Installation Guide Template - Hub Transport Server
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
This topic provides you with an installation guide template that you can use as a starting point for formally documenting your organization's server build procedures for Microsoft Exchange Server 2010 servers that will have the Hub Transport server role installed.
The template includes the following key sections:
Executive Summary
Server Configuration
Verification Steps
Exchange Server Role Installation
Exchange Server Role Configuration
For purposes of providing an example, the template uses the fictitious company name of Contoso. Also, you can download this template, along with templates for other server roles, as a download package in .zip file format at Microsoft Exchange Server 2010 Install Guide Templates (https://go.microsoft.com/fwlink/?LinkID=187961).
Executive Summary
The purpose of this document is to explain the installation and configurations necessary to install the Exchange 2010 Hub Transport server role on the Windows Server 2008 platform.
Business Justification
By having an installation guide, Contoso will be able to ensure standardization across the enterprise, reducing total cost of ownership (TCO), and easing troubleshooting steps.
Scope
The scope of this document is limited to installation of an Exchange 2010 Hub Transport server for Contoso on the x64 version of the Windows Server 2008 (SP2 or R2) operating system.
Prerequisites
The administrator should have working knowledge of Windows Server 2008 concepts, Exchange 2010 concepts, the Exchange Management Console and Exchange Management Shell, the command line, and various system utilities. This document does not elaborate on the details of any system utility except as necessary to complete the tasks within.
In addition, before implementing the server role, the administrator should review the Understanding Transport topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=187524).
Assumptions
This document assumes that Windows Server 2008 x64 Edition is installed on the intended Client Access server per company baseline regulations which include the latest approved service pack and hotfixes. In addition, the following system prerequisites have been installed:
Microsoft .NET Framework 3.5 SP1 and the update for .NET Framework 3.5 SP1 For more information, see Microsoft Knowledge Base article 959209, An update for the .NET Framework 3.5 Service Pack 1 is available (https://go.microsoft.com/fwlink/?linkid=3052\&kbid=959209).
Windows Management Framework (Windows Remote Management 2.0 and Windows PowerShell 2.0).
This document assumes that forest and domain preparation steps have been performed as described in the Prepare Active Directory and Domains topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=187262).
This document assumes that the account you will be using for the Exchange tasks has been delegated the Server Management management role, as described in the Server Management topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=187265).
This document also assumes that both Exchange 2010 Windows Server 2008 and Windows Server 2008 will be secured following the best practices found in the Windows Server 2008 Security Guide (https://go.microsoft.com/fwlink/?LinkId=122593).
Important
The procedures within this document should be followed sequentially. If changes are made out of sequence, unexpected results may occur.
Server Configuration
The following media are required for this section.
- Windows Server 2008 installation files
The following procedures are in this section:
Additional Software Verification
Network Interfaces Configuration
Drive Configuration
Windows Server 2008 Hotfix Installation
Domain Membership Configuration
Local Administrators Verification
Local Administrator Account Password Reset
Debugging Tools Installation
Page File Modifications
Drive Permissions
Additional Software Verification
Verify that Remote Desktop is enabled.
As an optional process, install Microsoft Network Monitor (https://go.microsoft.com/fwlink/?LinkId=86611).
Network Interfaces Configuration
Log on to the server with an account that has been delegated at least local administrative access.
Click Start > Control Panel, and then double-click Network and Sharing Center.
Click Manage Network Connections.
Locate the connection for the internal network and rename it according to your organization's naming standards.
Right-click the connection and then select Properties.
For Internet Protocol Version 4 (TCP/IPv4), add the following:
Static IP Address, Subnet Mask, and Gateway
DNS Server IP Addresses
Select the check box to Append parent suffixes of the primary DNS suffix.
WINS IP Addresses (if using WINS)
If you are using Internet Protocol Version 6 (TCP/IPv6), configure the IPv6 settings according to your organization's network standards.
