I am so excited to write the 1st blog on the Exchange Server SE deployment and experience it. I have tried to detail as much as possible. It was done in Golden Five Consulting Lab.
- Mount the media.
- Supported Operating Systems
Windows Server 2019, Windows Server 2022, Windows Server 2025
- Exchange Server Subscription Edition RTM System Requirements and Prerequisites
For information about Exchange Subscription Edition RTM system requirements and prerequisites, see the following topics:
- Supported Active Directory environments
The following table lists the supported Active Directory environments for Exchange Server.
| Version | Active Directory servers | Forest Functional Levels |
| Exchange Server SE | Windows Server 2025 Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 | Windows Server 2016 Windows Server 2012 R2 |
- .NET Framework
Releases of .NET Framework that aren’t listed in the table below aren’t supported on any supported release of Exchange Server. These releases include minor and patch-level releases of .NET Framework.
| Version | Windows | .NET Framework |
| Exchange Server SE | Windows Server 2025 Windows Server 2022 | .NET Framework 4.8.1 (recommended) or .NET Framework 4.8 |
- Resource Requirements
For Hybrid server, I am going with 4 core 16GB memory. There is a different requirement for Database servers and Edge servers to work smoothly.
- Installation
After Prerequisites are installed, Run the following command to update the AD Schema.
- Update Schema
.\setup.exe /Prepareschema /IAcceptExchangeServerLicenseTerms_DiagnosticDataON
Check the range upper post schema update.
dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=domain,dc=xxx -scope base -attr rangeUpper
It will come 17003
- Update AD
.\setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /OrganizationName:orgname
If you are setting up new Exchange for then you need to enter Organizationname else skip it.
Notice here, now your AD is locked, and Exchange 2013 can’t be installed here.
- Update Domains
.\setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms_DiagnosticDataON
- Run the upgrade Exchange server for in place upgrade
.\setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /m:upgrade
I got the following three errors.
- Setup can’t verify that the ‘Host’ (A) record for this computer exists within the DNS database on server IP. For more information, visit: https://learn.microsoft.com/Exchange/plan-and-deploy/deployment-ref/ms-exch-setupreadiness-HostRecordMissing?view=exchserver-2019
PN: This is a warning so it should be good if you rerun without fixing this.
- Setup can’t detect a Send connector with an address space of ‘*’. Mail flow to the Internet may not work properly. https://learn.microsoft.com/Exchange/plan-and-deploy/deployment-ref/ms-exch-setupreadiness-NoConnectorToStar?view=exchserver-2019
PN: Created * connector smtp send connector to fix it.
- The ‘IIS URL rewrite module’ isn’t installed on this computer and needs to be installed before Exchange Setup can begin. Downloaded & Installed https://learn.microsoft.com/Exchange/plan-and-deploy/deployment-ref/ms-exch-setupreadiness-IISURLRewriteNotInstalled?view=exchserver-2019
Download URL Rewrite Module 2.1 https://www.iis.net/downloads/microsoft/url-rewrite Choose English: x64 installer
- Re-run the installation.
.\setup.exe /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /m:upgrade
Got this error
The following error was generated when “$error.Clear();
Install-ExchangeCertificate -services IIS -DomainController $RoleDomainController
if ($RoleIsDatacenter -ne $true -And $RoleIsPartnerHosted -ne $true)
{
Install-AuthCertificate -DomainController
$RoleDomainController
}
” was run: “System.Security.Cryptography.CryptographicException: The certificate is expired.
at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
at Microsoft.Exchange.Management.SystemConfigurationTasks.InstallExchangeCertificate.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName,
Action func, Boolean terminatePipelineIfFailed)”.
Our Lab’s exchange certificate was expired so renewed Exchange certificate and rerun the setup.
Failed this time due to file open.
I closed log file and rerun the setup. Dr. Watson Error this time.
Re-run the setup this time.
I got setup window resize error. So, start the setup again & just leave the server for 1-2 hours. ☺
Re-Run the Setup. This time completed. Cheers.
- Exchange setup has completed. It left the following action items for me.
Action 1: Warning: Exchange Setup couldn’t preserve some of the configurations during upgrade. More details can be found in Exchangesetup.log located in <SystemDrive>:\ExchangeSetupLogs folder. For more information, visit: https://aka.ms/PreserveExchangeConfig2019.
PN: Oops, I don’t like in place upgrade for this reason.☹
Action 2: Exchange Setup has enabled Extended Protection on all the virtual directories on this machine. For more information visit: https://aka.ms/EnableEPviaSetup
PN: I like it, this is a great job. Check it out. https://learn.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/security-best-practices/exchange-extended-protection?view=exchserver-2019
Action 3: We recommend periodically running the Exchange Health Checker script, as well as after setup, to evaluate the organization for additional recommended configurations and security best practices. The Health Checker script can be downloaded from https://aka.ms/ExchangeSetupHC
PN: This is better health checker than mine, so use it.
Here is the updated build 15.2.2562.17
After the installation, all emails got stuck in the draft.
- Found our lab had a connector disabled. Fixed it. All went well.
Conclusion: I would recommend avoiding in place upgrade and install a new server, move the configuration, run hybrid wizard and cut over to Exchange Server SE.
When you will run Hybrid wizard, you will see this new screen. Admin consent should be granted if we are running hybrid mode.
I tested mailflow, services, and connectivity. All tests came successfully.
Regards,
Prabhat Nigam
Global CTO | Golden Five
CEO | LAEXUG Foundation
