Configuring and Maintaining Exchange Server 2003 Virtual Servers
Configuring Exchange Virtual Server Settings
Exchange System Manager can be used to create new Exchange Server 2003 virtual servers. A Protocols container exists below each server object. Expand the nodes in the console tree of Exchange System Manager to view this. Each Internet protocol is signified by a different container. Any related virtual protocol servers are bundled together. To add a new virtual server, right click on the particular protocol container, select New, and then select the associated Virtual Server command. A unique IP address and name has to be provided for the new Exchange virtual server.
If you want to create any additional SMTP virtual servers, you can use the New SMTP Virtual Server Wizard.
You can use the Exchange System Manager to configure the following settings for SMTP virtual servers:
- Change the default setting of the TCP port.
- Change the default setting of the SSL port.
- Configure incoming connections and outgoing connections.
- Configure IP address restrictions.
- Configure domain name restrictions.
- Configure authentication settings for incoming connections and outgoing connections.
- Configure TLS encryption.
- Configure the message size limit.
- Configure a limit for the number of recipients.
- Configure a limit for the number of messages allowed for each connection.
- Configure filtering.
- Grant/deny submit permissions for users/groups.
- Change the SMTP queue location.
- Configure relaying.
- Configure message delivery based on retry intervals and message hop count.
- Configure the server as a smart host or configure the server to forward outgoing e-mail to a smart host.
- Enable reverse DNS lookup and define a reverse DNS list.
- Specify the location where copies of non-delivery report (NDR) messages should be stored.
To create an additional HTTP virtual server, you would need to provide the following information:
- IP address.
- TCP port.
- SSL port.
- Host name (these four elements make up the unique identity of the HTTP virtual server).
- Specify the virtual directory of the server.
You can use the Exchange System Manager to configure the following settings for HTTP virtual servers:
- Regulate access to the server through configuration of the following:
- Specify the connection limits.
- Configure the appropriate permissions.
- Specify script access.
- Specify executable access.
- Define the appropriate authentication methods.
- Configure the limit for the number of simultaneous connections to the virtual server.
- Specify how many seconds must pass before an unsuccessful connection attempt times out.
- Configure any additional virtual directories for publishing content that is not stored in the directory structure of the server.
If you want to create any additional IMAP4 virtual servers, you can use the New IMAP4 Virtual Server Wizard.
You can use the Exchange System Manager to configure the following settings for IMAP4 virtual servers:
- Control access to the server, based on:
- IP address.
- Subnet.
- Domain name.
- Configure authentication methods for accessing the server.
- Configure the limit for the number of simultaneous connections to the virtual server.
- Specify how many minutes must pass before an idle session is disconnected from the server.
- Configure message retrieval to enhance performance for clients.
- Disable complete public folder listings for clients that have a substantial number of folders. This too improves prformance for clients.
- Specify client support by specifying message formats.
If you want to create any additional NNTP virtual servers, you can use the New NNTP Virtual Server Wizard. To create an additional NNTP virtual server, you would need to provide the following information:
- IP address.
- TCP port.
- Specify the storage medium.
- Specify the virtual directory for storing of news content.
- Specify the location to internal files.
You can use the Exchange System Manager to configure the following settings for NNTP virtual servers:
- Control access to the server, based on:
- IP address.
- Subnet.
- Domain name.
- Configure authentication methods for accessing the server.
- Configure the limit for the number of simultaneous connections to the virtual server.
- Configure posting limits.
- Create a newsgroup.
- Create a newsgroup expiration policy.
- Configure a newsfeed using one of these configurations:
- Master/subordinate configuration.
- Peer configuration.
If you want to create any additional POP3 virtual servers, you can use the New POP3 Virtual Server Wizard.
You can use the Exchange System Manager to configure the following settings for POP3 virtual servers:
- Control access to the server, based on:
- IP address.
- Subnet.
- Domain name.
- Configure authentication methods for accessing the server.
- Configure the limit for the number of simultaneous connections to the virtual server.
- Specify how many minutes must pass before an idle session is disconnected from the server.
- Specify client support by specifying message formats.
Understanding Virtual Server Authentication Methods
With Exchange virtual servers, authentication methods control user access to the server by authenticating users. Encryption on the other hand deals with controlling who can access messages. Encryption ensures that only the recipient that the message is directed at can read the particular message. While encryption encrypts message data, authentication does not. If you want to secure message data between the client and the server, you should configure encryption for e-mail messages passed between the client and the server.
The following authentication methods are supported by Exchange Server 2003:
- Basic authentication: This authentication method provides a non-complicated level of security. To access a mailbox, a user has to provide the following information:
- User name.
- Domain name.
- Password.
Basic authentication is supported by the majority of client computers.
- Anonymous authentication: Anonymous authentication is typically used for Internet communication and is supported by all clients. If you want to provide limited access to specific public folders and directory data, then you should use Anonymous authentication.
- Integrated Windows authentication: Use Integrated Windows Authentication if you have Windows-based clients that do not utilize encryption. Integrated Windows Authentication provides both security and efficient communication because the password is transmitted in encrypted form. For clients running Windows 2000 Server and above, Kerberos is used.
You can also configure digest authentication on HTTP virtual servers. There are some IMAP4 clients and POP3 clients that use Simple Authentication and Security Layer (SASL) authentication. You can configure Auhentication and Security Layer (SASL) authentication on IMAP4 and POP3 virtual servers on back-end Exchange 2003 servers.
In the case where Integrated Windows Authentication cannot be used, Basic Authentication has to be enabled so that users can access the server. Because passwords are basically sent in clear text in the Basic Authentication method, it is recommended to encrypt/secure the communication channel between the Internet clients and server. This can be done by enabling security features based on Secure Sockets Layer (SSL) encryption.
SSL exists between the transport layer and application layer where the Internet access protocols reside. SSL encryption utilizes public key cryptography. The client and server have to initially be in agreement on the security level that would be utilized for the connection. The agreement is formed through a security handshake wherein the necessary information is automatically exchanged using a X.509 certificate.
This process forms part of the process of establishing a TCP/IP connection:
- The client obtains the X.509 certificate of the server. This certificate includes the public key of the server.
- The client then uses this key to encrypt the session key, and transfer it to the server.
- To decrypt this information, the server uses its private key.
- The server now has the session key.
- The client and server proceed to utilize the session key to encrypt communication.
The following virtual servers can use SSL encryption:
- HTTP virtual servers
- IMAP4 virtual servers
- NNTP virtual servers
- POP3 virtual servers
SMTP virtual servers use TLS encryption.
How to enable the IMAP4 service to start automatically on the Exchange server
- Open the Services console.
- Right-click Microsoft Exchange IMAP4 and select Properties from the shortcut menu.
- The Exchange IMAP4 Properties dialog box opens.
- In the Startup Type drop-down list box, select the Automatic option.
- Click the Apply button.
- Click the Start button.
- Click OK.
How to enable the NNTP service to start automatically on the Exchange server
- Open the Services console.
- Right-click Microsoft Exchange NNTP and select Properties from the shortcut menu.
- The Exchange NNTP Properties dialog box opens.
- In the Startup Type drop-down list box, select the Automatic option.
- Click the Apply button.
- Click the Start button.
- Click OK.
How to enable the POP3 service to start automatically on the Exchange server
- Open the Services console.
- Right-click Microsoft Exchange POP3 and select Properties from the shortcut menu.
- The Exchange POP3 Properties dialog box opens.
- In the Startup Type drop-down list box, select the Automatic option.
- Click the Apply button.
- Click the Start button.
- Click OK.
How to create mailbox-enabled users
Mailbox-enabled users have to be created for IMAP4 clients and POP3 clients.
- Open the Active Directory Users And Computers console.
- Expand the domain.
- Right-click the Users folder and select New and then select User from the shortcut menu.
- Provide the name of the user in the Full Name box.
- Provide the login name in the User Logon Name box. Click Next.
- Ensure that the User Must Change Password At Next Logon check box is clear.
- Select the User Cannot Change Password checkbox.
- Select the Password Never Expires checkbox. Click next.
- The Create An Exchange Mailbox checkbox should be enabled. Click Next.
- Click Finish.
How to create a HTTP vrtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the HTTP folder.
- Right-click HTTP and select New and then select HTTP Virtual Server from the shortcut menu.
- Provide a name for the new HTTP virtual server in the Name box on the General tab.
- In the IP address drop-down list box, specify the IP address.
- Click the Advanced button to specify a unique identity.
- Click Add.
- The Identification dialog box opens.
- In the Host Name box, specify the appropriate name and then click OK.
- Click OK to close the HTTP virtual server Advanced dialog box.
- On the General tab, click Apply.
- On the General tab, beneath Exchange Path, specify Public Folder if you want to provide access to the public folder.
- Click the Modify button.
- Choose a folder and click OK.
- On the General tab, beneath Exchange Path, specify Mailboxes For if you want to provide access to the SMTP mailbox domain.
- To choose a different SMTP domain, click Modify, choose the domain and click OK.
- Click OK.
How to configure the HTTP virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the HTTP folder.
- Right-click the HTTP virtual server and select Pause from the shortcut menu.
- Right-click the HTTP virtual server and now select Properties from the shortcut menu.
- The HTTP virtual server’s Properties dialog box opens.
- On the General tab, select the Limit Number Of Connections option and then specify the number of simultaneous connections allowed for the HTTP virtual server.
- To specify how many seconds must pass before an unsuccessful connection attempt times out, use the Time-Out (Secs) text box.
- Click the Access tab. This is where you configure read permissions, browse permissions and write permissions for the root directory on the virtual server.
- To configure these permissions, use the available checkboxes in the Access Control area of the Access tab.
- Select the Script Source Access checkbox in the Access Control area of the Access tab if you want users to be able to view the script code.
- If you do not want users to execute any scripts, in the Execute Permissions area of the of the Access tab, select the None checkbox.
- If you want users to execute only scripts, in the Execute Permissions area of the of the Access tab, select the Scripts checkbox.
- If you want users to execute scripts and executables, in the Execute Permissions area of the Access tab, select the Scripts And Executables checkbox.
- Click OK in the HTTP virtual server’s Properties dialog box.
- To restart the HTTP virtual server, right-click the HTTP virtual server and select Pause from the shortcut menu.
How to create an IMAP4 virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the IMAP4 folder.
- Right-click IMAP4 and select New and then select IMAP4 Virtual Server from the shortcut menu.
- The New IMAP4 Virtual Server Wizard initiates.
- Enter a name for the new IMAP4 virtual server. Click Next.
- In the IP Address For This Virtual Server drop-down list, specify the IP address.
- Click Finish to create the IMAP4 virtual server.
How to create a POP3 virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the POP3 folder.
- Right-click POP3 and select New and then select POP3 Virtual Server from the shortcut menu.
- The New POP3 Virtual Server Wizard initiates.
- Enter a name for the new POP3 virtual server. Click Next.
- In the Select The IP Address For This Virual Server drop-down list, specify the IP address.
- Click Finish to create the POP3 Virtual Server.
How to configure a POP3 virtual server/IMAP4 virtual server
(the processes for configuring these virtual servers are very similar)
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the POP3 folder.
- Right-click the POP3 virtual server and select Pause from the shortcut menu.
- Right-click the POP3 virtual server and now select Properties from the shortcut menu.
- The POP3 virtual server’s Properties dialog box opens.
- Click the Advanced button on the General tab.
- If you want to change the IP address, and TCP port and SSL port, click the Add button.
- Click the Limit Number Of Connections To option if you want to specify the number of simultaneous settings allowed to the POP3 virtual server. Specify the number of connections allowed.
- In the Connection Time-Out (Minutes) box, specify how long idle sessions are allowed to remain logged on to the server.
- Click the Access tab. This is where you can allow or disallow computers, domains and subnets from accessing the POP3 virtual server.
- Click Connection.
- If you want to allow only specific computers and domains to access the POP3 virtual server, select the Only The List Below option.
- Click Add and then provide either of the following:
-
- Static address of the specific computer.
- Set of computers, based on subnet address and subnet mask.
- Domain name of the domain.
- Click OK.
- Click the Message Format tab. This is where you define which message format the POP3 clients support.
- For POP3 clients that support MIME, select MIME and then select between the following available options:
-
- Use RTF option.
- Provide Message Body As Plain Text option.
- Provide Message Body As HTML option.
- Both of these.
- For POP3 clients that support uuencode, select UUEncode.
- Select Use Binhex For Macintosh if you have to support Macintosh clients.
- Choose the character set in the Character Set drop-down list.
- Click OK.
- To restart the POP3 virtual server, right-click the POP3 virtual server and select Pause from the shortcut menu.
How to create a NNTP virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the NNTP folder.
- Right-click NNTP and select New and then select NNTP Virtual Server from the shortcut menu.
- The New NNTP Virtual Server Wizard initiates.
- Enter a name for the new NNTP virtual server. Click Next.
- In the Select The IP Address For This Virtual Server drop-down list, specify the IP address.
- Specify the TCP port number and click Next.
- Specify the path to the internal files. Click Next.
- Specify the storage medium and then click Next.
- Specify the virtual directory for storing of news content.
- Click Finish to create the new NNTP virtual server.
How to configure a NNTP virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the NNTP folder.
- Right-click the NNTP virtual server and select Pause from the shortcut menu.
- Right-click the NNTP virtual server and now select Properties from the shortcut menu.
- The NNTP virtual server’s Properties dialog box opens.
- Click the Advanced button on the General tab.
- If you want to change the IP address, and TCP port andSSL port, click the Add button.
- Click the Limit Number Of Connections To option if you want to specify the number of simultaneous settings allowed to the NNTP virtual server. Specify the number of connections allowed.
- In the Connection Time-Out (Minutes) box, specify how long idle sessions are allowed to remain logged on to the server.
- Click the Access tab. This is where you can allow or disallow computers, domains and subnets from accessing the NNTP virtual server.
- Click Connection.
- If you want to allow only specific computers and domains to access the NNTP virtual server, select the Only The List Below option.
- Click Add and then provide either of the following:
-
- Static address of the specific computer.
- Set of computers, based on subnet address and subnet mask.
- Domain name of the domain.
- Click OK.
- Click the Settings tab. This is where you configure the size of an article that a user is allowed to post. You can also control the total size of articles that can be posted within one connection.
- Select the Allow Client Posting checkbox.
- If you want to specify the size of an article that a user is allowed to post, select the Limit Post Size (KB) option and specify the appropriate value.
- If you want to control how much data can be posted to a newsgroup within one connection, select the Limit Connection Size (MB) option and then enter the appropriate value
- Select the Allow Feed Posting checkbox.
- If you want to control the size of an article that a user is allowed to post to a newsfeed, select the Limit Post Size (KB) option and specify the appropriate value.
- If you want to control how much data can be posted to a newsfeed within one connection, select the Limit Connection Size (MB) option and then enter the appropriate value.
- If you want other servers to pull news articles from the NNTP server, select the Allow Servers To Pull News Articles From This Server checkbox.
- If you want to allow control messages, select the Allow Control Messages checkbox.
- You can also specify the SMTP server for moderated groups in the SMTP Server For Moderated Groups: box.
- In the Default Moderator Domain: box, provide the name of the default moderator domain.
- In the Administrator E-mail Account: box, specify the details of the administrator e-mail account.
- Click OK.
- To restart the NNTP virtual server, right-click the NNTP virtual server and select Pause from the shortcut menu.
How to create a SMTP virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the SMTP folder.
- Right-click SMTP and select New and then select SMTP Virtual Server from the shortcut menu.
- The New SMTP Virtual Server Wizard initiates.
- Enter a name for the new SMTP virtual server. Click Next.
- In the Select The IP Address For This Virtual Server drop-down list, specify the IP address.
- Specify the TCP port number and click Next.
- Click Finish to create the new SMTP virtual server.
