In the first two parts of this blog series we have performed the basic design and implementation of Exchange 2016 Server in a coexistence with Exchange 2010 server. In this part of the blog series, we will perform the post-configuration steps for our exchange 2016 server installation. We will also validate the Exchange server 2016 installation and perform few tests before we start the production mailbox migration to Exchange 2016 server in part 4.
Before you start post-installation configuration, it’s always a good idea to get yourself familiar with Exchange Admin Center in Exchange 2016 Server.
Exchange 2016 Post-Installation Configuration
Exchange 2016 server post-installation configuration requires you to perform the following steps.
- Update the service connection point for autodiscover
- Import Exchange SSL certificate on Exchange Server 2016
- Configure virtual directories in Exchange 2016 Server
- Configure Outlook Anywhere
Before we start the configuration changes, let’s verify that our Exchange 2016 server is being added to Exchange organization. To validate the exchange installation, run the Exchange Management Shell on Exchange 2016 server and run the following cmdlet.
Get-ExchangeServer | ft Name, AdminDisplayVersion -Autosize
Once you have verified the installation of Exchange 2016 server, next step is to rename Exchange 2016 default database.
Update the service connection point for autodiscover
After you have successfully installed and verified the Exchange 2016 Server, the next step in post-installation configuration task is to update the Service Connection Point (SCP).
SCP is registered in Active Directory. Whenever a client access server is installed, a new service connection point is created for that server. SCP object is used by domain-joined machines to find their mailbox on the Exchange Server.
By default, the SCP will be in the form https://ServerFQDN /Autodiscover/Autodiscover.xml; for example https://EXCH2k16.msexperttalk.com/Autodiscover/Autodiscover.xml. This name isn’t recommended because we do not want to have hostname on our SSL certificate. This can cause SSL certificate mismatch error messages being popped up on end users domain-joined machine.
To change the service connection point on Exchange 2016 server, run the following cmdlet in Exchange Management Shell.
Set-ClientAccessService -Identity EXCH2k16 -AutodiscoverServiceInternalURI “https://autodiscover.msexperttalk.com/Autodiscover/Autodiscover.xml”
Import Exchange SSL certificate on Exchange 2016 Server
Once you setup the SCP, next step is to import the SSL certificate on Exchange 2016 Server. You have to export the SSL certificate on Exchange 2010 server first. To do the SSL installation, perform the following steps.
- Login to Exchange 2010 Server and launch EMC
- Navigate to Server Configuration > select the server > select public SSL certificate
- Click on “Export Exchange Certificate” under actions pane
- In Export Exchange Certificate wizard, select a location to save the Personal Information Exchange (PFX) file and set an appropriate strong password, then click on Export
- Copy the exported certificate to Exchange 2016 server.
- Launch Exchange Admin Center and navigate to Servers > Certificates and click on … icon and click on “Import Exchange Certificate“
- During the Import Exchange Certificate wizard we’re required to provide a full UNC path to the location of the exported PFX file along with the correct password
- Add Exchange 2016 Server to apply the certificate and click Finish.
- Once the SSL certificate is imported successfully on Exchange 2016 server, the next step is to assign services to the certificate.
- Select the SSL certificate and click on edit icon
- Click on services and select “SMTP and IIS” to assign the services. Click on override the default SMTP certificate
- Once the certificate is assigned, restart the IIS service by running the following cmdlet
Configure virtual directories in Exchange 2016 Server
You can configure the virtual directories from Exchange Admin center or use the following powershell script to update all virtual directories at once.
$Server = “ServerName”
$URL = “mail.domain.com”
Get-OWAVirtualDirectory -Server $Server | Set-OWAVirtualDirectory -InternalURL “https://$($URL)/owa” -ExternalURL “https://$($URL)/owa”
Get-ECPVirtualDirectory -Server $Server | Set-ECPVirtualDirectory -InternalURL “https://$($URL)/ecp” -ExternalURL “https://$($URL)/ecp”
Get-OABVirtualDirectory -Server $Server | Set-OABVirtualDirectory -InternalURL “https://$($URL)/oab” -ExternalURL “https://$($URL)/oab”
Get-ActiveSyncVirtualDirectory -Server $Server | Set-ActiveSyncVirtualDirectory -InternalURL “https://$($URL)/Microsoft-Server-ActiveSync” -ExternalURL “https://$($URL)/Microsoft-Server-ActiveSync”
Get-WebServicesVirtualDirectory -Server $Server | Set-WebServicesVirtualDirectory -InternalURL “https://$($URL)/EWS/Exchange.asmx” -ExternalURL “https://$($URL)/EWS/Exchange.asmx”
Get-MapiVirtualDirectory -Server $Server | Set-MapiVirtualDirectory -InternalURL “https://$($URL)/mapi” -ExternalURL https://$($URL)/mapi
Configure Outlook Anywhere
After updating the Virtual Directories for Exchange 2016 Server, we also need to update the HTTPS name and authentication method for Outlook Anywhere in Exchange Server 2016.
By default outlook anywhere protocol is being used by outlook clients to communicate with Exchange Server 2016. It’s important that these settings are correct even if you are not publishing Outlook Anywhere externally.
During co-existence with Exchange 2010 Server it’s important to ensure that the default Authentication Method Negotiate is updated to NTLM to ensure client compatibility when Exchange 2016 proxies Outlook Anywhere connections to the Exchange 2010 server.
To update these values, perform the following steps.
- Launch Exchange Admin Center and Navigate to Servers > Servers. Select Exchange 2016 Server and click on edit
- Set the internal and external URL to mail.msexperttalk.com and change the authentication to NTLM. Make sure that you have selected the option for SSL offloading.
In part three of this blog series, we have performed the basic configuration required for Exchange 2016 server post-installation. In part four we will complete the pending post-installation configuration tasks and begin mailbox migration preparation.
If you would like to read the other parts of this blog article series, please go to: