Exchange Server Modes

An Exchange Server 2003 organization runs in one of two modes of operation: mixed mode or native mode. The following table defines each mode and identifies characteristics of each.

Mode Type	Description
Mixed	Mixed mode is the default Exchange mode that is designed for backwards compatibility with other Exchange servers. When operating in mixed mode: Overall Exchange functionality is limited to features shared by all servers in the organization. Exchange 2003 servers appear as just another server to earlier versions of Exchange. Used mixed mode if your organization includes servers running previous versions of Exchange.
Native	An organization in native mode contains only computers that are running Exchange 2000 Server or Exchange Server 2003 or later. To switch to native mode, the following conditions must exist: All Exchange servers must be upgraded to Exchange Server 2003. Domain controllers that communicate with Exchange servers must be running Windows 2000 Server SP3 or later. Note: After you change to native mode, you cannot change back to mixed mode. This means that no earlier releases can be added to the Exchange organization. It is important to understand the implications of the conversion before you convert. Use native mode to take advantage of the following features: Moving servers between routing groups in different administrative groups. Creating query-based distribution groups. Moving mailboxes between administrative groups. Mail-enabling or mailbox enabling the InetOrgPerson object.

To determine the mode of the Exchange organization, view the properties of the Organization object in Exchange System Manager. Edit the setting on the General tab to change the Exchange mode.

Storage Design For Exchange Server 2003

The design of your storage system allows you to optimize the system and protect your data. An effective design strategy considers file location, protection level for the files, and the necessary hardware to support it. The table below identifies one way to structure the Exchange system to ensure optimization and fault tolerance.

Drive	Contents	Recommended Configuration
C:\	Operating System	RAID 1 or RAID 5
D:\	Pagefile	The pagefile should be on a different physical disk from the operating system. No special protection for the pagefile is required.
E:\	Transaction Logs	RAID 1 or if using a SAN system RAID 0+1
F:\	Exchange Store Databases	RAID 5

When designing data storage, keep in mind the following recommendations:

• Separate the transaction logs and databases on even the smallest of systems for fault tolerance and performance.


• When using default logging, you can optimize your system by storing the saved log files on a disk other than the one used to store the current (E00.log) file.




• Place the current file on a fast disk to improve performance.


• Place saved log files on a large disk.




• If you have multiple storage groups, each group should have their own RAID 5 set.


• Use SAN/NAS solutions to increase performance and storage capabilities. Verify with the hardware vendor that the system is designed to work with Exchange Server 2003.


• Use a separate disk for the SMTP queue for increased performance.


• RAID 0+1 is becoming more common because it delivers better I/O performance and eliminates the need for a write-back cache.

In addition to designing disk locations, you can improve manageability and availability by creating multiple stores and storage groups. The following table describes the recommendations for working with each.

Unit	Design Considerations
Stores	By creating multiple stores, you divide the Exchange database into multiple smaller databases. You might create multiple stores for the following reasons: To establish different store policies. For example, you can create different stores for groups who have different mail retention and deletion policies. To reduce the effects of a store failure or store maintenance on other users. If a store database is lost due to disk failure or corruption, having multiple stores minimizes the effect and allows users with mailboxes in other stores to continue working. Having multiple smaller databases also decreases the time it takes to restore a single store. To make e-mail communications more efficient. Your store organization could mimic the way e-mail communications are conducted in your organization. Identify groups of users who communicate most frequently with each other and create a store for each group. To make the database structure match your organizational structure. For example, you could create different stores for different departments or sites.
Storage Groups	With Exchange Server 2003, Microsoft recommends that you create a storage group for each store until you have reached the maximum number of allowable storage groups. Doing so: Improves virtual memory management. Ensures that fewer stores share the same transaction logs. For example, if you have a single storage

Exchange Server Restore Methods

If the entire Exchange server fails and cannot be booted due to a hardware failure or configuration corruption, you can either restore or reinstall the server to correct the problem. The following table describes three methods you can use to recover from a failed server.

Method	Description
Restoring the Exchange Server	When you restore the Exchange server, you use existing backups to restore the operating system, Exchange, and the data to the same system. Use the following general process to restore the Exchange server: Use your latest backups to restore the entire computer. This will include the operating system and Exchange. Reapply service packs and updates. Restore the Exchange data.
Rebuilding the Exchange Server	When you rebuild a server, you reinstall a fresh copy of the operating system and Exchange, but configure the computer as if it were the original Exchange server. To rebuild the Exchange server: Install the operating system. Restore the system state data. Reinstall operating system service packs and hotfixes. Install Exchange using Setup.exe /disasterrecovery. This option re-installs Exchange but uses configuration information in Active Directory to configure the new install exactly the same as the failed server. Install Exchange service packs and hotfixes. Restore the Exchange data.
Using a Standby Recovery Server	A standby recovery server is a partially-configured server with the exact same hardware and with the operating system already installed. The process for using a standby server is similar to the process of rebuilding the server, except that the operating system is already installed. To rebuild using a standby server: Shut down the failed server and remove it from the network. Move the hard drives to the standby server. Connect the standby server to the network. Restore the system state data from the failed computer to the standby server. Reinstall operating system service packs and hotfixes. Install Exchange using Setup.exe /disasterrecovery. Install Exchange service packs and hotfixes. Restore the Exchange data.

Keep in mind the following recommendations for working with failed Exchange servers.

• If possible, copy the Exchange data from the failed server. As the last step in the process, recopy the data to the restored or rebuilt server instead of restoring the data from backup. This gives you the latest version of the Exchange database.


