mod 03 e2010 aot sp1 cas lab3

7/27/2019 Mod 03 e2010 Aot Sp1 Cas Lab3

http://slidepdf.com/reader/full/mod-03-e2010-aot-sp1-cas-lab3 1/20

Microsoft | Services © 2008 Microsoft Corporation

Microsoft Confidential

Module 3: The Client Access Server



2 Module 3: The Client Access Server



Information in this document, including URL and other Internet Web site references, is subject to change

without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-

mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any

real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or

should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Thesematerials are intended for distribution to and use only by Microsoft Premier Customers. Use or distribution of

these materials by any other persons is prohibited without the express written permission of Microsoft

Corporation. Without limiting the rights under copyright, no part of this document may be reproduced, stored in

or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,

photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft

Corporation.

Microsoft may have patents, patent appl ications, trademarks, copyrights, or other intellectual property rights

covering subject matter in this document. Except as expressly provided in any written license agreement from

Microsoft, the furnishing of this document does not give you any license to these patents, trademarks,

copyrights, or other intellectual property.

© 2010 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered trademarks or

trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective

owners.





Lab 3A: Configuring RPC Client Access

Introduction

In this lab, you will configure RPC Client Access.

Objectives

After completing this lab, you will be able to:

• Configure a Client Access server array.

• Configure Exchange Server to use the Client Access server array for RPC client

access.

Prerequisites (if applicable)Ensure that the AD1DCMCLNT, AD1HC1, and, AD1HC2 virtual machines are running.

Estimated time to complete this lab

40 minutes






Exercise 1: Configuring a Client Access Server Array

In this exercise, you will:

• Create the internal DNS entry.

• Setup network load balancing using Windows load balancing.

• Create the Client Access server array.

The first two tasks are network related, and are not related to the third task, which enables

Microsoft® Exchange Server 2010 to find and use the Client Access server array.

The third task creates the array object in Active Directory Domain Services (AD DS) for

the Autodiscover service to use when configuring new clients and for database creation to

be associated with the Client Access server array. Only one Client Access server array

can exist in each Active Directory site.

Scenario

You have two Client Access servers. You wish to combine them into one Client Access

server array in an existing environment.

Create the internal DNS entry

1. On AD1DCMCLNT, log on as Contoso\Administrator with password Password1.

2. Click Start, point to Administrative Tools, and then click DNS.

3. Right-click contoso.com, and then select New Host (A).

4. In the New Host dialog box, under Name, type casarray.

5. Under IP address, type 10.0.1.110.

6. Click Add Host.

Setup network load balancing using Windows load balancing

1. On AD1HC1, log on as Contoso\Administrator with password Password1.

2. Execute the following command:

servermanagercmd.exe -install nlb

3. Repeat this step on the AD1HC2 server.

4. On AD1HC1, click Start, point to Administrative Tools, and then click Network

Load Balancing Manager.

5. Select Cluster, and then click New.

6. In the Host entry, add AD1HC1 as the first Client Access server, and then click Next.

7. Click Next again.





8. Select the IP address you wish to associate with the array. This is the same as the IP

address and name you gave the array in your DNS entry 10.0.1.110. Click Add, and

then click Next.9. In the wizard, in Cluster Parameters, do the following, and then click Next.

A. Specify the fully qualified domain name (FQDN) of the array in the Full

Internet name text box: casarray.contoso.com

B. Select Multicast.

10. In the Port Rules dialog box, accept the defaults, and then click Finish.

In the Network Load Balancing Manager, you might see an hour glass by the name of

the server you added, but after the server has been configured, you will see the server

listed with no hour glass.

11. In the left pane of the Network Load Balancing Manager, click

casarray.contoso.com, and then confirm that the status is Converged.

12. Right-click on the name of the cluster, and then select Add Host to Cluster.

13. Add the AD1HC2 server, and then accept all of the defaults.

14. You should see the two servers with a Converged status. It might take several

minutes for the status to change. If the status does not change, ensure that you

selected Multicast.

To perform a simple test, try pinging the array name you used in DNS and as the

name of the cluster in the Network Load Balancing Manager. You should see a

response.

