The Purchase

This week, I really took a hard look at my existing server that runs all of my support systems (Active Directory, Exchange 2003, SQL, and IIS) and found it was struggling to handle the load.  On Thursday I went ahead and purchased a new box complete with Core 2 Duo 6400, Gigabyte 965DS-G motherboard, 4GB of DDR2 800mhz memory, a 300GB SATA 3 drive, and an ultra quiet case from Antec.  Construction took place on Thursday and Friday evenings.

My original plans to go down and work on my sailboat, Endless Summer, were scrapped for a full weekend of reworking my environment.  I decided early on that using VMWare GSX Server with core systems seperated into their own Virtual Machines (aka VMs) would be prime.  This would give me easier upgrade paths down the road.  I would have preferred VMWare ESX but it only runs on SCSI drives – SATA is not supported.

Virtual Machines

The VMs were broken down into Active Directory/Exchange 2007, SQL Server 2005, and IIS 6 for web and ftp traffic.  To run Exchange 2007, I needed a 64 bit operating system and opted for Windows 2003 Server Standard 64 bit.  Exchange 2007 installed without trouble and but did require some research and additional work to integrate it into my existing Exchange 2003 environment.  Next I created a Longhorn 32 bit VM with SQL Server 2005 Standard Edition.  Finally, a VM with Windows 2003 Standard 32 bit was created to take care of my front line web traffic. 

So on a single server that cost around $1200, I'm running the equivalent of 3 physical servers -- each having their own CPU and memory allocation.  Even more important is the fact that each VM can be moved to new hardware should the load become too much.  This move can be done by simply copying files to a new server with VMWare Server running.  Sweet!

Exchange 2007

After Exchange 2007 was installed, I moved all the mailboxes and the Offline Address Book from my Exchange 2003 box using the 2007 Management Console.  Then I started testing and found that outbound and inbound mail was not flowing.  After reading a bit I discovered that by default Exchange 2007 wants to have an Edge Transport server to handle the Internet based SMTP traffic.  Further research showed that you can make a few changes to your installation and turn a Hub Transport server into a fully functional Hub/Edge server.  For small business this will be advantageous. 

To modify the Receive Connector so that Internet traffic can send you mail, use the following command from the Exchange Management Shell:

Set-ReceiveConnector -Identity "Default " -PermissionGroups "AnonymousUsers"

Next you will need to add a Send Connector from the Management Console.
1. Expand Organization Configuration
2. Under the Actions menu on the right hand side of the window, click “New Send Connector”.
3. Give the connector a name (e.g. “Internet”) and choose Internet for its intended use and click the Next button.
4. On the Address Space page, click the Add button and put in the Domain value ‘*’ and click the Ok button followed by the Next button. 
5. On the Network Settings page, click Next.
6. On the Source Server page, click Next.
7. On the New Connector page, click New.

Now you should test your configuration using an external webmail source like Gmail.  Make sure you can send and receive externally.

Next you should test your configuration just to make sure you don’t have an open relay.  I used the Abuse.net page at http://www.abuse.net/relay.html and it worked well.

Next, I needed to address the Outlook Web Access problem. Since I had installed Exchange on a box other than my front line web server and since I only have one public IP, I had to get creative for OWA access.  By using a different port, 8443, I was able to route OWA SSL traffic to my Exchange server.  Changing the port number involved two steps - adding it to the SSL Identities list in the Advanced Web Site Indentification panel in IIS and then modifying the OWA Client Access parameters in the Exchange Management Console.  After a quick firewall change, OWA worked perfectly!

Web Server Changes

Here are some quick tips from the my IIS setup…

IIS 6 - Setting the default domain for FTP authentication

1.  Change to the %Systemroot%\Inetpub\Adminscripts directory.
2.  Type the following:
Adsutil Set MSFTPSVC/DefaultLogonDomain "Domain Name"
Make sure when you type in the Domain Name that it is enclosed in quotation marks.
3.  Stop and restart the FTP Service.

Blocking DotNetNuke Inheritance in web.config

The finished product:

Got questions about how to implement this for your business?  Send me an email and with the help of my infrastructure integration partner, CamQuest Systems, we'll get you setup.