installing Forefront Protection for Exchange 2010 on a standalone server not having exchange server role

Ask a question

Saturday, May 12, 2012 10:02 AM

0

Hi

we have below numbers of servers and wanted to install Forefront Protection for Exchange2010 (FPE).

2 AD Server, 1 CAS/HT Server, 2 MBX Server.

Is it possible to install FPE on dedicated server or i need to install it on one of the Exchange 2010 Role Server.

Presently we are using TrendMicro SPAM Controller as AntiSPAM Gateway and instead of this we want to try FPE for Exchange 2010.

Regards

Devang Patel
- Reply
- Quote

All Replies

Saturday, May 12, 2012 8:09 PM

0
On Sat, 12 May 2012 10:02:30 +0000, Devang Patel wrote:

>

>

>Hi

>

>we have below numbers of servers and wanted to install Forefront Protection for Exchange2010 (FPE).

>

>2 AD Server, 1 CAS/HT Server, 2 MBX Server.

>

>Is it possible to install FPE on dedicated server or i need to install it on one of the Exchange 2010 Role Server.

>

>Presently we are using TrendMicro SPAM Controller as AntiSPAM Gateway and instead of this we want to try FPE for Exchange 2010.

Install it on the two HT servers.

You can install it on the MBX servers, too. You don't have to enable

the real-time scnning on the MBX server unless you have public folders

on those machines, though. Doing a scheduled scan on the mailbox

databases to rescan anything with attachments that have been received

in the last two days is ussuall enough unless you're dealing with a

virus outbreak. If you are, enable the real-time scanning to slow down

the spread of the infection and scan every message, even if it's been

scanned by another machine (the AV signatures on the machines may not

be the same).

---

Rich Matheisen

MCSE+I, Exchange MVP

--- Rich Matheisen MCSE+I, Exchange MVP
- Proposed As Answer by Jamestechman Saturday, May 12, 2012 9:13 PM
- Marked As Answer by Frank.WangModerator Friday, May 18, 2012 4:25 AM
- Reply
- Quote
Tuesday, May 15, 2012 6:18 AM

Moderator

0

Hi Davang,

Any updates?
Frank Wang

TechNet Community Support
- Reply
- Quote
Monday, May 28, 2012 11:07 AM

0

Actually My Question is i can install it on Server which is not having any Exchange Roles. Means any Fresh Server with Windows Server 2008 R2 and member of Domain.

Regards

Devang
- Reply
- Quote
Monday, May 28, 2012 2:09 PM

0

On Mon, 28 May 2012 11:07:34 +0000, Devang Patel wrote:

>Actually My Question is i can install it on Server which is not having any Exchange Roles. Means any Fresh Server with Windows Server 2008 R2 and member of Domain.

They call it Forefront Protection for EXCHANGE for a reason. The FPE

needs the MS Exchange Hub Transport or Edge role before you can istall

it.

---

Rich Matheisen

MCSE+I, Exchange MVP

--- Rich Matheisen MCSE+I, Exchange MVP
- Reply
- Quote
Tuesday, May 29, 2012 5:23 AM

0

Thanks for your help

That's right

But what my query is i have already Below Server

Server1 - AD with Schema and Domain Master Role (Windows 2008 SP2 x64)

Server2 - AD with PDC, RID and Infrastructure Role (Windows 2008 R2 SP1 x64)

Server3 - CAS and HT Exchange 2010 SP1 (Windows 2008 R2 SP1 x64)

Server4 - Mailbox Role Exchange 2010 SP1 (Windows 2008 R2 SP1 x64)

Server5 - Mailbox Role Exchange 2010 SP1 (Windows 2008 R2 SP1 x64)

Now what i wanted to do is i want to introduce a new machine with Windows 2008 R2 SP1 x64 with member of Domain. No Exchange Server Role will be on it. Could i install FPE 2010 on this new Server or i need to place it on any of the above server called server3, server4 or server5.

Regards,

Devang
- Reply
- Quote
Tuesday, May 29, 2012 6:25 AM

Moderator

0

Hi Devang,

You have to install FPE on any of the Exchange servers.

Microsoft Forefront Protection 2010 for Exchange Server (FPE) can be deployed on Exchange Edge Transport, Hub Transport, Mailbox server, or combined Hub/Mailbox roles.

Protecting your Exchange servers

http://technet.microsoft.com/en-us/library/protectingexchangeserverswithforefront

By the way, if you try to run the setup.exe on a server with no Exchange server role installed, an error appears:

No protectable server applications were detected. Client-only installation is not currently supported.
Frank Wang

TechNet Community Support
- Reply
- Quote
Tuesday, May 29, 2012 7:31 PM

0
On Tue, 29 May 2012 05:23:10 +0000, Devang Patel wrote:

>

>

>Thanks for your help

>

>That's right

>

>But what my query is i have already Below Server

>

>Server1 - AD with Schema and Domain Master Role (Windows 2008 SP2 x64)

>

>Server2 - AD with PDC, RID and Infrastructure Role (Windows 2008 R2 SP1 x64)

>

>Server3 - CAS and HT Exchange 2010 SP1 (Windows 2008 R2 SP1 x64)

>

>Server4 - Mailbox Role Exchange 2010 SP1 (Windows 2008 R2 SP1 x64)

>

>Server5 - Mailbox Role Exchange 2010 SP1 (Windows 2008 R2 SP1 x64)

>

>Now what i wanted to do is i want to introduce a new machine with Windows 2008 R2 SP1 x64 with member of Domain. No Exchange Server Role will be on it.

Then you aren't going to be able to install FPE on it.

>Could i install FPE 2010 on this new Server or i need to place it on any of the above server called server3, server4 or server5.

The most effective place to install FPE would be on the HT server. You

can also install it on the MBX server roles and leave the "Real Time

Scanning" disabled. You can then use FPE to scan the previous "X" days

of message attachment (many times an infected attachment arrives

before the AV signatures are updated and that rescanning will find

them). You also need FPE on any public folder server because posts to

public folders don't pass through the HT server (where it would be

scanned) like a e-mail to the public folder would.

---

Rich Matheisen

MCSE+I, Exchange MVP

--- Rich Matheisen MCSE+I, Exchange MVP
- Marked As Answer by Devang Patel Tuesday, June 05, 2012 7:58 AM
- Reply
- Quote
Wednesday, June 06, 2012 5:05 PM

0
Thanks for the reply

presently we are using Trend Micro SPAM Controller.

The Present Configuration is like on CAS server in send connector we are using Smart host which is pointing to Trend Micro SPAM Controller.

Now i 'm planning to install one new Server which will only hold HT Server Role. I want to install FPE 2010 on that server. so after this what i need to do.

In send connector i need to use DNS Server or Smart host Pointing to new HT Server.

My Another Query is can i use the New HT Server by installing CAS as well so that i can use it CAS Array and install FPE2010 on new server which is having CAS and HT role on it and use it. is it possible or not.

pls help me as i wanted to implement it ASAP.

Regards

Devang
- Edited by Devang Patel Wednesday, June 06, 2012 5:08 PM
- Reply
- Quote
Wednesday, June 06, 2012 5:50 PM

0
On Wed, 6 Jun 2012 17:05:51 +0000, Devang Patel wrote:

>

>

>Thanks for the reply

>

>presently we are using Trend Micro SPAM Controller.

>

>The Present Configuration is like on CAS server in send connector we are using Smart host which is pointing to Trend Micro SPAM Controller.

>

>Now i 'm planning to install one new Server which will only hold HT Server Role. I want to install FPE 2010 on that server. so after this what i need to do.

>

>In send connector i need to use DNS Server or Smart host Pointing to new HT Server.

You want to remove the current HT server from the Send Connector and

replace it with the new HT server. Then modify the Send Connector to

"use DNS" instead of a smart host.

>My Another Query is can i use the New HT Server by installing CAS as well so that i can use it CAS Array and install FPE2010 on new server which is having CAS and HT role on it and use it. is it possible or not.

Yes.

---

Rich Matheisen

MCSE+I, Exchange MVP

--- Rich Matheisen MCSE+I, Exchange MVP
- Marked As Answer by Devang Patel Thursday, June 07, 2012 5:24 PM
- Reply
- Quote

installing Forefront Protection for Exchange 2010 on a standalone server not having exchange server role

All Replies

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support by product

Other support links

Not an IT pro?