We are going to install Exchange 2013 CU21 ( combination of Mailbox and Client Access role) on a single box.
Install the required features using:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-Clustering-CmdInterface, RSAT-ADDS
Make sure you check for updates after you install these as typically the UCM API has some post-updates.
If you are installing Exchange Server in the AD forest for the first time run the following Exchange 2013 setup command to prepare Active Directory:
setup /PrepareAD /OrganizationName:"your organization name" /IAcceptExchangeServerLicenseTerms
If an Exchange organization already exists you can omit the /OrganizationName parameter.
After installing the pre-requisites a restart of the server may be required. If you proceed without restarting then setup may be unable to proceed when it detects the pending restart.
From the location where you have stored your Exchange 2013 files run Setup.exe and complete the setup.
If you want to enable copy & paste on VMware vSphere 6.7 do the following:
- Disable Lockdown Mode if it is enabled and start the SSH service
- Log in to the ESX/ESXi host as a root user.
- Take a backup of the /etc/vmware/config file.
Open the /etc/vmware/config file using a text editor and add these entries to the file:
vmx.fullpath = "/bin/vmx" isolation.tools.copy.disable="FALSE" isolation.tools.paste.disable="FALSE"
Or you can just copy and paste this:
grep -i 'vmx.fullpath = "/bin/vmx"' /etc/vmware/config || echo 'vmx.fullpath = "/bin/vmx"' >> /etc/vmware/config grep -i 'isolation.tools.copy.disable="FALSE"' /etc/vmware/config || echo 'isolation.tools.copy.disable="FALSE"' >> /etc/vmware/config grep -i 'isolation.tools.paste.disable="FALSE"' /etc/vmware/config || echo 'isolation.tools.paste.disable="FALSE"' >> /etc/vmware/config
You must reboot each VM on the host (or use vMotion to move the VM back and forth).
I noticed that once you deploy headless windows servers (domain controllers as an example) you can manage everything remotely (mmc, event viewer, rsat, etc.) except Windows Firewall right out of the box.
To be able to manage the firewall remotely, you need to open additional ports on the headless instance using:
netsh advfirewall firewall set rule name="Windows Firewall Remote Management (RPC)" new enable=yes netsh advfirewall firewall set rule name="Windows Firewall Remote Management (RPC-EPMAP)" new enable=yes
Most evaluation versions can be converted to full retail versions, but the method varies slightly depending on the edition. Before you attempt to convert the version, verify that your server is actually running an evaluation version.
For releases of Windows Server 2016 prior to 14393.0.161119-1705.RS1_REFRESH, you can only perform this conversion from evaluation to retail with Windows Server 2016 that has been installed by using the Desktop Experience option (not the Server Core option). Starting with version 14393.0.161119-1705.RS1_REFRESH and later releases, you can convert evaluation editions to retail regardless of the installation option used.
To confirm you are running evaluation version, use:
DISM /online /Get-CurrentEdition
Next we need to figure out what version we can convert into using:
DISM /online /Get-TargetEditions
We can now convert using:
DISM /online /Set-Edition:[TargetEdition] ` /ProductKey:[KMS_KEY] /AcceptEula
If you need to convert to other editions, use the correct keys below.
Windows Server 2012 R2 Server Standard: D2N9P-3P6X9-2R39C-7RTCD-MDVJX Windows Server 2012 R2 Datacenter: W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9 Windows Server 2016 Datacenter: CB7KF-BWN84-R7R2Y-793K2-8XDDG Windows Server 2016 Standard: WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY Windows Server 2019 Datacenter: WMDGN-G9PQG-XVVXX-R3X43-63DFG Windows Server 2019 Standard: N69G4-B89J2-4G8F4-WWYCC-J464C
I have observed that it can take up to a few hours for this process to complete (TiWorker.exe taking up lots of CPU during this task) in Server 2016. It was observed that the process was much quicker in Server 2012 R2.
This guide will show you how to deploy two headless Windows Server 2016 domain controllers in a new environment. This guide (first of the series) assumes you are standing up a hybrid Microsoft environment within a VMware homelab.
First we need to get a few things out of the way:
- 2 Windows 2016 virtual machines with 2 vCPUs and 4-8GB RAM
- Make sure you are using VMXNET3 network adapters
- Install latest VMware Tools
- Apply latest OS updates
- Change the HOSTNAME of the VMs (XXX-DC01 and XXX-DC02)
- Change the host to use static TCP/IP and DNS
If you are deploying domain controllers from a base Windows 2016 VM template, do not forget to generate a new SID using: C:\Windows\System32\Sysprep\sysprep.exe
We are going to deploy two domain controllers at a bare minimum, the domain name is going to be called corp.fixmytech.ca and our network will be 192.168.1.1/25.
The domain name you choose should be resolvable from the internet, so choose a domain that you have registered with a domain registrar and that of which you have full control of.
Some common candidates for xxx.fixmytech.ca are:
One common 3 letter server prefix used for the internal server names is the IATA 3-Letter Codes of the closest airport.
To do most of the basic first steps you can use sconfig (shell GUI) or issue the following:
Set a static DNS and TCP/IP:
Get-NetAdapter | Get-Member Set-NetIPInterface -InterfaceAlias "PROD Network" -DHCP Disabled -PassThru New-NetIPAddress ` -AddressFamily IPv4 ` -InterfaceAlias "PROD Network" ` -IPAddress 192.168.1.2 ` -PrefixLength 25 ` -DefaultGateway 192.168.1.1 Set-DnsClientServerAddress -InterfaceAlias "10 Network" -ServerAddresses 192.168.10.2
Rename the computer and reboot:
Rename-Computer -NewName FMT-DC01 -Restart -Force -PassThru
Create the forest:
Add-WindowsFeature AD-Domain-Services Import-Module ADDSDeployment Install-ADDSForest ` -DomainName corp.fixmytech.ca ` -DomainNetbiosName CORP ` -DomainMode 7 ` -ForestMode 7 ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -SysvolPath "C:\Windows\SYSVOL" ` -DatabasePath "C:\Windows\NTDS"` -NoRebootOnCompletion:$false ` -CreateDnsDelegation = $false ` -Force:$true ` -Verbose
Deploy your second domain controller using:
Add-WindowsFeature AD-Domain-Services Import-Module ADDSDeployment Install-ADDSDomainController ` -NoGlobalCatalog:$false ` -CreateDnsDelegation:$false ` -Credential (Get-Credential) ` -CriticalReplicationOnly:$false ` -DatabasePath "C:\Windows\NTDS" ` -DomainName "corp.fixmytech.ca" ` -InstallDns:$true ` -LogPath "C:\Windows\NTDS" ` -NoRebootOnCompletion:$false ` -SiteName "Default-First-Site-Name" ` -SysvolPath "C:\Windows\SYSVOL" ` -Force:$true
Do not forget to stand up a Windows 10 jump server with RSAT tools installed so that you still have GUI access to most AD MMC snap-ins.
Next logical steps are to deploy DHCP, basic Group Policy Objects, Internal PKI and ADFS.
This blog sure does feel empty huh?!
#!/bin/bash echo "Hello Earth!" echo "Hello Mars!"