Module 5: Implementing client connection

Lab: Deploying and configuring client access services on

Exchange Server 2019
Scenario
You are working as a messaging administrator for A. Datum Corporation.
Exchange Server 2019 is installed, but the configuration is not yet complete.
The client access configuration is still at its default settings. You need to
complete the configuration of client access. This includes configuring the
namespace, configuring a certificate, and configuring custom MailTips.

Objectives
After completing this lab, you will have:
 Configured a namespace for client access.
 Configured a certificate for client access.
 Configured custom MailTips.

Lab Setup
For this lab, you need to use the available virtual machine environment.
Before you begin the lab, you must complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click EXC19-LON-DC1, and in the Actions pane,
click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine
starts.
4. Sign in by using the following credentials:
 User name: Administrator
 Password: Pa55w.rd
 Domain: Adatum
5. Repeat steps 2 to 4 for EXC19-LON-EX1.
6. Repeat steps 2 to 4 for EXC19-LON-EX2.
7. Repeat steps 2 to 3 for EXC19-LON-CL1. Do not sign in until instructed.

Exercise 1: Configuring Namespaces for client access

Exercise Scenario
The Exchange servers for A. Datum Corporation are still using the default
configuration for the namespace. This means that all of the internal URLs are
pointing at the server names rather than the correct namespace. The
namespace selected for A. Datum Corporation is mail.adatum.com. You need
to configure both internal and external URLs to use this namespace.

The main tasks for this exercise are as follows:

1. Create a DNS record for the namespace
2. Configure the SCP for Autodiscover
3. Configure external URLs
4. Configure internal URLs

 Task 1: Create a DNS record for the namespace(To Create a new host
record mail.adatum.com that resolves to 172.16.0.14)
1. On LON-DC1, in Server Manager, click Tools and then click DNS.
2. In DNS Manager, expand LON-DC1, expand Forward Lookup Zones,
and then click Adatum.com.
3. Right-click Adatum.com and then click New Host (A or AAAA).
4. In the New Host window, in the Name box, type mail.
5. In the IP address box, type 172.16.0.14 and click Add Host.
6. In the DNS window, click OK.
7. In the New Host window, click Done.
8. Close DNS Manager.

 Task 2: Configure the SCP(service connection point) for Autodiscover

1. On LON-EX1, on the task bar, click Exchange Management Shell.
2. To view the current Autodiscover configuration URL type the following
command in Exchange Management Shell.(To view current configuration)
Get-ClientAccessService | fl name,auto* and press Enter.

3. In Exchange Management Shell, type Get-ClientAccessService | Set-

ClientAccessService –AutoDiscoverServiceInternalUri
https://mail.adatum.com/Autodiscover/Autodiscover.xml and press
Enter.(To set the Autodiscover URL)
4. Close Exchange Management Shell.

 Task 3: Configure external URLs

1. On LON-EX1, click Start, and click Internet Explorer.
2. In Internet Explorer, in the address bar, type https://lon-
ex1.adatum.com/ecp, and press Enter.
3. Sign in as Adatum\Administrator with a password of Pa55w.rd.
4. In the Time zone list, click (UTC-08:00) Pacific Time (US & Canada)
and then click Save.
5. In Exchange admin center, click servers and then click the virtual
directories tab.
6. In the toolbar click configure external access domain (the wrench
icon).
7. In the configure external access domain window, click Add.
8. In the Select a Server window, click LON-EX1, click add, click LON-
EX2, click add, and then click OK.
9. In the configure external access domain window, in the Enter the
domain name you will use with your external Client Access servers
box, type mail.adatum.com and click Save.
10. When saving is complete, click Close.

