Exchange SBS2003

[Lord1e]

Hi guys,

I'm setting up exchange 2003 on SBS2003 for a friend of mine, and although i have administered Exchange for a year or so i've never been involved with an installation.

I've followed these simple instuctions, and have all but a few querys before switching over the DNS.

1. Make sure your router/firewall has a LAN IP address in the same subnet as your server so, it should be something like 192.168.1.1. If what you meant is that you have a FIREBOX SOHO router, then it doesn't have UPnP, so you need to manually configure the following ports to point to 192.168.1.20 internally:
25 - SMTP
443 - HTTPS (for RWW and OWA)
444 - SharePoint
1723 - PPTP VPN
3389 - RDP for remote administration
4125 - Remote Web Workplace
If you have some other kind of router that does have UPnP, it should be enabled during the setup and can be disabled after for security reasons. Having UPnP allows the SBS to automatically configure those ports.
Your router, I'm assuming is already making your connection to your ISP and is probably providing DHCP (although it's much better if you have the SBS do it... but leave that alone for now). So it doesn't matter that the CEICW only gives you the router option... that's what you have.

2. Enter your ISP's DNS servers as requested and the LAN IP of your router (if as I suggested above is right, then 192.168.1.1). And tick the box that you only have one NIC so that you can be prompted to understand the rest of what I'm putting down in this post. :-)

3. On the web services screen, I suggest that you check all but the Business Web Site (port 80).

4. Now, on the web server certificate you need to put your Public FQDN, OR your Public IP address if you don't have one registered. I'd suggest that you use a registered domain name because that way users can remember how to access the server remotely (ie, http://server.domain.com/remote for Remote Web Workplace). Wherever your DNS is hosted (usually your ISP or the registrar of your domain) is where your MX record is that points to your server. You can just find out what that is by doing an nslookup on your PUBLIC (external) IP address not the internal one as you've stated above. If it doesn't come back with anything, you don't have a PUBLIC FQDN so you'll have to use your IP address for now.

5. On the next screens, you'll select USE Internet Email, USE DNS, and USE Exchange - delivered directly.

6. On the Email Domain page, put in whatever is registered, ie, my-company.com. Remember this does NOT matter that it's even close to what your internal domain is. In my own system, I have a completely different domain name than my email domain.

7. I'd suggest that you check the box to block attachments, and then click finish. If you ever want to see the full settings of what you've done, just go to C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW and you'll find a record of each time you've run the CEICW in both html and vbs formats. (the vbs is in case you want to revert to those settings).

Here are my Q's.

step #4. Put your public FQDN or your IP. The FQDN or the server is server.domain.local, but i'll need to add the IP as i don't believe this a public FQDN. What would make it a public FQDN.

step #6 do i put my email address that i want exchnage to handle? i.e. @domain.co.uk

What do i add to the DNS records ? All i have is my external IP address, do i need a MX record, an A record ?

I understand these DNS records can have more then one.. so if my setup fails the emails will be picked up by the ISP's mail servers ? This is for a buisness so loss of mail is unacceptable.

Is using NAT direct to yout exchange the best way to configure your exchange server?

Thanks a million for any advice.
Chris

[RFH Reseller: Sol]

SBS is actually quite simple to setup if you understand a little bit about routing and networking.

The first step is to understand what exactly the router is doing. In typical ADSL installations the ISP's provide dynamic IP Addresses. This means that everytime the ADSL line is dropped and reconnected a new IP is assigned. This would cause problems for allowing in-bound access to the SBS Server since the user would need to know off the new IP Address. A solution to this is provided within most current ADSL modems which use a Dynamic DNS service such as dyndns.com

The Dynamic DNS service allows your router to change the IP Address assigned to a domain which can then be used for external access / public access.

You could however, be assigned a static IP address by the ADSL provider, and several UK companies now offer this as standard (others charge a small monthly fee, and the more consumer orientated ISP's don't offer it). With a static IP address you can specify a DNS record within any domain you control, allowing for a FQDN to be that of your actual domain name (ie. server.mydomain.com instead of mydomain.dyndns.com).

Now, we need to think about how the router is affecting the connection. We know that the external interface (normally called the WAN) will have a public IP address, but the internal (LAN) address could be private using NAT. This can cause confusion with SBS Server since it will also typically do NAT. However all you should be considered about is routing the public requests to the external (WAN) interface on the SBS server. Some modems allow for all traffic to be passed to a server (sometimes called a virtual server) and basically just forwards all inbound data not destined for a known host over to the internal IP you specify. If your router doesn't support specifying a virtual server then you would need to map each inbound port you wish to use over to connect to the SBS server.

This should take care of getting data in and out of your SBS server.

Now to answer the questions you had a bit more directly.

Step 4: The FQDN needs to be an Internet resolvable domain name, and my advice would be to use the same domain that will be the primary email domain. If you are using a static IP then just setup an A record for that (e.g. server.myemaildomain.com IN A XXX.XXX.XXX.XXX), if however you are using Dynamic DNS I would recommend setting up a CNAME (e.g. server.myemaildomain.com IN CNAME myemaildomain.dyndns.com.); this would allow you to switch Dynamic DNS providers or migrate to a static IP address in the future without needing to inform users. You should however, be aware that this needs be a resolvable domain name which is what is normally meant by a FQDN.

Step 6: This is basically asking what domain the Exchange server is going to use for email and given the previous answers I gave it should be myemaildomain.com However, in some cases you have several domains registered and hence may have one domain name to access the server publicly whilst using another domain name for email, which is why you can use different domains. I will presume you will be using the POP connector for email and hence the domain you put in here should be the same one for the mailbox you will be using the POP connector on.

A little bit of expansion on email since you mention this is for business needs:

I have presumed you will be using the POP connector since you mentioned business requirements. The reason for this is that it allows you ISP to provide the redundancy in case the server is offline for whatever reason. It does however inject a delay in the receipt of emails since the Exchange server will periodically connect to the ISP server to pull down all the emails. A better solution would be to have an MX record point directly to the SBS Server which would allow email to be received directly on the server. However, in this latter scenario you would ideally want your ISP to provide you with a secondary MX service, something which RFH currently do not offer. This secondary service allows emails to be sent to your ISP server should the SBS Server be unavailable and held there for a set period of time (typically 48 hours) where it will continue to try re-delivery.

To be honest, with email systems today the secondary server is not really necessary since most servers will hold email for about 48 hours before giving up, however it is still a recommend practice.

As a last configuration tip, you should also decide on whether or not a catchall account should be created if using the POP connector. A catchall will allow all email for a domain to be delivered to a single mailbox which the SBS Server will retrieve and then re-distribute according to the addresses setup on it. If you have a large number of accounts, or email addresses change frequently then this is the way you should go. However, if you will be creating a finite number of accounts that will rarely change then you may wish to set-up one account for each email address and have the POP connector connect to each one and retrieve the mail. To setup a catchall account with RFH you will need to open a support ticket providing the domain you wish to have the catchall created under as well as stating that you are using SBS Server with this (I'm pretty sure Warren will OK the addition as soon as he knows it will be used with SBS Server).

Hopefully I haven't confused you too much.

Sol.

[Lord1e]

Sol, I don't have the time at the moment to formulate a proper response to your informative post.

But rest assured, you are a legened and i am in your debt sir.

I'll drop you a reply tomorrow.