Tag Archives: Exchange 2019

Exchange 2016, Exchange 2019, Skype for Business 2015

Skype for Business IM integration with Exchange 2016 OWA–Part 2

Leave a comment

This article is a completion of Part 1, Click here to go to Part 1

Configuration Steps – Part 2

7. On Exchange: Enable OWA VD Instant Messaging
8. On Exchange: Enable Messaging on OWA Policy
9. On Exchange: Create Enterprise Application for Skype Pool.
10. On Exchange: Create new SettingOverride for Skype for Business.
11- Generate a new Certificate for Exchange IM
12. Assign the newly imported certificate to IIS Exchange Back End site
13. On Exchange: Restart the WebAppPool
14. Log out and sign back in to OWA to Check
15. Troubleshooting methods

    7- On Exchange Server: Enable OWA VD Instant Messaging

    Part of enabling IM integration between Exchange and SfB is to enable OWA Virtual Directory to allow this. The below cmdlet does the job for you on all your Exchange Servers

    From Exchange, Launch Exchange Management and run the following cmdlet

    Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnabled $true -InstantMessagingType Ocs

    clip_image001[6]_thumb

    8- On Exchange: Enable Messaging on OWA Policy

    Run the following to enable Messaging for Owa Policy

    Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -InstantMessagingEnabled $true -InstantMessagingType Ocs

    clip_image001[6]_thumb[1]

    9- On Exchange: Create Enterprise Application for Skype Pool.

      From Exchange Management shell Run the following cmdlet

      Cd $exscripts

      .\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl “https://sbg-pool01.domain.com/metadata/json/1” -ApplicationType Lync

      The AuthMetadataUrl is going to be your local Skype for Business Pool URL. This URL should work in your Exchange server without any Certificate error. Meaning that the certificate assigned to your Skype for Business pool should already be imported to Exchange Servers to trust this URL.

      image_thumb[14]

        If your previous configuration is correct then you should see the “The Configuration has Succeeded” Message.

          10- On Exchange: Create new SettingOverride for Skype for Business.

          Notes:

          • To configure the same settings on all Exchange 2016 and Exchange 2019 servers in the Active Directory forest, don’t use the Server parameter.

          New-SettingOverride -Name “<UniqueOverrideName>” -Component OwaServer -Section IMSettings -Parameters @(“IMServerName=<Skype server/pool  name>”,”IMCertificateThumbprint=<Certificate Thumbprint>”) -Reason “<DescriptiveReason>” [-Server <ServerName>]

          The Thumbprint you use here will define if whether IM will work or not as this what secures the communication between Exchange and Skype. If you use the wrong certificate your Integration will fail and users wont be able to login to IM through OWA.

          11- Generate a new Certificate for Exchange IM

          IMPORTANT NOTE:

          In order for IM in OWA to work the certificate you will generate must have its common name set as mail.domain.com to match the configuration.

          Using Digicert tool on Exchange Server I will generate the CSR of the new certificate

          Click on Create CSR

          image_thumb[15]

          Choose SSL certificate type and make sure you choose Mail.domain.com as CN

          In the SANs type all of the involved servers (Skype for Business Frontends, Mailbox servers in FQDN and in Hostnames as in the screenshot below). and click on Generate

          image_thumb[16]

          • Go to your CA Server’s CertSRV URL and copy the CSR code there to generate the new certificate.
          • Import the new certificate to the current server, then export it in PFX format and import it to all the Exchange Servers you’re planning to use.

          image_thumb[18]

          • After importing the certificate I will verify that I can see the private key

          image_thumb[19]

          Click on the Details and copy the Thumbprint or from MMC right click the certificate > Properties give it a friendly name e.g. (IM) and then from Exchange Management shell you can copy the Thumbprint directly.

          Get-ExchangeCertificate | select thumbprint,friendlyName

          image_thumb[20]

          Now use the previous script to create the setting Override for OwaServer.

          Things you can change are in bold “Name, IM Servername Value, and the Thumbprint value”.

          New-SettingOverride -Name “IM Override” -Component OwaServer -Section IMSettings -Parameters @(“IMServerName=SBG-Pool01.domain.com“,”IMCertificateThumbprint= 28E4B1BA0F2FCB1535AF199F02A64EFC78367F2D“) -Reason “Configure IM”

          image_thumb[21]

          If you enter the server parameter to use a single server you can change that by using. Note that you must not use FQDN but rather only the server’s hostname.

          Get-SettingOverride | Set-SettingOverride -Server sbg-mx01,sbg-mx02

          image_thumb[22]

          This should generate an event ID 112 on Exchange servers involved in the deployment.

          clip_image001[9]_thumb

            12. Assign the newly imported certificate to IIS Exchange Back End site

            Once the certificate is in the server store, You will be able to easily find in from IIS and bind it to the Exchange Back End site.

            This is the most crucial step to get IM to work in OWA. Don’t worry about breaking up Exchange Sites or Powershell. If you have added Exchange Servers Hostnames and FQDNs in this certificate then you should be good.

            • Now Launch IIS
            • Click on Exchange Back End
            • Select Binding
            • Click on the 444 port and edit
            • Select the newly generated certificate that has the mail.domain.com as CN. (This certificate must also have all Exchange Servers hostnames and FQDNs set as SANs)

            image_thumb[23]

            image_thumb[24]

            Make sure you change the backend cert to the new on all the involved Exchange Servers.

            13. On Exchange: Restart the WebAppPool

            Restart-WebAppPool MSExchangeOWAAppPool

            image_thumb[25]

              14. Log out and sign back in to OWA to Check

              Log out of OWA and back in and check if you are able to Login to IM . It should normally sign you in automatically but in case of an error then you should see it.

              image_thumb[29]

              In case of an error you should see the following.

              image_thumb[27]

              If it works then you should see the presence

              image_thumb[28]

              15. Troubleshooting Methods

              If you follow the above steps correctly then it should work especially when applying the right certificate for your Exchange Back End IIS part however if you face an error then you should do the following steps to troubleshoot the error

              • Set the Eventlog for Instant Messaging on Exchange from Low to High

              Set-EventLogLevel -Identity “sbg-mx01\MSExchange OWA\InstantMessage” -Level High

              image_thumb[30]

              • Look in the following path for errors

              C:\Program Files\Microsoft\Exchange Server\V15\Logging\OWA\InstantMessaging

              • Check the Healthset of the OWA Instant Messaging.

              Get-ServerHealth -HealthSet OWA.Protocol.Dep -Server sbg-mx01 | Format-Table Name, AlertValue –Auto

              image_thumb[31]

              Get-MonitoringItemIdentity -Server sbg-mx01 -Identity OWA.Protocol.Dep | Format-Table Identity,ItemType,Name -Auto

                image_thumb[32]

                Ref

                https://docs.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/configure-im-integration-with-owa?view=exchserver-2019

                https://docs.microsoft.com/en-us/exchange/high-availability/managed-availability/health-sets?view=exchserver-2019

                Exchange 2016, Exchange 2019, Skype for Business 2015

                Skype for Business IM integration with Exchange 2016 OWA–Part 1

                Leave a comment

                The Story

                A good and detailed documentation is everything we need to implement any kind of project especially if it’s an integration between two different servers that perform different roles.

                And with PKI involved the complications multiply thus a good article write up is what we need.

                Previously I have tried a test lab with Skype for Business 2015/2019 IM Integration with Exchange 2016/2019 and the result was a complete failure and endless search for what’s missing to get IM to work from OWA?

                image

                ERROR

                Upon completion of the steps mentioned in Microsoft’s Official documentation and after restarting Exchange IIS or OWAAppPool you will see this when you try to login to OWA with your user

                There’s a problem with instant messaging. Please try again later.

                image

                MS Official Documentation

                In their Official documentation Microsoft says that the certificate in question must be trusted by all the servers involved meaning Skype for Business Frontend and Mailbox Servers.

                Meanwhile this is true, it still would not get the IM to login/work although it might drop the initialize event ID 112 in the event log.

                clip_image001

                Here is what MS says about the certificate.

                Exchange and Skype for Business integration requires server certificates that are trusted by all of the servers involved. The procedures in this topic assume that you already have the required certificates. For more information, see Plan to integrate Skype for Business Server 2015 and Exchange. The required IM certificate thumbprint refers to the Exchange Server certificate assigned to the IIS service.

                REF URL: https://docs.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/configure-im-integration-with-owa?view=exchserver-2019#what-do-you-need-to-know-before-you-begin

                image

                Step by Step Deployment

                To do things the way that should get this to work, I will detail steps one by one so we can be sure to get the positive results we are all waiting for when dealing with Exchange and Skype for Business.

                Exchange IM URL 1: mail.domain.com

                Skype for Business Pool FQDN: SBG-Pool01.domain.com

                Autodiscover URL : Autodiscover.Domain.com

                Prerequisites

                1. For Default and Web Service Internal, Your Skype for Business Frontend Server/Pool must use a certificate that is generated from an internal CA which you can use later to generate Exchange’s IM Certificate.
                2. UCMA must be installed (Doesn’t matter if version 4 or 5) both are supposed to work with Exchange 2016.
                3. Local Certification Authority must already be deployed in the domain.

                Configuration Steps – Part 1

                1. On SfB: Set CsAuthConfiguration Autodiscover URL for Skype server to find Exchange Autodiscover
                2. On SfB: Get-CsSite to see what is the current site ID.
                3. On Exchange: Check AutodiscoverServiceInternalURI
                4. On SfB: Create new Partner
                5. On SfB: Create new Trusted Application Pool
                6. On SfB: Create new Trusted Application ID

                Configuration Steps – Part 2

                7. On Exchange: Enable OWA VD Instant Messaging
                8. On Exchange: Enable Messaging on OWA Policy
                9. On Exchange: Create Enterprise Application for Skype Pool.
                10. On Exchange: Create new SettingOverride for Skype for Business.
                11- Generate a new Certificate for Exchange IM
                12. Assign the newly imported certificate to IIS Exchange Back End site
                13. On Exchange: Restart the WebAppPool
                14. Log out and sign back in to OWA to Check
                15. Troubleshooting methods

                Prerequisites

                1- Update or Create Server Default and Web Service Internal Certificate for SfB Pool servers

                The certificate installed on the Skype for Business Pool Frontend servers must be generated from a local Certification Authority which can be trusted by Exchange Server services.

                The Certificate generated for Skype for Business pool as in the below screenshot is generated from my CA and includes the names of the servers:

                • Skype for Business Pool
                • Skype for Business Frontend FQDNs
                • Exchange Servers
                • Autodiscover FQDN
                • Lyncdiscover.domains.com
                • Lyncdiscoverinternal.domains.com
                • sip.domains.com
                • meet.domains.com
                • dialin.domain.com
                • External.domain.com

                image

                image

                2- UCMA must be installed

                On both Exchange and Skype for Business servers I already have UCMA 4.0 version installed, but if you don’t have it or have an older version then you can’t continue without it.

                image

                3- Make sure you have a Local Certification Authority deployed in your domain.

                Configuration Steps – Part 1

                1- On SfB: Set CsAuthConfiguration Autodiscover URL for Skype server to find Exchange Autodiscover

                For Skype for Business Server to find Exchange Autodiscover Service point and to be able to authenticate servers we’ll be using the below cmdlet

                This enables both servers to authenticate and share information when needed and without user’s interference.

                Set-CsOauthConfiguration -ExchangeAutodiscoverUrl https://autodiscover.domain.com/autodiscover/autodiscover.svc

                image

                image

                Ref:

                https://docs.microsoft.com/en-us/powershell/module/skype/set-csoauthconfiguration?view=skype-ps

                2- On SfB: Get-CsSite to see what is the current site ID.

                Getting a site ID will be useful for later use to setup the Trusted Application Pool.

                On Skype for Business Management shell. Type the following

                Get-CsSite

                So the Site ID is 1. I will keep this for later use

                image

                3- On Exchange: Check AutodiscoverServiceInternalURI

                Specify the AutodiscoverServiceInternalURI for internal Autodiscover service. Make sure it points to your public URL and certificate not the internal one otherwise your users will get a certificate error through Outlook and might cause IM chat not to work.

                The Cmdlet would be

                Get-ClientAccessService | Set-ClientAccessService –AutoDiscoverServiceInternalUri https://autodiscover.domain.com/autodiscover/autodiscover.xml

                image

                4- On SfB: Create new Partner Application

                On Skype for Business Server, Launch Management Shell and use this cmdlet to add Exchange as a trusted Application to the SfB topology.

                New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl “https://autodiscover.domain.com/autodiscover/metadata/json/1

                image

                5- On SfB: Create new Trusted Application Pool

                New-CsTrustedApplicationPool -Identity mail.domain.com -Registrar sbg-pool01.domain.com -Site 1 -RequiresReplication $false

                image

                6- On SfB: Create new Trusted Application ID

                From SfB Management Shell run the following cmdlet .

                New-CsTrustedApplication -ApplicationId OutlookWebAccess -TrustedApplicationPoolFqdn mail.domain.com -Port 5199

                image

                Finally

                clip_image001[4]

                Exchange 2010, Exchange 2013, Exchange 2016, Exchange 2019, Security

                Microsoft Exchange Vulnerability affects all Exchange versions

                Leave a comment

                image

                CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

                Security Vulnerability

                Date of Publishing: February/11/2020

                Microsoft has announced a vulnerability has been found in all Exchange Server 2010 through 2019 versions, The vulnerability allows an attack to send a specially crafted request to the affected server in order to exploit it.

                When could this happen?

                A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time.

                Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.

                The security update addresses the vulnerability by correcting how Microsoft Exchange creates the keys during install.

                Affected Versions:

                • Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30
                • Microsoft Exchange Server 2013 Cumulative Update 23   
                • Microsoft Exchange Server 2016 Cumulative Update 14   
                • Microsoft Exchange Server 2016 Cumulative Update 15   
                • Microsoft Exchange Server 2019 Cumulative Update 3   
                • Microsoft Exchange Server 2019 Cumulative Update 4

                image

                Solution:

                Until now Microsoft has not provided any solution or work around to cover this vulnerability.

                Mitigations

                Microsoft has not identified any mitigating factors for this vulnerability.

                Workarounds

                Microsoft has not identified any workarounds for this vulnerability.

                NOTE:

                Keep an eye on the below link for any change

                https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688

                Exchange 2016, Exchange 2019

                Move Request on Exchange 2019 (During failover) will warn you that it postponed due the move of DB

                Leave a comment

                The Issue:

                So while working on a new Exchange Migration project, I have encountered a weird issue where I could see users migration batch status complaining about being stalled due to (Big Funnel).

                The error is showing as in the below screenshot and it doesn’t occur instantly after you start the migration of the user but right after it starts.

                StalledDueToTarget_BigFunnel 68.47 MB (71,795,512 bytes) 20

                User StalledDueToTarget_BigFunnel 37.2 MB (39,003,538 bytes) 20

                User2 StalledDueToTarget_BigFunnel 14.71 MB (15,421,154 bytes) 20

                User3 StalledDueToTarget_BigFunnel 44.2 MB (46,345,009 bytes) 20

                User4 StalledDueToTarget_BigFunnel 4.647 MB (4,872,404 bytes) 20

                User5 StalledDueToTarget_BigFunnel 14.47 MB (15,169,768 bytes) 20

                User6  StalledDueToTarget_BigFunnel 171 MB (179,280,335 bytes) 20

                User7 StalledDueToTarget_BigFunnel 753.4 MB (789,980,880 bytes) 20

                User8 StalledDueToTarget_BigFunnel 18.35 MB (19,236,680 bytes) 20

                User9 StalledDueToTarget_BigFunnel 205.9 MB (215,951,208 bytes) 20

                User10 StalledDueToTarget_BigFunnel 166.2 MB (174,243,238 bytes) 20

                User11 StalledDueToTarget_BigFunnel 13.81 MB (14,481,739 bytes) 20

                User12 StalledDueToTarget_BigFunnel

                image

                Error Message

                Request ‘domain.com/CompanyUSER/Region1/User1’ (b5dbf3ff-21a1-4ec1-a29c-15b794a17386) failed.

