In Part 4 of this series we deployed a Remote Desktop Gateway Server within our lab. In Part 5 we will be adding Email capabilities within our lab using Microsoft Exchange Server 2016. Our Exchange Deployment will consist of a single Exchange 2016 Server that will be an Azure VM.
Domain Name Registration
There are a few requirements that we will need to meet before Deploying a fully functional Exchange Environment within our Lab. The first will be registering for a Domain Name. If you have already registered your domain as I have with killerhomelab.com then you can move on to the next section “Azure VM Deployment”. If not, please pick a Name Registrar and register a domain of your choice, for example “smittyskillerhomelab.com”.
Azure VM Deployment
Let’s head to Azure now and deploy our Exchange Azure VM by logging into the portal by accessing the URL listed below from your On-Premise Server:
https://manage.windowsazure.com
Once we are within the portal follow the steps below to create our Exchange Azure VM
- On the Left-Pane click on NEW.
- From the menu select COMPUTE | VIRTUAL MACHINES | FROM GALLERY.
3. At Choose an image screen select in the Middle-Pane select Windows Server 2012 R2 Datacenter then click Next.
4. At the Virtual machine configuration screen use the table and information below to create the following VM’s then click Next:
| VIRTUAL MACHINE NAME | SIZE | REGION/AFFINITY Group /Virtual network |
| KHL-EX | A2 (2 cores, 3.5 GB memory) | VPNLAB |
***Note: The virtual machine name will need to be unique since it’s a hostname within cloudapp.net. So KHL-EX is no longer available. J
5. Use the following as a temporary Username and Password then click Next
- NEW USER NAME: khl-admin
- NEW PASSWORD: blueberries
- CONFIRM: blueberries
6. At the next screen click Complete.
Sit back and wait for you Azure VM to be created. It normally takes about 5-10 minutes.
Once the VM is complete we will need to reserve its IP address. Since Azure VM’s are given DHCP addresses, we will to set ours to Static since it is going to be a domain controller. I have already posted an article on how to set a Azure VM’s IP to static. It can be found here:
http://blogs.technet.com/b/elliottf/archive/2015/06/12/assigning-static-ip-s-to-azure-vm-s.aspx
Creating Endpoints
1. Log into the portal by accessing the URL listed below:
https://manage.windowsazure.com
2. In the Left-Pane click on VIRTUAL MACHINES then in the Right-Pane click on KHL-EX.
3. Under khl-ex click on ENDPOINTS.
4. On the Bottom-Bar click ADD.
5. At the Add an endpoint to a virtual machine window click the Arrow to proceed.
6. At the Specify the details of the endpoint screen use the NAME pull-down menu and select SMTP, then click the Check Box to complete.
Note: While the port is being added the addition of additional ports is disabled. This process should take about 20-30 seconds.
7. On the Bottom-Bar click ADD.
8. At the Add an endpoint to a virtual machine window click the Arrow to proceed.
9. At the Specify the details of the endpoint screen use the NAME pull-down menu and select HTTPS, then click the Check Box to complete.
Let’s connect to our Azure VM (KHL-EX) via remote desktop. To do this follow the steps below:
1. On the Left-Pane click on VIRTUAL MACHINES.
2. In the Middle-Pane highlight KHL-EX then on the Bottom-Bar click CONNECT.
3. At the download pop-up click Save | Save As.
4. At the Save As pop-up enter KHL-EX under File name: then click Save.
5. Navigate to the file and double-click on KHL-EX.
6. At the Remote Desktop Connection pop-up click Connect.
7. At the Windows Security screen enter your credentials.
8. At the Untrusted Certificate pop-up click Yes.
Once we are logged into KHL-EX we need to verity that it is using KHL-DC as its DNS Server. We can do that by running an NSLookup as shown below:
Once it is confirmed that we can communicate with KHL-DC we will join this server to the domain using the steps below:
1. Right-click on the Windows Logo and click on System.
2. Under Computer name, domain and workgroup settings click on Change settings.
3. At the pop-up screen click on Change.
4. Under Member of select Domain: then enter killerhomelab.com and click OK.
5. At the Computer Name/Domain Changes pop-up enter your Domain Admin and Password then click OK.
6. At the Computer Name/Domain Changes pop-up click OK, OK, then Close.
7. Click Restart Now.
Exchange 2016 Prerequisites
Once the server has restarted we will re-connect using out Domain Admin credentials. Once logged in we will need to prepare our server for Exchange by installing the Prerequisites for Exchange 2016. The official prerequisites can be pulled from the TechNet article below even though we will go through each below:
https://technet.microsoft.com/en-us/library/bb691354(v=exchg.160).aspx
IIS Pre-reqs
We will start by installing the IIS Role and the features that are required for an Exchange 2016 Installation. Follow the procedures below to install the IIS Prerequisites:
1. Log onto KHL-WEB.
2. Open an Elevated Powershell Prompt.
3. Copy and Paste the following then hit Enter (Server will Reboot):
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-ADDS, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation -Restart
Unified Communications Managed API 4.0
Now that we have all of our IIS Pre-Reqs installed, we will need to install the Unified Communications Managed API 4.0. Follow the steps below to install the Unified Communications Managed API 4.0:
1. Open Server Manager.
2. In the Left-Pane click on Local Server then under the Properties section click on the IE Enhanced Security Configuration toggle.
3. At the Internet Explorer Enhanced Security Configuration screen under Administrators select Off.
4. Launch Internet Explorer 11.
5. In the Top-Right corner select the Settings gear then select Internet Options.
6. At the Internet Options window select the Security tab then click on Custom level.
7. At the Security Settings window make sure the File download settings is set to Enable then click OK, OK.
8. Navigate to the following URL and download Unified Communications Managed API 4.0 Runtime to your Downloads Folder:
http://www.microsoft.com/en-us/download/details.aspx?id=34992
9. Navigate to the Downloads Folder and Double-click UcmaRuntimeSetup.
10. At the Microsoft Unified Communications Managed API 4.0, Runtime Setup screen click Next.
11. At the License Agreement screen select I have read and accept the license terms then click Install.
12. At the Installation is Complete screen click Finish.
Installing Exchange 2016
Now we are almost ready to install Exchange 2016. Follow the steps below to download and extract the Exchange 2016 Setup Files.
1. From within Internet Explorer navigate to the following URL:
https://www.microsoft.com/en-us/download/details.aspx?id=52968
2. From your Downloads folder double-click ExchangeServer2016-CU2.iso.
This should mount the ExchangeServer2016-CU2.iso as Drive Letter F:
Preparing AD
Since our first Domain Controller was deployed On-Premise it is the holder of all of the FSMO Roles. Since Exchange 2016 is going to deployed within Azure which is another AD Site (Azure-KHL), we will need to move the Schema Master Role from our On-Premise Domain Controller (OP-DC) to our Azure Domain Controller (KHL-DC). Follow the steps below to move this role, Extend our Schema & Prepare AD.
1. Right-click on the Windows Logo and select Command Prompt (Admin).
2. At the Command Prompt change directories to the Downloads Folder.
3. Type following commands then hit Enter:
ntdsutil roles connections
connect to server khl-dc
quit
transfer Schema Master
quit
quit
F:Setup.exe /PrepareAD /OrganizationName:”KILLERHOMELAB” /IacceptExchangeServerLicenseTerms
Installing Exchange 2016
We will use the command prompt to install Exchange since it allows us to customize our Default Database Location. Follow the instructions below to install Exchange 2016
1. Type following command then hit Enter:
F:setup.exe /mode:install /roles:mb /IAcceptExchangeServerLicenseTerms /MdbName:KHL_DB01 /DbFilePath:C:KHL_DB01KHL_DB01.edb /LogFolderPath:C:KHL_DB01
2. When setup is completed reboot the server
Validating the Installation
Now that our server has been rebooted. Lets do some quick checks to verify that it is operating correctly. We will start by making sure all of our Exchange Services are up and running.
1. Right-click on the Windows Logo and select Command Prompt (Admin).
2. Type following commands then hit Enter:
Services.msc
3. Within the Services MMC scroll down and make sure all of the following Exchange Services are started:
- Microsoft Exchange Active Directory Topology
- Microsoft Exchange Anti-spam Update
- Microsoft Exchange Compliance Service
- Microsoft Exchange DAG Management
- Microsoft Exchange Mailbox Transport Delivery
- Microsoft Exchange Diagnostics
- Microsoft Exchange EdgeSync
- Microsoft Exchange Search
- Microsoft Exchange Frontend Transport
- Microsoft Exchange Health Manager
- Microsoft Exchange Health Manager Recovery
- Microsoft Exchange IMAP4
- Microsoft Exchange IMAP4 Backend
- Microsoft Exchange Information Store
- Microsoft Exchange Mailbox Assistants
- Microsoft Exchange Mailbox Replication
- Microsoft Exchange Notifications Broker
- Microsoft Exchange POP3
- Microsoft Exchange POP3 Backend
- Microsoft Exchange Replication
- Microsoft Exchange RPC Client Access
- Microsoft Exchange Service Host
- Microsoft Exchange Mailbox Transport Submission
- Microsoft Exchange Throttling
- Microsoft Exchange Transport
- Microsoft Exchange Transport Log Search
- Microsoft Exchange Unified Messaging
- Microsoft Exchange Unified Messaging Call Router
Once we have validated that all our services are running, lets actually try and log into the Exchange Administration Center. Launch Internet Explorer and navigate to the following URL:
https://khl-ex/ecp
Once presented with the screen below enter your credentials and click sign in:
Since this is the first time we are logging into the EAC, we will be prompted to select a Language and Time Zone as shown in the screens below:
Now that we are logged into our EAC, let’s check to see if our Database is mounted. Follow the steps below to validate that your Database is Mounted:
1. In the Left-Pane click on servers.
2. In the Middle-Pane click on databases then check the STATUS of the KHL_DB01 database and make sure it is Mounted as shown in the Image below:
Configuring DNS
Exchange has multiple services that will utilize the HTTPS (Port 443/TCP) Protocol. In a production environments each of these services would have a separate URL which would point to a specific Virtual IP (VIP) hosted by a Load Balancer. This is done so each VIP can be configured to used optimized rules based on the service. We will not be deploying a load balancer at this time, but will be utilizing unique URL’s for each Exchange Service to allow more flexibility in the future. This also provides a descriptive URL for users. Following the steps below lets create our DNS records using the dnscmd tool:
1. Logon to KHL-DC
2. Right-click on the Windows Logo and select Command Prompt (Admin).
3. Type following commands then hit Enter:
dnscmd khl-dc /RecordAdd killerhomelab.com autodiscover A 192.168.111.6
dnscmd khl-dc /RecordAdd killerhomelab.com owa A 192.168.111.6
dnscmd khl-dc /RecordAdd killerhomelab.com outlook A 192.168.111.6
dnscmd khl-dc /RecordAdd killerhomelab.com eas A 192.168.111.6
4. To confirm that our records have been created, from the Command Prompt run dnsmgmt.msc
5. Within the DNS Manager as shown below confirm all 4 DNS A Records have been created.
Now that the Internal DNS Records have been created, we will need to configure External DNS. As stated at the beginning of this article to have a fully functional Exchange Environment we must have publicly registered. Each Name Registrar has different procedures on creating DNS Records. Since this is out of scope for this lab please review your Name Registrar’s procedures to create the necessary DNS Records. In order to determine the IP address, we need these A Records to point to we will ping the Azure FQDN which will be in the following format:
KHL-EX.cloudapp.net
In my case the IP assigned was 13.72.189.14 so my records would need be:
A Records
AUTODISCOVER 13.72.189.14
OWA 13.72.189.14
OUTLOOK 13.72.189.14
EAS 13.72.189.14
SMTP 13.72.189.14
MX Record
SMTP.KILLERHOMELAB.COM
For Windows DNS these records would look like the box shown below:
Setting Virtual Directories
Autodiscover is mechanism used within Exchange to provide clients with a set of URL’s and settings that are used to connect to Exchange Services. Autodiscover gets these URL’s from the InternalURL and ExternalURL attributes of each Services Virtual Directory. Using the Exchange Management, follow the steps below to configure each Virtual Directories unique URL.
1. Click on the Windows Logo and then click the Down Arrow.
2. Locate and right-click the Exchange Management Shell and select Run as administrator.
3. At the User Account Control pop-up click Yes.
4. Run the following commands to configure each Exchange Services Virtual Directory
AUTODISCOVER
Set-ClientAccessService KHL-EX –AutodiscoverServiceInternalUri https://autodiscover.killerhomelab.com/Autodiscover/Autodiscover.xml
OWA
Set-OWAVirtualDirectory –Identity “KHL-EXowa (Default Web Site)” –InternalURL https://owa.killerhomelab.com/OWA -ExternalURL https://owa.killerhomelab.com/OWA -ExternalAuthenticationMethods NTLM -FormsAuthentication:$False -BasicAuthentication:$False –WindowsAuthentication:$True
!!!Note: You will receive the below message since your ECP Virtual Directory has not yet been updated. Disregard this message since your ECP Directory will be set next.
ECP
Set-ECPVirtualDirectory –Identity “KHL-EXecp (Default Web Site)” –InternalURL https://owa.killerhomelab/ECP -ExternalURL https://owa.killerhomelab.com/ECP -ExternalAuthenticationMethods NTLM -FormsAuthentication:$False -BasicAuthentication:$False –WindowsAuthentication:$True
OAB
Set-OABVirtualDirectory –Identity “KHL-EXoab (Default Web Site)” –InternalURL https://outlook.killerhomelab.com/OAB -ExternalURL https://outlook.killerhomelab.com/OAB
MRS Proxy
Set-WebServicesVirtualDirectory –Identity “KHL-EXEWS (Default Web Site)” –MRSProxyEnabled:$True
ActiveSync
Set-ActiveSyncVirtualDirectory –Identity “KHL-EXMicrosoft-Server-ActiveSync (Default Web Site)” –InternalURL https://eas.killerhomelab.com/Microsoft-Server-ActiveSync -ExternalURL https://eas.killerhomelab.com/Microsoft-Server-ActiveSync
Web Services
Set-WebServicesVirtualDirectory –Identity “KHL-EXEWS (Default Web Site)” –InternalURL https://outlook.killerhomelab.com/EWS/Exchange.asmx -ExternalURL https://outlook.killerhomelab.com/EWS/Exchange.asmx
Mapi over HTTP
Set-MapiVirtualDirectory –Identity “KHL-EXmapi (Default Web Site)” –InternalURL https://outlook.killerhomelab.com/MAPI -ExternalURL https://outlook.killerhomelab.com/MAPI
5. Close the Exchange Management Shell
6. Right-click on the Windows Logo and select Command Prompt (Admin).
7. Type following command then hit Enter:
Iisreset /noforce (rerun if it fails)
Now that we have created our DNS Records and set our Virtual Directories, lets access the ECP using our new OWA URL. From Internet Explorer navigate to the following URL:
https://owa.killerhomelab.com/ECP
You will notice that you are presented with the error shown below:
Since the new URL we tried to use (https://owa.killerhomelab.com/OWA) is not included in the Self-Signed Certificate, this error is expected. This is due to our usage of the default Self-Signed Certificate. Self-Signed Exchange Certificates only include the Exchange Servers NetBIOS and Fully Qualified Domain Name as shown below:
Deploying Certificates
Exchange 2016 uses Certificates to secure all of its protocols. By default the certificate that is used is a Self-Signed Certificate. This is created at the time of installation of Exchange. This certificate is good for initial testing and validation that certain services like OWA and ECP work, however they are only trusted on the Exchange Server. Although this certificate can be trusted on other systems, for our lab we will use our Certificate Authority that was deployed in Part 3 of this series to issue our Certificate since it is already trusted by all Domain Joined Computers. This certificate will need to include all of the URL’s that will be used by our different Exchange Services. Incase you have lost count, I have provided them below:
- owa.killerhomelab
- outlook.killerhomelab.com
- eas.killerhomelab.com
- autodiscover.killerhomelab.com
Follow the steps below to Create a Request, Submit a Request and Issue a Certificate:
Requesting a Certificate
1. Log onto KHL-EX.
2. Right-Click the Windows Log and select Run.
3. Enter CERTLM.msc then click OK.
4. In the Left-Pane right-click Personal and select All Tasks | Request New Certificate.
5. At the Before You Begin screen click Next.
6. At the Select Certificate Enrollment Policy screen click Next.
7. At the Request Certificates screen select KHL Web Server then click More information is required….
8. Under Subject name: use the pull-down menu and select Common name then enter owa.killerhomelab.com under Value and click Add.
9. Under Alternative name: use the pull-down menu and select DNS then enter owa.killerhomelab.com under Value and click Add.
10. Repeat the previous step for the following additional FQDN’s .
- autodiscover.killerhomelab.com
- outlook.killerhomelab.com
- eas.killerhomelab.com
11. Click on the General tab then under Friendly name: enter Exchange Internal SAN then OK, Enroll.
11. At the Certificate Installation Results screen click Finish.
Enabling Certificate Requests
Although our Exchange Server has been issued an SSL Certificate to it’s Local Computer Store, we must still enable it within Exchange for it to be used. Since all Exchange 2016 Services utilize the HTTPS protocol we will enable this certificate by all “IIS” Services by following the steps below:
1. Launch Internet Explorer and navigate to the following URL:
https://khl-ex/ecp
2. From the Exchange Administrative Center in the Left-Pane click on servers.
3. On the Top-Pane click on certificates.
4. In the Middle-Pane select Exchange Internal SAN then click on Edit as shown below:
5. At the pop-up click on services and select IIS then click Save.
Now that our new certificate has been enabled, lets try and access ECP using our new URL by launching Internet Explorer and navigating to the following URL:
https://owa.killerhomelab.com/ECP
You will notice that since we Disabled Forms Authentication and Enabled Windows Authentication, we are now prompted with the security prompt below. Enter your Domain Credentials to authenticate:
Once you are logged in you will also notice that there is no longer any certificate error since the URL used matches that of one of the Certificate’s Subject Alternative Names.
Now that we’ve configured Exchange to accept requests from Web Clients lets move on to allowing Outbound & Inbound Mail flow between our Exchange Server and the rest of the World.
Deploying SMTP Connectors
1. From the Exchange Administrative Center in the Left-Pane click on mail flow.
2. On the Top-Pane click on send connectors.
3. Click the + button to Create a new Send Connector.
4. At the Name: screen under Name: enter West Internet and select Internet then click Next.
5. At the Network settings: screen make sure MX record associated with recipient domain is selected then click Next.
6. At the Address space: screen click the + button to add a new address space.
7. At the pop-up select/enter the following then click Save, then Next:
Type: SMTP
Full Qualified Domain Name (FQDN): *
8. At the Source server: screen click the + button and select KHL-EX then click ADD, OK, then Finish
Now that we have our Mail Flow settings configured lets create a text mailbox to test our external mail flow. Within the EAC use the steps below to create a test Mailbox:
1. Within the EAC in the Left-Pane click on recipients then in the middle-pane click on mailboxes.
2. Click the + button and select User Mailbox.
2. At the new user mailbox enter TUser1 and select New user.
3. Fill the form in as shown below then click Save.
Testing Exchange 2016
OWA
Now we will log into our Test Mailbox and send some test emails.
1. Launch Internet Explorer and navigate to the URL below:
https://owa.killerhomelab.com/OWA
2. When prompted enter the Test User1 Credentials.
3. Since this is your first time logging into this mailbox select a Time zone then click Save.
4. Once you are logged in click on New.
5. In the To: field enter the email address of another email account you can access then add a subject and click Send:
6. Log into your other email account and check to see if you received the message.
As you can see below our message was successfully sent from our New Exchange Server and delivered to another email account. As you can see below, Outlook actually considered my message to be Junk Email, so make sure to check your Junk Email folder for whatever account you at using for this test.
Now that we have sent a successful outbound email, lets reply to our email so we can check our inbound email.
1. Open the message from Test User1 then click on Reply all.
2. Enter some text within the body of the message then click Send:
If we switch back over to our Test User1 mailbox to we should see our message from our other email account!
Now that we know our mail flow is working and OWA is accessible. Lets move on to test our other Client Connectivity Options
Outlook
Although OWA has grown more robust, there are still times when a full email client is needed. The client of choice is Outlook. Outlook leverages a feature called Autodiscover that is able to locate and configure Outlook settings for users automatically. This process is slightly different dependent on whether the client is Domain or N0n-Domain Joined. For Domain Joined clients, Outlook uses objects within Active Directory called Service Connection Points (SCPs). There is a SCP created each time an Exchange Client Access Server is installed. These SCPs provide client connectivity information such as URL used to attach to specific Exchange Services. Below I will walk you thru setting up a Domain Joined Outlook Client. This client can be any machine that you have On-Premise that can have Outlook Installed. The steps and screenshots below are for Outlook 2013, but can be used for almost every Outlook Client:
1. From a Domain Joined Outlook Client launch outlook.
2. If prompted with a Welcome to Outlook screen click Next.
3. At the Add an Email Account click Next.
4. At the Auto Account Setup screen notice that your Name and Email Address have been populated. This is actually pulled from your mail
5. At the Searching for your mail server settings… screen wait for Autodiscover to complete then click Finish to launch Outlook.
Now that we are within Outlook lets confirm that we are connected to Exchange by looking in the bottom-right corner as shown below:
For internal Domain Joined clients the connection to Exchange utilizes RPC over HTTP. This allows Outlook to traverse Firewalls using Port 443/TCP. Let’s take a look at our connection status to actually see our RPC being encapsulated by HTTP. Follow the steps below:
1. Launch Outlook.
2. In the Bottom-Right of your client Taskbar locate the Outlook icon as shown below then hold down the Ctrl Key and Right-click it:
3. Once presented with the menu shown below click on Connection Status:
Now that our connection status is opened you can see in the image below that our Connection (Conn) is HTTP however we are still utilizing RPC Ports (6001 & 6004)
Outlook (Mapi over HTTP)
Now that we have tested with a Domain Joined client. Let’s make sure Outlook will also work with an Non-Domain Joined external client. Log onto a Non-Domain Joined external client that has Outlook installed and follow the steps below:
1. Launch Outlook
2. At the Auto Account Setup screen enter your information as shown below then click Next:
3. At the Security Alert pop-up click Yes. This is due to the fact that this external client does not trust the KHL-CA Certificate Authority.
4. At any of the Windows Security pop-up’s enter your password, check the Remember my credentials box then click OK as shown below:
5. Once Autodiscover is complete click Finish to open Outlook.
For external Non-Domain Joined clients the connection to Exchange utilizes MAPI over HTTP. This allows Outlook to traverse Firewalls using Port 443/TCP. Let’s take a look at our connection status to actually see that we are not utilizing any RPC ports. Follow the steps below:
1. Launch Outlook.
2. In the Bottom-Right of your client Taskbar locate the Outlook icon as shown below then hold down the Ctrl Key and Right-click it:
3. Once presented with the menu shown below click on Connection Status:
3. Once presented with the menu shown below click on Connection Status:
Now that our connection status is opened you can see in the image below that the Protocol that we are using is HTTP and that we no longer utilize any RPC Ports!
ActiveSync
The last client we will test is ActiveSync. ActiveSync is primary service that is used to allow smart phone connectivity to your Exchange Server. Although OWA can be loaded on most new smart phones with an increased ease of use, most consumers prefer using ActiveSync. To validate that our ActiveSync is working you will need a smart phone that supports ActiveSync. A few to choose from are Windows Phone, iPhone and Android. Follow the steps below to test and configure your phone for ActiveSync:
Windows Phone
1. Open Microsoft Edge and navigate to the following URL:
http://rdpweb.killerhomelab.com/CertEnroll/OP-DC.killerhomelab.com_KHL-CA.crt
2. At the pop-up tap Save.
3. At the pop-up tap anywhere to go to Downloads.
4. At the DOWNLOADS pop-up tap on the .cer file as shown below:
5. At the Install certificate screen tap Install.
6. At the Your certificates are installed screen tap OK.
7. Tap on Settings.
8. Tap on Exchange.
9. Under Email address tap within the box and enter tuser2@killerhomelab.com then tap Next.
10. At the next screen tap anywhere under Password and enter your password then click Sign in.
11. At the All done! screen click Done.
14. Now your account is configured as shown below:
13. Now you can launch and view your email using the mail app as shown below:
iPhone
1. Open Safari and navigate to the following URL:
http://rdpweb.killerhomelab.com/CertEnroll/OP-DC.killerhomelab.com_KHL-CA.crt
2. At the Install Profile screen click on Install.
3. At the Enter Passcode screen enter your passcode.
4. At the Warning screen click Install.
5. At the Install pop-up click Install.
6. At the Profile Installed screen click Done.
7. Open Settings.
8. Scroll down to and click on Mail, Contacts, Calendars.
9. Under ACCOUNTS click on your Add Account.
10. At the Add Account screen click on Exchange.
11. At the Exchange screen enter your Email, Password and Description then click Next:
12. Once completed successfully you will see the screens below then click Save:
13. Now you can launch and view your email using the mail app as shown below:
14. If you have multiple accounts on your phone please use the Back Arrow to navigate to your Killer Home Lab Email as shown below:
Android
1. Open the Google App and navigate to the following URL:
http://rdpweb.killerhomelab.com/CertEnroll/OP-DC.killerhomelab.com_KHL-CA.crt
2. At the Certificate name pop-up tap OK.
3. At the Configure Exchange account in a few steps screen enter your Email Address & Password then tap Next.
4. At the Email activation pop-up tap OK.
5. At the Remote security administration screen tap OK.
6. At Account options screen tap Next.
7. At the Set up account screen tap Done.
8. Now you can launch and view your email using the mail app as shown below:.
Congratulations!!! You now have a fully functional Exchange Server that is accessible via OWA, Outlook, ActiveSync and can receive and send email to the Internet. This completes Part 5 of the Killer Home Lab Series. In Part 6 we will securely publish our Exchange 2016 Server using Active Directory Federation Service (ADFS) and Web Application Proxy (WAP) within our lab. Have fun with the lab!!!