Drive Configuration
Connect to the server through Remote Desktop and then log on with an account that has been delegated local administrative access.
Click Start > Administrative Tools, and then select Computer Management.
Expand Storage and then click Disk Management.
Open the Disk Management Microsoft Management Console (MMC) and then format, rename, and assign the appropriate Drive Letters so that the volumes and DVD drive match the appropriate server configuration.
Drive configuration
LUN Drive letter Usage 1
C
Operating system and Exchange binaries
2
D
Mail.que database
3
E
Exchange transaction logs, tracking logs
4
Z
DVD drive
Windows Server 2008 Hotfix Installation
Connect to the server via Remote Desktop and log on with an account that has local administrative access.
Obtain the latest hotfixes approved by your company for your version of Windows Server 2008 x64 (SP2 or R2) and copy them to the server.
Launch the hotfix setup via one of two ways:
Double-click the file and follow the GUI instructions.
Perform a silent installation using the following command from an administrative command prompt:
<hotfix>.msu /quiet /norestart
Click Yes for any Digital Signature not Found dialog boxes that may appear.
Note
These dialog boxes will not appear in environments that have not deployed the Windows Security templates.
Wait for all file copies to complete, and then restart the server. You can use the Processes tab in Windows Task Manager to monitor the hotfix installation progress. When the wusa.exe process has exited, the hotfix installation is complete.
Domain Membership Configuration
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Click Start, right-click My Computer, and then select Properties.
Under the Computer Name, domain, and workgroup settings, click Change Settings.
Click Change.
Choose the Domain option button, and then enter the appropriate domain name.
Enter the appropriate credentials.
Click OK and OK.
Click OK to close System Properties.
Restart the server.
Local Administrators Verification
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Verify (or add if not already there) that the Domain Admins account and the user account that will perform the Exchange installation are members of the local Administrators group on this server.
Verify that your user account is a member of a group which is a member of the local Administrators group on the Windows Server 2008 server. If it is not, use an account that is a member of the local Administrators group before continuing.
Local Administrator Account Password Reset
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Click Start, right-click Computer, and then select Manage.
Expand the nodes to find Configuration\Local Users and Groups\Users.
Right-click Administrator, and then select Set Password. Change the password so that it meets strong complexity requirements.
Debugging Tools Installation
This section describes several useful tools that aid administrators in Exchange administration and in troubleshooting support issues.
Debugging Tools for Windows allow administrators to debug processes that are affecting service and determine root cause.
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Download and install the latest 64-bit Debugging Tools from Install Debugging Tools for Windows 64-bit Version (https://go.microsoft.com/fwlink/?LinkID=123594).
Page File Modifications
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Click Start, right-click Computer, and then select Properties.
Select the Advanced System Settings.
Under Startup and Recovery, click Settings.
Under Write Debugging Information, select Kernel Memory Dump from the memory dump drop-down list.
Click OK.
Under Performance, click Settings.
Click the Advanced tab.
Under Virtual Memory, click Change.
On servers that have a dedicated page file drive, follow these steps:
In the Drive list, click C:, and then click Custom size.
For the C: drive, set the Initial Size (MB) value to a minimum of 200 MB. (Windows requires between 150 MB and 2 GB page file space, depending on server load and the amount of physical RAM that is available for page file space on the boot volume when Windows is configured for a kernel memory dump. Therefore, you may be required to increase the size.)
For the C: drive, set the Maximum Size (MB) value to that of the Initial Size.
In the Drive list, select the page file drive (for example, the P: drive), and then click Custom size.
In the Initial Size (MB) box, type the result of one of the following calculations:
If the server has less than 8 GB of RAM, multiply the amount of RAM times 1.5.
If the server has 8 GB of RAM or more, add the amount of RAM plus 10 MB.
In the Maximum Size (MB) box, type the same amount that you typed in the Initial Size box.
Delete all other page files.
Click OK.