                Error code: -2146233088

                Connection to the Content Transformation Service has failed.

                Context:

                ——–

                Operation: IMapiFxProxy.ProcessRequest

                OpCode: TransferBuffer

                DataLength: 31680

                ——–

                Operation: IMapiFxProxy.ProcessRequest

                Operation: IMapiFxProxy.ProcessRequest

                OperationSide: Target

                b5dbf3ff-21a1-4ec1-a29c-15b794a17386 (Primary)

                OpCode: TransferBuffer

                DataLength: 31680

                ——–

                Operation: IMailbox.ExportMessages

                Operation: IMailbox.ExportMessages

                OperationSide: Source

                b5dbf3ff-21a1-4ec1-a29c-15b794a17386 (Primary)

                Flags: SkipItemValidation

                PropTags: (null)

                ——–

                >>>> Scheduled WorkItems: EnumerateFolderMessages(P:29792,R:0,S:0,C:14); EnumerateFolderMessages(P:29807,R:0,S:0,C:24,Cnt=3); WriteFolderMessages(P:0,R:0,S:0,C:686); EnumerateFolderMessages(P:30554,R:0,S:2,C:55); EnumerateFolderMessages(P:30612,R:0,S:0,C:36,Cnt=2); WriteFolderMessages(P:3,R:0,S:0,C:301); EnumerateFolderMessages(P:30975,R:0,S:1,C:21); WriteFolderMessages(P:2,R:0,S:0,C:97); EnumerateFolderMessages(P:31094,R:0,S:0,C:18,Cnt=6); EnumerateFolderMessages(P:31279,R:0,S:0,C:19)

                ————–

                The Microsoft Exchange Mailbox Replication service was unable to save changes to request.

                Request: ‘9a444721-80e2-4cf8-8c81-8a3afe3dc775’ (bbc2c66e-857e-4ba6-8462-9d66da73d400)

                Database: DB01

                Error:

                The request has been temporarily postponed because a database has failed over. The Microsoft Exchange Mailbox Replication service will attempt to continue processing the request when capacity becomes available on the new server hosting the database.

                image

                Looking at the event ID number 1114 it mentions there seems to be an issue with the request seems there might be an issue with the mailbox being moved.

                To dig deeper I am going to search some of the users reporting the same error by using their GUID

                image

                The property “DisplayName” with value “User LastName” is invalid. The value can’t contain leading or trailing whitespace.

                To resolve the problem, I am going to get the user’s mailbox and remove the trailing space in the end of the display name. You can safely use the below Powershell script to solve this problem however, if you don’t trust yourself or you’re not familiar much with Powershell, You can try it on a lab or a single test user for instance.

                Solution: (For a single user)

                Get-Mailbox -Identity USER | Foreach { Set-Mailbox -Identity $_.Identity -DisplayName $_.DisplayName.Trim() }

                image

                Solution: (For all users)

                Get-Mailbox | Foreach { Set-Mailbox -Identity $_.Identity -DisplayName $_.DisplayName.Trim() }

                clip_image001

                Some relevant errors you might encounter as you’re moving users to Exchange 2019

                Error code: -2146233088

                Connection to the Content Transformation Service has failed.

                Context:

                ——–

                Operation: IMapiFxProxy.ProcessRequest

                OpCode: TransferBuffer

                DataLength: 31680

                ——–

                Operation: IMapiFxProxy.ProcessRequest

                Operation: IMapiFxProxy.ProcessRequest

                OperationSide: Target

                eecb073e-e694-4bbc-8652-54dc05a351ea (Primary)

                OpCode: TransferBuffer

                DataLength: 31680

                ——–

                Operation: IMailbox.ExportMessages

                Operation: IMailbox.ExportMessages

                OperationSide: Source

                eecb073e-e694-4bbc-8652-54dc05a351ea (Primary)

                Flags: SkipItemValidation

                PropTags: (null)

                ——–

                >>>> Scheduled WorkItems: EnumerateFolderMessages(P:14014,R:0,S:0,C:13); EnumerateFolderMessages(P:14029,R:0,S:0,C:15,Cnt=2); WriteFolderMessages(P:1,R:0,S:0,C:132); EnumerateFolderMessages(P:14192,R:0,S:0,C:17); WriteFolderMessages(P:1,R:0,S:0,C:48); EnumerateFolderMessages(P:14259,R:0,S:0,C:12,Cnt=4); EnumerateFolderMessages(P:14320,R:0,S:1,C:15); EnumerateFolderMessages(P:14337,R:0,S:0,C:20); WriteFolderMessages(P:2,R:0,S:0,C:126); EnumerateFolderMessages(P:14485,R:0,S:0,C:30)

                Exchange 2013, Exchange 2016, Exchange 2019, Microsoft, Security

                Microsoft Exchange 2013–2016-2019 Security Vulnerability (URGENT)

                Leave a comment

                CVE-2019-0586 | Microsoft Exchange Memory Corruption Vulnerability

                image

                Yesterday Microsoft has published an KB article about a security threat to Exchange 2013-2016 and 2019.

                The article mentions CU10-CU11 for Exchange 2016, CU21 for Exchange 2013 and RTM version of Exchange 2019 as well.

                I spoke to Microsoft of whether this issue affects earlier CU versions for Exchange and they confirmed it

                 

                image

                Vulnerability details:

                A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

                Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

                The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.

                 

                Download link:

                https://support.microsoft.com/en-us/help/4471389/description-of-the-security-update-for-microsoft-exchange-server-2019

                 

                Email, Exchange 2019, Exchange Migration, Microsoft

                Install Exchange 2019 Core using PowerShell

                Leave a comment

                You probably already know that Exchange 2019 RTM has been released and even CU1 is about to come too.

                But what’s interesting about 2019 is that it has a lot of new features, some that lot of people wanted to have in legacy versions especially for security, performance, resiliency and scalability.

                image

                As per Microsoft Security has been improved to suit the needs of corporations removing all vulnerable ciphers and follow best practices.

                Security: Exchange Server 2019 requires Windows Server 2019. In fact, we recommend installing Exchange Server 2019 onto Windows Server 2019 Server Core. Exchange Server 2019 installed on Windows Server 2019 Core provides the most secure platform for Exchange. You also have the option of installing Exchange 2019 onto Windows Server 2019 with Desktop Experience, but we have worked hard to make sure running Exchange on Server Core is the best choice for our code.

                We’re aware all media for Windows Server 2019 and Windows Server, version 1809 has been temporarily removed and Microsoft will provide an update when refreshed media is available. Exchange Server 2019 will be fully compatible with version 1809, and the refreshed version.

                We also built Exchange Server 2019 to only use TLS 1.2 out of the box, and to remove legacy ciphers and hashing algorithms. To understand how this affects coexistence with earlier versions, please reference our previous series of postson TLS.

                Regarding Performance, Microsoft has released the following statement:

                Performance: We’ve done significant work to allow Exchange Server to take advantage of larger core and memory packed systems available in market today. With our improvements, Exchange Server can use up to 48 processor cores and 256GB of RAM.

                We’ve re-engineered search using Bing technology to make it even faster and provide better results, and in doing so have made database failovers much faster, and administration easier.

                We’re adding dual storage read/write capabilities to Exchange Server 2019 using Solid State Drive (SSD) technology to provide a super-fast cache of key data for improving end user experience. We also talked about this in our Email Search in a Flash! Accelerating Exchange 2019 with SSDs session at Ignite.

                We also changed the way database caching works to allocate more memory to active database copies, again improving the end user experience. You can learn more about Dynamic Database Cache from Welcome to Exchange Server 2019!video and slides.