How to configure a SMTP virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the SMTP folder.
- Right-click the SMTP virtual server and select Pause from the shortcut menu.
- Right-click the SMTP virtual server and now select Properties from the shortcut menu.
- The SMTP virtual server’s Properties dialog box opens.
- Click the Advanced button on the General tab.
- If you want to change the IP address and TCP port, click the Add button. If you want to add a filter, click the Add button as well.
- Click the Limit Number O Connections To option if you want to specify the number of simultaneous settings allowed to the SMTP virtual server. Specify the number of connections allowed.
- In the Connection Time-Out (Minutes) box, specify how long idle sessions are allowed to remain logged on to the server.
- Click the Access tab. This is where you can allow or disallow computers, domains and subnets from accessing the SMTP virtual server.
- Click Connection.
- If you want to allow only specific computers and domains to access the SMTP virtual server, select the Only The List Below option.
- Click Add and then provide either of the following:
-
- Static address of the specific computer.
- Set of computers, based on subnet address and subnet mask.
- Domain name of the domain.
- Click OK.
- If you want to prevent specific computers and domains from accessing the SMTP virtual server, select the All Except The List Below option.
- Click Add and then provide either of the following:
-
- Static address of the specific computer.
- Set of computers, based on subnet address and subnet mask.
- Domain name of the domain.
- Click OK.
- Click the Messages tab
- To set the maximum incoming message size allowed, check the Limit Message Size To (KB): checkbox and enter the value.
- To set the maximum session size allowed, select the Limit Session Size To (KB): checkbox and enter the appropriate value.
- To set the maximum number of outbound messages that can be sent in a single SMTP connection, enable the Limit Number Of Messages Per Connection To: checkbox and enter the appropriate value.
- To control the maximum number of recipients for a message, select the Limit Number Of Recipients Per Message To: checkbox and enter the value.
- Specify a destination where a copy of the non-delivery report (NDR) should be transmitted.
- Specify the location of the SMTP Badmail folder.
- Click the Delivery tab to configure settings for message delivery.
- Click OK.
- To restart the SMTP virtual server, right-click the SMTP virtual server and select Pause from the shortcut menu.
How to enable forms-based authentication
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the HTTP folder.
- Right-click the HTTP virtual server and select Pause from the shortcut menu.
- Right-click the HTTP virtual server and now select Properties from the shortcut menu.
- The HTTP virtual server’s Properties dialog box opens.
- Click the Settings tab.
- In the Outlook Web Access area of the Settings tab, select the Enable Forms Based Authentication checkbox.
- In the Compression drop-down list, click the desired compression level.
- Click OK.
- To restart the HTTP virtual server, right-click the HTTP virtual server and select Pause from the shortcut menu.
How to install a certificate (encryption) on the default IMAP4 virtual server on the front-end Exchange server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the IMAP4 folder.
- Right-click Default IMAP4 Virtual Server and select Pause from the shortcut menu.
- Right-click the Default IMAP4 Virtual Server and now select Properties from the shortcut menu.
- Click the Access tab.
- Click Certificate.
- Initiate the Web Server Certificate Wizard to obtain a new certificate.
- Select the Create A New Certificate option.
- After completing the Web Server Certificate Wizard, click Apply to save all changes.
- Click Certificate.
- Iitiate the Web Server Certificate Wizard to install the certificate.
- Select the Assign An Existing Certificate option.
- After completing the Web Server Certificate Wizard, click Apply to save all changes.
- Click Communication. You now have to associate the encryption certificate and require a secure communication channel.
- Click Require Secure Channel.
- Select Require 128-bit Encryption.
- Click OK.
- To restart the IMAP4 virtual server, right-click the IMAP4 virtual server and select Pause from the shortcut menu.
How to configure authentication on the default HTTP virtual server on the front-end Exchange server
- Open the IIS Manager console.
- Navigate to the Default Web Site folder.
- Expand the Default Web Site folder and then expand the Exchange folder.
- Right-click Default Web Site and select Pause from the shortcut menu.
- Right-click Exchange and select Properties from the shortcut menu.
