Creating a Virtual Server template of Window 2008 R2 for Exchange 2010

Author: NetworkAdminKB.com

Created: 2010-11-29

Modified: 2011-10-09

The following information outlines important considerations to take into account and steps on how to create a virtual server template for any of the Exchange 2010 Server roles. You can use this outline to help you deploy any Exchange Server role in a virtual environment quickly. In general you should have one VM template for each Exchange server role (Hub Transport, Edge Transport, or Mailbox).

Assumptions and Perquisites

Windows 2008 R2 is being used
Exchange 2010 with SP1 is being installed.
This is a new installation of and Exchange organization, and not an upgrade.
You are familiar with normal administration and configuration tasks associated with Windows 2008 R2.
The account used for the Exchange tasks is a member of the Server Management group. By default, this group is located in the forest root domain in the Microsoft Exchange Security Groups OU.
Exchange Active Directory Schema and Domain updates have been installed.
- You have already ran setup /PrepareAD /on:name
The CAS Server role is the first role you must install for Exchange.
The template process will consist of the following
- Installing and preparing the Windows 2008 R2 OS and all other software not including Exchange. This virtual server can then be deployed using cloning and Sysprep.
- Sysprep will configure the following items
  - Add the server to the appropriate domain
- The installation of the Exchange 2010 role will be done via an unattended installation script.
- Post installation configuration of the OS and Exchange will be done manually or via scripts.

Limitations

Only Fiber Channel is supported by Microsoft when deploying Exchange 2010 Database Availability Groups (DAG). iSCSI can only be used for standalone mailbox servers. [1]
vSphere 4 only supports 255 LUNs (including Raw Device Mappings - RDMs) per ESX host. [1]
Deploying Exchange 2010 servers in a mixed storage configuration of VMFS and RDMs, where the Guest OS is installed on VMFS and the Exchange database and log files are on RDMs is supported. [1]
NFS is not support for the Exchange 2010 Mailbox Server Role [1].
vSphere 4 limits the Guest OS to a maximum of 8 vCPUs. Microsoft allows up to 12 cores to be assigned Exchange 2010 Mailbox servers. [1]
vSphere 4 limits the Guest OS to a maximum of 255GB RAM. [1]
vSphere 4 limits LUNs/RDMs to 2TB minus 512Bytes. [6]
vSphere 4 virtual machine snapshots can include RDMs only in virtual compatibility mode. Snapshots are not available when the RDM is used in physical compatibility mode. [3]
To use vMotion for virtual machines with NPIV enabled, the RDM mapping files must be located on the same datastore as the other virtual machine’s VMDK files. [3]
vSphere 4 does not allow Storage vMotion between datastores when NPIV is enabled. [3]
Microsoft does not support or limits the following virtualization features when running Exchange 2010 virtualized
- Exchange 2010 supports a vCPU to logical CPU ratio no greater than 2:1 [4]
  - Logical CPUs = CPU Cores
- Exchange 2010 does not support virtual machine snapshots of any Exchange Roles (CAS, HT, DAG, etc). [4]
- Exchange 2010 does not support Memory Oversubscription (aka: overcommitment). This applies to all Exchange 2010 Roles. [4]
- The use of thin provisioned disks (aka: Virtual disks that dynamically expand) or network-attached storage devices is not supported by Microsoft for virtualized Exchange 2010 deployments. [2] [4]
- Microsoft doesn’t support combining Exchange 2010 DAGs with Hypervisor based clustering solutions. [4] VMWare, recommends disabling HA and DRS on the Mailbox/DAG Virtual Machines and not on the cluster. [1] VMware also claims internal testing of HA (not DRS/vMotion) has been shown to work fine with DAGs [5]...duh, HA will only power on the VM, not vMotion it. VMware does not suggest a configuration for this, but I can certainly image one that meets all the other Microsoft requirements and still has HA enabled for the Exchange 2010 DAG VMs….but it would still be unsupported.

What does Unsupported mean anyway?

The meaning varies by vendor and even support call to support call. Official Microsoft statements tend to lead toward the broad view that configurations that are not 100% supported would not be eligible for support regardless of the effect the unsupported configuration has the actual issue. For example having vMotion enabled on a DAG server would be cause to deny support for a CAS server issue, or any other issue unrelated to vMotion.

However, in practice support is usually given if the caller 1) reasonably explains the issue and does not mention irrelevant unsupported configuration features, 2) the unsupported configuration feature does not directly relate to the problem being addressed, 3) the unsupported configuration is corrected and the problem still exists.