                The improvements we have made to Exchange Server 2019 will enable you to scale to a larger number of users per server than ever before, use much larger disks, and see the latency of many client operations being cut in half.

                Installation:

                Installing Exchange 2019 on Core is something that’s been recently supported, along with other features like in-place upgrade from Exchange 2016 to Exchange 2019.

                In this guide we’ll go through the process of installing Exchange 2019 using PowerShell starting from naming the server, joining it to the domain and installing prerequisites of Exchange 2019.

                Configuring Static IP address:

                In order to give a static IP address to the machine from Windows Core we’ll be using the following script:

                Assuming you have subnet 192.168.18.0 with mask /24 and gateway 192.168.18.1. we will use the below script to provide the machine with an IP.

                $wmi = Get-WmiObject win32_networkadapterconfiguration -filter “ipenabled = ‘true'”

                $wmi.EnableStatic(“192.168.18.69”, “255.255.255.0”)

                $wmi.SetGateways(“192.168.18.1”, 1)

                $wmi.SetDNSServerSearchOrder(“192.168.18.150”)

                 

                clip_image001

                Join Domain

                Exchange must be part of the domain which you’re using in your lab / Production environment. next we’ll be joining this machine to our domain using the following script:

                First we’ll change the hostname, restart and then join the domain

                clip_image001[4]

                Change Computer name:

                Rename-Computer -NewName “Exch2019” -DomainCredential WIN-EPM2CRB5MN9\administrator –Restart

                clip_image001[6]

                Join the domain

                add-computer –domainname cloud-tech.net -Credential cloud-tech\administrator -restart –force

                clip_image001[9]

                After restarting

                clip_image001[11]

                Configuring Drives:

                Since I am doing a lab test only, I will use the default C drive to install Exchange, but if you’d want to configure a second Drive please let me know and I will add that part as well.

                clip_image001[13]

                Diskpart

                List volume

                clip_image002

                clip_image003

                 

                Installing Prerequisites – Exchange 2019 on Windows 2019 Core

                Prerequisites

                ​EX2019 will require 2012R2 AD FFL​

                Check out your windows Version first for compatibility

                [System.Environment]::OSVersion.Version

                clip_image001[15]

                clip_image002[4]

                 

                 

                 

                 

                 

                GUI Version of Windows 2019

                Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

                 

                 

                Windows 2019 Core

                Install-WindowsFeature RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Metabase, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, RSAT-ADDS, Server-Media-Foundation

                clip_image003[4]

                clip_image004

                After installing prerequisites, Installing UCMA

                For UCMA on Windows Core you need to get a certain UCMA customized in order to work with Windows 2019 core.

                http://tapfiles.azureedge.net/private/UCMA.zip?sv=2014-02-14&ss=2018-03-14T21%3A59%3A22Z&se=2019-01-01T22%3A58%3A56Z&sp=r&sr=b&sig=tgpQ84Wp3j%2FZmEOgPcdjcXgULLXMRX%2BDmCjoSbKOZbM%3D

                After Extracting and copying the file to the C root drive

                The setup file is called Ironmansetup.exe

                clip_image005

                clip_image006

                clip_image007

                clip_image008

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                After the Installation of UCMA, there will be another requirement,

                Visual C++ Redistributable Packages for Visual Studio 2013

                https://www.microsoft.com/en-us/download/details.aspx?id=40784

                clip_image009

                clip_image010

                .\setup.exe /InstallWindowsComponents /CustomerFeedbackEnabled:False /LogFolderPath:C:\Logs\db4 /DbFilePath:C:\Mailbox\Database01\Database01.edb /MdbName:Database01 /DisableAMFiltering /IAcceptExchangeServerLicenseTerms /roles:mb,mt

                 

                clip_image011

                 

                clip_image015

                clip_image016

                clip_image017

                clip_image018

                clip_image019

                 

                 

                Setting URLS

                clip_image001[17]

                I will be upgrading this with the latest Windows 2019 releases since this installation was done with Microsoft Windows 2019 Preview edition

                For any consultation requirements please contact me admin@moh10ly.website or info@moh10ly.com

                Thank you