Deploying Exchange 2013 SP1 step by step – Part4

In Part3 of the series of articles on deploying Exchange 2013SP1 we configured Exchange-specific virtual directories, set up and tested autodiscover service.

In this part we’ll go through setting up the most common Exchange options (such as Send/Receive connectors, public folders, dsn notifications and many others) as well as customizing Outlook Web App and DSN notifications.

Let’s start by examining accepted domains and email address polices pages:

P4-1The only accepted domain here is – I’m not planning to receive mail for other domains.

P4-2I think the Default address policy will do in most cases, otherwise it’s possible to create some other domain suffix for the mailboxes.

On the receive connectors page please pay attention to the default list of receive connectors: given that Exch1 is a multirole server there are 5 connectors: 3 for the CAS role (FrontEndTransport)and 2 for the Mailbox role (HubTransport).


Next, let’s create the Send connector for sending Internet mail: I’m going to use a smart host for the delivery to any domain; after creating the connector I will enable logging (it’s disabled by default









Another way of enabling logging:

Get-TransportService | Set-TransportService –ConnectivityLogEnabled $true –ConnectivityLogPath c:\logs\Connectivity –IrmLogEnabled $true –IrmLogPath c:\logs\

Furthermore, there’s a couple of useful commands regarding logging – the first one sets the maximum log directory size and the second defines how long the logs are retained:

Set-TransportService –Identity Exch1 –ConnectivityLogMaxDirectorySize 300MB Set-TransportService –Identity Exch1 –IRMLogMaxAge 21.00:00:00

The first customization I’d like to apply to my Exchange server is the new banner – the text presented to the other party during an smtp session. The default out of box is to present the following text:


Get-ReceiveConnector -id “Exch1\Default Frontend Exch1”P4-20If you don’t want to display the type of the mail server you’re using you can create a banner:

Get-ReceiveConnector -id “Exch1\Default Frontend Exch1” |Set-ReceiveConnector  –Banner ‘220 TestCompany mail system’ –Comment ‘MailAdmin 02.12.2014: Configured the new Banner’


Now If we type in Telnet “open localhost 25” we’ll get this welcome text:

P4-22Remember that  banners are applied per connector!

It’s much more easier to manage CAS servers’ settings via Outlook Web App policies than applying them on per server basis so I will rename the default policy to the “Enterprise” and apply it to my users. Don’t forget that the Default Outlook Web App policy is NOT assigned to any mailbox by default.P4-31






Of course, you can apply the default OWA policy in EMS too:

Get-Mailbox –OrganizationalUnit ‘Clients’| Set-CASMailbox
-OwaMailboxPolicy ‘Enterprise’

There’re also some OWA policy settings that can be applyed only in EMS, for example:



You can see your current OWA policy settings by Get-OWAMailboxPolicy cmdlet and configure settings by using Set-OWAMailboxPolicy.

As of this writing at least one of them –  PredictedActionsEnabled – can’t be enabled:P4-36

Apart from OWA policy settings there are several OWA virtual directory specific settings that we can apply on per CAS server basis; for example, we can turn back the  settings that are missing in Exchnage 2013 by default:


Get-OwaVirtualDirectory |Set-OwaVirtualDirectory  -LogonPageLightSelectionEnabled $True

Get-OwaVirtualDirectory |Set-OwaVirtualDirectory -LogonPagePublicPrivateSelectionEnabled $True

And for the user convenience I”ll set the default domain so that users would not enter a domain name each time they log in to the OWA page:

Get-OwaVirtualDirectory | Set-OwaVirtualdirectory -LogonFormat UserName -DefaultDomain “”


After using the aforementioned cmdlets we must restart IIS (for some reason the restart failed in the EMS so I did it in PS):


and the resulting logon page:


Many companies would like to customize their OWA  main page further by introducing their own logo and custom text; here’s how we can accomplish such customization:

Open this folder   Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\Owa\Auth\15.0.847\themes\Resources and examine the files it contains – these are the files Exchange uses for rendering the logon page. We can edit, for example, Favicon.ico and OWA_Text_Blue.png files; the first is a favicon logo (16×16 pixels only!) and the second is a text displayed above User name field:P4-77

After editing favicon.ico in any graphical editor (I used Paint) its item changes its appearance:


In the OWA_Text_Blue.png file I added the words TestCompany to the default Outlook WebApp; it’s also possible to edit olk_logo_white.png to edit the image showing a white envilope on the rightmost side of the page but I did do that because Paint does not support transparency layers.

After editing graphical files we need to reset IIS – iisreset

Attention! We won’t see the updated page content until we have deleted all IE’s (or any other browser’s) cached files!

I had some difficulties having these files deleted: even after clicking “Delete…” and deleting all the files they were still present it the folder, so I had to remove them manually.

OWA-QNow we can open the updated OWA logon page:P4-80

By default OWA sessions time out after 8 hours – I’d like sessions in my network to time out after 3 hour and this command will do it:

Set-OrganizationConfig -ActivityBasedAuthenticationTimeoutInterval 03:00:00

Exchange 2013 does not support  Public Folders databases anymore; if there’s a need to use Public Folders an administrator should create a public folder mailbox and then create corresponding public folders in this mailbox.







Tip: to view public folders in OWA 2013 CU1 and later you must right-click Favorites and add a public folder.

P6-61 P6-62 P6-63

Exchange 2013 has the ability to copy email messages destined t0/from a mailbox database (standard user license) or a specific user (enterprise user license) to a special mailbox where they can be the subject for some analysys. Here’s how we can set up journaling:







Next I’d like to customize delivery status notification (DSN) messages, both internal and external;  it can be done with the New-SystemMessage cmdlet:

1) External DSN (-Internal $False)

New-SystemMessage -Language en -DsnCode 5.1.1 -Text “Sorry, we were unable to find your correspondent in our directory so your message  could not be delivered. Please make sure you typed the e-mail address correctly.” -Internal $False

Get-SystemMessage -Identity en\External\5.1.1 |FL


2) Internal DSNs (-Internal $True)

New-SystemMessage –Language en –DsnCode 5.1.1 –Text “We could not deliver your message because the recepient does not exist in our mail database. Please check your address book once again or call a helpdesk for the assistance.” –Internal $True

Get-SystemMessage -Identity en\Internal\5.1.1 |FL

DSN-Good1 DSN-Good2

In the same way, we can customize a message users see in response to sending a message containing malware (malware filtering is enabled by default in Exchange 2013):P4-91



It is appropriate mention here that it is strongly advised to update malware engine before putting the server into production! There’s a script located in the Scripts folder we can use for updating malware engine :

.\Update-MalwareFilteringServer.ps1 -Identity Exch1


An Event ID 6033 in the Application log means the update was successful, whilst EventID 6027 means the failure to update.


If it’s not possible to download updates from to an Exchange  Server you can configure updating from a local share by means of Update-Engines.ps1 script; you can read about it here:


In Part4 we went through setting up the most common Exchange settings. In Part5 we will deploy the second multirole Exchange server and build fault tolerance both for CAS and mailbox server roles.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: