Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1
Topic Last Modified: 2010-04-22

The following Microsoft Exchange Server 2007 installation guide template can be used as a starting point for formally documenting your organization's server build procedures for Exchange 2007 servers that have the Hub Transport server role installed.

Executive Summary

The purpose of this document is to explain the installation and configurations necessary to install the Exchange Server 2007 Hub Transport server role.

Business Justification

By having an installation guide, Contoso will be able to ensure standardization across the enterprise, reducing Total Cost of Ownership, and easing troubleshooting steps.

Scope

The scope of this document is limited to installation of an Exchange 2007 Hub Transport server for Contoso on the Windows Server 2003 Enterprise x64 Edition operating system platform.

Prerequisites

The operator should have working knowledge of Windows Server 2003 Enterprise x64 Edition concepts, Exchange Server 2007 concepts, the Exchange Management Console and Exchange Management Shell, the command line, and various system utilities. This document does not elaborate on the details of any system utility except as necessary to complete the tasks within.

In addition, the operator should review the Planning for Hub Transport Servers topic in the Exchange 2007 Online Help before they implement the server role.

Assumptions

This document assumes that Windows Server 2003 Enterprise x64 Edition is installed per company baseline regulations which include the latest approved service pack and hotfixes. The current service pack level is Windows Server 2003 Service Pack 2 for x64 Editions.

It is also assumed that the following are installed:

This document assumes that forest and domain preparation steps have been performed per How to Prepare Active Directory and Domains topic in the Exchange 2007 Online Help.

This document assumes that both Exchange 2007 and Windows Server 2003 will be secured following the best practices found in:

Server Configuration

The following media are required for this section.

Additional Software Verification

  1. Verify that Remote Desktop is enabled.

  2. As an optional process, install Microsoft Network Monitor.

Network Interfaces Configuration

  1. Log on to the server with an account that has at least local administrative access.

  2. Click Start, Control Panel and right-click Network Connections. Then select Open.

  3. Locate the connection for the internal network and rename it appropriately.

  4. For the TCP/IP Protocol, add the following:

    1. Static IP Address, Subnet Mask, and Gateway

    2. DNS Server IP Addresses

    3. Check the box to Append parent suffixes of the primary DNS suffix

    4. WINS IP Addresses (if using WINS)

Drive Configuration

Important:
Ensure that the Hub Transport server is designed to handle the I/O and capacity requirements. For more information, see Transport Server Storage Design.
  1. Connect to the server via Remote Desktop and logon with an account that has local administrative access.

  2. Open the Disk Management Microsoft Management Console (MMC) and format, rename, and assign the appropriate Drive Letters so that the volumes and DVD drive match the appropriate server configuration. At the very least, there should be a D drive for the Exchange binaries and the DVD drive should be configured as the Z drive.

    Drive configuration

    LUN Drive Letter Usage

    1

    C

    Operating system

    2

    D

    Exchange binaries, database

    3

    E

    Exchange transaction logs, tracking logs

    4

    Z

    DVD drive

Internet Explorer 7 Installation

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Insert the Exchange 2007 Configuration DVD.

  3. Browse to \IE7\ and double-click IE7-install.bat.

  4. Click Yes for any Digital Signature not Found dialog boxes that may appear.

    Note:
    These dialog boxes will not appear in environments that have not deployed the Windows Security templates.
  5. Wait for all file copies to complete and restart the server.

Windows Server 2003 Post-SP2 Hotfix Installation

All hotfixes are installed through a batch file. For a complete list of hotfixes that are installed, see Contoso server build DVD hotfix list. A sample hotfix list can be seen at Server Build DVD - Sample Hotfix List.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and was delegated local Administrator access.

  2. Insert the Exchange 2007 Configuration DVD.

  3. Browse to \W2K3-PostSP2\ and double-click W2K3-post-sp2.bat.

  4. Click Yes for any Digital Signature not Found dialog boxes that may appear.

    Note:
    These dialog boxes will not appear in environments that have not deployed the Windows Security templates.
  5. Wait for all file copies to complete and restart the server.

