MS Exchange?

Trigger · 30 Jul 2006 at 22:59

Thanks again for the reply.

Now this is something that confused me in the book, I can't see how the exchange server will have anything but an internal IP because it will be behind a router and ISA server so would they need to point the MX records for that domain to the IP address they give us and then forward the ports at our end or am I being daft here?

On a side note, do you know if outlook will take the %username% variable as the mailbox name? I think I have a solution to the profile problem if so because I can redirect the application data folder to the users home drive I think

Thanks for the help,

Ben

oddjob62 · 31 Jul 2006 at 07:57

Trigger said:
Thanks again for the reply.

Now this is something that confused me in the book, I can't see how the exchange server will have anything but an internal IP because it will be behind a router and ISA server so would they need to point the MX records for that domain to the IP address they give us and then forward the ports at our end or am I being daft here?

On a side note, do you know if outlook will take the %username% variable as the mailbox name? I think I have a solution to the profile problem if so because I can redirect the application data folder to the users home drive I think

Thanks for the help,

Ben

The exchanger server will have an internal address (unless you are no-NATing) You need to forward port 25 (and 443 if you want OWA using HTTPS) to that internal address.

You can make Outlook use the %username% variable, but you need to do a custom install of Outlook with a MST file. There are quite a few things you can change with the CIW (Custom Installation Wizard) found in the Office Resource Kit, so you may want to have a play around, it could save you having to redirect the apps folder.

Trigger · 31 Jul 2006 at 09:19

Right okay, thanks again

I'll have a play with outlook then to see what I can do with it. I'm still a bit confused about the IP addressing though, do I need to ask county to just point their MX records at our IP address and then the mail will find its own way to the exchange server internally and I don't need to forward any ports unless we implement OWA which is quite possible?

I was also reading something on a website last night which said don't install exchange on a domain controller whereas the book said it's better to have it installed on a DC so could you clear that up for me as well please?

Thanks

Ben

Burnsy2023 · 31 Jul 2006 at 13:04

I'm envious, I've wanted to implement exchange here for a long time but the city council refuses to open the ports so we have to stick to Imail.

:mad:

Burnsy

Trigger · 31 Jul 2006 at 13:17

Would you mind saying who your LEA is? I hope ours don't refuse it

Burnsy2023 · 31 Jul 2006 at 13:22

Trigger said:
Would you mind saying who your LEA is? I hope ours don't refuse it

Southampton City Council.

I would most certainly check before you do anything else.

Burnsy

oddjob62 · 31 Jul 2006 at 15:45

Trigger said:
Right okay, thanks again

I'll have a play with outlook then to see what I can do with it. I'm still a bit confused about the IP addressing though, do I need to ask county to just point their MX records at our IP address and then the mail will find its own way to the exchange server internally and I don't need to forward any ports unless we implement OWA which is quite possible?

I was also reading something on a website last night which said don't install exchange on a domain controller whereas the book said it's better to have it installed on a DC so could you clear that up for me as well please?

Thanks

Ben

No you definately have to forward port 25 (SMTP).

I have installed on a DC and on a non DC with no issues on either. Just make sure the machine has high enough spec. (exchange can be quite a memory hog)

Trigger · 31 Jul 2006 at 17:49

Okay, thanks to both of you.

I'll send our LEA an email to see if they would be prepared to alter their MX records for us

oddjob, do you know whether I need to do anything in ISA server? At the moment, we have a cisco router on one IP address which connects to our ISA server which is on a completley different IP range which the internal network uses so do I forward port 25 on the router to the ISA server and then forward port 25 on the ISA server to the Exchange server?

Also, I'm struggling to decide whether the server which runs exchange should be a DC or not so any help with that would be appreciated :cool:

Finally, exchange antivirus- as the rest of our network has Sophos installed, I'm looking at this, do you think it looks okay?

Thanks for all your help, it's very much appreciated

Ben

csmager · 31 Jul 2006 at 18:13

Trigger said:
Okay, thanks to both of you.

I'll send our LEA an email to see if they would be prepared to alter their MX records for us

They don't have to alter the MX records. They can just setup a rule in their MX system that mail to <yourschool>.county.sch.uk should be forwarded to another mail server. Although ideally they'll alter your MX records, as this only creates another point of failure. Although on the plus side, they could use this as a way provide a backup MX service for you.

Also, I'm struggling to decide whether the server which runs exchange should be a DC or not so any help with that would be appreciated

Not a good idea - if you can avoid it, don't put Exchange on a DC. Until SP2, Exchange used to have loads of problems doing it (it would shut down AD before Exchange when powering off, which caused Exchange to hang).

Finally, exchange antivirus- as the rest of our network has Sophos installed, I'm looking at this, do you think it looks okay?

Sophos would be fine, i'd've thought. Especially as you're already using it - they might offer you a deal. Exchange offers Anti-spam out of the box now (IMFv2), but I would think third party add-ons provide a bit more control!

oddjob62 · 31 Jul 2006 at 18:32

Trigger said:
Okay, thanks to both of you.

I'll send our LEA an email to see if they would be prepared to alter their MX records for us

oddjob, do you know whether I need to do anything in ISA server? At the moment, we have a cisco router on one IP address which connects to our ISA server which is on a completley different IP range which the internal network uses so do I forward port 25 on the router to the ISA server and then forward port 25 on the ISA server to the Exchange server?

Also, I'm struggling to decide whether the server which runs exchange should be a DC or not so any help with that would be appreciated

Finally, exchange antivirus- as the rest of our network has Sophos installed, I'm looking at this, do you think it looks okay?

Thanks for all your help, it's very much appreciated

Ben

The setup you will need to do with the pix and ISA depends how it's set up. might be that IPs are straight routed through the PIX, in which case you just need to modify the access lists to allow SMTP through to the ISA server. Then yet you will need to set up forwarding on ISA and allow SMTP traffic to the server

For a lot of my clients i set up the exchange server as a DC but that's simply because generally of my clients are smaller and only have 2 servers (dc/file/print and Exchange) So having the exchange server as a secondary DC is useful.

Trigger · 4 Aug 2006 at 08:36

Okay thanks

I think I've decided not to run it on a DC though.

At the moment though I'm struggling with profiles

I've been creating a test mandatory profile with all the bits and bobs configured and that works fine on it's own. I then installed outlook with my MST file which tells it the exchange server name and uses the %username% variable as the mailbox and that works well but everytime the user logs off and logs back on, you get that box up which says 'Configuring Microsoft Office 2003 ........'. No problem though, I thought- I'd just take the profile back down for editing, allow it to do all the configuring lark and then send it back up to the server but now instaed of connecting to that users mailbox, it tries to connect to the mailbox of the user I used to edit the profile

The only thing that actually 'roams' in the profile is ntuser.man- everything else is either binned or redirected elsewhere including the appdata folder so it looks like it must me storing some of the outlook information in the ntuser file.

Is there any way around this?

Thanks for the help so far :cool:

Ben

Trigger · 5 Aug 2006 at 12:52

Bump

oddjob62 · 5 Aug 2006 at 13:23

Well unfortunately the profile settings will be stored in the HKLU part of the registry (which will be stored in ntuser.dat) No way round this afaik i'm afriad.

Trigger · 6 Aug 2006 at 10:26

Okay, thanks

I have a couple more questions now...

1.) What are my options with the profiles? Is there no way in which I can open ntuser.man and edit it in a plain text sort of way?

2.) Is it worth using reverse DNS on the mail server? From what I've read though it won't work very well in our environment as it would have to make too many hops or something along those lines :confused:

Thanks

Ben

Over Clocker · 6 Aug 2006 at 11:49

Hi there,

I run an exchange server in a secondary school also, but for the moment we use OWA except for certain office staff and leadership group etc.

You can edit the ntuser.man by loading the hive using regedt32 on the server.

I'll assume you've done this before, but if not, give us a shout.

In relation to running reverse DNS, it is a must for anyone running exchange because you need to register your mail domain with AOL email system or their systems will block ALL emails sent from your system to an AOL address!

Mal

Mal

csmager · 6 Aug 2006 at 11:52

And with regards the other question, unless you're using a smarthost then reverse DNS is essential - some mail servers will not accept delivery unless an rDNS entry exists.

I can't see that there's any problem - all you have to do is get your ISP to add a record for your servername to your server's static IP.

Unless, of course, you mean something completely different?(!)

Trigger · 6 Aug 2006 at 12:44

Over Clocker said:
Hi there,

I run an exchange server in a secondary school also, but for the moment we use OWA except for certain office staff and leadership group etc.

You can edit the ntuser.man by loading the hive using regedt32 on the server.

I'll assume you've done this before, but if not, give us a shout.

In relation to running reverse DNS, it is a must for anyone running exchange because you need to register your mail domain with AOL email system or their systems will block ALL emails sent from your system to an AOL address!

Mal

Mal

Thanks- that could save a lot of work :cool:

You wouldn't know where abouts the outlook settings I need in there are would you?

csmager said:
And with regards the other question, unless you're using a smarthost then reverse DNS is essential - some mail servers will not accept delivery unless an rDNS entry exists.

I can't see that there's any problem - all you have to do is get your ISP to add a record for your servername to your server's static IP.

Unless, of course, you mean something completely different?(!)

Erm, I'm not sure- I just asked about it because the bit in the book said "Reverse DNS lookup can serverly impact the performance of message transfer and prohibit the relaying of messages through multiple hops" :confused:

Over Clocker · 6 Aug 2006 at 13:09

We run reverse DNS and our messages are delivered quicker than you could imagine!!

With regard to where the settings are in the registry for Outlook Profiles, its something i've steered clear of i'm afraid.

Outlook Web Access is so good you don't really need to worry!

Otacon · 6 Aug 2006 at 13:26

You want to use a PRF file. When you have the file published in a share somewhere, drop a script in to write the following registry value with the UNC path to it:

Code:

HKCU\Software\Microsoft\Office\11.0\Outlook\Setup\ImportPRF

You're welcome to use my vbscript if you like. It searched for the PRF file in the NETLOGON share of the DC used to authenticate the user:

Code:

' Sets registry keys that instruct Outlook to import and apply a MAPI profile (PRF File)
' Requires:
'	1:Microsoft Outlook 2003 or XP
' Written By: Darren Worrall
' Date Created 30/05/2006
' 1.0 Initial Script

Option Explicit

' Declare Variables
Dim envLogonServer
Dim OfficeKeyRoot
Dim PRFValueName
Dim ImportPRFValue
Dim WshShell
Dim FSO
Dim Registry
Dim WriteReg
 
'Set Constants
Const HKEY_CURRENT_USER = &H80000001

'Set Global Variables (Change me if needs be)
OfficeKeyRoot = "Software\Microsoft\Office\11.0\Outlook\Setup"
PRFValueName = "ImportPRF"

' Prevent GPO Hanging (Comment out to debug)
On Error Resume Next

'-----------------------------------------------------------------------------------------
' Bind Required Objects
Set WshShell = WScript.CreateObject("WScript.Shell") 
Set Registry = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

' Read Environment Variables 'LogonServer' And Set Final PRF Target Variable Based On That
envLogonServer = WshShell.ExpandEnvironmentStrings("%LOGONSERVER%")
ImportPRFValue = envLogonServer & "\NETLOGON\Outlook\Default_Outlook_2003_Settings.PRF"

'Write registry value, creating key if needs be
WriteReg = Registry.CreateKey(HKEY_CURRENT_USER, OfficeKeyRoot)
WriteReg = Registry.SetStringValue(HKEY_CURRENT_USER, OfficeKeyRoot, PRFValueName, ImportPRFValue)

Outlook only ever reads the PRF file on first run, but with mandatory profiles it essentially always is.

[edit]Silly vB. There are some unwanted spaces in there, but it's pretty obvious where they are.

Trigger · 6 Aug 2006 at 16:14

Thanks Daz- Much appreciated

I'll give it a go....

Over Clocker said:
We run reverse DNS and our messages are delivered quicker than you could imagine!!

With regard to where the settings are in the registry for Outlook Profiles, its something i've steered clear of i'm afraid.

Outlook Web Access is so good you don't really need to worry!

Okay then, thanks :cool:

I'll make sure that reverse DNS is enabled then and I'm looking at some stuff on OWA here

Thanks again

Ben