With Exchange 2016 in public preview–and many folks already downloading the bits–it was time to sharpen our pencils and write a 2016 install series.
The goal of this series is to help you introduce Exchange 2016 into your existing 2010/2013 lab.
How to install Exchange 2016 in a lab
In this series, we will:
- Review lab recommendations
- Review Exchange 2016 requirements
- Building the VM / OS
- Install Exchange 2016 prerequisites
- Extend the Active Directory schema
- Install Exchange 2016
- Configure a simple Exchange 2016 namespace
- Create and process a certificate request
- Move the database
- Move test users
Don’t try this in production
Exchange 2016 will not be released until later this year. You never want to test preview code in a production environment. Always use a lab.
Labs can be inexpensive. If your PC has enough RAM and disk space, Hyper-V might be a perfect fit. Hyper-V comes included with Windows 8 and greater, and it’s very feature-rich. I ran a lab this way for some time.
If you don’t have space, then consider an external USB 3.0 or eSATA drive. I have a number of colleagues that run successfully this way. Some laptops let you swap out their optical drive for a secondary hard drive. Either way, internal or external, a second hard drive is a nice way to keep things organized. For an extra boost, you may want to consider a solid-state drive. I currently own a Samsung 850 EVO 500GB SSD, and I am thoroughly impressed with it.
If you are going to run multiple Exchange servers from your primary PC, then I would recommend one minor tweak–startup settings. If you are running a few VMs and have set them to start with the OS, you could be in for an incredibly long boot process (even with a solid-state drive). My recommendation–have those VMs not start with the host OS. You can do this by modifying the properties of each VM. Either turning off auto-start or setting a sizeable delay will do the trick.
If you have money to spend, you may want to consider buying a refurbished server from an auction site. An HP DL 380 G5 with 16GB of RAM and a couple of hard drives goes for around $100 these days.
My current setup is an HP DL380 G5 with 2 quad-core Xeon processors, 32GB of RAM, and 700GB of usable drive space. This setup currently runs a domain controller, one multi-role Exchange 2010 server, two multi-role Exchange 2013 servers, two Exchange 2016 servers, a file server, a Kemp Virtual Load Balancer, and Windows 8.1. They all run 24×7 with resources to spare.
If your lab is in a crunch for resources, you can often get away with dropping below the recommended hardware requirements. This is due to the fact you don’t have any user load. For example, a multi-role production Exchange 2013 server is recommended to run at least 8GB of RAM with additional memory per user. I run my Exchange 2013 lab servers at 4GB of RAM comfortably. Whether you do this is at your own risk. If you see Exchange performing strangely with cryptic system errors, it’s probably choking on fumes. It either needs more resources or is in contention with another VM. If you do drop it down to 4GB, make sure it actually is getting the full 4GB.
If none of these seem like a viable option, check out this fantastic blog post from Exchange MVP Jeff Guillet. In this article, Jeff explores three different server builds to help you balance functionality with cost.
Lab ready to go? Awesome!
Keeping it simple
Hopefully, you have been using multi-role Exchange servers for some time. I haven’t been splitting out Exchange roles since the early 2010 days, and even then, I did so begrudgingly. Thankfully with Exchange 2016, this is no longer a possibility.
While multi-role was a strong recommendation in Exchange 2013, this is now mandatory in Exchange 2016. In the screenshot below, you will notice the absence of the Client Access role. This has been combined into the Mailbox role.
That said, we will deploy a single multi-role Exchange 2016 server into our existing Exchange 2013 environment. In future series, we will explore high availability and failover.
For more on the exciting new features shipping with Exchange 2016, check out our post from Microsoft Ignite.
Update: Windows Server 2016 is supported as of Cumulative Update 3. As of writing, Cumulative Update 4 is now out. For more information–and info on a critical Windows Server 2016 patch for Exchange–check this article. In addition, CU4 requires .NET Framework 4.6.2. For versions prior to CU4, stick with 4.5.2.
Server 2008 has been dropped as a viable operating system. Server 2012 is now listed as the minimum host operating system. This new operating system requirement is likely a result of the Resilient File System (ReFS) recommendation for all database and log drives. While not a hard requirement ReFS is a part of the preferred architecture.
The other benefit of 2012 is the advances in Windows Failover Clustering, the underlying technology for Database Availability Groups (DAGs). The addition of dynamic quorum in Server 2012 allows clusters to be more resilient to failure. You can read more about that here.
The host requirements are as follows:
- Windows Server 2012 or Windows Server 2016.
- .NET Framework 4.5.2 (RTM through CU3)
- .NET Framework 4.6.2 (CU4+)
- Windows Management Framework 4.0
- Unified Communications Managed API (UCMA) 4.0
Active Directory requirements have changed. Primarily driven by Server 2003 going end-of-life back in July. Here are the new requirements for your lab’s domain.
- Windows Server 2008 R2 Forest functional level
- Windows Server 2008 R2 Domain functional level
- Windows Server 2008 R2 Global Catalog servers
- Windows Server 2008 R2 Domain Controllers
Update 9-14-2015: During the Microsoft Ignite sessions, it was proposed that 2008 R2 would be the minimum requirement for domain controllers. Microsoft’s Abram Jackson has since confirmed that 2008 RTM is the correct base requirement.
Update 9-19-2017: CU7 now requires a forest functional level of Windows Server 2008 R2. All domain controllers in the forest will need to be at this operating system level. Exchange 2016 CU6 and earlier only require a forest functional level of Windows Server 2008.
When Exchange 2013 was released, it dropped support for Exchange 2003. Customers in 2003 had to migrate to either 2007 or 2010 before they could go to 2013. Similarly, Exchange 2016 drops coexistence with 2007. Organizations on 2007 will need to migrate to either 2010 or 2013 before they can jump to 2016.
The supported coexistence scenarios are as follows:
- Exchange 2010 SP3 RU11
- Exchange 2013 CU10
Unlike previous versions of Exchange, the 2013 and 2016 admin tools can fully manage each other’s objects. The 2010 management tools will not be able to manage 2016 objects.
Similarly, how Exchange 2013 dropped support for Outlook 2003, 2016 will drop support for 2007. Outlook for Mac 2008 has also hit the chopping block. New client requirements are as follows:
- Outlook 2016
- Outlook 2013 with SP1 (& KB3020812)
- Outlook 2010 with SP2 (& KB2956191 / KB2965295)
- Outlook for Mac 2011 or later.
Building the VM
Before picking a hypervisor, make sure it is part of Microsoft’s Server Virtualization Validation Program. Our lab is running the free version of VMware ESXi 5.5.
On this hypervisor, we have created a new virtual machine named EX16-01, assigned it 1 virtual CPU and 4GB of RAM.
The minimum for Exchange 2016 is 8GB of RAM. However, as I mentioned in a previous section, I can run my lab comfortably with 4GB. If you are in a crunch for resources, 4GB will work as long as Exchange truly is getting all 4GB and, it’s not in contention with other VMs. To make sure I am dedicating 4GB to this VM, I will click the Resources tab in the properties of the virtual machine. From there, I will check the box to Reserve All Guest Memory (all locked). This ensures the hypervisor will not allocate our RAM elsewhere. If in doubt, and performance isn’t up to par, go with 8GB. Then reserve all 8 GB for Exchange.
We only plan to have a couple of databases in the lab, so we won’t be using mount points. To keep our lab simple, we will just use standard Windows drive letters.
We will configure four drives as follows:
|C:||50 GB||Operating System|
|E:||50 GB||Exchange Install Directory|
The database and log drives will start small. We don’t expect to have more than a few dozen test users. Nor do we expect any of those users to have any significant data.
We will make the Exchange Install drive 50 GB. Managed Availability can generate some large logs. Should the need arise, we can always add more space.
We will be using fixed disks. Dynamically expanding disks are only supported in the VHDX format (Hyper-V).
We will format C: and E: with NTFS and L: and M: with ReFS per Microsoft’s guidelines.
We will keep the page file on the C: drive. Better to have it not contend with anything Exchange related when it comes to IOPS. With regard to the C: drive, keep an eye on free space. I have only spec’d for 60GB. If we let it get under 10GB, we could end up thrashing the page file and causing an unnecessary increase in disk I/O. If in doubt, and especially if you plan to combine C: and E:, bump the C: drive to 100 GB or greater.
We will use a single network adapter for all client and replication traffic. This is based on Microsoft’s recommendation to keep things simple. Microsoft recommends weighing the added complexity of separate networks against performance gain. With 2016 dropping its network utilization by 40% the scales are tipping heavily towards single network adapters.
Installing an operating system
Now that our Virtual Machine is configured, it’s time to install the operating system. Mount your Server ISO and proceed with the installation.
Note: Keep in mind that Server Core is unsupported. Exchange requires a GUI.
With the operating system installed:
- Install any HyperVisor integration components
- Configure a static IP
- Name and join the server to the lab’s domain
- Prepare and format additional disks
- Apply Windows Updates
- Enable Remote Desktop (optional)
The necessity for file-level antivirus has often been a topic of debate. Should you install antivirus, you will need to add quite a few exceptions. Microsoft has no official document for 2016 at the time of writing. But the 2016 document will likely be incredibly close, if not spot on, to its 2013 counterpart. For more information on file-level exclusions, check this link.
With Windows Server 2016, Windows Defender matured into a fully-fledged antivirus solution. It has now been re-branded as Windows Defender Antivirus. To quickly add the 84 required exclusions with 3 PowerShell commands, check this article. If you would prefer a script, download my script.
Using this lab as an example, we would exclude the entirety of the E, L, and M drive. We would also make exclusions for all IIS components on the C drive (system and content folders).
In our next article, we will perform the Exchange 2016 schema updates for Active Directory. We will also tackle all mailbox server prerequisites.
That is the perfect post. Great article.
When using REFS, do the exclusions keep working?
When using mountpoints i noticed that some AV software ignored the path eg C:\databases\database1\database1.edb when C:\databases contained mountpoint.
Raju George says
Good work mate, thanks for sharing, much appreciated, God Bless
Have you installed Exchange 2016 CU4 on Windows Server 2016? I followed your guide in my lab (again!) and have setup two Exchange 2016 CU4 servers in a DAG and they are both installed on Windows Server 2016 with the latest December Windows Updates. Each VM has 8GB of RAM and I am constantly getting an error when logged into each server saying that “Windows is running low on memory”. In vSphere6 Web Client I have reserved the memory allocated to each Exchange 2016 VM. Shortly after getting the low memory error then the Kemp load balancer starts to show that the services are down and OWA/ECP etc stop working. I then have to reboot.
Any ideas? During the install there were absolutely no errors.
When I followed your guide before I installed Exchange 2016 on Windows Server 2012 R2 and the Exchange VM had 8GB of RAM and has been running well for a year now!
Are there still issues with installing Exchange 2016 on Windows Server 2016 even with CU4 which supposedly fixes the bugs on Windows Server 2016? As of today I am literally on the latest version of Windows/Exchange.
Am stumped! Done loads of Googling and have come up empty handed. I thought CU4 sorted things out on Windows Server 2016.
My lab setup only has 4 mailboxes/users so it’s a very basic setup with minimal load. I would have thought 16GB of RAM allocated to two Exchange 2016 mailbox servers would be enough even if running in a DAG?
Yes, it’s a VM on Hyper-V 2012 R2, no dynamic memory. Weird situation, as Exchange 2013 was running ok with same VM configuration. I rebuild VM again with Exchange from scratch – same issue. :(.
This is strange, Exchange 2013 worked like a charm with 5GB of RAM, it seems that Exchange 2016 (on Windows Server 2012 R2) it having performance issues running with 5GB of RAM. Pagefile is increasing to 6GB and it still running slow. If i increase RAM to 6-7GB RAM same issue. I wonder if this is related to .net 4.5.2.
Gareth Gudger says
Hey Radu. Is this virtualized? If so, can you confirm whether dynamic memory is disabled (Hyper-V) or you are reserving all guest memory (VMware). I run this on 4 GB myself, but I make sure the RAM is committed to the VM (can’t be shared with other VMs). For more info on my VMware settings check the “Building the VM” section of this article. There is a hyperlink titled, “getting all 4 GB” that opens a screenshot of how I reserve the memory in VMware ESXi. For production the recommended RAM is 8 GB plus additional RAM for each user.
Hi Gareth, amazing tutorial. I am stuck on one area though. I need to use IMAPS and SMTPS for some Thunderbird clients. I can connect using TB and can access a users mailbox no problem. The problem I have is that when I try to send email I get a certificate warning as SMTPS (port 587) is using the self signed certificate which is assigned to IIS and SMTP. My wildcard certificate is also assigned to IIS and SMTP but for some reason the self signed certificate is being used when the TB clients try to send email. I cant change the certificate services in the EAC as the services are greyed out for both self signed AND wildcard cert and using the powershell hasn’t helped so far.
So how can I get port 587/SMTPS to use my trusted wildcard cert rather than the self signed one?
Love the website!!
Great work! Thanks for sharing
Gareth Gudger says
Glad you like it. It was a pleasure to write. Please share with your colleagues.