Domain Membership Configuration

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Click Start, right-click My Computer and select Properties.

  3. Click the Computer Name tab.

  4. Click Change.

  5. Choose the Domain option button and enter the appropriate Domain name.

  6. Enter the appropriate credentials.

  7. Click OK and OK.

  8. Click OK to close the System Properties.

  9. Restart the server.

Local Administrators Verification

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Verify (or add if not already there) that the following accounts are members of the local administrators group on this server.

    Local administrators

    Item Account Description Role

    1

    Domain Admins

    Domain Administrative Global Group

    Administrator

    2

    Root Domain\Exchange Organization Administrators

    Exchange Administrators

    Administrator

  3. Verify that your user account is a member of a group which is a member of the local administrators group on the Windows Server 2003 server. If it is not, use an account that is a member of the local administrators group before continuing.

Local Administrator Account Password Reset

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Click Start, right-click My Computer and select Manage.

  3. Expand to Local Users and Groups\Users.

  4. Right-click Administrator and select Set Password. Change the password so that it meets strong complexity requirements.

  5. Optional: Right-click Administrator and select Rename. Rename the account according to company regulations.

Tools Installation

This section installs several useful tools that will aid administrators in Exchange administration and in troubleshooting support issues.

Note:
Debugging Tools for Windows will allow administrators to debug processes that are affecting service and determine root cause. For more information, see Debugging Tools for Windows - Overview.
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Insert the Exchange 2007 Configuration DVD.

  3. Open a command prompt and browse to the \Support folder.

  4. Run the following command where DVDROM-Drive is the DVD drive: E2K7Toolsinstall.cmd DVDROM-Drive (ex: E2K7Toolsinstall.cmd Z:).

  5. Right-click the c:\Tools folder and select Properties.

  6. Click the Security tab.

  7. Click the Advanced button.

  8. Clear Inheritance and copy the permissions.

  9. Remove the Everyone (and if listed, the Authenticated Users) security principal.

  10. Add the following groups, granting FULL CONTROL:

    1. SYSTEM

    2. The local Administrators group

    3. Creator Owner

Page File Modifications

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Click Start, right-click My Computer and select Properties.

  3. Select the Advanced tab.

  4. Under Startup and Recovery, click the Settings button.

    1. Under Write Debugging Information, change the memory dump drop-down list to Kernel Memory Dump.

    2. Click OK.

  5. Under Performance, click the Settings button.

  6. Click the Advanced tab.

  7. Under Virtual Memory, click the Change button.

  8. On servers that have a dedicated page file drive, follow these steps:

    1. For the C: drive, set the Initial Size (MB) value to a minimum of 200 MB. (Windows requires between 150 MB and 2 GB of page file space. The amount depends on server load and on the amount of physical RAM that is available for page file space on the boot volume when Windows is configured for a kernel memory dump. Therefore, you may be required to increase the size.)

    2. For the C: drive, set Maximum Size (MB) to the value of Initial Size.

    3. For the P: drive, type the result of one of the following calculations in the Initial Size (MB) box:

      - If the server has less than 8 GB of RAM, multiply the amount of RAM times 1.5.

      - If the server has 8 GB of RAM or more, add the amount of RAM plus 10 MB.

    4. For the P: drive, set Maximum Size (MB) to the value of Initial Size.

    5. Delete any other page files.

    6. Click OK.

  9. On servers that do not have a dedicated page file drive, follow these steps:

    1. For the C: drive, type the result of one of the following calculations in the Initial Size (MB) box:

      - If the server has less than 8 GB of RAM, multiply the amount of RAM times 1.5.

      - If the server has 8 GB of RAM or more, add the amount of RAM plus 10 MB.

    2. For the C: drive, set Maximum Size (MB) to the value of Initial Size.

    3. Delete any other page files.

    4. Click OK.

  10. Click OK to close the System Properties dialog box.

  11. Click No if you are prompted to restart the system.

Drive Permissions

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Click Start and select My Computer.

  3. Right-click the D Drive and select Properties.

  4. Click the Security tab.

  5. Select the Everyone group and then click Remove.

  6. Select Users and then click Remove.

  7. Click Add and select the local server from Locations.

  8. Grant the following rights as outlined in the following table.

    Drive permissions

    Account Permissions

    Administrators

    Full Control

    SYSTEM

    Full Control

    Authenticated Users

    Read and Execute, List, Read

    CREATOR OWNER

    Full Control

  9. Click the Advanced button.

  10. Select the CREATOR OWNER permission entry and then click View/Edit.

  11. Select Subfolders and Files Only from the drop-down list.

  12. Click OK two times.

  13. Click OK to close the drive properties.

  14. Repeat steps 3-10 for each additional drive (other than the C drive).

Verification Steps

Organizational Unit Verification

Submit a change request and have the computer object moved to the appropriate organizational unit (OU). If following the recommendations in the Exchange 2007 Security Guide, the OU will \Member Servers\Exchange Backend Servers\Exchange Hub Transport Servers.

Active Directory Site Verification

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Open a command prompt.

  3. Verify that the server is in the correct domain and Active Directory site. At the command line type:

    Copy Code
    NLTEST /server:%COMPUTERNAME% /dsgetsite
    
  4. The name of the Active Directory site to which the server belongs will be displayed. If the server is not in the correct Active Directory site, submit a change request to the appropriate operations group and have the server moved to the appropriate Active Directory site.

Domain Controller Diagnostics Verification

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Open a command prompt and change paths to the C drive.

  3. Run the following command:

    Copy Code
    dcdiag /s:<Domain Controller> /f:c:\dcdiag.log
    
    Note:
    Change <domain Controller> to a domain controller contained within the same Active Directory site as the Exchange server.
  4. Review the output of C:\dcdiag.log file and verify that there are no connectivity issues with the local domain controller.

  5. Repeat steps 3 and 4 for each domain controller in the local Active Directory site.

    Note:
    Domain Controller Diagnostics (DCDiag) is a Windows support tool that tests network connectivity and DNS resolution for domain controllers. If the account being used does not have administrative rights, several tests under the Doing primary tests heading may not pass. These tests can be ignored if the connectivity tests pass. In addition, the log file may report that some service validation tests did not pass. These messages can be ignored if the services do not exist on the domain controller.

Network Diagnostics Verification

Network Diagnostics (NETDIAG) is a Windows support tool that tests network connectivity and DNS resolution for workstations and servers. Look for tests that failed and messages designated as "FATAL," and use this information to isolate network and connectivity problems.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Open a command prompt and change paths to the C drive.

  3. Type the following command: netdiag /Q /L.

  4. Review the output of C:\netdiag.log file and verify that there are no network or connectivity issues with the Exchange server.

Exchange Best Practices Analyzer Verification

Connect to a server in the environment that either has the Exchange Best Practices Analyzer installed or the Exchange 2007 Management tools installed through Remote Desktop and log on with an account that has local administrative access. Depending on the configuration, do the following:

  1. Click Start, All Programs, Microsoft Exchange and select Best Practices Analyzer.

  2. Click Start, All Programs, Microsoft Exchange Server 2007 and select Exchange Management Console.

  3. Click Toolbox.

  4. Double-click Best Practices Analyzer.

  5. Check and apply any updates for the Best Practices Analyzer engine.

  6. Provide the appropriate information to connect to Active Directory and then click Connect to the Active Directory server.

  7. In the Start a New Best Practices Scan, select Exchange 2007 Readiness Check and then click Start Scanning.

  8. Review the report and take action on any errors or warnings that are reported by following the resolution articles that are provided within the Best Practices Analyzer.

    Note:
    The Microsoft Exchange Analyzers help Microsoft Exchange Server administrators troubleshoot various operational support issues.

Exchange Installation

The following CD media are required for this section.

  • Microsoft Exchange 2007 DVD

  • Exchange 2007 Configuration DVD

Exchange 2007 Prerequisites Installation

The following prerequisites will be installed through a batch file.

(This note should be updated to list the appropriate list of hotfixes for your environment.)

The installation steps are as follows:

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Insert the Exchange 2007 Configuration DVD.

  3. Browse to \E2K7-PreReqs\ and double-click E2K7-prereqs.bat.

  4. Click Yes for any Digital Signature not Found dialog boxes that may appear.

    Note:
    These dialog boxes will not appear in environments that have not deployed the Windows Security templates.
  5. Wait for all file copies to complete and restart the server.

  6. Install the Microsoft Filter Pack. For more information, see 2007 Office System Converter: Microsoft Filter Pack.

Exchange 2007 Installation

Though this document uses the command line method for installing the Exchange roles, the GUI can also be used. For more information about how to use the setup GUI to install an Exchange role, see the Exchange 2007 Online Help topic How to Perform a Custom Installation Using Exchange 2007.

Important:
If this is the first Hub Transport server role being installed into a green-field Exchange 2007 organization, then you should specify the optional setup parameter /EnableLegacyOutlook if you will have client computers that are running Microsoft Office Outlook 2003 or earlier.
  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and was delegated the Exchange Server Administrator role (or higher) if the server was pre-created.

  2. Follow the procedure from the Exchange 2007 Online Help topic How to Install Exchange 2007 in Unattended Mode. For example, setup.com /r:MB /t:d:\exchsrvr.

Exchange Server 2007 Post-SP1 Roll-up Installation

All hotfixes are installed through a batch file. For a complete list of hotfixes that are installed, see the Contoso server build DVD hotfix list.

A sample hotfix list can be seen at Server Build DVD - Sample Hotfix List.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and was delegated local Administrator access.

  2. Insert the Exchange 2007 Configuration DVD.

  3. Browse to \E2K7-PostSP1\ and double-click E2K7-postsp1.bat.

  4. Click Yes for any Digital Signature not Found dialog boxes that may appear.

    Note:
    These dialog boxes will not appear in environments that have not deployed the Windows Security templates.
  5. Wait for all file copies to complete and restart the server.

Exchange Search Configuration

  1. Connect to the server through Remote Desktop, and then log on by using an account that has local administrative access.

  2. Follow the instructions that are in How to Register IFilters 2.0 with Exchange 2007 and Exchange 2010.

  3. If you want to search through PDF files, install the Adobe PDF iFilter 9 for 64-bit platforms, and then follow the instructions that are mentioned in the Adobe document Configuring PDF iFilter for MS Exchange Server 2007.

The third-party Web site information in this topic is provided to help you find the technical information you need. The URLs are subject to change without notice.

Product Key Configuration

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access and was delegated the Exchange Organization Administrator role.

  2. Follow the procedure outlined in the Exchange 2007 Online Help topic How to Enter the Product Key.

Security Configuration Wizard

This section is optional and may be skipped.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Follow the procedures from the Exchange 2007 Online Help topic How to Install the Security Configuration Wizard to install the Security Configuration Wizard.

  3. Follow the procedures from the Exchange 2007 Online Help topic How to Register Exchange Server Role SCW Extensions to register the Exchange 2007 Edge Transport Server SCW extension.

  4. Follow the procedures from the Exchange 2007 Online Help topic How to Create a New Exchange Server Role SCW Policy to configure and apply the policy.

System Performance Verification

By default, Exchange Server 2007 optimizes the server’s memory management for programs, which configures the server’s system cache as the default size. Hub Transport servers will benefit from this configuration.