• If restoring the Exchange server does not work (if the restored server is still unstable), try reinstalling the server. By reinstalling, you get clean installs of the operating system and Exchange.


• If the Exchange server is the only domain controller on your network, you will need to restore Active Directory before restoring or reinstalling Exchange. If the Exchange server is one of other domain controllers, make the server a domain controller prior to installing Exchange. Wait for Active Directory replication to replicate domain information to the restored server.


• If you install Exchange without the /disasterrecovery switch, information in Active Directory for that server will be deleted. Using the /disasterrecovery switch retrieves the configuration information for that server object and reapplies it to that Exchange server.

Exchange Server 2003 Firewall Ports

The following table lists various protocols and their associated ports that might be used in an Exchange implementation.

Protocol	Description	Ports
SMTP	Used to communicate with mail servers and by POP3 and IMAP4 clients to send mail. Note: SMTP with SSL is rarely used.	TCP 25 Using SSL, TCP 26
POP3	Used to retrieve mail from an Exchange Server. Disabled on the Exchange server by default.	TCP 110 Using SSL, TCP 995
IMAP4	Used to retrieve mail and other directories from an Exchange Server. Disabled on the Exchange server by default.	TCP 143 Using SSL, TCP 993
HTTP	Used by Outlook Web Access for mail access.	TCP 80 Using SSL, TCP 443
LDAP	Used to access information from Active Directory.	TCP and UDP 389 for Active Directory access TCP 3268 for Global Catalog access
NNTP	Used to retrieve information from Usenet servers on and enables sharing news group public folders.	TCP 119 Using SSL, TCP 563
RPC	Used to establish an RPC connection (end point mapper) and also acts as an RPC client establishing sessions.	TCP 135 TCP 1024 and above (multiple ports are typically enabled)
DNS	When contacting Active Directory, a DNS server must be contacted for name resolution. The Exchange server uses DNS to find mail servers on the Internet	TCP and UDP 53
MTA	Used for X.400 connections or connections to Exchange 5.5 servers.	TCP 102
Kerberos	Used for communication and authentication with Windows 2003 servers.	TCP and UDP 88
IPSec	Used to secure server-to-server communications.	IP protocol 51 for AH IP protocol 50 for ESP UDP 500 for key exchange TCP and UDP 88 for Kerberos

SSL Enabling OWA 2003 using your own Certificate Authority

Why spend money on a 3rd party SSL certificate, when you can create your own for free? In this article I will show you step by step how you create your own SSL Certificate, which among other things is needed in order to properly secure Outlook Web Access on your Exchange 2003 Server.
Note: If you’re looking for step by step instructions on how you apply a 3rd party certificate to Outlook Web Access 2000, please see the article: Securing Outlook Web Access using SSL written by Gangadhar.
Configuring the Certificate Authority
The first thing to do is to decide which server should hold the Certicate Authority (CA) role, it could be any server as long as it’s at least a member server. If you have a single box setup, such as a Small Business Server (SBS), the decision shouldn’t be very hard.

Note:
In order to add the Certificate Service Web Enrollment component (subcomponent to CA), which we’re going to use in this article, the server needs to be running IIS, so if you haven’t already done so, install IIS before continuing with this article. If you plan on installing the CA component on the Exchange server itself, then there’s nothing to worry about, because as you know, Exchange 2003 relies heavily on IIS, which means It’s already installed.
To install the CA component, do the following:
• Click Start > Control Panel > Add or Remove Programs
• Select Add/Remove Windows Components
• Put a checkmark in Certificate Services
Below screen will popup as a warning, just click Yes > then Next



We now have to select what type of CA to use, choose Enterprise root CA and click Next

In the following screen we have to fill out the Common name for our CA, which in this article is mail.testdomain.com.
Leave the other fields untouched and click Next >

We now have the option of specifying an alternate location for the certificate database, database log, and configuration information. In this article we will use the defaults, which in most cases should be just fine.
Now click Next >

The Certificate Service component will be installed, when it’s completed, click Finish

Creating the Certificate Request
Now that we have installed the Certificate Services component, it’s time to create the Certificate Request for our Default Website. We should therefore do the following:
• Click Start > Administrative Tools > Internet Information Services (IIS) Manager
• Expand Websites > Right-click Default Website then select Properties
• Now hit the Directory Security tab
• Under Secure Communications click Server Certificate…

As we’re going to create a new certificate, leave the first option selected and click Next >

Because we’re using our own CA, select Prepare the request now, but send it later, then click Next >

Type a descriptive name for the Certificate and click Next >

We now need to enter our organization name and the organizational unit (which should be pretty self-explanatory), then click Next >

In the next screen we need to pay extra attention, as the common name reflects the external FQDN (Fully Qualified Domain Name), to spell it out, this is the address external users have to type in their browsers in order to access OWA from the Internet.
Note: As many (especially small to midsized) companies don’t publish their Exchange servers directly to the Internet, but instead runs the Exchange server on a private IP address, they let their ISP’s handle their external DNS settings. In most cases the ISP creates a so called A record named mail.domain.com pointing to the company’s public IP address, which then forwards the appropriate port (443) to the Exchange servers internal IP address.

When your have entered a Common Name click Next >

Now it’s time to specify the Country/Region, State/Province and City/locality, this shouldn’t need any further explanation, when you have filled out each field, click Next >

In the below screen we have to enter the name of the certificate request we’re creating, the default is just fine, click Next >

In this screen we can see all the information we filled in during the previous IIS Certificate Wizard screens, if you should have made a mistake, this is your last chance to correct it. If everything looks fine click Next >

And finally we can click Finish.
Getting the Pending Request accepted by our Certificate Authority
Now that we have a pending Certificate Request, we need to have it accepted by our CA, which is done the following way:
• On the server open Internet Explorer
• Type http://server/certsrv
Note: In order to access the Certsvr virtual folder, you may be prompted to enter a valid username/password, if this is the case use the Administrator account. When you have been validated the Windows 2003 Server will most probably block the content of the CertSrv virtual folder, which means you wil have to add it to your trusted sites in order to continue.
Now that you’re welcomed by the Certificate Services, select Request a Certificate

Click advanced certificate request

Under Advanced Certificate Request click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file

Now we need to insert the content of the certreq.txt file we created earlier, you can do this by clicking the Browse for a file to insert or by opening the certreq.txt file in notepad, then copy/paste the content as shown in the screen below, then click Submit >

Now select Base 64 encoded then click Download certificate

Click Save

Choose to save the certnew.cer on the C: drive > then click Save

Close the Microsoft Certificate Services IE window.
Appending the Certificate to the Default Website
Okay it’s time to append the approved Certificate to our Default Website, to accomplish this we need to do the following:
• Click Start > Administrative Tools > Internet Information Services (IIS) Manager
• Expand Websites > Right-click Default Website then select Properties
• Now select the Directory Security tab
• Under Secure Communications click Server Certificate… > then Next

Select Process the pending request and install the certificate > click Next >

Unless you have any specific requirements to what port SSL should run at, leave the default (443) untouched, then click Next >

You will now see a summary of the Certificate, again if you should have made any mistakes during the previous wizard screens, this is the final chance to correct them, otherwise just click Next >

The Certificate has now been successfully installed and you can click Finish

Enabling SSL on the Default Website
We have now appended the Certificate to our Default Website, but before the data transmitted between the clients and the server is encrypted, we need to click the Edit… button under Secure Communications.

Here we should put a checkmark in Require Secure Channel (SSL) and Require 128-bit encryption just like below:

Now click OK.
Testing our SSL enabled Default Website
Now that we have gone through all the configuration steps necessary to enable SSL on our Default Website, it’s time to test if our configuration actually works.
From the server (or a client) open Internet Explorer, then type:http://exchange_server/exchange
You should get a screen similar to the one shown below:

This is absolutely fine, as we shouldn’t be allowed to access the Default Website (and any virtual folders below) through an unsecure connection. Instead we should make a secure connetion which is done by typing https, therefore type below URL instead:
https://exchange_server/exchange
The following box should appear:

Note: You may have noticed the yellow warning sign, this informs us The name on the security certificate is invalid or does not match the name of the site. Don’t worry there’s nothing wrong with this, the reason why it appears is because we aren’t accessing OWA through the common name, which we specified when the certificate was created. When you access OWA from an external client through mail.testdomain.com/exchange, this warning will disappear.
Click Yes
You will now be prompted for a valid username/password in order to enter your mailbox, for testing purposes just use the administrator account, like shown below:

Now click OK
We should now see the Administrator mailbox.

Notice the yellow padlock in the lower right corner, a locked padlock indicates a secure connection, which means OWA now uses SSL.

Deployment for 2007 Microsoft Office SharePoint Server

Deployment for 2007 Microsoft Office

SharePoint Server

A server farm typically consists of one or two back-end database servers and one or more front-end servers that provide Web services and Office SharePoint Server 2007 services, such as search, Excel Services, and indexing.

Hardware and software requirements

Before you install and configure Office SharePoint Server 2007, make sure your servers have the recommended hardware and software. To deploy a server farm, you need at least one server computer acting as a Web server and an application server, and one server computer acting as a database server. The server computers must meet the following requirements:

Hardware requirements

• Front-end Web server and application server computers: a dual-processor computer with processor clock speeds of 2.5-gigahertz (GHz) or higher and a minimum of 2 gigabytes (GB) of RAM.


• Back-end database server: a dual-processor computer with processor clock speeds of 2.0 GHz or higher and a minimum of 2 GB of RAM.

Software requirements Web and Application Server

• Microsoft Windows Server 2003 (Standard, Enterprise, Datacenter, or Web Edition) with Service Pack 1 (SP1)


• Microsoft .Net Framework 2.0


• Microsoft .Net Framework 3.0


• The Web server and application server computers must be configured as Web servers running Microsoft Internet Information Services (IIS) in IIS 6.0 worker process isolation mode.


• Each of the computers must be using the NTFS file system. Windows Server 2003 includes a conversion utility (Convert.exe) that you can use to convert an existing file allocation table (FAT) volume to NTFS without losing data.

Back-End Database Server

• The back-end database server computer must be running Microsoft SQL Server 2005 or Microsoft SQL Server 2000 with Service Pack 3 (SP3) or later. It is assumed that you have installed and configured the database program on the back-end server computer. You do not need to set up or create specific databases for Office SharePoint Server 2007. The Office SharePoint Server 2007 Setup program will create the necessary databases when you install and configure Office SharePoint Server 2007.

In addition to these requirements, if you are using SQL Server 2005, you need to configure surface area settings. Use the following procedure to do this.

Configure surface area settings in SQL Server 2005

• Click Start, point to All Programs, point to Microsoft SQL Server 2005, point to Configuration Tools, and then click SQL Server Surface Area Configuration.


• In the SQL Server Surface Area Configuration dialog box, click Surface Area Configuration for Services and Connections.


• In the tree, open your instance of SQL Server, open Database Engine, and then click Remote Connections.


• Click Local and Remote Connections, click Using both TCP/IP and named pipes, and then click OK.

