Scenario
You are working as a messaging administrator in A. Datum Corporation. Your organization has decided to deploy Client Access servers so that the servers are accessible from the Internet for a variety of messaging clients. To make sure that the deployment is as secure as possible, you must secure the Client Access server, and you also must configure a certificate on the server that will support the messaging client connections. In addition, you have to verify options on the Client Access server, and configure Mailtips for a few users.
Objectives
• Configure certificates on the Client Access server.
• Configure Client Access server options.
• Configure MailTips.
Lab Setup
Estimated time: 60 minutes
Virtual machines 20341B-LON-DC1
20341B-LON-CAS1 20341B-LON-MBX1
User Name Adatum\Administrator
Password Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 20341B-LON-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on using the following credentials:
a. User name: Adatum\Administrator b. Password: Pa$$w0rd
5. Repeat steps 2 to 4 for 20341B-LON-MBX1 and 20341B-LON-CAS1.
Exercise 1: Configuring Certificates for the Client Access Server
Scenario
As a messaging administrator in A. Datum Corporation, you have deployed the Exchange Server environment, and you are now working on configuring the Client Access servers. The organization has decided to use a certificate from the internal CA to secure all client connections to the server. You need to enable this configuration, and then you must make sure that Outlook clients can still connect to the server.
MCT USE ONL Y. STUDENT USE PROHIBITED MCT USE ONL Y. STUDENT USE PROHIBITED
Core Solutions of Microsoft® Exchange Server 2013 4-27
The main tasks for this exercise are as follows:
1. Make a certificate request on Exchange Server.
2. Issue a certificate from an internal CA.
3. Assign a certificate to Exchange services.
Task 1: Make a certificate request on Exchange Server
1. On LON-CAS1, open Windows Internet Explorer®, type https://lon-cas1.adatum.com/ecp, and press Enter.
2. Sign in as Adatum\administrator with the password Pa$$w0rd.
3. Click the servers node, click on Certificates and start the wizard for creating a certificate request.
4. Provide mail.adatum.com as a friendly name for a certificate.
5. Do not use wildcard certificates.
6. Provide the name mail.adatum.com for all values that are not defined.
7. Ensure that the certificate request contains the following domain names: mail.adatum.com, lon-cas1.adatum.com, autodiscover.adatum.com, LON-CAS1, and Adatum.com.
8. Fill in additional data as follows:
a. Organization name: A.Datum b. Department name: IT
c. Country/Region name: United States d. City/Locality: Seattle
e. State/Province: WA
9. Save certificate request to \\lon-cas1\C$\windows\temp\certreq.req.
Task 2: Issue a certificate from an internal CA
1. On LON-DC1, restart the certificate service.2. On LON-CAS1, open File Explorer and navigate to C:\windows\temp.
3. Open the certificate request file with Notepad, and copy all content to the clipboard.
4. Connect to http://lon-dc1.adatum.com/certsrv as Administrator with the password Pa$$w0rd.
5. Choose to perform an advanced certificate request.
6. Paste the certificate request content (from step 2) in to the appropriate field, and select Web Server template.
7. Save the certificate.
8. Open File Explorer, and create a new folder called cert on the C:\ drive. Share the folder, and give Read permission to Everyone.
9. Copy the certificate file to the cert folder.
MCT USE ONL Y. STUDENT USE PROHIBITED MCT USE ONL Y. STUDENT USE PROHIBITED
4-28 Planning and Deploying Client Access Servers
Task 3: Assign a certificate to Exchange services
1. On LON-CAS1, open the EAC.2. Import the mail.adatum.com Exchange certificate that you issued in Task 2. Import the certificate to LON-CAS1.Adatum.com.
3. Assign the certificate to IIS service.
Results: After completing this exercise, the students will have a certificate installed on the Exchange Server Client Access server.
Exercise 2: Configuring Client Access Services Options
Scenario
To prepare the Client Access server, you need to perform several configuration tasks, such as
configuring the external access domain and POP3 service. The external email domain name should be mail.adatum.com. You need to make sure that POP3 users can connect securely, and that connection limits should be applied as well as proper message formatting You also need to verify authentication options for virtual directories on the Client Access server.
