At this point in the series on migrating to Exchange Server 2016 we’re ready to install the first Exchange 2016 Mailbox server into the Not Real University organization. To prepare for the installation, Not Real University has installed a new Windows Server 2012 R2 server, named NREXCH16, and joined it to Active Directory. You can check the supportability matrix for the list of currently supported operating systems. The server has also been installed with the Exchange 2016 pre-requisites.
In addition, ReFS volumes have been configured to host the mailbox database and transaction log files. Databases will be hosted on a volume mounted as D: drive, and logs on a volume mounted as E: drive.
PS C:\> Get-Disk
Number Friendly Name OperationalStatus Total Size Partition Style
------ ------------- ----------------- ---------- ---------------
0 Microsoft Virtual Disk Online 130 GB GPT
1 Microsoft Virtual Disk Offline 20 GB RAW
2 Microsoft Virtual Disk Offline 10 GB RAW
PS C:\> Get-Disk 1 | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -UseMaximumSize -DriveLetter D | Format-Volume -FileSystem REFS -NewFileSystemLabel Databases -SetIntegrityStreams $false
PS C:\> Get-Disk 2 | Initialize-Disk -PartitionStyle GPT -PassThru | New-Partition -UseMaximumSize -DriveLetter E | Format-Volume -FileSystem REFS -NewFileSystemLabel Logs -SetIntegrityStreams $false
Not Real University will be deploying Exchange 2016 Cumulative Update 3, which is the latest build available at the time this is being written. For your own deployment, check the Exchange Server build numbers and release dates page to ensure you’re deploying the latest, supported build of Exchange. Note, you do not need to install Exchange 2016 RTM first. You can install the latest build directly.
When the new Exchange 2016 server is installed it will register an Autodiscover SCP in Active Directory that contains the new server’s fully-qualified domain name (FQDN). The server will also be installed with a self-signed certificate. Outlook clients that query Autodiscover may attempt to connect to the newly registered Autodiscover SCP, which will mean they attempt a connection to the new server’s FQDN over HTTPS, and encounter the self-signed certificate that they don’t trust and display a certificate warning to the end user.
To avoid this issue, there’s two approaches that you can take:
- Create an Exchange deployment site in Active Directory. Microsoft recommends this approach, and has documented it here. This approach works, but might not be suitable in some organizations that don’t allow Exchange administrators to make those types of Active Directory changes, or where such a change requires going through an approval process that would take too long.
- The alternative is to immediately change the Autodiscover SCP for the new server after Exchange setup completes. The SCP should be changed to the same value as the other Exchange servers in the site. This is the simplest approach, but there’s a window of time between the first SCP value being registered and when you’re able to change it that exposes clients to the risk of the certificate warning mentioned above. You can mitigate that risk by installing the server during a time when most users are not logged on.
For Not Real University, the simpler approach of changing the Autodiscover SCP immediately after installation is being used.
Installing Exchange Server 2016 into an existing Exchange environment requires the following administrative privileges:
- Schema Admins group membership
- Enterprise Admins group membership
- For multi-domain AD forests, Domain Admins group membership for every domain where Exchange servers or mail-enabled recipients will exist
- Organization Management group membership
To prepare Active Directory and then install Exchange 2016 follow the instructions here.
Immediately after the server has been installed, the Autodiscover SCP can be updated. After the SCP is updated, Outlook clients will not connect to the Exchange 2016 server because the Autodiscover URL resolves in DNS to the existing Exchange 2010 or Exchange 2013 server, or to a load-balancer that sends the traffic to the existing servers.
Set-ClientAccessServer NREXCH16 -AutoDiscoverServiceInternalUri https://autodiscover.notrealuniversity.com/Autodiscover/Autodiscover.xml
In the next part of this series, we’ll look at configuring client access services for the newly install Exchange 2016 server.