Security account requirements

To install Office SharePoint Server 2007 in a server farm environment, at-least 2 accounts are required:

• A user account that you can use to install Office SharePoint Server 2007 and run the SharePoint Products and Technologies Configuration Wizard. This account must be:


• A domain user account.


• A member of the Administrators group on each of your front-end servers.


• A member of the SQL Server Logins, which grants login access to your SQL Server instance.


• A member of the SQL Server Database Creator server role, which grants permission to create and alter databases.


• A member of the SQL Server Security Administrators server role, which grants permission to manage server logins.

• A unique domain user account that you can specify as the Office SharePoint Server 2007 service account. This user account is used to access your SharePoint configuration database. It also acts as the application pool identity for the SharePoint Central Administration application pool and it is the account under which the Windows SharePoint Services Timer service runs. The SharePoint Products and Technologies Configuration Wizard adds this account to the SQL Server Logins, the SQL Server Database Creator server role, and the SQL Server Security Administrators server role. It is recommended that you follow the principle of least privilege and do not make this user account a member of any particular security group on your front-end servers or your back-end servers.

Configure the server as a Web server

Before you install and configure Office SharePoint Server 2007, you must install and configure the required software on each of your front-end servers. This includes installing and configuring IIS so your front-end servers act as Web servers, installing Windows .NET Framework 2.0, enabling ASP.NET 2.0, and installing Windows Workflow Foundation Runtime Components Beta 2.2 (build 3807.7).

Install and configure IIS

IIS is not installed or enabled by default in Windows Server 2003. To make your server a Web server, you must install and enable IIS, and you must make sure that IIS is running in IIS 6.0 worker process isolation mode.

• Click Start, point to All Programs, point to Administrative Tools, and then click Configure Your Server Wizard.


• On the Welcome to the Configure Your Server Wizard page, click Next.


• On the Preliminary Steps page, click Next.


• On the Server Role page, click Application server (IIS, ASP.NET), and then click Next.


• On the Application Server Options page, click Next.


• On the Summary of Selections page, click Next.


• Click Finish.


• Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.


• In the IIS Manager tree, click the plus sign ( ) next to the server name, and then right-click the Web Sites folder and select Properties.


• In the Web Sites Properties dialog box, click the Service tab.


• In the Isolation mode section, clear the Run WWW service in IIS 5.0 isolation mode check box, and then click OK.

Note: The Run WWW in IIS 5.0 isolation mode check box is only selected if you have upgraded to IIS 6.0 on Windows Server 2003 from IIS 5.0 on Microsoft Windows 2000. New installations of IIS 6.0 use IIS 6.0 worker process isolation mode by default.

Install Windows .NET Framework 2.0

• Run .Net Framework 2.0 Setup

Enable ASP.NET 2.0

Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

In the IIS Manager tree, click the plus sign ( ) next to the server name, and then click the Web Service Extensions folder.

In the details pane, click ASP.NET v2.0.50727, and then click Allow.

Install .Net Framework 3.0

1. Run .Net Framework 3.0 Setup

Install Microsoft Windows Workflow Foundation Runtime. Install and configure 2007 Office SharePoint Server

It is recommended that you install and configure Office SharePoint Server 2007 on all of your front-end servers before you configure Office SharePoint Server 2007 services and create sites. If you want to build a minimal server farm configuration, and incrementally add front-end servers to expand the farm, you can install and configure Office SharePoint Server 2007 on a single front-end server and configure the front-end server as both a Web server and an application server. Regardless how many front-end servers you have in your server farm, you must have SQL Server running on at least one back-end database server before you install Office SharePoint Server 2007 on your front-end servers.

Run 2007 Office SharePoint Server Setup

1. Run Officeserver.exe, on one of your Web server computers.


2. On the Enter your Product Key page, enter your product key and click Continue.

1. On the Read the Microsoft Software License Terms page, review the terms, select the I accept the terms of this agreement check box, and then click Continue.

1. On the Choose the installation you want page, click Advanced.

1. On the Server Type tab, do one of the following:

If you are setting up a computer that will act as an application server, or a Web server and an application server, click Complete, and then click Install Now.

If you are setting up a computer that will act as a Web server only, click Web Front End, and then click Install Now.

1. When Setup finishes, a dialog box appears telling you that you must complete the configuration of your server. Make sure that the Run the SharePoint Products and Technologies Configuration Wizard now check box is selected.


2. Click Close to start the configuration wizard. Instructions for completing the wizard are provided in the next set of steps.

Run the SharePoint Products and Technologies Configuration Wizard

After Setup finishes, you can use the SharePoint Products and Technologies Configuration Wizard to configure Office SharePoint Server 2007. The SharePoint Products and Technologies Configuration Wizard automates several configuration tasks, including: installing and configuring the configuration database, installing Office SharePoint Server 2007 services, and installing SharePoint Central Administration. Use the following instructions to run the SharePoint Products and Technologies Configuration Wizard.

1. On the Welcome to SharePoint Products and Technologies page, click Next.

1. Click Yes in the warning dialog box that appears notifying you that some services might need to be restarted during configuration.


2. On the Connect to a server farm page, do one of the following:

If this is the first front-end server that you are configuring in your server farm, click No, I want to create a new server farm, and then click Next.

If you have already configured your first server in your server farm, click Yes, I want to connect to an existing server farm, and then click Next.

• On the Specify Configuration Database Settings dialog box, in Database server, type the name of the computer that is running SQL Server.


• Do one of the following:

If this is the first server that you are configuring in your server farm, type a name for your configuration database in Database name, or use the default database name.

If you have already configured the first server in your server farm, click Retrieve Database Names, and in Database name click the database name that you created when you configured the first server in your server farm. The default name is SharePoint_Config.

• In User name , type the user name of the account used to connect to the computer running SQL Server (be sure to type the user name in the format DOMAIN\username).

Important: This account is the Office SharePoint Server 2007 service account under which several Office SharePoint Server 2007 services run. The user account that you specify as the Office SharePoint Server 2007 service account must be a domain user account, but it does not need to be a member of any specific security group on your front-end servers or your back-end database servers. However, the user account that you specify must be a member of the following two SQL Server security roles on your back-end database servers: Database Creator and Security Administrator. It is recommended that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group as your Office SharePoint Server 2007 service account.

• In Password, type the user's password, and click Next.


• Skip the next step if you have already configured first server in your server farm.


• On the Configure SharePoint Central Administration Web Application page, select the Specify port number check box and type a port number if you want the SharePoint Central Administration Web application to use a specific port, or leave the Specify port number check box unchecked if you do not care which port number the SharePoint Central Administration Web application uses.

• On the Configure SharePoint Central Administration Web Application dialog box, select NTLM authentication (the default), click Next.


• On the Completing the SharePoint Products and Technologies Wizard page, click Next.


• On the Configuration Successful page, click Finish.

The SharePoint Central Administration Web page opens.

Notes

• If you are prompted for your user name and password, you might need to add the SharePoint Central Administration site to the list of trusted sites and configure user authentication settings in Internet Explorer. Instructions for configuring these settings are provided in the next set of steps.


• If you see a proxy server error message, you might need to configure your proxy server settings so that local addresses bypass the proxy server. Instructions for configuring this setting are provided later in this section.

Add the SharePoint Central Administration site to the list of trusted sites

• In Internet Explorer, on the Tools menu, click Internet Options.


• On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted Sites, and then click Sites.


• Clear the Require server verification (https:) for all sites in this zone check box.


• In the Add this Web site to the zone box, type the URL for the SharePoint Central Administration site, and then click Add.


• Select the Require server verification (https:) for all sites in this zone check box.


• Click Close to close the Trusted Sites dialog box.


• Click OK to close the Internet Options dialog box.

Configure user authentication settings for trusted sites

• In Internet Explorer, on the Tools menu, click Internet Options.


• On the Security tab, in the Select a Web content zone to specify its security settings box, click Trusted sites, and then click Custom Level.


• In the Settings list box, under User Authentication, click Automatic logon with current username and password.


• Click OK twice.

Note: If you do not want to add the SharePoint Central Administration site to the list of trusted sites, but you do not want to be prompted for your user name and password every time you access the SharePoint Central Administration site, you can instead add the SharePoint Central Administration site to the Local intranet zone. If you do this, you must enable the Automatic logon only in Intranet zone user authentication setting instead of the Automatic logon with current username and password user authentication setting

Configure 2007 Office SharePoint Server services

After you have installed and configured Office SharePoint Server 2007 on all of your front-end servers, you must configure Office SharePoint Server 2007 services. The services you need to configure depends on your server topology and the server roles you deploy. Use the following guidelines to determine which services you need to configure in your server farm.

• Search and indexing servers You must start and configure the Office SharePoint Server Search service on at least one of your front-end servers. This service provides search and indexing services. You can start and configure this service on any type of server, including a server that is acting as an application server and provides only Office SharePoint Server 2007 services, a server that is acting as both an application server and a Web server and provides both Office SharePoint Server 2007 services and Web services, or a server that is acting as a Web server and provides only Web services.


• Web servers The Web server role is implemented by IIS and the Windows SharePoint Services Web Application service. The Windows SharePoint Services Web Application service must be running on any server that acts as a Web server and renders Web content. This service is started by default on servers that you set up using the Web Front End option during Setup. If you set up a server using the Complete option during Setup, and you want that server to act as a Web server and render Web content, then you must start the Windows SharePoint Services Web Application service on that server.

In addition to configuring services on your front-end servers, you must create the Shared Services Provider (SSP). The SSP makes it possible to share the Office SharePoint Server 2007 services across your server farm. You must create the SSP before you can use it in a farm environment; Office SharePoint Server 2007 does not create the SSP by default in a farm environment.

The following procedures step you through the process of configuring Office SharePoint Server 2007 services, creating a Web application for the SSP, creating the SSP, and configuring indexing settings.

Start and configure the Search service

• On the SharePoint Central Administration home page, click the Operations tab on the top navigation bar.


• On the Operations page, in Topology and Services, click Servers in farm.


• On the Servers in Farm page, click the server on which you want to configure the search service.


• Click Start next to Office SharePoint Server Search.


• On the Office SharePoint Server Search Settings page, in the Query and Indexing section, make sure that the Use this server for indexing content and Use this server for serving search queries check boxes are selected.


• In the Default Catalog Location section, type a path to a physical folder to store the index files, or use the default location that is specified.


• In the Contact E-Mail Address section, specify a valid e-mail address.


• In the Service Account section, click Configurable, and in User name and Password, type the user name and password for the user account under which you want the Search service to run. The user account must be a member of the Administrators group on the computer that is running the Search service. If you want to use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers, see the Known Issues/Readme for Office SharePoint Server 2007 Beta 2. The user name must be in the format DOMAIN\username.


• In the Web Front End And Crawling section, do one of the following:

• If you are configuring the search service on a server that provides Web services and renders Web content, click No dedicated Web front-end computer for crawling


• If you are configuring the search service on a server that is a standalone search server that does not provide Web services and render Web content, click Use a dedicated web front end computer for crawling, and then, in Select a web front end computer, click the computer you want to use for crawling.

• Click Start.

Start the Windows SharePoint Services Web Application service

You must start the Windows SharePoint Services Web Application service on every computer that you want to act as a Web server and was set up using the Complete option during Setup. This service is started by default on servers that were set up using the Web Front End option. To enhance security, you can leave this service turned off on application servers that do not provide Web content to client computers. Also, you do not need to turn this service on to use SharePoint Central Administration on a server.

• On the SharePoint Central Administration home page, click the Operations tab on the top navigation bar.


• On the Operations page, in Topology and Services, click Servers in farm.


• On the Servers in Farm page, click the server on which you want to start the Windows SharePoint Services Web Application service.


• Click Start next to Window SharePoint Services Web Application.

Create the Shared Services Provider

• On the SharePoint Central Administration home page, click the Application Management tab on the top navigation bar.


• On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm's shared services.


• On the Manage this Farm's Shared Services page, click New SSP.

Important: If you have not created a Web application for the SSP administration site, you need to create one before you create the SSP. If you have already created a Web application for the SSP administration site, skip to step 14.

• On the New Shared Services Provider page, click Create a new Web application.


• On the Create New Web Application page, in the IIS Web Site section, click Create a new IIS web site, and do not modify the default settings in this section.


• In the Security Configuration section, under Authentication provider, select the appropriate option for your environment, and do not modify the default settings in the remainder of this section.


• In the Load Balanced URL section, do not modify the default settings.


• In the Application Pool section, click Create new application pool.


• In Application pool name, enter the name of your application pool or use the default name.


• Click Configurable, and in User name and Password, type the user name and password for the user account under which you want the application pool to run. The user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.


• In the Database Name and Authentication section, verify the database information and make sure that Windows Authentication (recommended)is selected.


• In the Search Server section, do not modify the default settings.


• Click OK. Upon successful creation of the Web application, the New Shared Services Provider page appears.


• In the SSP Name section, in Web Application, select the Web application that you created for the SSP, and do not modify any of the default settings in this section.


• In the My Site Location section, do not modify any of the default settings.


• In the SSP Service Credentials section, in User name and Password, type the user name and password for the user account under which you want the SSP to run. The user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.


• In the SSP Database section, you can either accept the default settings (recommended), or specify your own settings for the database server, the database name, or the SQL authentication credentials.


• In the Search Database section, you can either accept the default settings (recommended), or specify your own settings for the search database server, the database name, or the SQL Server authentication credentials.


• In the Index Server section, in Index Server, click the server on which you configured the Search service.

Note: If there is no index server listed in the Index Server section, then no server in your farm has been assigned the index server role. To assign the index server role to a server in your farm, follow the instructions in the "Configure the Search service" section earlier in this topic.

• In the SSL for Web Services section, click No.


• Click OK. Upon successful creation of the SSP, the Success page appears.


• On the Success page, click OK to return to the Manage this Farm's Core Services page.

Configure indexing settings

• On the SharePoint Central Administration home page, click the Application Management tab on the navigation bar.


• On the Application Management page, in the Office SharePoint Server Shared Services section, click Create or configure this farm's shared services.


• On the Manage this Farm's Shared Services page, click SharedServices1.


• On the Shared Services Administration page, in Search, click Search Settings.


• On the Configure Search Settings page, in the Crawl Settings section, click Default content access account.


• In the Default content access account section, in Account, Password, and Confirm Password, type the user name and password for the user account that you want to use to crawl content on your sites. This account must be a domain user account. It is recommended that you use the principle of least privilege and select a unique user account that cannot modify content and does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user account that you specify will be added to the Web application Full Read policy for your farm. The user name must be in the format DOMAIN\username.


• Click OK.


• In the Crawl Settings section, click Content sources.




• On the Manage Content Sources page, click Local Office SharePoint Server sites.


• On the Edit Content Source page, in the Crawl Schedules section, under Full Crawl, click Create schedule.


• In the Manage Schedules dialog box, configure schedule settings for full crawls of your content, and then click OK.


• In the Crawl Schedules section, under Incremental Crawl, click Create schedule.


• In the Manage Schedules dialog box, configure schedule settings for incremental crawls of your content, and then click OK.


• In the Start Full Crawl section, select the Start full crawl of this content source check box, and then click OK.

Create and configure a site

After you configure services in your server farm, you can create a Web application and a site collection. You should create the Web application on the first server on which you installed Office SharePoint Server 2007 (in other words, the same server that is running the SharePoint Central Administration service).

Create a Web application for your SharePoint site

On the SharePoint Central Administration home page, click the Application Management tab on the top navigation bar.

• In the SharePoint Web Application Management section, click Create or extend Web application.


• On the Create or Extend Web Application page, click Create a new Web Application.


• On the Create New Web Application page, in the IIS Web Site section, click Create a new IIS web site, and change the port setting to port 80. This will allow you to access your site by typing http://ServerName. If you use a nonstandard port number you will have to include the port number in the URL to access your site (for example, http://ServerName:port).


• In the Security Configuration section, under Authentication provider, select the appropriate option for your environment, and do not modify any other settings in this section.

Note: By default, the authentication provider is set to NTLM.

• In the Load Balanced URL section, do not modify the default settings.


• In the Application Pool section, select Create new application pool, and use the default settings for the application pool name.


• Click Configurable, and in User name and Password, type the user name and password for the user account under which you want the application pool to run. The user account does not have to be a member of any particular security group. It is recommended that you use the principle of least privilege and select a unique user account that does not have administrative rights on your front-end servers or on your back-end database servers. You can use the user account that you specified as the Office SharePoint Server 2007 service account; however, if that user account is a member of a security group that has administrative rights on your front-end servers or your back-end database servers, you will not be following the principle of least privilege. The user name must be in the format DOMAIN\username.


• In the Database Name and Authentication section, verify the database information and ensure Windows Authentication (recommended)is selected.


• In the Search Server section, do not modify the default settings.


• Click OK.


• On the Application Created page, which appears after successful creation of the Web application, click Create a new Windows SharePoint Services site collection.

Create the site collection for your Web application

• On the Create Site Collection page, in the Title and Description section, in Title, enter a title for the new site.


• In Description, enter a description of the site collection.


• In the Web Site Address section, click Create site at this URL, and in URL path click (root).

It is most common to create a site collection at the root; however, you can create a site collection at a specific URL path.

• In the Primary Site Collection Administrator section, in User name, type the user name of the site collection administrator. This can be the same user account that you specified as the Office SharePoint Server 2007 service account, but you should follow the principle of least privilege and use a user account that does not have administrative privileges or rights on your front-end or back-end servers.


• In the Quota Template section, select a predefined quota template to limit resources used for this site collection.

Note: You can also select No Quota, thereby allowing this site collection to use any available resources.

• In the Template Selection section, click the Publishing tab, and then click Corporate Intranet Site.


• Click OK to create the site collection with the attributes you specified.  Upon successful completion, a Top-Level Site Successfully Created page appears.


• Click OK to return to the SharePoint Central Administration home page, or click the http://ComputerName link to go to your new SharePoint site home page.

After you install and configure Office SharePoint Server 2007

After you finish creating your first site, you can start adding content to the site and you can start customizing the site. However, it is recommended that you first configure several administrative settings to ensure that your Office SharePoint Server 2007 environment is operating properly and you are using all of the features and capabilities provided by Office SharePoint Server 2007.

Install and configure Excel Calculation Services

To take full advantage of the business intelligence capabilities of Office SharePoint Server 2007 you need to start and configure Excel Calculation Services. Instructions for doing this are provided below.

Note: Excel Services is only available if you use a product key that activates the Enterprise version of Office SharePoint Server 2007.

Start and configure Excel Calculation Services

• On the SharePoint Central Administration home page, click Administrative Tasks.


• On the Administrative Tasks page, click Add Excel Services Trusted Locations.


• On the Add Excel Services Trusted Locations page, in Action, click Add Excel Services Trusted Locations.


• On the Excel Services Trusted File Locations page, click Add Trusted File Location.


• In the Location section, in Address, type the address of the trusted file location. It is recommended that the trusted file location be an Office SharePoint Server 2007 site, but you can also specify universal naming convention (UNC) paths or HTTP Web sites.


• In Location Type, click Windows SharePoint Services if you specified an Office SharePoint Server 2007 site, click UNC if you specified a UNC path, or click HTTP if you specified an HTTP Web site.


• In the External Data section, in Allow External Data, select the trust level for external data sources that you want to enable by doing one of the following:

• Click None to prevent Excel Calculation Services from processing connections to any external data connection.


• Click Trusted data connection libraries only to prevent Excel Calculation Services from processing connections to external data sources that are embedded within workbooks. This setting permits Excel Calculation Services to process links to trusted data connection libraries.


• Click Trusted data connection libraries and embedded to permit Excel Calculation Services to process direct connections to external data sources that are embedded within workbooks. This setting also permits Excel Calculation Services to process links to trusted data connection libraries.

Configure alternate access mappings for your Web applications

If you installed and configured Office SharePoint Server 2007 on a single front-end server, and a user browses to your server, the server will render the content that is in your Web application. However, if you added subsequent front-end servers to your server farm, the newly-added servers will not have alternate access mappings configured to your Web application. To map newly-added front-end servers to your existing Web application, you need to configure alternate access mappings.

Before you configure alternate access mappings, install and configure Office SharePoint Server 2007 on all of the front-end servers that you want to add to your server farm, and make sure that the servers are joined to your server farm. See "Run Windows SharePoint Services Setup" and "Run the SharePoint Products and Technologies Configuration Wizard" for information about installing and configuring Office SharePoint Server 2007.

To configure alternate access mappings

• On the SharePoint Central Administration home page, click the Operations tab.


• On the Operations page, in the Global Configuration section, click Alternate access mappings.


• In Alternate Access Mapping Collection, click Change Alternate Access Mapping Collection.


• In the Select an Alternate Access Mapping Collection dialog box, click the Web application that you want to modify. If you have created only one Web application, and you specified port 80 for the Web application, the Web application should be listed as SharePoint (80).


• Click Edit Outbound URLs, and verify that your Web application is listed in the Default zone for outbound URLs. The outbound URL is the URL that you want users to use to access your Web application.

Note: If you have a load-balanced configuration with a host name, add the host name to the Outbound URL for the Default zone.

• Click Save.


• Click Add Incoming URLs.


• On the Add Incoming URLs page, in New default zone URL protocol, host and port type the URL for the server that you want to map to your Web application. Typically, this is http://servername:portnumber.

Note: If you have a load-balanced configuration, you should add the server name of each of your front-end Web servers to the list of internal URLs. This will allow each of your Web servers to reach the content in your common Web application. Also, make sure the zone you selected for the incoming URL matches the zone of the outbound URL for the load balancer. You can have multiple incoming URLs associated with a single outbound URL.

• In Zone, make sure that Default is selected.


• Click Save.

Configure additional administrative settings

After you have deployed the SharePoint Server, there are some other additional settings which you need to configure. You should perform these tasks to take full advantage of the SharePoint 2007 administrative Features:

• Email Settings:

• Incoming:

Configuring server for incoming emails will enable you to get advantage of the following SPS 2007 features:

1. SharePoint sites can accept and archive incoming e-mail.

2. SharePoint sites can archive e-mail discussions as they happen, save e-mailed documents, and show e-mailed meetings on site calendars.

3. In addition, configure the SharePoint Directory Management Service for e-mail distribution list creation and management.

• Outgoing

Configure Outgoing SMTP Email server to enable SPS 2007 for sending Notifications and alerts to the site users and administrators. You can configure “From” and “Reply to” email addresses for outgoing emails.

• Create SharePoint sites: Create more SharePoint sites and Web applications if your site design requires multiple sites or multiple Web applications.


• Diagnostic logging settingsTo get yourself helped in troubleshooting, configure various logging and diagnostics settings including trace logs, event messages, user-mode error messages, and Customer Experience Improvement Program events.


• Configure antivirus protection settingsConfigure Antivirus Settings for Server to enable the virus scanning for document upload and downloads, also configure virus scanning timeout and execution threads on the server for antivirus. A SharePoint Server 2007 compatible Antivirus program is required for this.


• You can use the following procedure to configure optional administrative settings using SharePoint Central Administration.

Configure administrative settings using SharePoint Central Administration

• Click Start, point to All Programs, point to Administrative Tools, and then click SharePoint 3.0 Central Administration.


• On the SharePoint Central Administration home page, under Administrative Tasks, click the administrative task you want to perform.


• On the Administrative Tasks page, next to Action, click the task.

 

PNG TRANSPARENCY FOR IE 6.0 AND OLDER VERSIONS

PNG Transparency for Internet Explorer (IE6 and Beyond) Like GIFs and JPEGs, PNG images are ideal for web use. Like GIFs, the PNG is great for displaying small images with few colors, like logos and icons. Also, PNGs sport a few advantages over GIF images. Most notably, they support alpha transparency. What is alpha-transparency? GIF files are only capable of displaying a pixel as either completely transparent or completely opaque: this is known as binary transparency. When an image contains alpha layers, however, parts of an image can be partially transparent. You can specify a level of transparency from 0 to 255. Below is an image with layers of varying transparency: PNGs thus have the potential for creating some interesting effects on a web page, like translucent background images and drop-shadows. But despite their advantages over GIFS, PNGs aren’t nearly as popular as GIFs web design, primarily because of the impression that PNGs don’t enjoy wide browser support. This view on PNGs is a bit of a misconception. While Internet Explorer for Windows 6 (IE6) and previous versions of IE don’t support PNGs’ alpha-transparency feature, all popular browsers can display PNGs. While IE6- doesn’t explicitly support alpha-transparency out-of-the-box, if you will, there is a workaround that ensures PNG’s cross-browser compatibility. Microsoft has a plethora of proprietary visual filters and transitions that are available to IE4+. These filters are designed to apply various multimedia affects (transition wipes, light effects and so on) to images in a web page that are viewed with IE. One of these image filters — AlphaImageLoader — lets you display a PNG with alpha-transparency in IE6. You can employ this filter within the HTML of your page by creating a div element and embedding into it a bit of CSS: <div style=”position:relative; height: 188px; width: 188px; filter:progid:DXImageTransform.Microsoft.AlphaImageLoader (src='images/image.png',sizingMethod='scale');”></div> The key property here is the filter property. While filter is not valid CSS, it does allow you to apply the AlphaImageLoader filter to the image specified in the parentheses. However, since it isn’t standards-compliant, you may wish to apply this property only as needed (i.e., only when the page is being displayed in IE6-). By combining this method, developers can build rich image-based designs with alpha transparency like they would for modern browsers like Safari, Firefox, and Internet Explorer 7 that all supports PNG alpha alpha transparency natively. How to Include PNG Transparency in IE6 One available method for doing this is employing Angus Turnbull’s .htc script: First, download the .htc script at TwinHelix Designs. HTC is a scripting language only usable by Internet Explorer (because it was created by Microsoft) and this specific script contains applies the AlphaImageLoader filter to all images within a web page. After downloadign the script, upload the script to your Web server. Then, create (or download from TwinHelix) a blank gif file. This image file is 1×1 pixel with the color set as transparent. (Back in the 90s, these were called these gems “single pixel GIFs“). Within the .htc script, change the line that references the blank.gif file so that it points to the gif’s location on the server. Create a separate CSS file (we’ll name it ie.css), and include within in the following single line, referencing the location of the .htc file: img { behavior: url(iepngfix.htc); } The behavior property let’s you attach a script to some selector (in this case, all img elements). So, this CSS file attaches the .htc file to all of your images, thus applying the desired filter effect to every image within a web page. But, we only want to load this CSS file when the page is viewed in IE6-. To do this, just add the following conditional comment to your page’s header: <!--[if lte IE 6]> <link rel="stylesheet" type="text/css" media="screen" href="ie.css" /> <![endif]--> Conditional comments like these are understood by IE. What the comment says is, “if the browser is IE6 or below, then read the lines within the comment tags. Otherwise, ignore them.” Conditional comments provide a convenient way of applying IE-specific HTML or CSS. Here, the ie.css stylesheet loads only if the page is displayed in IE6-, letting you apply the non-compliant CSS only when it’s absolutely necessary. While a rather convoluted way to get transparent PNGs working in your web pages it does provide a method that is as standards-compliant as possible, giving you the freedom to include the beauty of semi-transparent layers in your designs.