On servers that do not have a dedicated page file drive, follow these steps:
In the Drive list, click C:, and then click Custom size.
For the C: drive, in the Initial Size (MB) box, type the result of one of the following calculations:
If the server has less than 8 GB of RAM, multiply the amount of RAM times 1.5.
If the server has 8 GB of RAM or more, add the amount of RAM plus 10 MB.
Delete all other page files.
Click OK.
Click OK two times to close the System Properties dialog box.
Click No if prompted to restart the system.
Note
For more information about page file recommendations, see the following Microsoft Knowledge Base articles: How to determine the appropriate page file size for 64-bit versions of Windows Server 2003 or Windows XP (https://go.microsoft.com/fwlink/?linkid=3052&kbid=889654); and Overview of memory dump file options for Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000 (https://go.microsoft.com/fwlink/?linkid=3052&kbid=254649).
Drive Permissions
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Click Start, and then select Computer.
Right-click D Drive, and then select Properties.
Click the Security tab.
Click Edit.
Click Add, and then select the local server from Locations.
Grant the following permissions as outlined in the following table.
Drive permissions
Account Permissions Administrators
Full Control
SYSTEM
Full Control
Authenticated Users
Read and Execute, List, Read
CREATOR OWNER
Full Control
Click the Advanced button.
Select the CREATOR OWNER permission entry, and then click View/Edit.
Select Subfolders and Files Only from the drop-down list.
Click OK two times.
Click OK to close the drive properties.
Repeat steps 3-12 for each additional drive (other than the C drive).
Verification Steps
The following procedures are in this section:
Organizational Unit Verification
Active Directory Site Verification
Domain Controller Diagnostics Verification
Exchange Best Practices Analyzer Verification
Important
The procedures within this document should be followed sequentially. If changes are made out of sequence, unexpected results may occur.
Organizational Unit Verification
Submit a change request to the appropriate operations group and have the computer object moved to the appropriate organizational unit (OU).
Active Directory Site Verification
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Open a Command Prompt window.
Verify that the server is in the correct domain and Active Directory site. At the command line, type the following:
NLTEST /server:%COMPUTERNAME% /dsgetsite
The name of the Active Directory site to which the server belongs will be displayed. If the server is not in the correct Active Directory site, submit a change request to the appropriate operations group and have the server moved to the appropriate Active Directory site.
Domain Controller Diagnostics Verification
Connect to the server through Remote Desktop, and then log on with an account that has been delegated local administrative access.
Open a Command Prompt window, and then change paths to the C drive.
Run the following command:
dcdiag /s:<Domain Controller> /f:c:\dcdiag.log
Note
Change <domain Controller> to a domain controller contained within the same Active Directory site as the Exchange server.
Review the output of C:\dcdiag.log file, and verify that there are no connectivity issues with the local domain controller.
Repeat steps 3 and 4 for each domain controller in the local Active Directory site.
Note
Domain Controller Diagnostics (DCDiag) is a Windows support tool that tests network connectivity and DNS resolution for domain controllers. If the account being used does not have administrative privileges, several tests under the Doing primary tests heading may not pass. These tests can be ignored if the connectivity tests pass. In addition, the log file may report that some service validation tests did not pass. These messages can be ignored if the services do not exist on the domain controller.
Exchange Best Practices Analyzer Verification
The Microsoft Exchange Analyzers help administrators troubleshoot various operational support issues. Connect to a server in the environment that either has the Exchange 2010 SP1 (or later) Management tools installed through Remote Desktop and log on with an account that has local administrative access.
Click Start > All Programs > Microsoft Exchange Server 2010, and then select Exchange Management Console.
Open the Toolbox node.
Double-click Best Practices Analyzer.
Check and apply any updates for the Best Practices Analyzer engine.
Provide the appropriate information to connect to Active Directory and then click Connect to the Active Directory server.
In the Start a New Best Practices Scan, select Health Check, and then click Start Scanning.
