Menu  Search

Michael Firsov
Windows Audit

Advertisements

Deploying Exchange 2013 SP1 step by step – Part4

In Part3 of the series of articles on deploying Exchange 2013SP1 we configured Exchange-specific virtual directories,
set up and tested autodiscover service.

In this part we’ll go through setting up the most common Exchange options (such as Send/Receive connectors, public
folders, dsn notifications and many others) as well as customizing Outlook Web App and DSN notifications.

Let’s start by examining accepted domains and email address polices pages:
The only accepted domain here is Testcompany.com – I’m not planning to receive mail for other domains.

I think the Default address policy will do in most cases, otherwise it’s possible to create some other domain suffix for
the mailboxes.

On the receive connectors page please pay attention to the default list of receive connectors: given that Exch1 is a
multirole server there are 5 connectors: 3 for the CAS role (FrontEndTransport)and 2 for the Mailbox role
(HubTransport).
Next, let’s create the Send connector for sending Internet mail: I’m going to use a smart host for the delivery to any
domain; after creating the connector I will enable logging (it’s disabled by default
Another way of enabling logging:

Get-TransportService | Set-TransportService –ConnectivityLogEnabled $true –ConnectivityLogPath

c:\logs\Connectivity –IrmLogEnabled $true –IrmLogPath c:\logs\

Furthermore, there’s a couple of useful commands regarding logging – the first one sets the maximum log directory
size and the second defines how long the logs are retained:

Set-TransportService –Identity Exch1 –ConnectivityLogMaxDirectorySize 300MB Set-TransportService –

Identity Exch1 –IRMLogMaxAge 21.00:00:00

The first customization I’d like to apply to my Exchange server is the new banner – the text presented to the other party
during an smtp session. The default out of box is to present the following text:

Get-ReceiveConnector -id “Exch1\Default Frontend Exch1”

If you don’t want to display the type of the mail server you’re using you can create a banner:

Get-ReceiveConnector -id “Exch1\Default Frontend Exch1” |Set-ReceiveConnector  –Banner ‘220 TestCompany mail
system’ –Comment ‘MailAdmin 02.12.2014: Configured the new Banner’

Now If we type in Telnet “open localhost 25” we’ll get this welcome text:

Remember that  banners are applied per connector!

It’s much more easier to manage CAS servers’ settings via Outlook Web App policies than applying them on per server
basis so I will rename the default policy to the “Enterprise” and apply it to my users. Don’t forget that the Default
Outlook Web App policy is NOT assigned to any mailbox by default.
 

Of course, you can apply the default OWA policy in EMS too:

Get-Mailbox –OrganizationalUnit ‘Clients’| Set-CASMailbox

-OwaMailboxPolicy ‘Enterprise’

There’re also some OWA policy settings that can be applyed only in EMS, for example:

ExplicitLogonEnabled
DelegateAccessEnabled
DisplayPhotosEnabled
SetPhotoEnabled,
SetPhotoURL
PredictedActionsEnabled

You can see your current OWA policy settings by Get-OWAMailboxPolicy cmdlet and configure settings by using Set-
OWAMailboxPolicy.

As of this writing at least one of them –  PredictedActionsEnabled – can’t be enabled:

Apart from OWA policy settings there are several OWA virtual directory specific settings that we can apply on per CAS
server basis; for example, we can turn back the  settings that are missing in Exchnage 2013 by default:

LogonPageLightSelectionEnabled
LogonPagePublicPrivateSelectionEnabled

Get-OwaVirtualDirectory |Set-OwaVirtualDirectory  -LogonPageLightSelectionEnabled $True

Get-OwaVirtualDirectory |Set-OwaVirtualDirectory -LogonPagePublicPrivateSelectionEnabled $True

And for the user convenience I”ll set the default domain so that users would not enter a domain name each time they
log in to the OWA page:

Get-OwaVirtualDirectory | Set-OwaVirtualdirectory -LogonFormat UserName -DefaultDomain “TestCompany.com”

After using the aforementioned cmdlets we must restart IIS (for some reason the restart failed in the EMS so I did it in
PS):

and the resulting logon page:

Many companies would like to customize their OWA  main page further by introducing their own logo and custom text;
here’s how we can accomplish such customization:

Open this folder   Program Files\Microsoft\Exchange

Server\V15\FrontEnd\HttpProxy\Owa\Auth\15.0.847\themes\Resources and examine the files it contains – these are
the files Exchange uses for rendering the logon page. We can edit, for example, Favicon.ico and OWA_Text_Blue.png
files; the first is a favicon logo (16×16 pixels only!) and the second is a text displayed above User name field:

After editing favicon.ico in any graphical editor (I used Paint) its item changes its appearance:

In the OWA_Text_Blue.png file I added the words TestCompany to the default Outlook WebApp; it’s also possible to edit
olk_logo_white.png to edit the image showing a white envilope on the rightmost side of the page but I did do that
because Paint does not support transparency layers.

After editing graphical files we need to reset IIS – iisreset

Attention! We won’t see the updated page content until we have deleted all IE’s (or any other browser’s) cached files!

I had some difficulties having these files deleted: even after clicking “Delete…” and deleting all the files they were still
present it the folder, so I had to remove them manually.

Now we can open the updated OWA logon page:

By default OWA sessions time out after 8 hours – I’d like sessions in my network to time out after 3 hour and this
command will do it:

Set-OrganizationConfig -ActivityBasedAuthenticationTimeoutInterval 03:00:00

Exchange 2013 does not support  Public Folders databases anymore; if there’s a need to use Public Folders an
administrator should create a public folder mailbox and then create corresponding public folders in this mailbox.

Tip: to view public folders in OWA 2013 CU1 and later you must right-click Favorites and add a public folder.

Exchange 2013 has the ability to copy email messages destined t0/from a mailbox database (standard user license) or
a specific user (enterprise user license) to a special mailbox where they can be the subject for some analysys. Here’s
how we can set up journaling:

Next I’d like to customize delivery status notification (DSN) messages, both internal and external;  it can be done with
the New-SystemMessage cmdlet:

1) External DSN (-Internal $False)

New-SystemMessage -Language en -DsnCode 5.1.1 -Text “Sorry, we were unable to find your correspondent in our
directory so your message  could not be delivered. Please make sure you typed the e-mail address correctly.” -
Internal $False

Get-SystemMessage -Identity en\External\5.1.1 |FL

2) Internal DSNs (-Internal $True)

New-SystemMessage –Language en –DsnCode 5.1.1 –Text “We could not deliver your message because the
recepient does not exist in our mail database. Please check your address book once again or call a helpdesk for the
assistance.” –Internal $True

Get-SystemMessage -Identity en\Internal\5.1.1 |FL

In the same way, we can customize a message users see in response to sending a message containing malware
(malware filtering is enabled by default in Exchange 2013):
It is appropriate mention here that it is strongly advised to update malware engine before putting the server into
production! There’s a script located in the Scripts folder we can use for updating malware engine :

.\Update-MalwareFilteringServer.ps1 -Identity Exch1

An Event ID 6033 in the Application log means the update was successful, whilst EventID 6027 means the failure to
update.

If it’s not possible to download updates from http://forefrontdl.microsoft.com/server/scanengineupdate to an

Exchange  Server you can configure updating from a local share by means of Update-Engines.ps1 script; you can read
about it here:  http://blogs.technet.com/b/ehlro/archive/2014/08/20/exchange-2013-malware-engine-updates-
troubleshooting.aspx

Summary: