1.创建CAS阵列
[PS] C:\Users\wangtingdong.admin\Desktop>New-ClientAccessArray -Fqdn Mail.DouBiOA.Ren -Name 'Mail.DouBiOA.Ren' -Site 'PEK1'
Name Site Fqdn Members
---- ---- ---- -------
Mail.DouBiOA.Ren PEK1 Mail.DouBiOA.Ren {PEK1-CHS-01, PEK1-CHS-02}
2.申请多主机头证书
New-ExchangeCertificate -SubjectName "c=CN,s=Beijing,o=DouBi,cn=Mail.DouBi.Ren" -DomainName Mail.DouBi.Ren,mail.DouBiOA.Ren,ex.DouBi.Ren,ex.DouBiOA.Ren,autodiscover.DouBi.Ren,autodiscover.DouBiOA.Ren, pop.DouBiOA.Ren,pop.DouBi.Ren,imap.DouBiOA.Ren,imap.DouBi.Ren,PEK1-CHS-01.DouBiOA.Ren,PEK1-CHS-02.DouBiOA.Ren,cas.DouBiOA.Ren -FriendlyName MailCert -GenerateRequest:$True -Keysize 2048 -PrivateKeyExportable $true | Set-Content -Path "D:\MailCert\MailCert.req”
导入证书
[PS] C:\Users\wangtingdong.admin\Desktop>Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path D:\MailCert\certnew.cer -Encoding byte -ReadCount 0)) -FriendlyName “MailCert"
获取证书指纹
[PS] C:\Users\wangtingdong.admin\Desktop>Get-ExchangeCertificate
为多主机头证书分配置服务
[PS] C:\Users\wangtingdong.admin\Desktop>Enable-ExchangeCertificate -Thumbprint BE73EEFBC8320A119A0F6C5A0029E99E95D0C87A -Services 'IIS,IMAP,POP,SMTP' -Server 'PEK1-CHS-01'
导入多主机头证书
将多主机头证书导入至PEK1-CHS-02
为PEK1-CHS-02绑定服务
[PS] C:\Users\wangtingdong.admin\Desktop>Enable-ExchangeCertificate -Thumbprint BE73EEFBC8320A119A0F6C5A0029E99E95D0C87A -Services 'IIS,IMAP,POP,SMTP' -Server 'PEK1-CHS-02'
测试证书生效结果:
修改OWA登录验证方式,执行如下命令:
[PS] C:\Users\wangtingdong.admin\Desktop>Set-OwaVirtualDirectory -LogonFormat 'UserName' -DefaultDomain 'DouBiOA.Ren' -Identity 'PEK1-CHS-01\owa (Default Web Site)’
以管理员方式运行CMD,执行如下命令:
[PS] C:\Users\wangtingdong.admin\Desktop>Set-OwaVirtualDirectory -LogonFormat 'UserName' -DefaultDomain 'DouBiOA.Ren' -Identity 'PEK1-CHS-02\owa (Default Web Site)’
修改OWAURL设置,执行如下命令:
Set-OwaVirtualDirectory -InternalUrl 'https://mail.DouBiOA.Ren/owa' -ExternalUrl 'https://mail.DouBi.Ren/owa' -Identity 'PEK1-CHS-01\owa (Default Web Site)’
Set-OwaVirtualDirectory -InternalUrl 'https://mail.DouBiOA.Ren/owa' -ExternalUrl 'https://mail.DouBi.Ren/owa' -Identity 'PEK1-CHS-02\owa (Default Web Site)’
修改autodiscover配置,命令如下:
Set-ActiveSyncVirtualDirectory -InternalUrl 'https://mail.DouBIOA.Ren/Microsoft-Server-ActiveSync' -ExternalUrl 'https://Mail.DouBi.Ren/Microsoft-Server-ActiveSync' -Identity 'PEK1-CHS-01\Microsoft-Server-ActiveSync (Default Web Site)’
Set-ActiveSyncVirtualDirectory -InternalUrl 'https://mail.DouBIOA.Ren/Microsoft-Server-ActiveSync' -ExternalUrl 'https://Mail.DouBi.Ren/Microsoft-Server-ActiveSync' -Identity 'PEK1-CHS-02\Microsoft-Server-ActiveSync (Default Web Site)’
启用outlookanywhere功能,命令如下:
enable-OutlookAnywhere -Server 'PEK1-CHS-01' -ExternalHostname ‘mail.DouBi.Ren' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $false
enable-OutlookAnywhere -Server 'PEK1-CHS-02' -ExternalHostname ‘mail.DouBi.Ren' -DefaultAuthenticationMethod 'Basic' -SSLOffloading $false
修改OAB配置,命令如下:
Set-OabVirtualDirectory -InternalUrl 'http://mail.DouBiOA.Ren/OAB' -ExternalUrl 'http://mail.DouBi.Ren/OAB' -Identity 'PEK1-CHS-01\OAB (Default Web Site)'
Set-OabVirtualDirectory -InternalUrl 'http://mail.DouBiOA.Ren/OAB' -ExternalUrl 'http://mail.DouBi.Ren/OAB' -Identity 'PEK1-CHS-02\OAB (Default Web Site)'
分别在PEK1-CHS-01及PEK1-CHS-02上启动POP3服务
[PS] C:\Windows\system32>Start-service MSExchangePOP3
分别在PEK1-CHS-01及PEK1-CHS-02上启动IMAP服务
[PS] C:\Windows\system32>Start-service MSExchangeIMAP4
调整POP3身份验证为“纯文本登录”,命令如下:
[PS] C:\Windows\system32>Set-PopSettings -Server 'PEK1-CHS-01' -LoginType 'PlainTextLogin'
[PS] C:\Windows\system32>Set-PopSettings -Server 'PEK1-CHS-02' -LoginType 'PlainTextLogin'
调整IMAP4身份验证为“纯文本登录”,命令如下:
[PS] C:\Windows\system32>Set-ImapSettings -Server 'PEK1-CHS-01' -LoginType 'PlainTextLogin'
[PS] C:\Windows\system32>Set-ImapSettings -Server 'PEK1-CHS-02' -LoginType 'PlainTextLogin'