP/IP : 102 Message transport Agent.
POP3 : 110 this is used to store/retrieve messaged over internet.
NNTP : 119 news protocol
RPC Exchange : 135
IMAP4 : 143 new protocols for client access to exchange.
LDAP : 389 which are used to do the queries of AD Global catalog servers.
HTTP with SSL : 443
NNTP with SSL : 563
LDAP with SSL : 636
IMAP with SSL : 993
POP3 with SSL : 995
Lookups in AD
Global Catalog : 3268 & 3269
TCP is allowing two separate hosts to establish an connection allowing two separate connections to exchange data
and lot of the services will be user with internet specifically are using different ports from the TCP port so this is
important for us what ports we want to leave open and what port we want to close off.
Internet Connection firewall (ICF):
Used under secure
-
8/8/2019 CBT Nuggets-Exchange Server 2003
32/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
33/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
34/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
35/47
You can add any other services to this.
Configuring Exchange 2003 for RPC over HTTP
1. Setup Front end server as RPC proxy server.2. Enable basic authentication in IIS for RPC virtual directory.3. hack the registry to open ports4. Open the same ports in firewall to Back end servers5. Create a profile on outlook clients
Let us configure Front End Server (nugget1) to use RPC over HTTP.
Start Control panel Add Remove Programs Add Remove windows ComponentsNetworking Services
RPC over HTTP Proxy
To configure RPC virtual Directory.
Start Administrative Tools IIS
-
8/8/2019 CBT Nuggets-Exchange Server 2003
36/47
Web Sites Default Web Site RPC Right Click Properties Directory Security Authentication and
access control Disable Anonymous Access Basic Authentication Yes OK
Hacking the Registery
Start run regedit HKEY_Local_Machine SOFTWARE Microsoft RPC Rpc Proxy Valid Ports
Modify
To enhance knowledge you can download Ex2k3RPC_HTTP_Deploy.exe document.
Virus Protection Measures:
Virus:
- Chunk of Executable code that latches on to files or applications. It replicates and proliferates from host tohost over the network.
- Require a Host computer and can also deliver and payload. Usually it consumes bandwidth, memory, andDisk storage.
Worm:
- Replicates like a virus but doesnt need a host program. Usually does its damage when the operating systemor program copies data.
Trojan horse:
- A program that masquerades (hide himself) as something harmless (System Tool or Game) but is potentiallydangerous. Generally comes through E mail or Floppy but does not replicate like worm or Virus.
Anti Virus Protections:
1. Install updated software.2. Educate users.3. Verify compatibility Vendor support.4. Performance Affect?5. Safeguard all threats?6.
Inbound: Outbound scanning.7. Automatic Updates?
8. Client, Information Store, Transport, Firewall.Chapter 6: Exchange server 2003 Security Part 2
Exchange Mailbox Security. Digital Signatures and Encryption Disabling Unnecessary Services. Protocol Logging.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
37/47
Securing mailboxes in Exchange 2003
Message filtering matches established rules to E mail headers and body text. OWA and Outlook 2003 have a Junk E mail tool. For exchange 2003 filtering configure properties of the Global message delivery object to generate global
filters.
SMTP virtual server is setup to use filters.Client Side Junk E mail Feature Tool:
-
8/8/2019 CBT Nuggets-Exchange Server 2003
38/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
39/47
Relay Blocking Lists (RBL)
Published lists of known sources of Junk E mail and Spam
www.Mail-Abuse.org
Not 100% foolproof!!
Exchange 2003 connection filtering can subscribe to RBL
Configuring Connection Filtering: We are going to configure that our DNS lookups will see the Relay Blocking lists.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
40/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
41/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
42/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
43/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
44/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
45/47
To block manually a Spammer or nay Junk E mail provider for the entire Domain.
-
8/8/2019 CBT Nuggets-Exchange Server 2003
46/47
-
8/8/2019 CBT Nuggets-Exchange Server 2003
47/47