配置BES for Exchange 2007环境

Windows Server 2008R2 DataCenter操作系统上安装配置Exchange Server 2007目录Windows Server 2008R2 DataCenter操作系统上安装配置Exchange Server 2007 (1)1简介 (2)2安装环境和前提条件 (2)3配置网络环境 (2)4安装Active Directory域服务 (8)5安装Web服务器（IIS） (26)6安装Windows PowerShell集成脚本环境和.NET Framework 3.5.1功能 (34)7安装Microsoft Exchange Server 2007 SP1邮件服务器 (38)8配置邮件服务器 (48)9配置SMTP发送连接器允许用户组策略 (58)10配置用户邮箱 (59)1简介本说明文档详细介绍了如何在一台安装了Windows Server 2008R2 DataCenter版操作系统的服务上，安装和部署Microsoft Exchange Server 2007邮件系统软件，用户可以按照以下章节的图片和说明指导，一步一步安装和部署。

本说明文档，适合初级系统管理员和初次安装部署Microsoft Exchange Server 2008的用户阅读，也可以作为参考文件供服务器管理人员使用。

2安装环境和前提条件本说明文档，将指导用户或者管理员从一台全新的Windows Server 2008服务器上安装和配置Microsoft Exchange Server 2007。

这里的Windows Server 2008服务器，仅安装了操作系统，还没有部署任何相关的服务和功能，本说明文档将分成以下八个章节，逐步完成Microsoft Exchange Server 2007的安装部署：(1)配置网络环境(2)安装Active Directory域服务(3)安装Web服务器（IIS）(4)添加Windows PowerShell服务功能和.NET Framework 3.5.1功能(5)安装Microsoft Exchange Server 2007 SP1(6)配置邮件服务器(7)配置SMTP发送连接器允许用户组策略(8)配置用户邮箱3配置网络环境Windows Server 2008需要作为服务器供内部局域网用户客户端访问，并且外部Internet用户也可以通过外部网关等通信链路访问服务器上的数据信息。

Exchange 2007 Exchange Transport 服务无法启动的问题刚装完Exchange 2007 Hub角色，程序提示安装成功，却发现Exchange Transport服务没法启动。

这可是HUB角色的关键服务啊。

到应用程序日志中查看，发现了source为ESE的错误：edgetransport (3060) Transport Mail Database: An attempt to create the folder"C:\Windows\system32\%ExchangeInstallDir%TransportRoles\" failed with system error 5(0x00000005): "Access is denied. ". The create folder operation will fail with error -1032(0xfffffbf8).不知道为什么Exchange去访问“C:\Windows\system32\%ExchangeInstallDir%TransportRoles\”。

因为HUB的配置很多都是保存在一个叫edgetransport.exe.config的文件中的。

到Exchange安装目录下的BIN目录中，找到该文件，用记事本打开，确实发现了有些地方还是用%ExchangeInstallDir% 表示，而在系统变量中并没有%ExchangeInstallDir%。

<add key="QueueDatabasePath" value = "%ExchangeInstallDir%TransportRoles\data\Queue" /><add key="QueueDatabaseLoggingPath" value ="%ExchangeInstallDir%TransportRoles\data\Queue" /><add key="IPFilterDatabasePath" value ="%ExchangeInstallDir%TransportRoles\data\IpFilter" /><add key="IPFilterDatabaseLoggingPath" value ="%ExchangeInstallDir%TransportRoles\data\IpFilter" /><add key="TemporaryStoragePath" value ="%ExchangeInstallDir%TransportRoles\data\Temp" />所以基本上可以认定是设置的问题。

配置Exhcange 2007、Exchange 2010收发外网邮件很多在企业的的Exchange 初学者说配置Exchange Server太复杂，最常见的问题就是安装完Exchange后不能收发互联网邮件。

为了帮助这些初学者朋友更好的理解Exchange 的配置，特撰写此文，希望能帮助到大家。

此文档关注于收发邮件流程的配置，即解决Exchange 邮件收发的问题，不对Exchange 架构、安全、高可用性等进行讨论。

本文适用网络环境：中小型企业，此类用户多采用一台服务器或前后端架构建设Exchange Server系统。

邮件服务器为Exchange 2007或Exchange 2010 。

比较典型的网络拓扑图如下所示：一、申请域名，并联系域名供应商配置MX记录（现在大多数域名提供商已经支持自己手动设置MX、A、CNAME记录）说明：MX记录指向公司的公网IP；且保证Exchange 服务器是通过此IP地址发布的。

二、内部DNS配置1. 内部DNS服务器中添加互联网申请的域名对应的A记录和MX记录。

2. 确定AD域名对应的邮件服务器A记录和MX记录配置正确。

三、配置接收域Exchange 管理控制台 - 组织配置 - 集线器传输 - 接受域 - 新建接受域这里的域名一定要是域名供应商提供的域名；一定选择权威域。

四、配置电子邮件地址策略Exchange 管理控制台 - 组织配置 - 集线器传输 - 电子邮件地址策略 - 新建电子邮件地址策略选择条件使用默认的“所有收件人类型”然后下一步，然后选择邮件地址格式，比如“名.姓”的方式，还是“姓.名”的方式，根据用户的使用习惯进行配置；然后选择接受域。

如果有多个互联网域名，则添加多个即可；默认第一个添加的邮件地址为默认答复地址，如果需要修改，选定邮件地址，并“设为答复地址”即可。

这时，你就可以在内部使用Outlook向外网发送一封邮件进行测试看是否外部可以收到邮件了。

The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.This guide is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form, by any means (electronic, mechanical, photocopying, recording or otherwise), or for any purpose, without the express written permission of Microsoft.Microsoft may have patents, patent applications, trademarks, copyrights or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights or other intellectual property.Data plan and/or Wi-Fi access required for some Windows Phone 8 features. Carrier fees may apply. Availability of some features and services may vary by app, area, language, phone, carrier, and/or service plan.© 2013 Microsoft Corp. All rights reserved.With BYOD (Bring Your Own Device) becoming the industry norm, it is important for IT departments to choose a smartphone platform that appeals to consumers and will delight their end users. Windows Phone is rapidly winning the hearts of consumers and gathering industry accolades.Consumers love Windows PhoneBoth Windows Phone 8 and Windows Phone 8 devices are receiving high praise from consumers. Windows Phone 8 was rated the #1 OS by all readers of PC magazine and the Nokia Lumia 920 was rated the #1 phone by AT&T readers of PC Magazine.PC Magazine 2013Reader’s Choice AwardWindows Phone Accolades and Awards• 4 of the top 9smartphones across all carriers on are Windows Phone 8 devices •The Nokia Lumia 920 won the 2012 Engadget Readers Choice Award•The Windows Phone 8X by HTC won the Red Dot Design Award for 2013Your favorite apps, and over 130,000 moreWindows Phone has the apps and games youwant from brands you love. The WindowsPhone store has 130,000+ apps and 48 of thetop 50 apps on competing platforms. Get appsfor personal use such as Flixster, Cut theRope®, and Pandora. Or get apps for worksuch as, Evernote, Box, and LinkedIn. OnlyWindows Phone has Live Apps that bring youthe info you want, right on your start screen.With Windows Phone 8 we made certain that IT professionals could have peace of mind and effortlessly integrate with their Exchange, SharePoint, Lync and Office 365 infrastructure to lower their TCO. We ensured end users had the best possible Office, Outlook and Lync experience on their Windows Phone 8 devices. And we ensured that developers could use the Visual Studio and .NET tools they are already familiar with to develop code that would run on PCs, tablets and smartphones.Windows Phone Gaining Momentum Among CIOs•In a recent poll by Aberdeen Group, CIOs revealed that they plan to deploy mobile apps forWindows Phone and Windows tablets more than any other platform over the next 12 months. •Windows Phone has also seen significant growth over the past year, at the expense of BlackBerry.• A report by Strategy Analytics indicates that Windows Phone surpassed BlackBerry in Q4 2012 to become the #3 smartphone platform in the US.13432191012 118765The 13 Layers of Security on Windows Phone 8Below is an explanation of the security provided by the 13 numbered boxes in the security architecture diagram above:1.All Windows Phone 8 devices have to meet specific hardware requirements. This not onlyguarantees a base-level user experience, it limits the hardware-related security attack vectors.2.Windows Phone 8 is the only smartphone platform that has a Trusted Platform Module (TPM) 2.0chip embedded on every device. The TPM chip is a huge boost to security –it protects encryptionkeys, contains a crypto processing engine, and is a foundational element of a secure boot chain.3.Windows Phone 8 uses the Unified Extensible Firmware Interface (UEFI) Secure Boot industrystandard. UEFI is the new BIOS. In a UEFI Secure Boot process the firmware, the bootloader, thekernel and kernel extensions, are all cryptographically signed. This makes it easy to detect when any of these layers has been tampered with. If any layer in this boot process has been maliciouslyaltered, the device won’t boot.4.The crypto signing goes beyond the kernel –the entire OS and every single app on the system iscode-signed to guarantee a chain of trust from the hardware all the way up. This is not necessarilythe case for competing platforms. There is no real concept of a trusted boot chain on Android . And it is well known that the trusted boot chain on iPhone is not entirely trustworthy because everysingle version of iOS has been jailbroken within days of release .5.Windows Phone 8 uses the same NT Kernel as Windows 8 and Windows Server 2012. But it alsoshares the same driver model, developer platform, security, and networking stack and graphics and media platform. All of these have been tried and tested on more than a billion client and servermachines, many running mission-critical workloads.6.All updates to Windows Phone 8 now come directly from, and only from, Microsoft. This ensures theintegrity of the OS. Also all security fixes follow the same rigorous standards set by the Microsoft Security Response Center or MSRC for our client and server products.7.Windows Phone 8 supports alpha-numeric and complex passwords for device-locking.8.The internal storage on a device can now be fully encrypted using the same BitLocker technology thatships with Windows. The BitLocker encryption key is protected by the TPM 2.0 chip and will only be released if i) the device successfully passes the UEFI Secure Boot process to boot up a trusted OS, and ii) if the encrypted disk is physically located in the original device. This protects data at rest and guards against offline attacks. So it is not possible to take the encrypted storage out and get access to the data by booting from another OS, and it is also not possible to place the encrypted storage in another Windows Phone 8 device to access the data. This protects data at rest and guards against offlineattacks. With both device-lock and BitLocker enabled it is extremely difficult to gain unauthorized access to data on the internal storage.9.Every app runs in its own isolated chamber. Even the OS services run in their own isolated chamber.Each app receives only the capabilities it needs to perform all its use cases. It cannot elevate itsprivileges at run time, it cannot communicate with other apps on the phone other than through the cloud, and it cannot access memory, data or the keyboard cache used by another app.10.Even the browser runs in its own sandbox. Windows Phone 8 ships with a locked down version ofInternet Explorer 10 that does not support plug-ins, and comes with anti-phishing filters built-in.11.To further protect the data in each app, Windows Phone 8 provides another layer of encryption via theData Protection API. This is smart technology that uses entropy information already available on the device to automatically generate new encryption keys. This way apps do not have to worry about generating, storing and managing new keys. Each app also automatically receives its own decryption key when it first runs.12.However, no amount of encryption will prevent an authenticated user on a trusted device from sharingdata with unintended parties, willingly or unwillingly. This makes Information Rights Management (IRM) critical and Windows Phone is the only smartphone platform that has IRM built-in to prevent data leakage.13.Finally, data synchronization with most cloud services like Office 365 and on-premise servers likeExchange and SharePoint is done via the latest SSL 3.0 technology with AES 128 or 256 encryption.This protects data in transit.Note on TPM and UEFI Secure Boot standardsMicrosoft is a strong believer in open standards for security, like UEFI Secure Boot and TPM. Standards have numerous advantages over proprietary methods used by other smartphone platforms. Standards go through a transparent development process, survive rigorous open review from the best security minds across multiple organizations, and help ensure broad support across companies. The list of 100+ companies that define the TPM specifications can be found here and the firms behind the UEFI specifications can be found here.Maximize Value from Existing Microsoft InvestmentsThe built-in IRM client on Windows Phone helps you maximizevalue from your existing investments because it uses the ActiveDirectory Rights Management Service already available with yourWindows Servers. Exchange ActiveSync is also built-in andsupported and this is how Microsoft IT manages more than70,000 BYOD Windows Phone devices. Additionally, a built-inmanagement client is available so you can use your existingMobile Device Management software such as MobileIron,AirWatch, Citrix XenMobile, Symantec or Windows InTune andSystem Center 2012 SP1. Finally, to further lower your TCO,Windows Phone 8 comes with full-fidelity mobile versions ofOffice so you can make the most of your existing investments inExchange, SharePoint, Lync and Office 365.Windows Phone 8 integrates with your existing Microsoft infrastructure. Right out of the box, Windows Phone seamlessly works with Microsoft products you know and already own, such as Exchange, Office, SharePoint, Lync and Office 365 –no need to purchase additional third-party software.BES server software and admin costThird-party software for OfficeThird-party software for SharePointTypical incremental software & administration cost required to leverageSharePoint, Office and Exchange functionality on1,000 smartphonesWindows Phone 8 gives you the best Outlook and Exchange experience, the best mobile versions of Office, and the best communication and collaboration experiences with Lync and SharePoint.WP 8iOS 6Android4.0BB 10Setup,Lock screen, and Start screen Fast Office 365setup with simple input of ID and passwordResizable live tiles to access more information Notifications on lock screenOutlook e-mail, calendar, and contacts Pin frequently accessed e-mail folders to the Start screenSame integrated mail and calendar as Outlook on PC Access and search for e-mails on the Exchange Server Read protected e-mail (IRM)Office documents View, edit, and comment on Word, Excel, and PowerPoint documents“Places” panel for easy access to docs opened via email, or stored on SharePoint, SkyDrive or the phone Read protected IRM documents“Thumbnail” view to easily navigate long ppt decksLync communication Make VoIP and HD video Lync calls, and receive Lync calls like standard voice callsMultitask during Lync call -read email, view/edit/save docs, access SharePoint sites, use other apps etc. Attend Lync meetings with audio, video, and web conferencing with one click from OutlookSharePoint sites Sync documents across devices. Edit on one device andcontinue working right where you left offDownload documents for offline access and editing;upload changes when you are back onlineSearch for content on SharePoint team sites, lists ordocument librariesWrite and edit documents with colleagues at thesame timePin SharePoint sites to the Start screen for easy access485936Feature available Feature not available Feature available with conditions11.Not open to third party developers2.Requires setup through widgets3.Requires BlackBerry Enterprise Server (BES)4.View only5.Supported only by a few devices6.Documents To Go included7.No Lync app for BB 108.Access and view only, no editing9.Supported only by a few devices21777Common Development Foundation for Client and Mobile ComputingHistorically, apps for client computing devices like PCs, laptops and desktops have been developed separately from apps for mobile computing devices like smartphones and tablets. But as more client computing devices get touch screens and mobile broadband radios, and more mobile computing devices take on client computing workloads, it is going to be critical for you to be able to share code between the mobile and client computing worlds.From an app development perspective there is deep commonality between Windows Phone 8, Windows 8 and Windows RT.In fact, Windows Phone 8, Windows 8 and Windows RT share several components in a common development foundation that makes it easy to port apps across different form factors on the Windows platform.First, Windows Phone 8, Windows 8 and Windows RT share a common development environment and tools with Visual Studio and .NET. Second, they also share the same driver model, security model, web browser and managed code Common Language Runtime (CLR). Finally, Windows Phone 8, Windows 8 and Windows RT all support native code and have the exact same API set for Networking, File System, Input, Sensors, Graphics and Media, Audio, and Commerce.Flexibility with 3 Development ModelsApp developers also have flexibility in how they develop apps and can choose from 3 development models. They can write an app that uses whatever combination they desire between managed code, native code and HTML/JavaScript code. And they can run a lot of that code across Windows Phone 8, Windows 8 and Windows RT because of the common foundation. So porting apps and business functionality across your mobile and client computing worlds becomes a lot faster. This will be a critical capability needed by businesses as the worlds of mobile and client computing converge.There are a number of programs available to help you transition your organization to Windows Phone. Your Microsoft account team can provide more information and help you get started.Frequently Asked QuestionsWhat support options are available for businesses?The “Get technical support” section on /gp/windows-phone-8lists a variety of Windows Phone 8 technical support options available to businesses.Where can I learn more about Microsoft’s Support Lifecycle policy?The most common questions on this topic have been answered on/gp/lifepolicyWill Windows Phone 8 devices be upgradeable to the next version of the Windows Phone OS? Yes, Windows Phone 8 devices will be able to upgrade to the next version of Windows Phone OS when it is launched.Where can I get an in-depth overview of Windows Phone 8 for businesses?The Windows Phone 8 Reviewers Guide goes into considerable depth for all the areas covered by this document.。

Exchange2007配置一、Exchange 2007概述Exchange 2007（也称为Exchange 12)邮件作为企业邮箱，为企业提供企业信息服务，可以利用Exchange 2007邮件系统和申请的符合企业个性化的外网域名来配置一个属于企业本身的邮件系统，也可以将这Exchange 2007邮件系统发布到外网上作为企业在互联网上与企业通信的一个通信平台。

配置Exchange 2007邮件系统不仅可以使外界的合作伙伴、客户、同行企业等与公司进行业务上信息的沟通与协作进行更方便，还可以促进企业内的工作人员在信息上传递、工作上的协作，从而提升企业效率和节省企业业务上开支。

Exchange 2007邮件系统为用户提供了方便提取和发送电子邮件的方式，用户可以利用桌面电脑、PAD等一切可以与互联网相连接的设备通过机器本身的Office 家族中OutLook 2007客户端或OWA(Outlook Web Access外观有与OutLook 2007非常相似)网上邮箱平台通过网页浏览器方式来进行查看邮件内容和发送电子邮件、安排工程日程、制作通讯录等。

Exchange 2007邮件系统作为企业统一通信平台为企业提供信息服务，Exchange 2007邮件系统本身集成了五个服务器角色分别为：1、邮箱服务器角色：提供对邮件的存储功能，且需要的输入/输出功的吞吐量要比Exchange 2003减少很多。

2、客户端访问服务器角色：向互联网发布的中间层角色，提供用户可以通过此角色来向外网发送邮件及用户可以从客户端来访问服务器中邮件系统。

3、统一消息服务器角色：可以使Exchange邮件系统连接电话系统的中间层角色，为Exchange邮件系统提供了对语音邮件及传真的支持。

4、连缘传输服务器角色：外围网络的网关，具有内置的对垃圾邮件、病毒筛选的功能。

5、中心传输服务器角色：提供了对企业内或外网的邮件进行路由。

Exchange 2007邮件系统共分为两种版本：32位的Exchange 2007和64位的Exchange 2007。

非域环境下安装并配置Project Server 2007说明：服务器为Windows Server 2003 SP2，未配置Active Directory。

服务器与各使用者的工作机均处于workgroup环境中。

本文将会分5个部分记录安装过程，分别为：一、准备工作；二、安装Project Server 2007；三、配置Project Web Access；四、配置表单验证（Form Authentication）；五、配置Project Professional。

截图会比较多，但是传到blog里来就被自动缩小了，我会在最后提供本文的word文件下载。

步骤一：准备工作准备工作包括：1、配置服务器IP与机器名后续安装过程中有些步骤必须使用机器名，建议配置一个意义明确的名字，如server。

2、创建专用帐号以运行Project Server（建议）配置过程中经常要输入运行帐号，可以使用administrator，但是如果这个帐号日常也使用，并且经常变换密码，建议另外创建一个管理员级的帐号，如ProjectServer，并切换到此帐号下进行后续安装。

3、安装IIS这一步不多说了。

4、安装.Net Framework 3.0这一步也不多说了，超级简单。

5、安装SQL Server 2005 / 2008在workgroup环境下SQL Server必须与Project Server装在一台机器上，跨机器会造成无法创建WSS数据库，未解决。

具体安装过程不多说了。

SQL server2005安装过程SQL Server 2005的安装光盘共有2张，先打开第一张，点“服务器组件、工具、联机丛书和示例(C)”此步骤系统配置检查很重要，14个项目里面如果有1项有错误或者警告，整个SQL Server 2005都将不正常。

由于安装vs2005时默认安装了sqlserver2005 express所以无法安装，出现以下画面。

Exchange 2007自动发现服务原理及调试概述微软的最新邮件系统Exchange server2007中新增加了一项服务：自动发现服务(auto discover service).此服务用于自动化配置Outlook2007(注意：仅仅用于outlook2007，在outlook其他版本中用不到此服务，在以前的时代都是通过public folder实现的。

)，以减少管理员的工作量，在以前的Exchange2000/2003+outlook2003的时代需要使用office resource kit进行24步的设置才能进行客户端outlook配置的自动化部署。

现在有了自动发现服务，用户需要做的仅仅是打开outlook然后输入自己的用户名和密码即可。

另外自动发现服务同样支持windows mobile设备。

具体来说自动发现服务对Exchange的以下功能提供支持：OAB(脱机地址列表)，the Availability service(忙/闲信息)，outlook anywhere服务器设置，Unified Messaging(统一消息的配置信息)和Out of Office(外出留言信息配置)。

如果在你的环境中采用的是outlook2007+exchange2007的模式，而且没有配置好自动发现服务，则以上所列出的功能都不能正常工作。

自动发现服务工作原理(假设用户email地址为user@)当您在部署client access server role(客户端访问服务器角色)时，安装进程会在IIS的默认网站下创建一个名为autodiscover的虚拟目录(如图1所示)，此目录指向到client accessautodiscover文件夹。

此虚拟目录用来处理outlook2007客户端和windows mobile设备的自动配置信息的请求。

同时安装进程会在活动目录中安装一个service connection point(SCP,中文名字为“服务连接点”，类似与在部署RMS 或SMS 中创建的SCP)。