 Task 4: Configure internal URLs

 1. In Exchange admin center, on the virtual directories tab, in the
Select server box, select LON-EX1.adatum.com.
2. Click ecp (Default Web Site) and then click Edit.
3. In the ecp (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/ecp, and then click Save.
4. In the warning window, click OK.
5. Click EWS (Default Web Site) and then click Edit.
6. In the EWS (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/EWS/Exchange.asmx and then click Save.
7. Click Microsoft-Server-ActiveSync (Default Web Site) and then
click Edit.
8. In the Microsoft-Server-ActiveSync (Default Web Site) window, in the
Internal URL box, type https://mail.adatum.com/Microsoft-Server-
ActiveSync, and then click Save.
9. Click OAB (Default Web Site) and then click Edit.
10. In the OAB (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/OAB, and then click Save.
11. Click owa (Default Web Site) and then click Edit.
12. In the owa (Default Web Site) window, in the Internal URL box, type
https://mail.adatum.com/owa, and then click Save.
13. Repeat steps 1-12 to configure the virtual directories on LON-EX2.

Results: After completing this exercise, you should have configured

namespaces for A. Datum Corporation.

Exercise 2: Configuring certificates for client access

Exercise Scenario
After installing Exchange Server 2019, the server is configured to use a self-
signed certificate for LON-EX1.adatum.com. You need to change this
certificate to a trusted certificate by creating a certificate request and
submitting it to a CA. When you create the certificate request, you need to
ensure that it contains only names that can be resolved on the Internet so
that a public CA can issue the certificate. After you obtain the certificate, you
need to assign services to it.

The main tasks for this exercise are as follows:

1. Generate a certificate request
2. Submit a certificate request
3. Export and import the certificate
4. Assign services to the new certificate
5. Verify that the certificate is in use

 Task 1: Generate a certificate request

1. On LON-EX1, in the Exchange admin center, in the left navigation pane,
click servers and click the certificates tab.
2. In the Select server box, if necessary, select LON-EX1.Adatum.com
and then click New.
3. In the new Exchange certificate window, click Create a request for a
certificate from a certification authority, and then click Next.
4. In the Friendly name for this certificate box, type
mail.adatum.com and then click Next.
5. On the page containing the request for a wildcard certificate, do not
make any changes, and click Next.
6. Click Browse.
7. In the Select a Server window, click LON-EX1, and then click OK.
8. Click Next.
9. Review the list of domains and click Next.
10. In the list of names, click LON-EX1 and click Remove.
11. Click Adatum.com and then click Remove.
12. In the new Exchange certificate window, click Next.
13. On the next page, fill in the fields as follows:
 Organization name: A.Datum
 Department name: IT
 City/Locality: London
 State/Province: England
 Country/Region name: United Kingdom
14. Click Next.
15. On the next page, type \\LON-EX1\C$\windows\temp\certreq.req,
and click Finish.

 Task 2: Submit a certificate request

1. In the Start screen, type notepad and click Notepad.
2. In Notepad, click File and click Open.
3. In the Open window, click Text Documents (*.txt) and click All Files
(*.*).
4. Browse to C:\Windows\Temp and double-click certreq.req.
5. In Notepad, press Ctrl-A and then press Ctrl-C.
6. Close Notepad.
7. In Internet Explorer, open a new tab.
8. In the address bar, type http://lon-dc1/certsrv, and press Enter.
Enter Adatum\Administrator and pa55w.rd if it asks
9. On the Welcome page, click Request a certificate.
10. On the Request a Certificate page, click advanced certificate
request.
 11. On the Advanced certificate request page, click Submit a
certificate request by using a base-64-encoded CMC or PKCS #10
file, or submit a renewal request by using a base-64-encoded PKCS
#7 file.
12. On the Submit a Certificate Request or Renewal Request page, in
the Saved Request box, press Ctrl-V.
13. In the Certificate Template box, select Adatum Web and then click
Submit.
14. On the Certificate Issued page, click Download certificate.
15. When prompted, to open or save certnew.cer, click Save.
16. In Exchange admin center, on the certificates tab, click
mail.adatum.com and then click complete. If mail.adatum.com is not
visible, click Refresh.
17. In the complete pending request window, in the File to import from box,
type \\LON-EX1\c$\Users\Administrator.Adatum\Downloads\
certnew.cer and click OK.