  1. Connect to the server through Remote Desktop and log on with an account that has local administrative access.

  2. Click Start, right-click My Computer and select Properties.

  3. Select the Advanced tab.

  4. Under Performance, click the Settings button.

    1. Click the Advanced tab.

    2. Verify that the Processor Scheduling is set to Background Services.

    3. Verify that the Memory Usage is set to System Cache.

  5. Click OK.

Exchange Server Role Configuration

Default Receive Connector Configuration

By default, the default receive connector will accept various authentication mechanisms and allow users as well as Exchange servers to connect. The following steps modify this behavior by restricting the type of authentication that can occur and ensuring only Exchange servers can connect and transmit messages to this receive connector. In addition to the default receive connector, each Hub Transport server has a client receive connector that listens on TCP 587.

For more information, see Receive Connectors.

  1. Connect to the server via Remote Desktop and log on with an account that has local administrative access and has been delegated the Exchange Server Administrator role (or higher).

  2. Click Start, All Programs, Microsoft Exchange Server 2007 and select Exchange Management Shell.

  3. Modify the default receive connector’s permissions and authentication mechanisms using the following command where <DCName> is the name of a domain controller:

    Copy Code
    Set-ReceiveConnector "<ServerName>\Default <ServerName>" -PermissionGroups "ExchangeServers, ExchangeLegacyServers" -AuthMechanism ExchangeServer -ProtocolLoggingLevel:Verbose -DomainController <DCName>
    

Transport Server Configuration

Note:
Before manipulating message size limits, review the Managing Message Size Limits topic in the Exchange 2007 Online Help.
  1. Connect to an Exchange 2007 server via Remote Desktop and log on with an account that has local administrative access and has been delegated the Exchange Server Administrator role (or higher).

  2. Click Start, All Programs, Microsoft Exchange Server 2007 and select Exchange Management Shell.

  3. Use the following table for information needed for the commands.

    Important:
    The values in the following table are example values, not recommended values. These values must be updated to reflect the actual values for your organization.

    Default value Example value

    MessageTrackingLogEnabled

    True

    True

    MessageTrackingLogMaxAge

    30.00:00:00

    10.00:00:00

    MessageTrackingLogMaxDirectorySize

    250 MB

    150 GB

    MessageTrackingLogMaxFileSize

    10 MB

    10 MB

    MessageTrackingLogSubject LoggingEnabled

    True

    True

    MaxPerDomainOutboundConnections

    20

    50

    ReceiveProtocolLogMaxDirectorySize

    250 MB

    15 GB

    ReceiveProtocolLogMaxFileSize

    10 MB

    10 MB

    ReceiveProtocolLogMaxAge

    30.00:00:00

    10.00:00:00

    SendProtocolLogMaxDirectorySize

    250 MB

    15 GB

    SendProtocolLogMaxFileSize

    10 MB

    10 MB

    SendProtocolLogMaxAge

    30.00:00:00

    10.00:00:00

    ExternalDsnReportingAuthority

    Server FQDN

    SMTP namespace

    ExternalPostmasterAddress

    postmaster@smtpnamespace

  4. Modify various settings on the default receive connector by running the following command where <DCName> is the name of a domain controller:

    Copy Code
    Set-TransportServer <ServerName> -MessageTrackingLogMaxAge <MaxAge> -MessageTrackingLogMaxDirectorySize <LogDirSize> -MessageTrackingLogMaxFileSize <LogFileSize> -MessageTrackingLogSubjectLoggingEnabled <SubjectLogEnabled> -MaxPerDomainOutboundConnections <PerDomainOutboundConnections> -ReceiveProtocolLogMaxDirectorySize <ReceiveLogDirSize> -ReceiveProtocolLogMaxFileSize <ReceiveLogFileSize> -ReceiveProtocolLogMaxAge <ReceiveLogAge> -SendProtocolLogMaxDirectorySize <SendLogDirSize> -SendProtocolLogMaxFileSize <SendLogFileSize> -SendProtocolLogMaxAge <SendLogAge> -ExternalDsnReportingAuthority <SMTPNamespace> -ExternalPostmasterAddress <PostmasterAddress> -DomainController <DCName>
    

Transaction Log Location

  1. Connect to an Exchange 2007 server via Remote Desktop and log on with an account that has local administrative access and has been delegated the Exchange Server Administrator role (or higher).

