Exchange with TLS

Exchange-Server-Feature-Image

The following is Network Diagram of this example:

Exchange with TLS

If you does not know how to build AD DS, you can view this post “Building AD DS for Lab “.

If you does not know how to install Exchange, you can view this post “Building Exchange Server for Lab “.

If you does not know how to build AD CA, you can view this post “Active Directory Certificate Service (AD CS) “.

Before we setup exchange server, we need to setup DNS for 3 exchange:

Why we use secondary DNS Zone, not conditional forwarder or stub zone?
It is because i find that using conditional forwarder and stub zone, the exchange will have some problem.
In the exchange server, I can nslookup the MX of other server and in queue will show that it cannot find the domain.

We need to create secondary DNS Zone of EX02, EX03 at EX01:

We also need to create secondary DNS Zone of EX01 at EX02:

We also need to create secondary DNS Zone of EX01 at EX03:

We will create Receive and Send connector without TLS at EXA,EX01.LOCAL and EXB.EX03.LOCAL.

How to create Receive and Send Connector in EXA.EX01.LOCAL:

How to create Receive and Send Connector in EXC.EX03.LOCAL:

We will create Receive and Send connector with TLS at EXA,EX01.LOCAL and EXB.EX02.LOCAL.

How to create Receive and Send Connector in EXA.EX01.LOCAL:

How to create Receive and Send Connector in EXB.EX02.LOCAL:

In EXA and EXB, we create a folder (C:\tmp) and share it as “tmp”.
We will assign everyone with read and write permission on this folder.
We create certificate in EXA using the following powershell:

We export EXA’s and EXB’s CA root certificate to network folder:

We import EXA’s and EXB’s CA root certificate to Trusted Root Certification Authorities:

Author: Joe Chan