The main tasks for this exercise are as follows:
1. Configure Client Access server options.
2. Verify authentication options on Client Access server.
Task 1: Configure Client Access server options
1. In the EAC, set the external domain name to mail.adatum.com for LON-CAS1.
2. Open LON-CAS1 settings, and set the following for POP3 users:
a. Maximum connections: 100
b. Maximum connections from a single IP address: 20 c. Maximum connections from a single user: 2
Task 2: Verify authentication options on Client Access server
1. On LON-CAS1 in EAC, navigate to servers, and then click virtual directories.2. Verify authentication options for the following virtual directories:
a. Autodiscover b. ecp
c. PowerShell
d. Microsoft-Server-ActiveSync e. OAB
3. Do not make any changes.
Results: After completing this exercise, the students will have configured Client Access server.
MCT USE ONL Y. STUDENT USE PROHIBITED MCT USE ONL Y. STUDENT USE PROHIBITED
Core Solutions of Microsoft® Exchange Server 2013 4-29
Exercise 3: Configuring Custom MailTips
Scenario
To reduce the number of users who require support, A. Datum is evaluating implementation of MailTips.
You have been asked to configure some test deployments that implement MailTips, and you must verify that MailTips can be enabled in multiple languages.
The main tasks for this exercise are as follows:
1. Configure MailTips.
2. Test MailTips.
3. To prepare for the next module.
Task 1: Configure MailTips
1. On LON-CAS1, open EAC, and navigate to Mailboxes.
2. Select April Reagan mailbox object.
3. Set the MailTip text for April to be Test e-mail tip for April.
4. Open Exchange Management Shell, and set an email tip for Aidan by executing the following:
Set-Mailbox –Identity Aidan –Mailtip “this is english mail tip” –MailtipTranslation (“FR: C’est la lague francaise”)
Task 2: Test MailTips
1. Open Internet Explorer, and type https://lon-cas1.adatum.com/owa 2. Sign in as Adatum\Don with the password Pa$$w0rd.
3. Accept defaults for time and language.
4. Open new mail window, and type April Reagan in the To text box.
5. Verify that the email tip appears.
6. Open new mail window and type Aidan Delaney in the To text box.
7. Verify that email tip appears in English.
8. Sign out from Outlook Web App, and sign in as Adatum\Amr.
9. Select to Francais (France) as the OWA language.
10. Open a new mail window, and type Aidan Delaney in the To text box.
11. Verify that the e-mail tip appears in French.
Task 3: To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20341B-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 to 3 for 20341B-LON-CAS1 and 20341B-LON-MBX1.
MCT USE ONL Y. STUDENT USE PROHIBITED MCT USE ONL Y. STUDENT USE PROHIBITED
4-30 Planning and Deploying Client Access Servers
5. In Hyper-V Manager, click 20341B-LON-DC1, and in the Actions pane, click Start.
6. In the Actions pane, click Connect. Wait until the virtual machine starts.
7. Sign in using the following credentials:
a. User name: Adatum\Administrator b. Password: Pa$$w0rd
8. Repeat steps 5 to 7 for 20341B-LON-MBX1. When you have successfully signed in to LON-MBX1, repeat steps 5 to 7 for 20341B-LON-CAS1, 20341B-LON-TMG, and 20341B-LON-CL1.
MCT USE ONL Y. STUDENT USE PROHIBITED MCT USE ONL Y. STUDENT USE PROHIBITED
Core Solutions of Microsoft® Exchange Server 2013 4-31
Module Review and Takeaways
Best Practice
• If possible, make the Client Access server highly available or redundant.
• Provide a public certificate for Client Access server that is exposed to the Internet to avoid trust issues.
• Do not place Client Access server in the perimeter network. Use an application-layer firewall and reverse proxy to publish it securely.
• Make sure that the Client Access server has a fast and reliable connection to the Mailbox server and the AD DS domain controllers.