  2. Verify that the MSExchangeTransport service is stopped. If it is not stopped, stop the service.

  3. Create the folder E:\Exchange\QueueLogs.

  4. Move the TRNxxxx.LOG and *.JRS files from <Exchange Install Path>\TransportRoles\Data\Queue to the E:\Exchange\QueueLogs.

  5. Navigate to <Exchange Install Path>\bin.

  6. Open the EdgeTransport.exe.config file in Notepad and edit the following entry:

    Copy Code
    <add key="QueueDatabaseLoggingPath" value="E:\Exchange\QueueLogs" />
    
  7. Save the file.

Transport Logs Location

  1. Connect to an Exchange 2007 server via Remote Desktop and logon with an account that has local administrative access and has been delegated the Exchange Server Administrator role (or higher).

  2. Verify that the MSExchangeTransport service is stopped; if it is not stopped, stop the service.

  3. Create the E:\Exchange\Logs folder.

  4. Move the folders that reside in <Exchange Install Path>\TransportRoles\Logs to the E:\Exchange\Logs folder.

  5. Open the Exchange Management Shell and run the following commands:

    Copy Code
    Set-TransportServer <ServerName> -ConnectivityLogPath "E:\Exchange\Logs\Connectivity" -MessageTrackingLogPath "E:\Exchange\Logs\MessageTracking" -ReceiveProtocolLogPath "E:\Exchange\Logs\ProtocolLog\SmtpReceive" -SendProtocolLogPath "E:\Exchange\Logs\ProtocolLog\SmtpSend" -RoutingTableLogPath "E:\Exchange\Logs\Routing"
    
  6. Open a command prompt and start the transport service by running the following command:

    Copy Code
    command net start MSExchangeTransport
    

Database Cache Size

Important:
This procedure only applies to Hub Transport servers that have 4 GB or more of physical RAM.
  1. Connect to an Exchange 2007 server via Remote Desktop, and then log on by using an account that has local administrative access and that has been delegated the Exchange Server Administrator role (or higher).

  2. Verify that the MSExchangeTransport service is stopped. If it is not stopped, stop the service.

  3. Move to the <Exchange Install Path>\bin directory.

  4. Open the EdgeTransport.exe.config file in Notepad, and then change the DatabaseMaxCacheSize entry to 536870912:

    Copy Code
    <add key="DatabaseMaxCacheSize" value="536870912" />
    
  5. Save the file.

Temporary Storage Path

  1. Connect to an Exchange 2007 server via Remote Desktop, and then log on by using an account that has local administrative access and that has been delegated the Exchange Server Administrator role (or higher).

  2. Verify that the MSExchangeTransport service is stopped. If it is not stopped, stop the service.

  3. Move to the <Exchange Install Path>\bin directory.

  4. Open the EdgeTransport.exe.config file in Notepad, and then change the TemporaryStoragePath entry to point to the mail.que drive. By default, this path is "C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Temp."

    Copy Code
    <add key="TemporaryStoragePath" value="<path of mail queue>" />
    
  5. Save the file.

ESE Performance Counter Activation

  1. Connect to the server via Remote Desktop, and then log on by using an account that has local administrative access.

  2. Start Registry Editor.

  3. Locate the HKEY_LOCAL_MACHINE\CurrentControlSet\Services\ESE\Performance registry subkey.

  4. Right-click Performance, point to New, and then click DWORD Value.

  5. Type Show Advanced Counters to name the new value.

  6. Double-click Show Advanced Counters.

  7. In the Value data box, type 1, and then click OK.

  8. Exit Registry Editor.

Handoff Test

  1. Using a test mailbox, send sample messages to various mailboxes and verify that mail is successfully delivered.

  2. Send sample messages from Internet mailboxes to various internal test mailboxes and verify that the mail is successfully delivered.

  3. Review the event logs and tracking logs to ensure that the Hub Transport server is operating correctly.