 Task 3: Export and import the certificate

1. In Exchange admin center, on the certificates tab, click the
mail.adatum.com certificate, click More, and click Export Exchange
certificate.
2. On the export Exchange certificate page, in the File to export to
text box, type \\LON-EX2\c$\Users\Administrator.Adatum\Downloads\
mailcert.pfx.
3. In the Password text box, type Pa55w.rd, and then click OK.
4. In Exchange admin center, in the Select server list, click LON-
EX2.adatum.com.
5. Click More, and click Import Exchange certificate.
6. On the import Exchange certificate page, in the File to import from
text box, type \\LON-EX2\c$\Users\Administrator.Adatum\Downloads\
mailcert.pfx.
7. In the Password text box, type Pa55w.rd, and then click Next.
8. In the Specify the servers you want to apply this certificate to
area, click add, click LON-EX2, click add and then click OK.
9. Click Finish.

 Task 4: Assign services to the new certificate

1. In Exchange admin center, double-click mail.adatum.com.
2. In the mail.adatum.com window, click services
3. Select the SMTP and IIS checkboxes, and click Save.
4. In the warning window, click Yes.
5. In the Select server list, click LON-EX1.Adatum.com.
6. Double-click mail.adatum.com.
7. In the mail.adatum.com window, click services
8. Select the SMTP and IIS checkboxes, and click Save.
9. In the warning window, click Yes.

 Task 5: Verify that the certificate is in use

 1. On LON-EX1, close Internet Explorer.
2. Click Start, and click Internet Explorer.
3. In the address bar, type https://mail.adatum.com/ecp, and press
Enter.
4. Sign in as Adatum\Administrator with the password Pa55w.rd.
5. In the address bar, click the lock icon and click View certificates.
6. In the Certificate window, click the Details tab.
7. Scroll down and select the Subject Alternative Name field.
8. Verify that the correct names are in the certificate and click OK.
9. Close Internet Explorer.

Results: After completing this exercise, you should have configured a

certificate for Exchange Server 2019.

Exercise 3: Configuring Custom MailTips

Exercise Scenario
To reduce the number of users who require support, A. Datum is evaluating
the implementation of MailTips. You are asked to configure some test
deployments that implement MailTips, and you must verify that MailTips can
be enabled in multiple languages.

The main tasks for this exercise are as follows:

1. Configure a custom MailTip using Exchange admin center
2. Configure a multilingual MailTip
3. Verify MailTip functionality
4. To prepare for the next lab

 Task 1: Configure a custom MailTip using Exchange admin center

1. On LON-EX1, in the Start menu, and click Internet Explorer.
2. In Internet Explorer, in the address bar, type
https://mail.adatum.com/ecp, and press Enter.
3. Sign in as Adatum\Administrator with the password Pa55w.rd.
4. In Exchange admin center, click recipients, and then click mailboxes.
5. In the list of mailboxes, click on Amr Zaki, and then click Edit .
6. In the Amr Zaki window, click MailTip.
7. In the text box, type Test MailTip for Amr, and then click Save.
8. Close Internet Explorer.

 Task 2: Configure a multilingual MailTip

1. On LON-EX1, on the task bar, click Exchange Management Shell.
2. In Exchange Management Shell, type the following, and then press
Enter:
Set-Mailbox –Identity Alex –Mailtip “This is english mail tip” –MailtipTranslations
(“FR: C’est la langue francaise”)
3. Close Exchange Management Shell.
 Task 3: Verify MailTip functionality
1. On LON-CL1, sign in as Adatum\Nate with a password of Pa55w.rd.
2. On the task bar, click Microsoft Edge.
3. In Microsoft Edge, type https://mail.adatum.com/owa, and press
Enter.
4. Sign in as Adatum\Nate with the password of Pa55w.rd.
5. At the Would you like to save your password for adatum.com
prompt, click No.
6. On the Language and time zone page, select English (United
States).
7. In the Time zone box, select (UTC -8:00) Pacific Time (US &
Canada) and click Save.
8. In the Mail window, click New.
9. Type Amr in the To field, and press Tab. Make sure that the field is
populated with Amr Zaki.
10. Click in the Subject field. Ensure that the MailTip has appeared.
11. Click Discard, and then click Discard again.
12. In the Mail window, click New.
13. Type Alex in the To field, and press Tab. Make sure that the field is
populated with Alex Darrow.
14. Click in the Subject field. Ensure that the MailTip has appeared and
that it appears in English.
15. Sign out of Outlook on the web.
16. Sign in as Adatum\Amr with the password of Pa55w.rd.
17. At the Would you like to save your password for adatum.com
prompt, click No.
18. On the Language and time zone page, select français (France).
19. In the Time zone box, select (UTC -8:00) Pacific Time (US &
Canada) and click Save.
20. In the Mail window, click Nouveau.
21. In the À field type Alex, and press Tab. Make sure that the field is
populated with Alex Darrow.
22. Click in the Objet field. Ensure that MailTip has appeared and that it
appears in French.
23. Click Ignorer, and then click Ignorer again.
24. Close Microsoft Edge.

 Task 4: To prepare for the next lab

 When you finish the lab, leave all the virtual machines running.

Results: After completing this exercise, you should have configured MailTips in
multiple languages.
Lab B: Deploying and configuring client access services on
Exchange Server
Scenario
You have recently installed Exchange Server 2019 for A. Datum. You need to
continue configuring client access to support the needs of A. Datum. You
have already configured the namespace for web services, but you still need
to configure the namespace for Outlook Anywhere and MAPI over HTTP.
Outlook on the web is configured with the correct namespace, but you need
to simplify the user experience by disabling unused features. Finally, you
need to setup security for Exchange ActiveSync.

Objectives
After completing this lab, you will have:
 Configured Outlook Anywhere and MAPI over HTTP.
 Configured Outlook on the web.
 Configured Exchange ActiveSync

Lab Setup
The virtual machines for this lab are still running from the previous lab.

Exercise 1: Configuring Outlook on the web

Exercise Scenario
After installing Exchange Server 2019, you want to optimize Outlook on the
web. A. Datum uses only one AD DS domain for authentication. So, to
simplify sign in, you will configure the sign in to require only the user name.
You will also remove some features from Outlook on the web that are not
supported by IT.

The main tasks for this exercise are as follows:

1. Configure authentication for Outlook on the web
2. Configure features for Outlook on the web
3. Configure offline access for Outlook on the web
4. Test offline access for Outlook on the web

 Task 1: Configure authentication for Outlook on the web

1. On LON-EX1, on the Start screen, click Internet Explorer.
2. In Internet Explorer, in the address bar, type
https://mail.adatum.com/ecp, and press Enter.
3. Sign in as Adatum\Administrator with a password of Pa55w.rd.
4. In Exchange admin center, click servers and click the virtual
directories tab.
5. In the Select server box, select LON-EX1.Adatum.com.
6. Click owa (Default Web Site) and click Edit.
7. In the owa (Default Web Site) window, click the authentication tab.
8. Under Logon format, click User name only and click Browse.
9. In the Select a Doman window, click Adatum.com and click OK.
10. In the owa (Default Web Site) window, click Save.
11. In the warning window, click OK.
12. Repeat steps 5-11 for LON-EX2.Adatum.com.

 Task 2: Configure features for Outlook on the web

1. In Exchange admin center, click permissions and click the Outlook
Web App policies tab.
2. Click Default and click Edit.
3. In the Default window, click the features tab.
4. Deselect the following checkbox under Communication
management:
 Instant messaging
 Text messaging
 Unified Messaging
5. Click Save.
6. In Exchange admin center, click recipients and click the mailboxes
tab.
7. Click Nate Sun and click Edit.
8. In the Nate Sun window, click the mailbox features tab.
9. Under Email Connectivity click View details.
10. In the Outlook Web App mailbox policy window, click Browse.
11. In the Webpage Dialog window, click Default and click OK.
 12. In the Outlook Web App mailbox policy window, click Save.
13. In the Nate Sun window, click Save.
14. Close Internet Explorer.

 Task 3: Configure offline access for Outlook on the web

1. On LON-CL1, sign in as Adatum\Nate with a password of Pa55w.rd.
2. On the task bar, click Microsoft Edge.
3. In Microsoft Edge, type https://mail.adatum.com/owa, and press
Enter.
4. Sign in as Nate with the password of Pa55w.rd. Do not store the
password.
5. Click Settings and click Offline settings.
6. Select the Turn on offline access checkbox.
7. On the Offline access setup page, for the question, Are you the only
person who uses this computer?, click Yes.
8. Click Next, and then click Next again.
9. Click OK.
10. Close Microsoft Edge.

 Task 4: Test offline access for Outlook on the web

1. On the host computer, in Hyper-V Manager, right-click EXC19-LON-CL1
and click Settings.
2. In the Settings for EXC19-LON-CL1 window, click Network Adapter.
3. In the Virtual switch box, select Not connected and click Apply. This
disconnects the client from the network.
4. On LON-CL1, on the task bar, click Microsoft Edge.
5. In Microsoft Edge, type https://mail.adatum.com/owa, and press
Enter.
6. Click New.
7. In the To field, type [email protected].
8. In the Subject field, type Offline Test and click Send.
9. On the host computer, in Hyper-V Manager, in the EXC19-LON-CL1
window, in the Virtual switch box, select Private Network and click OK.
10. In Outlook on the web, when prompted, sign in as Nate with a
password of Pa55w.rd.
11. On LON-EX1, open a new tab in Internet Explorer.
12. In Internet Explorer, in the address bar, type
https://mail.adatum.com/owa, and press Enter.
13. If necessary, sign in as Adatum\administrator with a password of
Pa55w.rd.
14. Verify that the message from Nate arrived.
15. Close Internet Explorer.

Results: After completing this exercise, you should have configured

Outlook on the web

Exercise 2: Configuring Exchange ActiveSync

Exercise Scenario
After installing Exchange Server 2019, you need to configure a mobile device
mailbox policy that meets the security needs of A. Datum. You need to
ensure that only approved devices can connect using Exchange ActiveSync.
You also need to ensure that all devices require a password.

The main tasks for this exercise are as follows:

1. Configure device quarantine for new mobile devices
2. Configure security settings for Exchange ActiveSync
3. To prepare for the next module

 Task 1: Configure device quarantine for new mobile devices

1. On LON-EX1, on the Start screen, click Internet Explorer.
2. In Internet Explorer, in the address bar, type
https://mail.adatum.com/ecp, and press Enter.
3. Sign in as Adatum\Administrator with a password of Pa55w.rd.
4. In Exchange admin center, click mobile and click the mobile device
access tab.
5. Under Exchange ActiveSync Access Settings, click edit.
6. In the Exchange ActiveSync access settings window, under Connection
Settings, click Quarantine – Let me decide to block or allow later.
7. Under Quarantine Notification Email Messages, click Add.
8. In the Select Administrators window, click Administrator, click add,
and click OK.
9. In the Exchange ActiveSync access settings window, click Save.

 Task 2: Configure security settings for Exchange ActiveSync

1. On LON-EX1, in Exchange admin center, click the mobile device
mailbox policies tab.
2. Click Default (default) and click Edit.
3. On the general tab, deselect the Allow mobile devices that don’t
fully support these policies to synchronize checkbox.
4. On the security tab, select the following checkbox:
 Require a password
 Minimum password length
 Number of sign-in failures before devices is wiped
 Require sign-in after the device has been inactive for (minutes)
5. Click Save.

 Task 3: To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial
state. To do this, complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20345A-LON-DC1, and then
click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
 4. Repeat steps 2 to 3 for EXC19-LON-EX1, EXC19-LON-EX1 and EXC19-
LON-CL1.
Results: After completing this exercise, you should have configured Exchange
ActiveSync