Prerequisites for Installing Exchange 2010 SP1 on Windows 2008 R2

by Andy Grogan on April 10, 2011 · 7 comments

in Exchange 2010 (Installation), Windows 2008 R2

NOTE: This article has an update located here: http://www.telnetport25.com/2011/12/quick-tipupdate-to-prerequisites-for-installing-exchange-2010-sp1-2-on-windows-2008-r2/

This article is less about the installation of Exchange 2010 – as for the most part it is fairly similar to that of Exchange 2007 (well if you are using the GUI – there are a number of changes to the unattended setup.com – which I will cover in a later post), but more to do with how you should go about configuring Windows 2008 R2 so that it is ready to accept the role of an Exchange 2010 server.

For most I suspect – this post will be fairly rudimentary, however from looking at the search stats on my site – it is one of the most common search criteria – so I thought that it would be worth covering off.

There will be some personal observations in this post, in essence things that I like to do with my Windows Servers as “Prerequisites” which may or may not be of use – and are not essential to the overall success of an Exchange 2010 installation.

First things first – Run and install Windows Updates
 

Seems like a simple idea – but honestly I have seen a few installations where these have been the last thing done after a full Exchange installation. Not that this should cause problems – but it makes sense, for example – if you install Windows updates last and Exchange stops working (again not that it should) – which update was it? – at least if they were all present before you installed Exchange and it worked – and then stopped working you have one less trouble shooting step as you know it was unlikely to have been the Windows updates!

Forests and Domains (wood from the trees)
 

If you are installing the the first Exchange 2010 server into either an existing Exchange organisation – or indeed a brand new Exchange 2010 install in a Forest / Domain that has never had Exchange before, you will need to ensure that the Forest Functional level is at least “Windows Server 2003” – you will need to consider which level you set the functional level at in conjunction with your existing Domain Controller version demographic – because migrating between Forest (and domain levels for that matter) will affect the interoperation of Domain Controllers.

Get your permissions in order
 

Now to install the Exchange 2010 prerequisites on Windows Server 2008 R2 you will require full local administration rights on the server – however, remember if you are then going onto install Exchange 2010 straight afterwards you will need other permissions in the context of Active Directory.

The above statement might seem obvious – however there have been a couple of times recently, where I have not been paying attention to the user that I am logged onto the server with, and Exchange setup fails as it cannot find the Directory – when looking at the problem I have found that I was logged onto the server with the local admin account – doh!

If you are going to install Exchange 2010 the follow are the permissions that you will require:

  • Schema Admins – if you are installing Exchange 2010 for the first time (and even if there is a pre-existing Exchange organisation of a prior version you will need to have Schema rights)
  • Domain Admins
  • Enterprise Admins

Typically and for convenience I try and use an account which is a member of all the groups above for both the server preparation, and the Exchange install – however some organisations do not allow for this due to security risk management (lets face the a single account with all those permissions assigned is one heck of a powerful account) – so you will need to take this on a case by case basis – but it is important to note that if you are going to install Exchange they are the permissions that you will need.

Server UAC
 

User Access Control is implemented in Windows Server 2008 R2, and it will typically kick into effect if you are using an admin account which is not the default from installation.

UAC DOES NOT affect the installation of the Prerequisite steps or the installation of Exchange (unless of course you do not have the required permissions) – but it might be something that annoys you along the way, so you may wish to turn it off.

However, I STRONGLY recommended that you don’t – and if you do – you MUST turn it back on after you have finished as leaving it disabled does increase the attack surface of your server!

Check your version of Windows 2008 R2
 

If you want to use DAG (Database Availability Groups) in your configuration – remember that you will need to be running Windows 2008 R2 Enterprise Edition. You can, if you want upgrade to the Enterprise version after you have installed Exchange – however I recommend that if you plan to use DAG – install the correct version of Windows right from the “get go” as, I would personally be very nervous installing a version of Windows over the top of my nice new Exchange 2010 box.

Check your IP and NIC Configuration
 

Depending on the configuration of you environment you may or may not wish to do this, but I have found that it is worth while.

