Expansion of the "small exchange organization" - Part 3

by

Part 3 of the expansion of the small Exchange organization deals with the installation and configuration of the second Exchange server.

Installation of a second Exchange Server

The installation of the second Exchange server can almost be copied from this article, the configuration of the VM and the installation is completely identical:

Setting up a small Exchange 2016 organization (part 2)

image

The only difference is the IP address and the server name. I have assigned the name EXCHANGE2 for the second Exchange server. In my case, the IP address is 172.16.100.16

Organization

Configuration of second Exchange Server

As you know, the configuration takes place after the installation. The virtual directories for the second Exchange Server are also configured in the same way as for the first Exchange Server. The URLs are identical:

Get-OwaVirtualDirectory -Server Exchange2 | Set-OwaVirtualDirectory -internalurl "https://outlook.frankysweb.org/owa" -externalurl "https://outlook.frankysweb.org/owa"
Get-EcpVirtualDirectory -server Exchange2 | Set-EcpVirtualDirectory -internalurl "https://outlook.frankysweb.org/ecp" -externalurl "https://outlook.frankysweb.org/ecp"
Get-WebServicesVirtualDirectory -server Exchange2 | Set-WebServicesVirtualDirectory -internalurl "https://outlook.frankysweb.org/EWS/Exchange.asmx" -externalurl "https://outlook.frankysweb.org/EWS/Exchange.asmx"
Get-ActiveSyncVirtualDirectory -Server Exchange2 | Set-ActiveSyncVirtualDirectory -internalurl "https://outlook.frankysweb.org/Microsoft-Server-ActiveSync" -externalurl "https://outlook.frankysweb.org/Microsoft-Server-ActiveSync"
Get-OabVirtualDirectory -Server Exchange2 | Set-OabVirtualDirectory -internalurl "https://outlook.frankysweb.org/OAB" -externalurl "https://outlook.frankysweb.org/OAB"
Get-MapiVirtualDirectory -Server Exchange2 | Set-MapiVirtualDirectory -externalurl "https://outlook.frankysweb.org/mapi" -internalurl "https://outlook.frankysweb.org/mapi"
Get-OutlookAnywhere -Server Exchange2 | Set-OutlookAnywhere -externalhostname outlook.frankysweb.org -internalhostname outlook.frankysweb.org -ExternalClientsRequireSsl:$true -InternalClientsRequireSsl:$true -ExternalClientAuthenticationMethod 'Negotiate'
Get-ClientAccessService Exchange2 | Set-ClientAccessService -AutoDiscoverServiceInternalUri "https://autodiscover.frankysweb.org/Autodiscover/Autodiscover.xml"

image

After the URLs have been configured, the certificate of the first Exchange server is exported and can be saved directly on Exchange2:

image

After the export, the certificate is imported to Exchange2:

image

image

Finally, assign the services to the certificate and restart the IIS (iisreset):

image

Exchange2 is now added to the send connector:

image

And renamed and moved the database:

Get-MailboxDatabase -Server Exchange2 | Set-MailboxDatabase -Name MailboxDB2
Move-DatabasePath MailboxDB2 -EdbFilePath "E:\MailboxDB2\MailboxDB2.edb" -LogFolderPath "E:\MailboxDB2"

image

The basic configuration of the second Exchange server is ready, on to the UTM.

UTM configuration

The UTM configuration must be adjusted so that Exchange2 can send mail:

image

This also applies to reception:

image

Note: The first Exchange server retrieves the mails of the "small Exchange organization" via the POP3 connector. It would therefore be advisable at this point to replace this construct and receive the mails directly with the UTM. However, this would require a static IP. The changeover from POP3 to MX entry will be covered in a separate article.

DNS configuration

Normally you would use a load balancer that distributes the load between the two Exchange servers and also recognizes when one of the Exchange servers fails and then only routes clients to the remaining server:

However, a load balancer also costs money or you can use open source software (in which case it costs time...). The economy variant (no money, no time, no recommendation, one of both should be available) is DNS-RoundRobin. Both Exchange servers are simply published in the DNS and the client should choose an Exchange server:

image

In this case, clients receive the IP addresses of both Exchange servers:

image

Round Robin must be activated (default) so that a little load distribution takes place:

image

The next article will deal with the configuration of the DAG and tests.

Conclusion

At this point, Exchange is not yet redundant. The DAG is missing for this, but it is slowly...

4 thoughts on “Erweiterung der „kleinen Exchange Organisation“ – Teil 3”

  1. Hallo Frank und der Rest hier,

    ich habe das ganze nachgebaut wie beschrieben.
    Gesamt 2 Server:
    1 Server laufen unter ESXI 2 VM´s 1x Windows server 2016 als DC+DNS und 1x Exchange
    2 Server genau gleich wie der erste.

    Hinter den Servern ist eine Fritzbox mit einer festen IP.
    UTM wird nicht verwendet.

    Sobald ich den 2 Exchange einbinde hat outlook keine Verbindung mehr. OWA/ECP ist auch nicht mehr erreichbar. Die 2 DC´s sind miteinander verknüpft und auch wenn ich einen DC Runterfahre ist der Mail versand und Empfang noch möglich.

    Was ich rausbekommen konnte, das liegt am DC Server. Spiele ich die Sicherung vor der Exchange zusammen führung ein, funktioniert der Email versand wieder.

    Kann es sein das ich an der Fritzbox noch was einstellen muss da ich kein UTM verwende bzw. woran kann das noch liegen?

    Zertifikat wird das selbe was auf Exchange 1 eingespielt ist exportiert und auf Exchange 2 importiert.
    Ich habe hier auch einen KEMP Loadbalancer aber soweit bin ich noch nicht gekommen. Davor brichts mir die Verbindung und nichts geht mehr.
    Danke euch für die Hilfe

    Reply

  3. Kannst du zufällig sagen ob man die DAG auch Standortunabhängig machen kann, dh. einen Exchange local, den 2ten in einem RZ wobei beide natürlich per IPSec verbunden sind, aber eben IPs aus verschiedenen Netzen haben?

    Reply

Leave a Comment