Configuring Exchange 2010 Client Access Server (part 1)

When we install Exchange 2010 on a computer, it will automatically install a default self-signed certificate for communicating between Exchange Servers. Due to this certificate never is created or signed by a trusted Root CA, it cannot use in any clients in the organization.
The Exchange self-signed certificate will have Subject Alternative Name (SANs) that correspond to the name of the Exchange server as the server name and the server’s fully qualified domain name.
If we want to use the self-signed certificate, administrator need to do extra steps that let clients trust these certificate. In the moment, we will do a easy solution that get a certificate from an internal CA ---- Microsoft Activity Directory Certificate Services.

How to request and enable certificate on CAS?
Run the New Exchange Certificate WizardIn EMC, click on the Server Configuration node next to click on the New Exchange Certificate… in the Actions pane. The New Exchange Certificate wizard will be launched.
On the Introduction page , provide a friendly name as “Adatum Exchange Server” for the certificate next to click Next > button
On the Domain Scope page, mark Enable wildcard certificate check box and then enter Root domain for wildcard as "*.adatum.com” or “adatum.com” due to we want to apply this certificate to all subdomains using wildcards. That is this option allows you to add subdomains without having to update an existing certificate in the future. (# 1)
On the Organization and Location page, provide the related information next to click Browse… button for selecting Certificate Request File Path.
Select a path, provide file name with extension “.req” and then save it
Click Next > button after the request file name is specifically created and selected.
On the Certificate Configuration page, click New button to continue the process if Configuration Summary is true.
Click Finish button to close this wizard and continuously follow the step 1 to get the certificate issued from a CA.
In the moment, a pending request certificate will be created. (# 2)

Submit the resulting certificate request file to Root CAIn I.E. or other Browsers, go to the URL of the internal Certificate Server as http://pki.dw.com/certsrv/ and login in by authenticated user next to click Request a certificate in this Web site.
In the Request a Certificate page, click advanced certificate request
Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file because we have already generated the request on the Exchange Server 2010.
In the moment, please open the request file we generated earlier
Select all content next to click Copy in menu
Paste it into the Base-64 encoded certificate request field
The result is as follows the diagram.
Set the certificate template to Web Server
Click Submit > button to generate the request
Select DER encoded next to click Download certificate to save this file to one path

Completing a pending certificate request
In EMC, click on the Server Configuration node, navigate to Server Management to choose one server that we want to import a certificate, select the new certificate next to click on the Complete Pending Request… in the Actions pane. Click Browse… button
Select the certificate file that is downloaded earlier.
Click Complete button to import a certificate to the Exchange server
Click Finish button to close this wizard
So does that will complete a pending certificate request (# 3) and is ready to be assigned to Exchange service.

Reference：
(# 1) Please take care the following scenarios:

• Wildcard certificates can’t be used in conjunction with OCS 2007 as secure communications for UM/OWA integration
• Wildcard certificates are not supported for older mobile devices such as Windows Mobile 5.0

(# 2) When we select and open this request certificate,
the certificate information tell us this CA Root certificate is not trusted and issued by point to itself.
(# 3) When we select and open this request certificate again,
In General tab, the information issued by has already been changed to Root CA
In Certification Path tab, its chain in top level also link to Root CA.

Exchange Server 2010 Database (part 3)

(continue)
● How to remove Mailbox Database?
Remove a Database by EMCIn EMC, click Mailbox under Organization Configuration and select a mailbox database on the Database Management tab that we want to remove next to click Remove in the Action pane
A warning appears and ask us whether want to remove the selected database, and click Yes button if we are sure that.

Remove a Database by EMSIn EMS, use the Remove-MailboxDatabase cmdlet(#1) to remove a mailbox database and type Y if we are prompted to confirm that you want to perform the action.
<Syntax>
Remove-MailboxDatabase -Identity <DatabaseIdParameter>
After use the EMC or EMS to remove a mailbox database, the procedure doesn’t delete the files of database and its transaction logs. That is delete it manually in the location of the file.

● How to modify the size limit of mailbox database?
In Exchange Server 2010, the default database size limit for Standard Edition is 50 GB but there is no default database size limit for Enterprise Edition. Due to the Exchange store will periodically check the database size limit, it will dismount a database if its size limit is reached.

We can modify the database size limit by adding or changing a value in the registry on the server that hosts the database. And this change will propagate to all servers that hold a copy of the database. In the moment, if a database is approaching its size limit, maybe result in the database is dismounted when exceed the limit then. (#3)

In EMS, we first need to know the global unique identifier (GUID) of the database.
<Syntax>
Get-MailboxDatabase [-Identity <DatabaseIdParameter>]
Start Registry Editor and locate the following registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\<Server Name>\Private-<database GUID>
If the Database Size Limit in GB DWORD exists for the subkey, directly change its value to desired size in GB. It it doesn’t exist, please create a new DWORD name and set its value to desired size in GB.

● How to change the database path?Change the path to a Database by EMCIn EMC, click Mailbox under Organization Configuration and select a mailbox database on the Database Management tab that we want to change the path next to click Move Database Path… in the Action pane
The Move Database Path Wizard will show up
In the Move Database Path Wizard, change the location of Database file path and Log folder path next to click Move button
In the process of the move operation, the warning message will tell us the database must be temporarily dismounted if execute this so that will influence all users access mail. If no any question, please click Yes button to continue it.
On the completion page, click Finish button if we have already confirmed the move process completed successfully.
Back to EMC, the database file path and log folder path have already been changed and database status is mounted.

Change the path to a Database by EMS
In EMS, use the Move-DatabasePath cmdlet(#4) to set a new path for the mailbox database or logs and type Y if we are prompted to confirm that you want to perform the action.
<Syntax>
DatabasePath -Identity <DatabaseIdParameter> [-EdbFilePath <EdbFilePath>]
<Syntax>
DatabasePath -Identity <DatabaseIdParameter> [-LogFolderPath <NonRootLocalLongFullPath>]

What is the status of the related files?
The files state before do the move operation.
The files state after do the move operation.

Reference：(#1) Exchange 2010 Remove-MailboxDatabase cmdlet
(#2) Exchange 2010 Get-MailboxDatabase cmdlet
(#3) A database is approaching its size limit. Exceeding the limit may result in the database becoming unavailable
(#4) Exchange 2010 Move-DatabasePath cmdlet