Exchange Server 2010 全新部署篇九：CAS&HUB中客户端访问功能配置篇

1.创建CAS阵列

[PS] C:\Users\wangtingdong.admin\Desktop>New-ClientAccessArray -Fqdn Mail.DouBiOA.Ren -Name ‘Mail.DouBiOA.Ren‘ -Site ‘PEK1‘
Name                Site                 Fqdn                           Members
----                ----                 ----                           -------
Mail.DouBiOA.Ren    PEK1                 Mail.DouBiOA.Ren               {PEK1-CHS-01, PEK1-CHS-02}

2.申请多主机头证书

New-ExchangeCertificate -SubjectName "c=CN,s=Beijing,o=DouBi,cn=Mail.DouBi.Ren" -DomainName Mail.DouBi.Ren,mail.DouBiOA.Ren,ex.DouBi.Ren,ex.DouBiOA.Ren,autodiscover.DouBi.Ren,autodiscover.DouBiOA.Ren, pop.DouBiOA.Ren,pop.DouBi.Ren,imap.DouBiOA.Ren,imap.DouBi.Ren,PEK1-CHS-01.DouBiOA.Ren,PEK1-CHS-02.DouBiOA.Ren,cas.DouBiOA.Ren -FriendlyName MailCert -GenerateRequest:$True -Keysize 2048 -PrivateKeyExportable $true | Set-Content -Path "D:\MailCert\MailCert.req”

导入证书

[PS] C:\Users\wangtingdong.admin\Desktop>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path D:\MailCert\certnew.cer -Encoding byte -ReadCount 0)) -FriendlyName “MailCert"

获取证书指纹

[PS] C:\Users\wangtingdong.admin\Desktop>Get-ExchangeCertificate

为多主机头证书分配置服务

[PS] C:\Users\wangtingdong.admin\Desktop>Enable-ExchangeCertificate -Thumbprint BE73EEFBC8320A119A0F6C5A0029E99E95D0C87A -Services ‘IIS,IMAP,POP,SMTP‘ -Server ‘PEK1-CHS-01‘

导入多主机头证书

将多主机头证书导入至PEK1-CHS-02

为PEK1-CHS-02绑定服务

[PS] C:\Users\wangtingdong.admin\Desktop>Enable-ExchangeCertificate -Thumbprint BE73EEFBC8320A119A0F6C5A0029E99E95D0C87A -Services ‘IIS,IMAP,POP,SMTP‘ -Server ‘PEK1-CHS-02‘

测试证书生效结果：

修改OWA登录验证方式，执行如下命令：

[PS] C:\Users\wangtingdong.admin\Desktop>Set-OwaVirtualDirectory -LogonFormat ‘UserName‘ -DefaultDomain ‘DouBiOA.Ren‘ -Identity ‘PEK1-CHS-01\owa (Default Web Site)’

以管理员方式运行CMD，执行如下命令：

[PS] C:\Users\wangtingdong.admin\Desktop>Set-OwaVirtualDirectory -LogonFormat ‘UserName‘ -DefaultDomain ‘DouBiOA.Ren‘ -Identity ‘PEK1-CHS-02\owa (Default Web Site)’

修改OWAURL设置，执行如下命令：

Set-OwaVirtualDirectory -InternalUrl ‘https://mail.DouBiOA.Ren/owa‘ -ExternalUrl ‘https://mail.DouBi.Ren/owa‘ -Identity ‘PEK1-CHS-01\owa (Default Web Site)’

Set-OwaVirtualDirectory -InternalUrl ‘https://mail.DouBiOA.Ren/owa‘ -ExternalUrl ‘https://mail.DouBi.Ren/owa‘ -Identity ‘PEK1-CHS-02\owa (Default Web Site)’

修改autodiscover配置，命令如下：
Set-ActiveSyncVirtualDirectory -InternalUrl ‘https://mail.DouBIOA.Ren/Microsoft-Server-ActiveSync‘ -ExternalUrl ‘https://Mail.DouBi.Ren/Microsoft-Server-ActiveSync‘ -Identity ‘PEK1-CHS-01\Microsoft-Server-ActiveSync (Default Web Site)’

Set-ActiveSyncVirtualDirectory -InternalUrl ‘https://mail.DouBIOA.Ren/Microsoft-Server-ActiveSync‘ -ExternalUrl ‘https://Mail.DouBi.Ren/Microsoft-Server-ActiveSync‘ -Identity ‘PEK1-CHS-02\Microsoft-Server-ActiveSync (Default Web Site)’

启用outlookanywhere功能,命令如下：
enable-OutlookAnywhere -Server ‘PEK1-CHS-01‘ -ExternalHostname ‘mail.DouBi.Ren‘ -DefaultAuthenticationMethod ‘Basic‘ -SSLOffloading $false
enable-OutlookAnywhere -Server ‘PEK1-CHS-02‘ -ExternalHostname ‘mail.DouBi.Ren‘ -DefaultAuthenticationMethod ‘Basic‘ -SSLOffloading $false

修改OAB配置，命令如下：
Set-OabVirtualDirectory -InternalUrl ‘http://mail.DouBiOA.Ren/OAB‘ -ExternalUrl ‘http://mail.DouBi.Ren/OAB‘ -Identity ‘PEK1-CHS-01\OAB (Default Web Site)‘
Set-OabVirtualDirectory -InternalUrl ‘http://mail.DouBiOA.Ren/OAB‘ -ExternalUrl ‘http://mail.DouBi.Ren/OAB‘ -Identity ‘PEK1-CHS-02\OAB (Default Web Site)‘

分别在PEK1-CHS-01及PEK1-CHS-02上启动POP3服务

[PS] C:\Windows\system32>Start-service MSExchangePOP3

分别在PEK1-CHS-01及PEK1-CHS-02上启动IMAP服务

[PS] C:\Windows\system32>Start-service MSExchangeIMAP4

调整POP3身份验证为“纯文本登录”，命令如下：

[PS] C:\Windows\system32>Set-PopSettings -Server ‘PEK1-CHS-01‘ -LoginType ‘PlainTextLogin‘
[PS] C:\Windows\system32>Set-PopSettings -Server ‘PEK1-CHS-02‘ -LoginType ‘PlainTextLogin‘

调整IMAP4身份验证为“纯文本登录”，命令如下：
[PS] C:\Windows\system32>Set-ImapSettings -Server ‘PEK1-CHS-01‘ -LoginType ‘PlainTextLogin‘
[PS] C:\Windows\system32>Set-ImapSettings -Server ‘PEK1-CHS-02‘ -LoginType ‘PlainTextLogin‘