Deploying Server 2012 R2 with Exchange 2016, Active Directory & RDS Gateway

Overview

Windows Small Business Server (SBS) was great for small to medium businesses who wanted an on-premise server with exchange and remote access.

Unfortunately Microsoft haven't offered a sound alternative and pushed small business towards servers in Azure or on-premise Server Essentials with Office 365 for email. For those who don't have a good Internet connection at their office and rely heavily on large internal emails, an on-premise exchange is the only alternative.

I have created a short guide on how to integrate Server 2012 R2/2016 with Exchange 2016, AD and Remote Desktop Gateway.

In this example we have setup a small company called CompleteTek with the internal domain name completetek.local and external FQDN completetek.com.au. They have decided to have this server located in their leased rack at Equinix Data Centre.

AD Installation & Configuration

1.       Disable UAC. Set I.P to static

2.       Install AD & DNS using Add Roles and Features.

3.       Install DHCP and authorize with AD

4.       Add external OWA address as an extra zone in DNS

Preparing AD Schema for Exchange

1. Open an administrator command prompt and browse to the drive with the exchange install media. Use the following commands to extend the schema:

• Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareSchema
• Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD /OrganizationName:CompleteTek

Once completed without an error you can proceed to the next step. Note in later revisions of Exchange you will need to install Visual C++ 2013 redistribute.

Exchange 2016 Installation & Configuration

1.       Download & install .NET 4.5.2 framework. If using CU14 or later install .NET version 4.5.7

2.       Download & install UCMA Runtime 4.0
3.      Enable Windows Media Foundation by the powershell command:  Add-WindowsFeature -Name Server-Media-Foundation and then restart.

4.       Run installation wizard for Exchange. Select Mailbox Role. Allow installation to install additional prerequisites. Restart server as necessary to complete pre-requisite

5.       Login to ecp: https://localhost/ecp.

6.       Go to Servers->Certificates and click the + to Genrate SSL cert using same proposed external name as in previous section. Use wizard to generate and install a new self signed or third party signed certificate.

7.       Go to Servers->Virtual Directories. Set select type to All  and change all virtual directory urls from domainname.local to external FQDN e.g server.completetek.local to remote.completetek.com.au. Also copy the Internal URL field for each to External URL:

8.       Go to Mail flow->Send connectors. Click + to create an SMTP connector.

9.       Go to exchange powershell and change the autodiscover url as well (replacing servername.local with an external FQDN):

Use the following command: Set-ClientAccessServer –AutoDiscoverServiceInternalUri

Remote Desktop Services Gateway Install

1.       GO to  Add Roles & Features select Remote Desktop Services then select Remote Desktop Gateway

2.       From Server Manager go to Tools->Terminal Services->Remote Desktop Gateway

3.       Select No to the prompt which states ‘the certificate in IIS is different to the one the RD Gateway service is running’

4.       Select ‘View or modify certificate properties’.

5.       Go to the SSL Certificate tab and click on ‘Select an existing SSL certificate from the RD Gateway’. Select Import Certificate

6.       Choose the certificate generated for exchange in the previous section. Select Import

7.       GO to the Server node and expand the tabs. Right click on the Policies Tab. Select ‘Create New Authorization Policies’ and use the Wizard to create an RDCAP & RDRAP policy. Select an appropriate RD CAP user group that will require remote access and complete the wizard. Choose an appropriate name for the policies e.g RD Gateway Policy

8.       Go to IIS Admin console and change the port 443 host header port binding to the SSL Certificate name for the Default web site

9.       GO to the Exchange BackEnd site and remove the port 443 binding.

10.   Perform an IIS reset and reboot the server.

11.   When going into RD Gateway manager. DO NOT click Yes to the prompt saying the IIS Certificate is invalid. Otherwise repeat the above step to remove the binding.