Exchange 2010 Prerequisites

Let’s examine the prerequisites for Exchange 2010 on Windows Server 2008 R2.

I hate it when websites or blog posts just give a list of commands to type in without really explaining what they do. You can get a list of Exchange 2010 prerequisites for Windows Server 2008 R2 from a TechNet article but that doesn’t try and give you an idea of what’s happening or why it’s required.

First up, the Windows Server features that are required. The names below are what you would type in using PowerShell.

Exchange Roles & Feature requirements NET-Framework RSAT-ADDS Web-Server, Web-Basic-Auth, Web-Windows-Auth, Web-Metabase, Web-Net-Ext, Web-Lgcy-Mgmt-Console, WAS-Process-Model, RSAT-Web-Server Web-ISAPI-Ext, Web-Digest-Auth, Web-Dyn-Compression, NET-HTTP-Activation, RPC-Over-HTTP-Proxy Desktop-Experience
MB x x x and install Office filter packs
CAS x x x x and enable Net.TCP port sharing
HT x x x and install Office filter packs
CAS, MB x x x and install Office filter packs x and enable Net.TCP port sharing
CAS, HT x x x and install Office filter packs x and enable Net.TCP port sharing
MB, HT x x x and install Office filter packs
CAS, HT, MB x x x and install Office filter packs x and Net.TCP port sharing
UM x x x x
CAS, HT, MB, UM x x x and install Office filter packs x and enable Net.TCP port sharing x
ET x x and ADLDS

NOTE: Before trying to install a feature via PowerShell don’t forget to import the Server Manager module. After that you can enable features using the Add-WindowsFeature cmdlet.

Now on to the features:

  1. NET-Framework installs the .NET Framework. For Windows Server 2008 R2 that’s .NET Framework 3.5.1.
  2. RSAT-ADDS installs the Remote Server Administration Tools (RSAT) for Active Directory Domain Services (ADDS). Installing RSAT-ADDS automatically installs NET-Framework so you don’t really need to specify the latter separately.
  3. Web-Server … RSAT-Web-Server install the IIS web server:
    1. Web-Server installs the IIS 7.5 web server role and also tools to manage this role.
    2. Web-Basic-Auth and Web-Windows-Authinstall the basic and windows authentication modules.
      1. Basic authenticationmeans the users authenticating with the web server provide a username and password. This is the most basic of authentication techniques – hence the name – but has the advantage that it works across all browsers, firewalls and proxies. However, the password is sent from the client to the server unencrypted and so it’s a good idea to use basic authentication over SSL so all the communication is encrypted.
      2. Windows authentication means the users authenticate with the web server using NTLM or Kerberos protocols. This is more secure than basic authentication but has the disadvantage that not all browsers and proxies support it. The advantage is that windows authentication can use the windows username and password of the user trying to access the website and so gives users a seamless experience.
    3. Web-Net-Ext installs .NET Extensibility. Exchange 2010 requires this for PowerShell remoting, which is how cmdlets in EMS (and in turn the EMC) interact with the server. In Exchange 2010 even if you don’t connect to remote machines, the EMS connects to the Exchange server as though it were a remote session. In fact, this uses a virtual directory published by IIS and is one more reason why IIS is required by Exchange. All (remote) PowerShell requests are sent over HTTP and IIS is used for such connections. (This post gives a great example of PowerShell remoting into an Exchange 2010 server using the IIS virtual directory).
    4. WAS-Process-Model installs the Window Process Activation Service (WAS), which provides the process model for IIS. This MSDN Magazine article is a good introduction to process models and IIS (another good article can be found here). Essentially: a process model is the way multiple applications or websites running on an IIS server are managed and coordinated. A process model ensures that the various applications are available for clients and that they don’t interfere with each other. The WAS is a new component, introduced in IIS 7.0, and it makes it possible to use IIS to host non-HTTP applications (IIS being a web-server you would expect it to work with only HTTP applications; but with IIS 7 you can use IIS for non-HTTP applications too and take advantage of IIS’s management features). Exchange features such as Autodiscover and the Exchange Web Services (EWS) (which is an API hosted on the CAS role and can be used by developers to interact with the core Exchange functionality) are built upon the Windows Communication Framework (WCF). The WCF is a non-HTTP application and so requires WAS in IIS, leading to Exchange requiring WAS as a prerequisite.
    5. Web-Metabase installs the IIS 6 Metabase compatibility feature. The metabase is an internal database where IIS stores its configuration information. IIS 7 does away with the metabase and uses XML configuration files instead. Installing the IIS 6 Metabase compatibility feature allows applications, such as Exchange 2010, running on IIS 7 to still use the IIS 6 metabase APIs. Similarly Web-Lgcy-Mgmt-Console installs the IIS 6 management console.
    6. RSAT-Web-Server doesn’t install anything. It’s the Remote Server Administration Tools (RSAT) for IIS but is already installed as part of installing the Web-Server feature.
  4. I don’t think the Mailbox role actually requires all the Web-* features mentioned above. Only the Web-Server feature and the two authentication modules seem to be actually required. But no harm installing the rest!
  5. The Mailbox & Hub Transport roles require the Office 2010 Filter packs to be installed. This is used so the contents of email attachments can be indexed for searching.
  6. Web-ISAPI-Ext … RPC-Over-HTTP-Proxy installs many additional features that are only required by the CAS role.
    1. Web-ISAPI-Ext installs support for ASP.NET and the Internet Server API (ISAPI) extensions. ISAPI extensions are a way for application developers to extend the functionality of the IIS web server and you can read more about them here. The CAS role uses ISAPI extensions to provide forms based authentication in OWA, for instance.
    2. Web-Digest-Auth installs the digest authentication module. Digest authentication sends passwords from the browser to server using a digest hash (so it isn’t as open for all to view as basic authentication). Unlike windows authentication it does work over proxies, but has other disadvantages. More details about the four authentication methods can be found at this great blog post.
    3. Web-Dyn-Compression installs support for compression of dynamic data. This uses bandwidth more efficiently but increases load on the CPU (due to the overhead of compression).
    4. NET-HTTP-Activation enables WCF HTTP activation.
    5. RPC-Over-HTTP-Proxy allows RPC clients to connect to RPC servers over HTTP. Remote Procedure Call (RPC) is how clients such as Outlook communicate with Exchange. RPC-over-HTTP, which is possible with Outlook 2003 onwards, allows this RPC communication to happen over HTTP. The RPC proxy runs on the IIS server and acts as an intermediary between the server and client.
  7. WCF uses a service called the Net.TCP Port Sharing service. This service is installed as part of the WCF, but not enabled. So on CAS role servers, one must enable it manually. Do this through the Services console or using PowerShell: Set-Service NetTcpPortSharing -StartupType Automatic (after you install WCF above)
  8. Lastly, Desktop-Experience installs codecs required for Unified Messaging.
More later …