How to install an exchange server and SSL certificate in on-premises?

By On

How to install an exchange server and SSL certificate in on-premises?

Exchange 2019 prerequisites for preparing Active Directory

Required software

You can use any member of the Active Directory domain to prepare Active Directory for Exchange 2019.

  1. The computer requires the following software:
    a. .NET Framework 4.8
    b. Visual C++ Redistributable Package for Visual Studio 2012
    C. Install-WindowsFeature RSAT-ADDS ( run this command in PowerShell)

Exchange 2019 Mailbox servers on Windows Server 2019 & Windows Server 2022

  1. Install the following software:
    a. .NET Framework 4.8
    b. Visual C++ Redistributable Package for Visual Studio 2012
    c. Visual C++ Redistributable Package for Visual Studio 2013
    PowerShell

  2. Copy

Install-WindowsFeature Server-Media-Foundation


  2. b. Install Unified Communications Managed API 4.0. This package is available for download and in the 


  1. Desktop Experience:

    1. PowerShell

    2. Copy:

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Core, NET-Framework-45-ASPNET, NET-WCF-HTTP-Activation45, NET-WCF-Pipe-Activation45, NET-WCF-TCP-Activation45, NET-WCF-TCP-PortSharing45, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

  1. a. IIS URL Rewrite Module

  2. Download - Exchange Server 2019 CU13 (2023H1) - cumulative update 13 exchange server

  3. tinyurl.com/exchange2019pre  ( download one file)

================================================================================

  1. Installed all pre-requires tools

    1. Exchange 2019 installation media or setup files.

    2. Windows Server 2019 operating system installation media or ISO file.

    3. Microsoft .NET Framework 4.8 (or later) and the .NET Framework 4.7.2 or later Cumulative Update.

    4. Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit.

    5. Microsoft Visual C++ 2013 Redistributable Package (x64).

    6. Microsoft Visual C++ 2015-2019 Redistributable (x64).

    7. Windows Management Framework 5.1.

    8. Windows Remote Management (WinRM) 2.0 or later.

    9. Internet Information Services (IIS) with the required components and features.

    10. Windows Server roles and features necessary for Exchange Server operation, such as the Mailbox Server role, Client Access Server role, Edge Transport Server role (if required), and so on.

    11. Active Directory and Domain Controller setup with the necessary configurations, including DNS and Active Directory preparation for Exchange.

    12. The Exchange 2019 product key or licensing information.

    13. The latest cumulative update for Exchange 2019 (if available).

    14. Exchange Server build numbers and release dates

      1. Exchange Server 2019 CU13 (2023H1)

      2. (Cumulative Update 13 for Exchange Server 2019 (KB5020999) - Download

    15. tinyurl.com/exechange2019pre

    16. https://medium.com/Beepin

    17. Create folder inside the E: drive 

      1. Program Files>Microsoft>Exchange Server > V15


  1. Download root certificate:

    1. Go to DC1 server 

      1. Add roles and features : Active Directory Certificate Services

        1. Certification Authority

        2. Certification authority Web Enrollment

        3. Click on Triangle button, and configure certificate

    2. Go to open DNS

      1. Make sure inside the domain, there are 

      2. Dc1, mail and autodiscover hosts are available or not.

  1. Right click on DC1 > “Update server data files”

  2. Again Right click on DC1> All Tasks>Restart


  1. Now go to “Exchange server or mail server

    1. Try to “ping to mail.akshrestha.com -4” and “ping to autodiscover.akshrestha.com

(should be ping both”)

Now Mount this file in Exchange server (Mail server):

NOW in exchange server or mail server:


  1. Download root certificate: http://dc1/certsrv 

  2. Try to open this linkL: https://mail.akshrestha.com/ecp

  1. Open browser: type http://dc1/certsrv

    2. Click on “Download a CA certificate” option

    4. Click on “Download CA certificate” option and click on “Keep” button

    5. Finally you will see the “certnew” certificate (note: don’t rename it)

    6. Now double click the “certnew” certificate  > Open

      1. Click on “Install certificate” button

      2. Choose “Local Machine” > Next

      3. Choose “Place all certificates in the following store > click on “Browse button”

      4. Choose “Trusted Root Certification Authorities”> OK>Next>Finish

      5. You will see below message “The import was successful” > click ok.

    7. Now open “Run” Type “mmc” >OK

    8. Click File>Add/Remove Snap-in…

    9. Choose “Certificates” option > click on “Add “> OK

    10. Choose “Computer account” option > Next

    11. Click finish > Click on OK

    13. You can see “root "certificate like below (Yellow shadow)

  2. Now Open DC1 server:

    1. And add that certificate in GPO

    2. Open “Group Policy Management”  - choose Default Domain Policy”

    4. Right click on “Default domain policy”>Edit

    5. Now choose “Policies>windows settings>security settings>Public key policies>Trusted Root Certification Authorities

    7. Right click on right column and choose “Import”

    9. Import the “certnew” 

    11. Open cmd : as administrator and gpUpdate

    13. You also do gpUpdate in “exchange mail server also” and in every pc also.



  1. Exchange admin center:


  1. Auth certs

  1. Exchange Server cert



3. Now open an exchange management shell to create an exchange certificate.

4. Create Certificate file - certificate request - create zebras file use below command

$txtrequest = New-ExchangeCertificate -GenerateRequest -SubjectName "c=US,o=akshrestha,cn=mail.domain.com" -DomainName autodiscover.domain.com, mail.domain.com

[System.IO.File]::WriteAllBytes(‘\\mail\certs\rootcertnew.cer’, [system.text.Encoding]::Unicode.GetBytes($txtrequest))

2. Import Certificate

Import-ExchangeCertificate -Server mail -FileData "\\mail\certs\ExchangeCert.cer" -Password (Get-Credential).password

3. Enable Certificate : (Do notForget to replace Thumb print )

Enable-ExchangeCertificate -Server "mail" -Thumbprint 75AF5AF6FAEE0A07FB84B4F7B0980873F49F703A -Services IIS

4. [PS] C:\Windows\system32>Set-ExecutionPolicy Unrestricted

5. [PS] C:\Windows\system32>IISreset


5. Import that certificate:

Import-ExchangeCertificate -Server mail -FileName "\\mail\certs\ExchangeCert.cer" -Password (Get-Credential).password


7. Create NEW certificate

“Exchange 2019 certificate request with subject alternative name”


OR

8. Search the cert folder in c: and check the req. certificate

9. Check the new certificate thumbprint # and copy that Thumbprint (selected one in below)


10. Go to edge browser and download the certificate:

http://dc1/certserv

  1. Select a task:

    1. Request a certificate

    2. Click on advance certificate request

    3. Now paste the code certificate here.

    4. Submit
      ping mail.akshrestha.com -4

    5. here what is -4 means
      In the command "ping mail.akshrestha.com -4", the "-4" option is used to force the ping command to use IPv4 addresses only. By default, the ping command can use either IPv4 or IPv6, depending on the availability of the network infrastructure.


  1. Download your cert. This is a private certificate

  2. Now go to  http://dc1/cersrv  Now we can request a certificate in Certificate Server.

    1. And click on “request a certificate” option

    2. Click on “advance certificate request

    3. Paste the zibrics certificate in save request text area 

      1. Choose certificate template: web serve

    1. Click on submit.

    2. Now download the “Exchange Cert” by clicking on “Download certificate”

    3. Share the certs folder before run the import command.

    1. Now Import-exchange certificate by using below command:

  5. Now run below command:
    C:\Windows\system32>Set-ExecutionPolicy Unrestricted
    Then run: C:\Windows\system32>IISreset


    1. Now open one PC with the user.

    2. In Exchange 12 server, open browser and type https://mail.akshrestha.com/ecp (ecp is use for admin operator)
      (and https://mail.akshrestha.com/owa for client or user)

      1. Log in 

      2. Click on servers > certificates and double click on “Microsoft Exchange”

        1. You should see (SAN = subject alternative names:)

          1. Mail.akshrestha.com

          2. Autodiscover.akshrestha.com

    4. Now open one PC with User and open browser and  type below link:

      1. https://mail.akshrestha.com/owa

      2. And try to send the mail.

      3. Install office software and choose outlook app

      4. Choose “Exchange” option




Don’t forget to RESTART the WWW (world wide web publishing) in services.

THE END

Comments

Post a Comment

Popular posts from this blog

To increase the attachment file size limit in Exchange Server 2019

By On
  https://www.youtube.com/watch?v=9hLxvwO1VCs&t=4s To increase the attachment file size limit in Exchange Server 2019 To increase the attachment file size limit in Exchange Server 2019, you can follow these steps: Check current limits: First, verify the current message size limits by running the following command in the Exchange Management Shell: Powershell Get-TransportConfig | Format-List MaxReceiveSize,MaxSendSize Increase the limits: Use the Set-TransportConfig cmdlet to increase both the MaxSendSize and MaxReceiveSize. For example, to set the limit to 50 MB: powershell Set-TransportConfig -MaxSendSize 50MB -MaxReceiveSize 50MB Note that you should set the limit about 33% higher than the actual desired attachment size to account for Base64 encoding. So for a 50 MB attachment limit, you may want to set it to around 67 MB. Restart Exchange services: For the changes to take effect immediately, restart the Exchange services using: powershell Get-Service *Exchange* | Where {$_.D...
Read more

How to Schedule back up, backup once, and restore or recover the backup?

By On
Image
 How to Schedule back up, backup once, and restore or recover the backup? Windows Server provides built-in backup and recovery capabilities through the Windows Server Backup feature. Here are the key points: Backup: You can perform full server backups or select specific files/folders to back up. Backups can be saved to local drives, network shares, or removable media. You can schedule regular backups or perform one-time backups as needed. To start a backup, open Windows Server Backup, select "Backup Once" or "Backup Schedule", and follow the wizard. Recovery: You can restore entire servers, specific volumes, or individual files/folders. To restore data, open Windows Server Backup, select "Recover", choose the backup source and date, then select what to restore. You can restore to the original location or an alternate location. Key features: Bare Metal Recovery (BMR) back...
Read more

Common Exchange Online server issues and solutions

By On
Common Exchange Online server issues and solutions During interviews for Exchange Online administrator or support roles, some common Exchange Online server issues and solutions that may be asked include: Email Delivery Issues: Problem: Emails are not being delivered or received. Possible Solutions: Check mail flow rules, connectors, and transport services. Troubleshoot using message tracking and protocol logging. Verify DNS records and ensure no IP blocking or blacklisting. Mailbox Access Issues: Problem: Users cannot access their mailboxes or experience intermittent access. Possible Solutions: Check mailbox permissions, user account status, and client configurations. Diagnose using the Remote Connectivity Analyzer tool. Reset mailbox credentials or reconnect the mailbox if necessary. Outlook Performance Issues: Problem: Slow performance or responsiveness in Outlook or other Exchange Online clients. Possible Solutions: Investigate large mailboxes, outdated Outlook versions, and network...
Read more