Create Virtual Server Template Instructions:

1) Install Windows 2008 R2 per your company standards

a. Add the following required features

i. Microsoft .NET Framework 3.5.1 (includes SP1)

ii. Windows Powershell Integrated Scripting Environment (ISE)

b. Optional features to add

i. Windows Server Backup feature

1. Include Command line tools

c. Enable the following on the server

i. Remote desktop

d. Optional software to install

i. Adobe Reader

ii. Network Monitor 3.3 from Microsoft

1. Troubleshooting tool

iii. Debugging Tools for Windows (64bit version)

1. Install version v6.11.1.404

2. Troubleshooting tool

iv. Microsoft Office 2010 Filter Pack

1. Allows indexed searches of MS Office files

v. Adobe PDF iFilter 9 for 64-bit platforms

1. Allows indexed search of PDF Files

e. Configure Pagefile settings as appropriate

i. Suggested Reading:

1. How to determine the appropriate page file size for 64-bit versions of Windows

a. Article Quote: When lots of memory is added to a computer, a paging file may not be required.

ii. Recommendation:

1. Write Debugging Information: Kernel Memory Dump

2. Virtual Memory

a. Servers with 8GB or less

i. The C: drive contains the entire page file.

1. Configure Initial and Maximum Size of pagefile on the dedicated drive to the amount of RAM + 10MB.

b. Servers with more than 8GB

i. The C: drive only contains a 200MB pagefile.

1. Configure Initial and Maximum Size of pagefile to 200MB.

ii. A dedicated pagefile drive will be used to hold the bulk of the pagefile.

1. Configure Initial and Maximum Size of pagefile on the dedicated drive to the amount of RAM + 10MB.

f. Install all hotfixes and patches for the OS and additional software as needed.

2) Configure your drives as needed.

a. Recommendation

i. Add an secondary drive (D:\) to install Exchange to

b. Exchange Drive Permissions

i. On the root of the Exchange Installation drive configure the following permissions

1. Administrators: Full Control

2. SYSTEM: Full Control

3. Authenticated Users: Read and Execute

4. Remove all other permissions.

3) Copy the Exchange Server DVD to the server

a. Create a parent folder where all installation files can reside

b. Then copy the Exchange DVD to a sub folder

c. Example: D:\Parent\Exchange2010

4) Clone virtual machine

a. This is so you can test on the clone without working on your original

5) Sysprep the cloned virtual machine

a. Configure Sysprep to add the virtual server to the appropriate domain.

b. Test as needed until you have this process working.

Exchange Perquisites

Most perquisites of the Exchange 2010 roles can be integrated in to the template (they withstand running of sysprep post installation), reducing your scripting requirements. Below is a shot list of perquisites you can install directly into the VM template.

1) Configure the Net.Tcp Port Sharing Service for automatic startup

a. Command Line

sc config NetTcpPortSharing start= auto

b. PowerShell

Set-Service -Name NetTcpPortSharing -StartupType Automatic

2) All CAS role requirements

a. Run the following Powershell commands.

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart

Unattended install of Exchange 2010 Role

By using the unattended installation method of Exchange 2010 you can automate the installation of the role with the template deployment.

Preparing the VM template for Exchange 2010 installation

1) If not done already, copy the Exchange 2010 DVD to the VM Template

a. D:\ Parent\Exchange 2010

2) Download the latest Exchange 2010 Update Rollup

a. Place the rollup MSP file in the Exchange 2010 DVD Updates subfolder

i. Example: D:\Exchange2010\Updates

ii. This folder is checked automatically for update files.

b. Latest update at this time:

i. Update Rollup 1 for Exchange Server 2010 Service Pack 1

3) Review Install Exchange 2010 in Unattended Mode web page for a list of unattended installation options.

4) Change to the location of the DVD and the setup.com installation program

5) Determine your installation parameters

a. The following options are recommended

i. Role (/r)

ii. TargetDir (/t)

iii. Example CAS install command

Setup /r:C /t:"D:\Program Files\Microsoft\Exchange Server" /ExternalCASServerDomain:mail.domain.com

b. Create a Batch file to launch the unattended installation

i. Save the batch file in a subfolder of the installation folder

1. Example: D:\Parent\Batch

6) Once you have your installation script ready,

a. You can integrate running the script into the template deployment and test as needed, or you can rely on manually running the script posting template deployment.

Post Installation Checks and Configuration

After running Exchange unattended install you can use the following information to verify the installation, and license your Exchange 2010 Server.

1) Verify Installation

a. Exchange 2010

i. Check the Control Panel Uninstall Programs list

b. Exchange Rollup

i. Check the the Control Panel Uninstall update list

c. Launch the Exchange Management Console

i. Browse the organization

2) Enter the Exchange 2010 License Key

a. By default, an Exchange 2010 Server that is unlicensed functions as an Exchange Standard Edition server for 120 days. Once a product key is entered Exchange will determine if the server is running the Standard Edition or Enterprise Edition of Exchange 2010 and will update any necessary settings.

b. Powershell Command to install a license key.

Set-ExchangeServer -Identity %computername% -ProductKey aaaaa-aaaaa-aaaaa-aaaaa-aaaaa

c. Restart the Microsoft Exchange Information Store service so that the change is applied.

More Information:

Windows Server 2008 Security Guide

Exchange 2010 Post-Installation Tasks

Enter Exchange 2010 Product Key

Exchange 2010 Prerequisites

Configure Edge Transport Server Using Cloned Configuration

[1] Microsoft Exchange 2010 on VMware Best Practices Guide

[2] Microsoft Exchange 2010 on VMware Support and Licensing

[3] vSphere ESX 4 Configuration Guide