Review the report, and take action on any errors or warnings that are reported by following the resolution articles that are provided within the Best Practices Analyzer.
Exchange Server Role Installation
The following media are required for this section.
- Microsoft Exchange Server 2010 installation files
The following procedures are in this section:
Exchange 2010 Prerequisites Installation for:
Windows Server 2008 SP2
-or-
Windows Server 2008 R2
Exchange 2010 Installation
Exchange 2010 Update Rollup Installation
Product Key Configuration
Exchange Search Configuration
System Performance Verification
Important
The procedures within this document should be followed sequentially. If changes are made out of sequence, unexpected results may occur.
Exchange 2010 Prerequisites Installation for Windows Server 2008 SP2
Connect to the server via Remote Desktop, and then log on with an account that has been delegated local administrative access.
Open an administrative command prompt window.
Install the Microsoft Filter Pack. For details, see 2007 Office System Converter: Microsoft Filter Pack (https://go.microsoft.com/fwlink/?linkid=137042).
Open an elevated command prompt, navigate to the Setup\ServerRoles\Common folder on the Exchange 2010 installation media and then use the following command to install the necessary operating system components:
ServerManagerCmd -ip Exchange-Hub.xml -Restart
Exchange 2010 Prerequisites Installation for Windows Server 2008 R2
Connect to the server via Remote Desktop, and then log on with an account that has been delegated local administrative access.
Install the Microsoft Filter Pack. For details, see 2007 Office System Converter: Microsoft Filter Pack (https://go.microsoft.com/fwlink/?linkid=137042).
On the Start Menu, navigate to All Programs > Accessories > Windows PowerShell. Open an elevated Windows PowerShell console, and run the following command:
Import-Module ServerManager
Use the Add-WindowsFeature cmdlet to install the necessary operating system components:
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart
Exchange 2010 Installation
This document uses the command-line method for installing the Exchange 2010 server roles; however, you can also use a GUI called the Setup Wizard. For more information about how to use the Setup Wizard to install an Exchange 2010 server role, see the Perform a Custom Exchange 2010 Installation topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=187220).
Connect to the server via Remote Desktop, and then log on with an account that has local administrative access and has been delegated the Delegated Setup management role (or higher) if the server has been pre-created.
Follow the procedure detailed in the Install Exchange 2010 in Unattended Mode topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=187229). For example, this command installs the Hub Transport server role and prevents the service from starting:
setup.com /r:HT /DoNotStartTransport
Do not restart the server, even if required.
Exchange 2010 Update Rollup Installation
Connect to the server through Remote Desktop, and then log on with an account that has local administrative access.
Obtain the latest company approved rollup, and then copy it to the server.
Launch the Windows Installer patch (the MSP file) setup via one of two ways:
Double-click the MSP file, and then follow the GUI instructions.
Perform a silent installation using the following command from an administrative command prompt:
msiexec /i <Path and filename of MSP file> /q
Click Yes for any Digital Signature not Found dialog boxes that may appear.
Note
These dialog boxes will appear only in environments that have deployed the Windows Security templates.
Product Key Configuration
Launch the Exchange Management Shell with an account that has been delegated the Server Management role.
Follow the procedure documented in the Enter Product Key topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=187234).
Exchange Search Configuration
Connect to the server via Remote Desktop, and then log on with an account that has been delegated local administrative access.
Follow the procedure documented in the Register Filter Pack IFilters with Exchange 2010 topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=187516).
Optional: If you want the ability to search PDF files, install the Adobe PDF iFilter (http://www.adobe.com/support/downloads/detail.jsp?ftpID=5542) and follow the Configuring PDF iFilter for MS Exchange Server 2007 (http://www.adobe.com/special/acrobat/configuring\_pdf\_ifilter\_for\_ms\_exchange\_server\_2007.pdf) documentation.
Note
The third-party Web site information in this topic is provided to help you find the technical information you need. The URLs are subject to change without notice.
System Performance Verification
By default, Exchange 2010 optimizes the server’s processor scheduling management for background services.
Connect to the server through Remote Desktop, and then log on with an account that has local administrative access.
Click Start, right-click Computer, and then select Properties.
Select the Advanced System Settings.
Under Performance, click Settings.
Click the Advanced tab.
Verify that Processor Scheduling is set to Background Services.
Click OK.
Exchange Server Role Configuration
The following procedures are in this section:
Default Receive Connector Configuration
Transport Server Configuration
Transaction Log Location
Transport Logs Location
Temporary Storage Path
Handoff Test
Default Receive Connector Configuration
By default, the default Receive connector will accept various authentication mechanisms and allow users as well as Exchange servers to connect. The following steps modify this behavior by restricting the type of authentication that can occur and ensuring only Exchange servers can connect and transmit messages to this Receive connector. Also, in addition to the default Receive connector, each Hub Transport server has a client Receive connector that listens on TCP 587.
For more information, see the Understanding Receive Connectors topic in the Exchange Server 2010 Library (https://go.microsoft.com/fwlink/?LinkId=183419).
Launch the Exchange Management Shell with an account that has been delegated the Server Management role.
Modify the default Receive connector’s permissions and authentication mechanisms using the following command:
Set-ReceiveConnector "<ServerName>\Default <ServerName>" -PermissionGroups "ExchangeServers, ExchangeLegacyServers" -AuthMechanism ExchangeServer
Transport Server Configuration
Launch the Exchange Management Shell with an account that has been delegated the Server Management role.
Modify various settings on the default Receive connector by running the following command:
Set-TransportServer <ServerName> -MessageTrackingLogMaxAge <MaxAge> -MessageTrackingLogMaxDirectorySize <LogDirSize> -MessageTrackingLogMaxFileSize <LogFileSize> -MessageTrackingLogSubjectLoggingEnabled <SubjectLogEnabled> -MaxPerDomainOutboundConnections <PerDomainOutboundConnections> -ReceiveProtocolLogMaxDirectorySize <ReceiveLogDirSize> -ReceiveProtocolLogMaxFileSize <ReceiveLogFileSize> -ReceiveProtocolLogMaxAge <ReceiveLogAge> -SendProtocolLogMaxDirectorySize <SendLogDirSize> -SendProtocolLogMaxFileSize <SendLogFileSize> -SendProtocolLogMaxAge <SendLogAge>
You can use the following table for information you need for the command.
Important
The values in the following table are example values only, not recommended values. Revise these values to reflect the actual values required for your organization.
Parameter values for Hub Transport server configuration
Parameter Default value Contoso value ActiveUserStatisticsLogMaxAge
30.00:00:00
30.00:00:00
ActiveUserStatisticsLogMaxDirectorySize
250 MB
250 MB
ActiveUserStatisticsLogMaxFileSize
10 MB
10 MB
ExternalDsnReportingAuthority
[None]
SMTP namespace
ExternalPostmasterAddress
[None]
postmaster@smtpnamespace
MaxPerDomainOutboundConnections
20
50
MessageTrackingLogEnabled
True
True
MessageTrackingLogMaxAge
30.00:00:00
10.00:00:00
MessageTrackingLogMaxDirectorySize
1000 MB
150 GB
MessageTrackingLogMaxFileSize
10 MB
10 MB
MessageTrackingLogSubject LoggingEnabled
True
True
ReceiveProtocolLogMaxAge
30.00:00:00
10.00:00:00
ReceiveProtocolLogMaxDirectorySize
250 MB
15 GB
ReceiveProtocolLogMaxFileSize
10 MB
10 MB
SendProtocolLogMaxAge
30.00:00:00
10.00:00:00
SendProtocolLogMaxDirectorySize
250 MB
15 GB
SendProtocolLogMaxFileSize
10 MB
10 MB
ServerStatisticsLogMaxAge
30.00:00:00
30.00:00:00
ServerStatisticsLogMaxFileSize
250 MB
250 MB
ServerStatisticsLogPath
10 MB
10 MB
Transaction Log Location
Connect to an Exchange 2010 server via Remote Desktop, and then log on with an account that has local administrative access and that has been delegated the Server Management role (or higher).
Verify that the MSExchangeTransport service is stopped. If it is not stopped, stop the service.
Create the folder E:\Exchange\QueueLogs.
Move the TRNxxxx.LOG and *.JRS files from <Exchange Install Path>\TransportRoles\Data\Queue to E:\Exchange\QueueLogs.
Navigate to <Exchange Install Path>\bin.
Open the EdgeTransport.exe.config file in Notepad and edit the following entry:
<add key="QueueDatabaseLoggingPath" value="E:\Exchange\QueueLogs" />
Save the file.
Transport Logs Location
Connect to an Exchange 2010 server via Remote Desktop, and then log on with an account that has been delegated local administrative access.
Verify that the MSExchangeTransport service is stopped. If it is not stopped, stop the service.
Create the E:\Exchange\Logs folder.
Move the folders that reside in <Exchange Install Path>\TransportRoles\Logs to the E:\Exchange\Logs folder.
Launch the Exchange Management Shell with an account that has been delegated the Server Management role and then run the following command:
Set-TransportServer <ServerName> -ConnectivityLogPath "E:\Exchange\Logs\Connectivity" -MessageTrackingLogPath "E:\Exchange\Logs\MessageTracking" -ReceiveProtocolLogPath "E:\Exchange\Logs\ProtocolLog\SmtpReceive" -SendProtocolLogPath "E:\Exchange\Logs\ProtocolLog\SmtpSend" -ActiveUserStatisticsLogPath "E:\Exchange\Logs\ActiveUserStats" -ServerStatisticsLogPath "E:\Exchange\Logs\ServerStats" -RoutingTableLogPath "E:\Exchange\Logs\Routing"
Open a command prompt and start the Transport service by running the following command:
net start MSExchangeTransport
Temporary Storage Path
Connect to an Exchange 2010 server via Remote Desktop, and then log on by using an account that has been delegated local administrative access and that has been delegated the Server Management role (or higher).
Verify that the MSExchangeTransport service is stopped. If it is not stopped, stop the service.
Move to the <Exchange Install Path>\bin directory.
Open the EdgeTransport.exe.config file in Notepad, and then change the TemporaryStoragePath entry to point to the mail.que drive. By default, this path is "C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\data\Temp."
<add key="TemporaryStoragePath" value="<path of mail queue>" />
Save the file.
Restart the server.
Handoff Test
Before you can complete the diagnostic tasks in this section, you must have already created test mailboxes in your environment by using the New-TestCasConnectivityUser.ps1 script.
Create Test Mailboxes
Connect to the Exchange 2010 Mailbox server through Remote Desktop and log on with an account that has local administrative access and was delegated the Server Management role.
Click Start > All Programs > Microsoft Exchange Server 2010, and then select Exchange Management Shell.
Change the directory path to <Exchange Server Install Path>\Scripts.
Type New-TestCasConnectivityUser.ps1 and press Enter.
Enter a temporary password and follow the prompts to create the test mailboxes.
Perform Handoff Test
If the server had not been restarted as a result of a previous section’s instructions, then restart the server.
Using a test mailbox, send sample messages to various mailboxes and verify that mail is successfully delivered.
Send sample messages from Internet mailboxes to various internal test mailboxes, and verify that the mail is successfully delivered.
Review the event logs and tracking logs and ensure that the Hub Transport server is operating correctly.
Consider using the Exchange Remote Connectivity Analyzer (https://www.testexchangeconnectivity.com/) to verify your configuration, as well.
© 2010 Microsoft Corporation. All rights reserved.