- The Exchange Properties dialog box opens.
- Click the Directory Security tab.
- Click Edit in the Authentication And Access Control area of the tab.
- The Authentication Methods dialog box opens.
- Proceed to configure an authentication method using this dialog box. The authentication options available under the Authenticated Access area are:
- Basic Authentication.
- Digest Authentication.
- Integrated Windows Authentication.
- NET Passport Authentication.
- Click OK to exit the Authentication Methods dialog box.
- Click OK in the Exchange Properties dialog box.
- To restart the Default Web Site, right-click the Default Web Site and select Pause from the shortcut menu.
How to check authentication configured on the default POP3 virtual server on the front-end Exchange server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the POP3 folder.
- Right-click Default POP3 Virtual Server and select Properties from the shortcut menu.
- The Default POP3 Virtual Server Properties dialog box opens.
- Click the Access tab.
- Click Authentication.
- You can now check which authentication method is configured.
- Click OK.
How to configure authentication on a virtual server on the back-end Exchange server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand either of these folders:
-
- HTTP folder.
- IMAP4 folder.
- NNTP folder.
- POP3 folder.
- SMTP folder.
- Right-click the virtual server and select Pause from the shortcut menu.
- Right-click the virtual server once more and now select Properties from the shortcut menu.
- Click the Access tab.
- Click Authentication.
- For a HTTP virtual server, the authentication options are:
-
- Anonymous Access.
- Basic Authentication.
- Digest Authentication.
- Integrated Windows Authentication.
- For a IMAP4 virtual server and POP3 virtual server, the authentication options are:
-
- Basic Authentication – Requires SSL/TLS Encryption.
- Simple Authentication and Security Layer.
- For a NNTP virtual server, the authentication options are:
-
- Allow Anonymous.
- Basic Authentication.
- Integrated Windows Authentication.
- Enable SSL Client Authentication.
- For a SMTP virual server, the authentication options are:
-
- Anonymous Access.
- Basic Authentication – Requires TLS Encryption.
- Integrated Windows Authentication.
- Click OK.
- To restart the virtual server, right-click the specific virtual server and select Pause from the shortcut menu.
How to configure diagnostic logging
When enabled, diagnostic logging records events pertaining to the following:
- Connections.
- Authentication.
- Client Action.
- Configuration.
By default, the logging level is set to None. This basically means that only critical events and error events are recorded. Diagnostic logging is recorded by the Windows Server 2003 event log on the Exchange server on which the virtual server resides.
To configure diagnostic logging:
- Open Exchange System Manager.
- Locate the Exchange server that you want to configure.
- Right-click the Exchange server and select Properties from the shortcut menu.
- Click the Diagnostics Logging tab.
- In the Services area of the tab, click service.
- Select the appropriate entry in the Category area of the tab.
- Select between the following logging levels:
- None; only critical events and error events are recorded.
- Minimum; one entry is logged for each key task performed by the service.
- Medium; for each action needed to execute a task, entries are logged.
- Maximum; entries are logged for each line of code. The Maximum logging level should be enabled only when you need comprehensive debugging information. This is due to the impact this logging level has on server performance.
- Click OK.
- To view logged information, access Event Viewer.
How to view connected users on the IMAP4 virtual server
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the IMAP4 folder.
- Double-click the IMAP4 virtual server.
- Click Current Sessions.
- The details pane now lists all connected users.
How to disconnect a connected user
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the IMAP4 folder.
- Double-click the IMAP4 virtual server.
- Click Current Sessions.
- In the details pane, locate the user that you want to disconnect.
- Right-click the particular user and then select Terminate from the shortcut menu to disconnect the user.
How to disconnect all connected users
- Open Exchange System Manager.
- Expand the Protocols folder and then expand the IMAP4 folder.
- Double-click the IMAP4 virtual server.
- Click Current Sessions.
- In the details pane, right-click and then select Terminate All from the shortcut menu to disconnect all users.
Comments - No Responses to “Configuring and Maintaining Exchange Server 2003 Virtual Servers”
Sorry but comments are closed at this time.