After you install Exchange 2003, but before applying any Exchange 2003 Service Pack (the latest is cumulative service pack 2), there are first several tasks to complete and items to install or configure, as follows:
The Microsoft Release Notes to Service Pack 2 for Exchange Server 2003 provide as follows:
Required Hotfix. Make sure that you install the following hotfix before you install Exchange Service Pack 2 (SP2) for Exchange Server 2003. Ensure that Hotfix 898060, Installing security update MS05-019 or Windows Server 2003 Service Pack 1 may cause network connectivity between clients and servers to fail has been installed on your system. You can determine whether this hotfix is installed by running the Microsoft Exchange Server Best Practices Analyzer Tool, which checks for the hotfix being installed, and then reviewing the output log. If you do not run the Exchange Server Best Practices Analyzer, you must manually verify that Hotfix 898060 is installed on your system. If this hotfix is not on your system, you must install it now. This hotfix is applicable only to Windows Server 2003 customers who applied security update MS05019 or Windows Server 2003 SP1.
Clarification: This update is required if you have installed Windows Server 2003 with SP1 intergrated, or if you have applied SP1 to Windows Server 2003, or if you installed security update MS05019 to Windows Server 2003.
Hotfix 898060 is superceded by Security Update 913446.
Security update information To resolve the problem described in knowledge base article 898060, install security update 913446 (security bulletin MS06-007). For more information about how to obtain and install security update 913446, visit the following Microsoft Web site: http://www.microsoft.com/technet/security/bulletin/MS06-007.mspx Note Security update 913446 (security bulletin MS06-007) supersedes this hotfix (898060). For more information, click the following article number to view the article in the Microsoft Knowledge Base: 913446 http://support.microsoft.com/kb/913446/ MS06-007: Vulnerability in TCP/IP could allow denial of service
For detailed explanation and instructions, Download from Microsoft and Read the Exchange 2003 Planning Systems Doc (PlanE2k3MsgSys.doc): Planning a Microsoft Exchange Server 2003 Messaging System, Microsoft Corporation, Published: December 12, 2006, Author: Exchange Server Documentation Team.
By default, Exchange 2003 is always installed in Mixed Mode which allows Exchange 2003 to co-exist with Exchange 5.5 servers in your organization. However, in Mixed Mode, some Exchange 2003 features are not available. In order to enable these features, Exchange 2003 must be switched to run in Native Mode. However, once you move to Native Mode, you cannot switch back to Mixed Mode. Microsoft recommends using pure Native Mode if you do not plan to have exchange 5.5 servers (Pre-Exchange 2000 Servers) in your organization. This author is not exactly sure whether to switch to Native Mode before or after installing the following items (or whether or not it actually matters).
Caution: Before you can switch to Native Mode you should (i) remove any Exchange 5.5 servers and (ii) remove any instance of Exchange Site Replication Services (SRS), if any.
In the PlanE2k3MsgSys.doc, entitled Planning a Microsoft Exchange Server 2003 Messaging System, by Microsoft Corporation, Published December 12, 2006, Author being the Exchange Server Documentation Team, SEE the topics Preparing to Switch to Native Mode in the Exchange 2003; How to Remove Exchange 5.5 Servers from Your Exchange 2003 Organization; How to remove SRS; and How to Switch to Native Mode.
How do you determine your current mode - Mixed or Native? Open Exchange System Manager, right-click Org/Company Name, left-click Properties, and on the General tab it will specify the operation mode. There is also a button there to “Switch Mode” stating that the change to Native Mode cannot be reversed. Note that the Change Mode Button should NOT be available if there are any Exchange 5.5 servers in the org or SRS exists in the org.
After pressing the button to switch to Native Mode (System Manager, Company Properties, General Tab, Switch Mode), you may need to restart MS Exchange Info Store Service. Click Start, Run, in the input box type services.msc and then click OK button, in the list of services, find and right-click the on the service named Microsoft Exchange Information Store and left-click RESTART, (or, in the alternative, you can right-click Microsoft Exchange Information Store service, left-click STOP, wait until the service stops, again right-click the service and then left-click START).
As a side note: Before determining a better place where this topic should be inserted, I will insert it here temporarily. if you ever need to view Administrative Groups in Exchange System Manager, you need to enable the display of Administrative Groups in System Manager. Open the System Manager and right-click your Organization Name (Exchange) at the very top of the tree of this snap-in, left-click properties, on the General Tab select to check the check box next to Display Administrative Groups, click Apply, and click OK. Close and re-open System Manager before you can view the Administrative Groups following this change of display view.
Install/Add RPC over HTTP Proxy, which is a subcomponent of Network Services when you are installing Windows Components using Add/Remove Programs from the Windows Control Panel. Click Start, Settings, Control Panel, Double click Add/Remove Programs, click Windows Components, and under/within Network Services select to add RPC over HTTP Proxy. Have your Windows Server 2003 CD ready.
Later (possibly before or after installing exchange 2003 service pack/s) it will be necessary to Configure RPC over HTTP/S on Exchange 2003 and, for a prelude, see the January 7, 2009 article written by Daniel Petri and located in the Daniel Petri knowledge base at http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm
Install/Add Certificate Services (for the purpose of being able to self-issue web server certificate to users of Outlook Web Access and Outlook 2003 using RPC over https on ssl port 443). Click Start, Settings, Control Panel, double click Add/Remove Programs, click Windows Components, check/select Install Certificate Services, and check the box with Certificate Services CA, and check the box with Certificate Services Web Enrollment Support.
The CA type = Enterprise Root CA Do NOT select the checkbox for Use custom settings to generate the key pair and CA Certificate (not selected) Next
Common Name for this CA (certification authority) Issuer CN = server_name.domain_name.com (or .net or .org etc.) DC = domain_name DC = lan
Common Name for the CA: server_name.domain_name.com Distinguished Name Suffix: DC = domain_name, DC = lan
Preview of Distinguished Name: CN=server_name.domain_name.com, DC=domain_name, DC=lan
Validity Period: 10 Years
Expiration Date: 9/15/2019 2:05 AM
Certification Database (default) c:\windows\system32\certlog cert database log → c:\windows\system32\certlog
Do NOT check the option to - Store configuration information in a shared folder. Do NOT check this, and I believe config will be in active directory. NEXT
Here is a summary of some additional steps to take after installing Exchange Server 2003 (but before installing any Exchange 2003 service packs).
1. Install Security Update 913446 before applying the latest cumulative Exchange Server 2003 Service Pack.
2. Switch Exchange Server from Mixed Mode to Native Mode.
3. Added RPC over HTTP, a subcomponent of network services, as a windows component.
4. Add Certificate Services as a windows component and configured the domain controller as a CA enterprise root.
5. Enable the Display of Administrative Groups in Exchange System Manager.
Author's self reminder notes: Next configure the RPC Proxy Ports in registry, and then configure RPC virtual directory in IIS, and create a web server certificate for use with rpc over https in Exchange.
6. Configure Registry Key: HKLM/SOFTWARE/MICROSOFT/Rpc/RpcProxy/ValidPorts The Key data is previously - hostname:100-5000
Change the data of the key ValidPorts to - hostname:6001-6002;hostname.domainname.lan:6001-6002;hostname.domainname.com:6001-6002;hostname:6004;hostname.domainname.lan:6004;hostname.domainname.com:6004
7. Create/Export, submit to local CA Service for issuance, and Import to IIS, a Webserver Certificate for your particular hostName.domainName.com on the IIS Default Website at Directory Security Tab - Server Certificate Here is how to Generate and Install a Web Certificate. See: Create Webserver SSL Certificate for IIS Default Website
8. Ensure that your DHCP server is authorized in Active Directory. This is probably already accomplished when you add/install DHCP Server service and then convert the server to a domain controller at which time active directory is also installed as part of the conversion.
See: Authorize a DHCP server in Active Directory
9. Fix Server Error in Outlook Mobile Access (OMA) Application, if necessary.
See: Server Error in OMA Application Server Error in '/OMA' Application. Access to the path “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\oma\55aaeb43\5ef66257” is denied.
10. Fix another OMA Login Error. Fix Exchange Virtual Directory so it will work with RpcProxy and SSL while OMA works without SSL(article in process)
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003 See: http://support.microsoft.com/kb/817379
See: Settings to Tweak In Exchange 2003 System Manager and in IIS
DO NOT INSTALL THESE ITEMS:
A. Do NOT install ADAM
B. Do NOT install Sharepoint Services 2.0 (which is only available on Server 2003 R2)
C. No need to install ASP .NET 2.0 or .NET framework 2.0 (as it may conflict with using ASP .NET 1.1 in Exchange Web, particularly - OWA may not work and CertSvr may not work correctly if ASP .NET 2.0 conflicts / overrides 1.1 settings).
THIS WIKI PASSAGE IS FAR FROM COMPLETE. STAY TUNED. WORK IN PROCESS.