Exchange Server 2019 is a single server role architecture and it is easy to deploy. I have share the details on how to install Exchange Server 2019 in my blog and here we will see the post installation steps to make the Exchange Server 2019 fully functional.

I’m just sharing basic information post installation steps that you need to do after Exchange Server 2019 installation.

Step 1: Create a Send connector to send emails to External Domain.

By default, there is no option to send an email to external domain. We have a manually create a send connector to send emails to external domain.

Step 2: Create Accepted Domains

Domain in which Exchange 2019 installed will be authoritative by default (domain.local) etc and if we want to have an email address like domain.com, we need to create an accepted domain with the name domain.com

Step 3: Configure Email Address Policy

We have created Accepted domain in the above steps and to stamp that domain.com email address to the recipients, we need to configure the default email address policy and apply the email address policy to all the mailboxes

Step 4: Configure Exchange Certificate

All the services in use to be configured to use SSL instead of self-signed certificate and certificate to be configured for all the services

Step 5: Configure Exchange Virtual Directory External and Internal Urls and Authentication Methods

Services that are published external to be configured with the external Url and internal urls to be modified as per the design plan. Ensure you have configured the right Authentication Method for each Virtual Directory

Step 6: Configure Load Balancing for Client Access Urls

Once the Virtual directory settings are configured, we can consider to configure load balancing for all the Client Access Protocols

Step 7: Verify all types of client connections to Exchange

Check the Outlook connectivity, Auto Discover, OWA, ECP, EWS, Exchange Active Sync, Outlook Anywhere client connection.

Step 8: Setup Monitoring and Alerting

One of the must have thing for Exchange environment is to have proper monitoring solution to monitor and alert if any issues in Exchange.

Step 9: Setup Mobile Device configuration

We can consider to have Mobile Device Access Policies based on the company security standards if Users are allowed to access their mailbox using Mobile devices.

Step 10: Secure Mail Flow

Ensure you have proper Anti-Spam and Anti Malware scanning available for mail flow by configuring the default malware scanning engine or route inbound and outbound mail flow via Exchange Online Protection.

Leave your comments for any queries on the above.

ADRMS service provides Information Rights Management protection to Exchange Server, SharePoint Servers and File Servers. When using ADRMS, we can configure Protection Templates like Do Not Reply All, View Only etc and made them available for end users to apply those templates on email or documents to protect the confidential documents and emails.

We need to deploy ADRMS service in On-Premise environment with the required templates and need to publish those templates for end users to consume it. I have the ADMRS Infrastructure in my lab and Exchange Server 2019 installed.

Exchange Server will have the below IRM configuration as default

And users will be prompted to Connect to Rights Management Servers to get the IRM templates published by an administrator

Configuring Exchange Server 2019 to use ADRMS

Setting up Exchange Server to use IRM is simple, we need to set the InternalLicensingEnabled parameter on the Set-IRMConfiguration command to True. Below shows the settings change.

Exchange will do a SCP lookup and do the IRM configuration.

User is able to access the IRM template now after the ADRMS service deployment and the IRM configuration in Exchange.

IRM Template from OWA

I have a plan to show case the demo on IRM configuration change from ADRMS to Azure RMS for Exchange Server 2019. I will post it later.

Exchange Server 2019 automatically configures Internet Information Service Virtual Directories related to the Exchange. Clients will connect to these Virtual Directories to access the Services provided by Exchange Servers. This post shows the default configurations of Exchange Server 2019 Virtual Directory.

Internal and External URL, SSL configuration and the Authentication methods are the important parameters related to Virtual Directories, we will see all those configurations in detail.

Below are the Virtual Directory created during the Exchange Server 2019 installation.

I have preferred mail.superhybridcloud.com as the namespace for the all the exchange services and I already changed it. Exchange Certificate installation and configuration are already done.

Auto Discover:

Auto Discover allows the email clients like Outlook to discover the mailbox settings and configure the mailbox automatically without entering the details like server information etc. Service Connection Point object in AD will be referred by Auto Discover to get the User information.

Get-ClientAccessService is command to configure the Internal Url and the Authentication Methods as shown below.

No need to set the Internal / External Url using Set-AutodiscoverVirtualDirectory as it is applicable when using Exchange Server 2010.

MAPI over HTTP:

MAPI over HTTP is the default protocol for Outlook in Exchange Server 2019 and the Exchange 2019 installation warns the MAPIHTTP enablement if it is not enabled. To ensure it is enabled, use Get-OrganizationConfig command.

Set-MapiVirtualDirectory command be used to manage MAPI over HTTP related settings

Exchange Control Panel:

Exchange Control Panel is where an admin can access Exchange Admin Center to manage the Exchange Service. Basic Authentication and FBA are the default Authentication method set on the ECP virtual directory.

Use Set-ECPVirtualDirectory command to manage the ECP virtual directory related settings.

Outlook on the Web (OWA):

OWA virtual directory allows the emails access using Web Browser and we can use Set-OWAVirtualDirectory to configure the OWA virtual directory settings

Active Sync:

Mobile Device clients that support Exchange Active Sync connects to Active Sync Virtual directory to access the mailbox.

Default configuration will not set any Authentication we can enable basic to allow the clients to access the mailbox using Active Sync protocol.

Set-ActiveSyncVirtualDirectory command allows you to configure the Active Sync related settings.

Offline Address Book (OAB):

Outlook clients using Cached mode requires offline address book to access the address book when it is not connected to exchange.

You can use Set-OABVirtualDirectory command to modify the OAB settings

Exchange Web Service (EWS):

EWS virtual directory supports many features like free busy look up, calendar sharing, mail tips and OOO etc. You can use Set-WebServicesVirtualDirectory command to manage EWS virtual directory settings.

Outlook Anywhere (OA / RPC over HTTP):

MAPI over HTTP is the default protocol for MAPI clients having mailbox in Exchange Server 2019 but it still supports Exchange for legacy clients that does not support MAPI over HTTP.

Set-OutlookAnywhere command can be used to manage Outlook Anywhere related settings.

Hope above details are informative. Comment for any queries.

S/MIME in Exchange Server 2019

December 22nd, 2018 | Posted by admin in Exchange | EXchange 2019 - (0 Comments)

Exchange Server 2019 supports sending S/MIME emails from clients like MAPI, OWA & Exchange Active Sync. We will see how to send an S/MIME email from an Exchange Server 2019 Mailbox.

S/MIME can be used to send a Signed and Encrypted email.

  • Signing an email verifies the sender and ensures the message is not changed since it was sent but it will not prevent message being read by others.
  • Encrypting the email verifies the email has not changed since it was send and it can be decrypted and read by the recipient only.

Sending S/MIME email from Exchange Server 2019 mailbox using the Internal Certificate Authority.

I have an Internal Certificate PKI already configured on my lab which allows user to enroll a User certificate that can be used to Sign and Decrypt an email.

I have select 2 mailboxes from Exchange Server 2019 to show sending and receiving S/MIME email

User Vishwa configured his outlook with a certificate which was received from Internal CA to Sign / Encrypt emails.

Sending a Signed email to Dhanyashree and she can view the Signed email.

Now Sent a Encrypted email and recipient can view those email

Below message is expected, if a user tries to send an email to another user for whom a certificate was not issued / received from CA.

Similar way, we can send S/MIME emails from OWA and Exchange Active Sync Clients. We will have a look on configuring Information Rights Management configuration in Exchange Server 2019 on my Next Post.

New Versions of Exchange Server will always have many New Features and enhancements related to performance. We will see what’s New in Exchange Server 2019 in this post.

Major Enhancements

  • Exchange Server 2019 supports the installation on Windows Server Core and it supports 48 CPU cores and up to 256 GB of RAM.
  • Client Access Rules can be configured the restrict the users in accessing the ECP\OWA only from Internal network.
  • Database Failovers is much faster when compared to earlier version of Exchange
  • Indexing and Search Performance are improved
  • Dynamic Memory cache allocation to active database and the enhancement on Database engine using MetaCache Database provides performance improvements
  • No more Unified Messaging Server Role in Exchange Server 2019
  • MAPI over HTTP is the default protocol for Outlook. Still Exchange Server 2019 supports RPC over HTTP for legacy clients
  • Exchange Active Sync seamless redirection when on a Hybrid Exchange environment
  • In-Place hold and e-discovery support for Public Folders (Public Folders still exists)

Exchange Admin Center

EAC in Exchange 2019 is exactly same as Exchange Server 2016 or Office 365 Admin Center. New Installation of Exchange Server 2019 will not have the Unified Messaging tab as Unified Messaging Server Role is not available in Exchange Server 2019.

Outlook on the Web (OWA)

Outlook on the Web is same like Exchange Server 2016 or Exchange Online OWA with additional improvements like Quick Actions on the emails, New Themes, Rich experience for OWA on Android and IOS, preview for links, Inline videos etc.

Calendar

Exchange Server 2019 has the option to Set Do Not Forward IRM templates on Calendar Invites and Also New PowerShell Commands available to manage Calendar Delegation.

That’s all for the quick demo… I will add the new features when exploring Exchange Server 2019. Follow me for more information.

I will give a short intro about my Exchange Environment before jumping into the details on how to install Exchange Server 2019.

I have a Domain Controller with a domain name SHC.Com, Exchange Server 2013 and Exchange Server 2016 are there in this lab. I’m going to install Exchange Server 2019 on a 4 CPU with 16 GB RAM for this Exchange Server 2019 Step by Step Installation demo.

Prerequisites for Exchange Server 2019:

  • OS: Windows Server 2019 Standard / Datacenter Edition
  • Hardware: 64-bit processor with 128 GB RAM recommended
  • Active Directory Schema: AD Forest Functional Level Windows Server 2012 R2 or higher
  • Hybrid Support: Coexistence of Exchange Server 2013 CU1 and Exchange Server 2016 CU11 and above
  • Other Prerequisite: .NetFrameWork 4.7.2, Visual C++ Redistributable Package for Visual Studio 2012, Unified Communications Managed API 4.0
  • Windows Features: Exchange Server 2019 installation has the option to deploy the required Windows Features during the installation. If for any reason, if you want to install the Windows Features Manually then run the below command.

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Metabase, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, RSAT-ADDS

Note: Forgot to add IIS Management Console on the screen capture. Please install it before the Exchange 2019 Installation or allow the Exchange 2019 installation to include the required windows features.

Validating the Prerequisites:

Forest & Domain Functional Level

Exchange Server 2019 Computer details

Windows Features Installation:

Other Prerequisites

Existing Exchange Servers (Co-existence of Exchange Server 2013 CU21 & Exchange Server 2016 CU11)

Prerequisites verified and we are good to start the Exchange Server 2019 Installation.

Step by Step Exchange Server 2019 Installation:

Prepare the AD Schema & Domain and then start the Exchange Server 2019 installation.

Step 1: Preparing the AD Schema

Step 2: Preparing the Domain

Restart the computer once before starting the Exchange 2019 installation.

Step 3: Exchange Server 2019 Installation

I don’t want to bore you with the GUI screen captures as it is not different from Exchange 2013 / Exchange 2016 installation.

We will see what’s New in Exchange Server 2019 on the next post. Post your comments for any queries in Installing Exchange Server 2019.