The following is a checklist that I use which have served me well over the years:

Change the Descriptive Name of your NIC’s

If you plan to have more than one NIC in your Machine (for example if you plan to use DAG or are going to Load balance the CAS Servers) – change the display name of the adapter to reflect its purpose – this makes it easier for you to identify the adapter during management tasks – below is an example of a naming convention that I have used in the past:

NicNamingEx2010

Provider order on Network Interfaces

 If you plan to make use of multiple interfaces for either DAG or another purpose, you should configure the order in which they should be used to access the network – considering best practices you should always have the primary LAN interface first in the connection order – see below as an example:

NicNamingEx2010HB

In Windows 2008 R2 (much like Windows 2008) you can access the connection binding order via:

[ Start –> Networks –> Network and Sharing Centre –> Adapter Settings ]

You will then need to click on the “Organise” button – choose “Layout” and then select the “Menu Bar” option.

This will then give you the following at the top of the networking window:

NicNamingEx2010MenB

Choose the [ Advanced –> Advanced Settings ] menu options to display the Connection Binding dialog box.

Check your DNS Settings

This may or may not be relevant depending on the configuration of your domain and DNS infrastructure, but it is useful to ensure that for the Interface which connects the server to the LAN you have populated the “DNS Suffix for this connection”, chosen to “Register this connections addresses in DNS” and “Use this connection’s DNS suffix in DNS Registration” if they are relevant – this can help prevent connectivity issues later down the line with Exchange – see below

NicNamingEx2010MenC

NIC Duplex Settings

It is always a good idea to not use “Auto Negotiate” on servers – and the NICS should be configured to the correct port speed that the Switch or Router supports that your server is plugged into.
You can change this setting via the network settings – but often there is a vendor provided control panel where this can be configured – the important thing to remember – is try not to use Auto Negotiate!

Install the required Windows Components – these will require a reboot!
 

There are a whole host of Windows Components that need to be installed in order to support Exchange 2010 – and these vary to greater or lesser degrees depending on the role which you Exchange server will host.

There is a TechNet article here which takes you through the Powershell Management Command that you can use to install the various roles – however I have provided a Powershell Script below which can automate this process, all you need to do is provide an option to the script which indicates the role(s) that your Exchange Server will be fulfilling:

You can copy and past the script from the formatting window below to blank PS1 file on your server – or alternatively download it from here

# Install O/S Pre-Reqs for Exchange 2010 SP1 on Windows Server 2008 R2
# Author: Andy Grogan
# www.telnetport25.com
#
# Based upon: http://technet.microsoft.com/en-us/library/bb691354.aspx

Import-Module ServerManager
Cls
Write-Host "Please choose the Exchange 2010 role combination that you wish to install"
Write-Host ""
Write-Host "1. Mailbox,Client Access,Hub Transport"
Write-Host "2. Client Access, Hub Transport,Mailbox,Unified Messaging"
Write-Host "3. Client Access, Hub Transport"
Write-Host "4. Hub Transport, Mailbox"
Write-Host "5. Client Access, Mailbox"
Write-Host "6. Client Access"
Write-Host "7. Hub Transport or Mailbox"
Write-Host "8. Unified Messaging"
Write-Host "9. Edge"
Write-Host ""

$choice = Read-Host "Please make a numerical selection"

if ($choice -eq 1){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

}

if ($choice -eq 2){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart
}


if ($choice -eq 3){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
}

if ($choice -eq 4){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart
}

if ($choice -eq 5){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
}

if ($choice -eq 6){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart
}


if ($choice -eq 7){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server -Restart
}


if ($choice -eq 8){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Desktop-Experience -Restart
}

if ($choice -eq 9){
    Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart
}

To use the script you will need to ensure that the Powershell Execution Policy has been set to “RemoteSigned” – in order to do this you will need to open Powershell and type in the following command:

Set-ExecutionPolicy “RemoteSigned”

When you have set the execution policy you will need to navigate to the location on your server where you have downloaded (or created) the script – you can execute it using the following command (remember from within the Powershell Prompt):

.\PrepExchange2010-OS.ps1

For an example of the above – please see below:

PsExeEx2010-Prereqart1

You will then be presented with the Roles Options – choose the number which reflects your Exchange Server role requirements – see below

PsExeEx2010-Prereqart2

Once the options have been installed by the script you will need to reboot the server.