Create the Client Access server array

1. On AD1HC1, click Start, click All Programs, click Microsoft Exchange Server

2010, and then click Exchange Management Shell.

2. Confirm that you do not have a Client Access server array already configured by

executing the following cmdlet:

Get-ClientAccessArray

There is no return response if an array does not yet exist in your environment. If an

array already exists, then someone created it and you only need to reconfigure it for

the FQDN you created in your DNS entry and network load balancing configuration.

3. Execute the following cmdlet:

New-ClientAccessArray –Fqdn casarray.contoso.com –Site Site1

The array object casarray.contoso.com now exists in AD DS at the following location:






CN=Arrays,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative

Groups,CN=Contoso,CN=Microsoft

Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com

The name of the Exchange administrative group may be different if you create the object

in an environment with no previous Exchange Server versions.

You can view the array object and verify its networkAddress attribute by using ADSIEdit.

The networkAddress attribute corresponds to the FQDN.

From this point on, all newly created mailbox databases in this site will be associated

with this array. The database creation process pulls the value of the networkAddress

attribute from the array object in AD DS and assigns it to the database’s

RPCClientAccessServer attribute.





Exercise 2: Configuring Exchange Server to Use the ClientAccess Server Array for RPC Client Access

In this exercise, you will configure existing mailbox databases so that they are associated

with the Client Access server array you created in the previous exercise.

By default, all mailbox databases are associated with a Client Access server, and the

Microsoft Office Outlook® client communicates directly with the Client Access server

until you have updated the mailbox database so that it associates the Client Access server

array. This step is required so that when a user’s mailbox is found in AD DS, Exchange

Server 2010 knows what to send to the client to connect to the array.

You can check which server a mailbox database is associated with the following cmdlet:

Get-MailboxDatabase | fl name,Rpc*

If you have more than one database, you see multiple listings and the

RpcClientAccessServer value could be on different servers.

Scenario

To enable RPC client access to work properly, you must associate your mailbox database

with the Client Access server array.

Associate the Client Access server array with existing mailbox databases

1. On AD1HC1, click Start, click Programs, click Microsoft Exchange Server 2010,

and then click Exchange Management Shell.

2. Execute the following cmdlet to associate the mailbox database with the Client

Access server array:

Set-MailboxDatabase “MBXDB01” –RpcClientAccessServer casarray.contoso.com

This cmdlet changes the legacyExchangeDN attribute of the mailbox database. To

view this value, use ADSIEdit:






The value is stored in the following location:

CN=MBXDB01,CN=Databases,CN=Exchange Administrative Group

(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=Contoso,CN=Microsoft

Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com

After changing the value stored in this attribute, the client knows where the RPC

endpoint is located.

3. On AD1DCMCLNT, use Office Outlook to log on to an Exchange Server 2010

mailbox to ensure connectivity. Use the Administrator user account with a password

of Password1.

Question A: View the profile and check whether the Exchange server entry is

the Mailbox server or the Client Access server array. What does

it point to?

____________________________________________________

____________________________________________________





Lab 3B: Using the Certificate Wizard

Introduction

You can view all certificate-related operations from the Exchange Management Console

after selecting Server Configuration, and then selecting the name of the server you want

to modify.

In this lab, you will learn how to use the Exchange Server 2010 Certificate wizard. You

will use the internal Certificate Authority (CA) to simulate a public CA scenario.

Objectives


• Use the Certificate wizard to generate a certificate request.

• Submit a certificate request to the CA.

• Enable and verify a certificate.

Prerequisites

Ensure that the AD1DCMCLNT, AD1HC1, AD1HC2, AD2DCHCM, and AD3DCHCM

virtual machines are running.


45 minutes






Exercise: Using the Certificate Wizard


• Create a new certificate request.

• Submit the certificate request to the Certificate Authority.

• Complete the pending certificate request.

• Enable the certificate for IIS.

• Export the Contoso certificate from AD1HC1 and import it into AD1HC2.

• Import the Contoso certificate to AD1HC2.

• Enable the certificate on AD1HC2.

• Add mail and Autodiscover records to DNS.

• Verify successful certificate installation.

Scenario

You need to provide a certificate requested for the IIS-related services on their Client

Access server.

Create a new certificate request

1. On AD1HC1, click Start, click Programs, click Microsoft Exchange Server 2010,

and then click Exchange Management Console.

2. In the console tree, click Server Configuration.

3. Select AD1HC1 from the middle pane.

By default, there is a self-signed certificate already created for this server. You are

attempting to create a new non-self-signed trusted certificate.

4. In the Actions pane, click New Exchange Certificate.

5. In the wizard, on the Introduction page, enter Contoso as the name for the

certificate, and then click Next.

6. Leave the Enable wildcard certificate checkbox unchecked, and then click Next.

7. On the Exchange Configuration page, click on the dropdown arrow to unhide each

section of the configuration.

8. Check the following checkboxes and specify the following domains, and then click

Next.

• Client Access Server (Outlook Web App)

• Outlook Web App is on the Intranet (mail.contoso.com)

• Outlook Web App is on the Internet (mail.contoso.com)





• Client Access Server (Exchange ActiveSync)

• Exchange Active Sync is enabled (mail.contoso.com)

• Client Access Server (Web Services, Outlook Anywhere, and Autodiscover)

• Exchange Web Services is enabled

• Outlook Anywhere is enabled (mail.contoso.com)

• Autodiscover used on the Internet (Long URL)

(autodiscover.contoso.com)

• Legacy Exchange Server

• Use legacy domains (legacy.contoso.com)

9. In the Certificate Domains page, verify that mail.contoso.com is set as the commonname, and then click Next.

10. In the Organization text box, type Contoso, and then in the Organization Unit text

box, type Contoso.

11. Fill in the Country, City, and State text boxes as appropriate.

12. Click Browse, and then select Desktop.

13. Name the certificate request Contoso Certifcate Request.req.

14. Click Save, click Next, and then click New.

After the request has been created, you are provided with instructions for the nextsteps.

15. Click Finish, and then minimize the Exchange Management Console.

Submit the certificate request to the Certificate Authority

1. On AD1DCMCLNT, click Start, and then click Run.

2. Type https://AD1DCMCLNT/CERTSRV, and then press ENTER.

3. Click Request a certificate, and then click Advanced certificate request.

4. Click Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file, or click Submit a renewal request by using a base-64-encoded PKCS #7

file.

5. Minimize Windows Internet Explorer®.

6. Copy the certificate request file from server AD1HC1 local to AD1DCMCLNT, and

then open the certificate request file in Notepad.

7. Select and copy the content of the file.

8. Maximize Internet Explorer, and then paste the content into the Save Request field.






9. In the Certificate Template dropdown box, select Web Server.

10. Click Submit, and then, if prompted, click Yes.

11. Click Based 64 encoded, and then click Download certificate.

12. Save the certificate to the desktop with the name certnew.cer.

Complete the pending certificate request

1. Maximize the Exchange Management Console.

2. Ensure that Server Configuration and AD1HC1 are selected.

3. On the Exchange Certificate tab, ensure that Contoso is selected.

4. Click Complete Pending Reques, click Browse, and then browse to certnew.cer on

the desktop.

5. Click Complete, and then click Finish.

Enable the certificate for IIS

1. Click Assign Services to Certificate.

2. Verify that AD1HC1 appears in the Selected Servers window, and then click Next.

3. Select the IIS option, and then click Next.

4. Click Assign, and then click Finish.

Export the Contoso certificate from AD1HC1 and import it into AD1HC2

1. Click Export Exchange Certificate, click Browse, and then select c:\ .

2. Save the certificate with the name Exported Contoso Certificate.pfx.

3. Enter the password Password1.

4. Click Export, and then click Finish.

Import the Contoso certificate to AD1HC2

1. In the Exchange Management Console, in the middle pane, select AD1HC2.

2. Click Import Exchange Certificate.

3. Browse to Exported Contoso Certificate.pfx on the desktop, and then click Open.

4. Enter the password P, and then click Next.

5. In the Select Servers window, verify that AD1HC2 is listed, and then click Next.

6. Click Import, and then click Finish.





Enable the certificate on AD1HC2

• Enable IIS for the certificate that you have just imported on AD1HC2 using the same

steps as you performed for the AD1HC1 server.

Add mail and Autodiscover records to DNS

1. On AD1DCMCLNT, click Start, point to Administrative Tools, and then click

DNS.

2. Browse to Forward Lookup Zones | Contoso.com.

3. Right-click contoso.com, and then click New Host (A or AAAA).

4. Under Name, type mail, and then under IP Address, type 10.0.1.110.

5. Click Add Host.

6. Follow the same procedure to add the Autodiscover A record to DNS.

7. Click Done.

Verify successful certificate installation

1. On AD1HC1, click Start, and then click Run.

2. Type https://mail.contoso.com/owa.

3. In Internet Explorer, click the lock icon, and then click View Certificates.

4. Verify the following:

A. Certificate was issued to mail.contoso.com.

B. Certificate was issued by contoso-AD1DCMCLNT-CA.

5. In the Details tab, click Subject Alternative Name, and then verify that

mail.contoso.com, autodiscover.contoso.com, and legacy.contoso.com are listed.






Question B: What cmdlet and parameters did the Certificate wizard use to

create your request?

____________________________________________________________________________________________________

__________________________________________________

Question C: What cmdlet and parameters did the Certificate wizard use to

complete the pending request?

____________________________________________________

____________________________________________________

____________________________________________________

Question D: What cmdlet and parameters did the Certificate wizard use to

assign services to the certificate?

____________________________________________________

____________________________________________________

____________________________________________________

Question E: Is it possible to create a self-signed certificate by using the

Certificate wizard, or do you have to use a cmdlet in the

Exchange Management Shell?

____________________________________________________

____________________________________________________

____________________________________________________

Question F: After creating a certificate that includes a legacy URL, howwould you install the certificate on an Exchange Server 2007

Client Access server? Describe the basic steps.

____________________________________________________

____________________________________________________

____________________________________________________

Question G: When using cmdlets to import or export certificates on Exchange

Server 2010, which parameter do you have to use so that you can

access a certificate file located on the local hard drive?

____________________________________________________

____________________________________________________

____________________________________________________

Question H: Why has accessing files changed?

____________________________________________________

____________________________________________________

____________________________________________________





Lab 3C: Configuring and Testing MailTips inExchange Server 2010

Introduction

MailTips are implemented through Exchange Web Services, which runs on the Client

Access server role. Other programs such as Outlook can retrieve MailTips.

In this lab, you will configure and test the MailTips functionality within Exchange Server

2010.

Objectives


• Configure organizational MailTips.

• Configure customized MailTips.

• Test MailTips.

Prerequisites

Ensure that the AD1DCMCLNT, AD1HC1, and AD1HC2 virtual machines are running.


60 minutes






Exercise 1: Configuring MailTips


• Enable all MailTips for the organization.

• Enable mailbox-based MailTips.

• Enable all MailTips for external recipients.

• Configure the minimum size after which the “large audience” MailTips will be

displayed.

• Enable group metrics MailTips.

• Force an update of the group metrics.

Scenario

Contoso, Ltd, is required to provide informational guidance to users while the users are

composing email messages. This guidance will be provided in the form of MailTips,

which will test various conditions and provide additional guidance to users.

Enable all MailTips for the organization

1. On AD1HC1, click Start, click All Programs, click Microsoft Exchange Server

2010, and then click Exchange Management Shell.

2. At the prompt, execute the following cmdlet:

Set-OrganizationConfig –MailTipsAllTipsEnabled $true

Enable mailbox-based MailTips

• At the prompt, execute the following cmdlet:

Set-OrganizationConfig –MailTipsMailboxSourcedTipsEnabled $true

Enable all MailTips for external recipients


Set-OrganizationConfig –MailTipsExternalRecipientsTipsEnabled $true

Configure the minimum size after which the “large audience” MailTip will

be displayed


Set-OrganizationConfig –MailTipsLargeAudienceThreshold 10

Enable group metrics MailTips






Set-OrganizationConfig –MailTipsGroupMetricsEnabled $true

Force an update of the group metrics1. At the prompt, execute the following cmdlets:

Update-FileDistributionService -Identity AD1HC1 -Type GM

2. On AD1HC1, click Start, click Computer, and then navigate to C:\Program

Files\Microsoft\Exchange Server\V14\ClientAccess\GroupMetrics.

3. Verify that the group metrics files were placed into the folder.

4. Close Windows Explorer.

Note: The mailbox server running OABGen generates the group metrics file every24 hours by default. The files are then placed in a share called \\mailboxserver\GroupMetrics. The Exchange File Distribution service, running onClient Access CAS Server connects to this share and copies the Group Metricsinformation local the CAS Server.If you cannot see the updated Group Metrics File on the CAS Server AD1HC1,restart the Exchange Service Host service on the Mailbox Server AD1DCMCLNT,verify that the Group Metric Files were updated in \\ AD1DCMCLNT\GroupMetrics.Then run the command above again (Update-FileDistributionService).






Exercise 2: Testing MailTips


• Restrict a user from sending to a mailbox.

• Test sending to a restricted mailbox.

• Set a quota on a mailbox.

• Test sending to a mailbox that is over quota.

• Test sending to an external recipient.

• Remove a quota on a mailbox.

ScenarioAfter enabling MailTips in your Exchange Server 2010 environment, you need to

confirm that MailTips is working as expected.

Restrict a user from sending to a mailbox

• On AD1HC1, at the prompt, execute the following cmdlet:

Set-Mailbox “AZubery” –RejectMessagesFromSendersOrMembers “Administrator”

Test sending to a restricted mailbox

1. Log on to Outlook Web App at https://ad1hc1/owa as Contoso\Administrator with

password Password1.

2. Click New E-mail, on the To line, type AZubery, and then on the task pane, select

Check Name.

Question I: Does a MailTips appear?

____________________________________________________

Question J: If yes, what message appeared?

____________________________________________________

Question K: Why did the message appear?

________________________________________________________________________________________________________

3. Close the email, and then click No when prompted to save changes.

Set a quota on a mailbox

1. On AD1HC1, at the prompt, execute the following cmdlet:

Set-Mailbox “DAhsy” –UseDatabaseQuotaDefaults $false –ProhibitSendReceiveQuota 8KB






Get-Mailbox “DAhsy” | FL Prohibit*

3. Ensure the quota was set for DAhsy’s mailbox.

4. On AD1DCMCLNT, at the prompt, execute the following cmdlet:

Restart-Service MSExchangeIS

Test sending to a mailbox that is over quota

1. Switch to Outlook Web App and log in as Administrator.

2. Click New E-mail, on the To line, type DAhsy, and then in the task pane, select

Check Name.

Question L: Do you see a MailTips?_________________________________

Note: You should see a MailTips. If you do not, send mail to DAhsy several timesuntil a MailTips displays. Include an attachment to help fill the mailbox quotaquicker.

Question M: What does the MailTips say?

____________________________________________________

____________________________________________________

3. Close the email message, and then click No when prompted to save changes.

Test sending to an external recipient.

1. In your Outlook Web App session, click New E-mail, and then in the To field, enter

[email protected].

Question N: Wait for the MailTips to appear indicating that the email

includes external recipients. What does it say?

____________________________________________

2. Close the email, and then click No when prompted to save changes.

3. Exit Outlook Web App.

Remove a quota on a mailbox

1. On AD1DCMCLNT, at the prompt, execute the following cmdlet:

Set-Mailbox “DAhsy” –UseDatabaseQuotaDefaults $true –ProhibitSendReceiveQuota

‚Unlimited‛


Stop-Service MSExchangeIS






3. After the service has stopped, execute the following cmdlet:

Start-Service MSExchangeIS

Question O: If you wanted to set a MailTips for a specific user or distribution

group, what cmdlet and parameters would you run?

____________________________________________________

____________________________________________________

____________________________________________________

mod 03 e2010 aot sp1 cas lab3

Documents