Use: “SSS_X64FRE_EN-US_DV9-KB4493440-KB4103723.iso”
During install select Server w/GUI
Upon completion of install:
- Install virt-io or ESXi drivers
- Assign Static IP and Local DNS (127.0.0.1)
- Change Hostname
- Reboot
- Add Active Directory Domain Service [Role], IIS [Role] and Media Foundation [Feature]
- Allow automatic reboots (tick box)
- Create new forest.
- Reboot
- Add forward DC lookup (8.8.8.8 and 8.8.4.4 and 1.1.1.1)
- Internet Explorer Mode Off
- Enable RDP
- Install Chrome
Install Exchange 2016 Dependencies:
- Install dotNet Framework v4.8 (ndp48-x86-x64-allos-enu.exe)
- Install IIS rewrite (rewrite_amd64_en-US.msi)
- Install UMCA (UcmaRuntimeSetup.exe)
- Install 2013 C++ runtimes (vcredist_x64.exe)
(the above 4 items can be installed in any order)
Install Exchange CU23.ISO – do not check for updates.
- Select Mailbox role with automatically install dependencies ticked, depending on hardware it takes approx. 40 minutes.
- Reboot as suggested by the installer.
Deploy SSL (host.subdomain.domain.tld,autodiscover.domain.tld,exchange.domain.tld):
https://www.alitajran.com/install-free-lets-encrypt-certificate-in-exchange-server/
Extract win-acme to root of C: (as to ensure it’s not accidentally deleted) the program will create a scheduled task.
- Populate Exchange as required.
- Add Exchange Rules (eg: impersonation warnings.)
- Install Exchange2016-KB5030524-x64-en (this is the latest Exchange 2016 rollup at the time of writing) – it is not yet available through Windows Update and must be installed manually.
- Install other Windows Updates
Suggested Actions:
- Block ECP: Disable external access to ECP in Exchange Server https://www.alitajran.com/disable-external-access-to-ecp-exchange/
- Setup DKIM. https://powerdmarc.com/dkim-on-prem-exchange-server-setup/