It is also worthwhile noting that the Exchange 2010 SP 1 setup GUI also provides an option to allow for you to install required Windows components during setup, rather than using the command line, or PS script above.

To be honest it make no odds, and will be down to preference – however you will need to restart Exchange setup should you choose not to pre-install the requirements before beginning setup.

Windows 2008 R2 Hotfixes Required to install certain Exchange 2010 Roles
 

At this precise moment in time (e.g. the time that I am writing this) there are a number of “hotfixes” that need to be applied to Windows 2008 R2 before you can install Exchange 2010 SP1.

These are as follows (reproduced from: http://technet.microsoft.com/en-us/library/bb691354.aspx)

The following hotfixes are required for the Client Access server for Windows Server 2008 R2:

The following hotfix is required for Hub Transport and Mailbox servers for Windows Server 2008 R2:

You will notice that these are role dependant and not all fixes are required Exchange roles – however, you must install the relevant hotfix prior to beginning Exchange setup – otherwise it will fail.

Install the Microsoft Office Filter Pack
 

Your installation will not fail if these are not installed – but you will receive a warning during setup.

If your server is hosting the Hub Transport or Mailbox Server roles you should install the Office Filter Pack for Office 2010 (Recommended) or Office 2007 – should also register them as per this article here

{ 5 comments… read them below or add one }

Brad Saide June 4, 2011 at 9:27 pm

Hi – A couple of notes that may help out other people attempting to complete this:
1) In order for the Lookup and validation of AD to work in the checklist, you must Run the Setup.exe file As Administrator (right-click option) – Otherwise you will get errors back along the lines of “Setup encountered a problem while validating the state of Active Directory: Could not find any Domain Controller in domain ” and potentially spend time hunting for a DNS problem that is not there.
2) As at 5/6/2011, all of the hotfixes described have been shipped out using Windows Update (under other “roll-ups”) – They all returned the message “This update does not apply to your system” – and this is before installing 2008 R2 SP1
3) your script rocks & certainly accelerated the process – thanks

Reply

Odd M September 23, 2011 at 12:54 pm

Hot damn. Thanks a million. You saved my day with this post :)

Reply

Paul Williams September 26, 2012 at 1:15 pm

Brad, thanks for this. Before I read your post I spent an hour looking for possible DNS and network problems. God knows how long I would have carried on looking for a nonexistant problem if it were not for you.

Reply

Jitendramani Yadav October 3, 2012 at 7:31 am

Thanx , it was so helpful. script is best.

Reply

Crystal March 1, 2013 at 6:01 pm

Hey guys I need some help. I ran these scripts – BTW you can just save the script to the desktop and drag and drop it into the powershell window after you do the set-ExecutionPolicy “RemoteSigned” command and not worry about navigating to it or figuring out the path to put in.
I am hung up on installing Exchange though – I keep getting this error:

Summary: 3 item(s). 1 succeeded, 1 failed.
Elapsed time: 00:00:17
Preparing Setup
Completed
Elapsed Time: 00:00:15
Mailbox Role
Failed
Error:
The following error was generated when “$error.Clear(); $name = “SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}”; $dispname = “Microsoft Exchange”; $mbxs = @( get-mailbox -arbitration -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1 ); if ( $mbxs.length -eq 0) { $dbs = @(get-MailboxDatabase -Server:$RoleFqdnOrName -DomainController $RoleDomainController); if ($dbs.Length -ne 0) { $arbUsers = @(get-user -Filter {name -eq $name} -IgnoreDefaultScope -ResultSize 1); if ($arbUsers.Length -ne 0) { enable-mailbox -Arbitration -identity $arbUsers[0] -DisplayName $dispname -database $dbs[0].Identity; } } } else { if ($mbxs[0].DisplayName -ne $dispname ) { set-mailbox -Arbitration -identity $mbxs[0] -DisplayName $dispname -Force; } }” was run: “The user’s Active Directory account must be logon-disabled for linked, shared, or resource mailbox.”.
The user’s Active Directory account must be logon-disabled for linked, shared, or resource mailbox.
Elapsed Time: 00:00:01
Finalizing Setup
Cancelled

Reply

Leave a Comment

*

{ 2 trackbacks }

Previous post:

Next post: