I’ve been working with a new installation of Exchange 2010 for the last couple weeks. Today, I finally got tired of waiting so long for the Exchange Management Console (EMC) and Exchange Management Shell (EMS) to start up on my management workstation. This only happens because our network isn’t connected to the Internet. The solution was to open Internet Explorer options advanced tab. Scroll down to the Security section and uncheck “Check for publisher’s certificate revocation”.
I found the idea from this posting http://blogs.technet.com/b/nawar/archive/2011/06/03/exchange-2010-management-console-emc-is-very-slow.aspx but I didn’t need to uncheck the second setting he has there since we have a fully operational private PKI infrastructure in place. This is safe for us to do in our environment because of our isolation.
In getting Exchange installed in our environment, I had to completely rip it out and start over. I started with mail1 and mail2 servers running the CAS/HT/MBX roles but found that I would have needed a hardware load balancer for the CAS array. After getting everything up and running in a proper configuration, I launched the Exchange Management Console from my admin workstation and the “Microsoft Exchange On-premises Server” fails to initialize because it’s trying to connect to the old mail1 server which doesn’t exist anymore. I tried uninstalling the management tools from my workstation and re-installing them. Still failed. After a hour or so of looking around I finally found out how to fix this. Delete the following key in the registry: HKCU\Software\Microsoft\Exchangeserver\v14\AdminTools\NodeStructureSettings.
Restart the EMC and you’ll be good to go.
I had the privilege of setting up a new exchange server on our network and ran into a failure. During the Hub Transport installation the setup failed because the service wouldn’t start. Apparently during the Active directory prep, a new group is created called Exchange Servers. This group is given Manage Auditing and Security permissions on the Domain Controllers. In our environment we have that setting specified in the Default Domain controllers policy to only allow the Auditors group. As soon as that policy was refreshed it overwrote what the Exchange setup had done. It took a while but I finally tracked this down with the help of two other blog postings.