Complete version Server 2016/19 and Exchange

This article describes step-by-step how to install Server 2016/2019 and Microsoft Exchange

Server 2016 and 2019

The installation of Server 2019 is the same as Server 2016.

Only accessing the network adapters (WAN and LAN) is slightly different.

That difference is indicated during the installation.


Difference between Standard and Essentials.

According to Microsoft, the only difference would be, that with Essentials you can connect a maximum of 25 clients and with standard unlimited.

This is not quite correct.

With Essentials you can't install an Exchange mail server.

So use Standard (desktop experience)


No internet No internet when adding clients Server 2019

It has been found that if you immediately install Server 2019, you can have quite a few problems with adding (linking) the clients as far as the internet connection is concerned.

With the installation of Server 2016 this goes a lot better.

After installing Server 2016, you can upgrade to Server 2019 without loss of function.

Therefore, install Server 2016 first and upgrade after you have done everything, including whitelisting.


Security issues with Exchange mail server.

Exchange mail connects to some kind of internal website (OWA) to handle mail traffic.

Normally this only works with Explorer as webbrowser.

You don't want that because that browser is a source of annoyance.

You will find that out for yourself because you will get numerous warnings and you will have to add a site to the list of trusted websites every time.

If you access the Exchange website with Explorer you will get all kinds of security issues, such as invalid certificates or other connection problems.


Do not use Explorer
The best thing to do then is to use a different browser.

You can also use Firefox for Server 2016 and 2019.

However, Firefox is not recommended if you want to connect through the Exchange Administrative Center for the mailflow, because it will not work.

Install Google Chrome and make that the default browser when you start using Exchange mail.

Install Virtual Machine on a standalone Windows 10 computer or laptop with multiple remote desktop sessions in a real network (not virtual)
Multiple remote desktop sessions with only 1 VM on a server running Azure and Onedrive for Bussines

VM ware Azure. Virtual desktop Windows 10
RDP port (VPN)

1-VPN connection

2-Install VM server with Windows Deployment Service (WDS) W10 and Remote Desktop Service (RDS)
3-Quota. Adjusting the storage space (Z)
4-Sharing trough File and Storage Services V1
5-DFS Share and Replication

6-Windows Server Backup

Upgrade/migration server 2016 to 2019

Difference between Server 2019 and server 2016

Server 2016

Storage client workfolders and data on the server

How to detect, enable and disable SMBv1, SMBv2, and SMBv3

Register Domain Name. DNS forwarding

Preparations Exchange mailserver

Exchange mailserver

How to fix the red dashboard after install exchange mail with KB 3206632

HTTP error 500

Exchange OWA error. This page can't be displayed

Change domain name

Password does not work, reset (video)

Recovery point server 2016

Entering Whitelist rules

And how to delete the entered rules

Using Windows Deployment Service (WDS)

Provide a C, D and E partition

C for OS Server 2016/2019
D for Exchange
E for the (other) software you are going to install.

On E is the following software.

Folder Exchange with the unpacked ISO from Exchange
Map Exchange preprocessing with API 5 or higher and Framework NDP 452
Map Update KB3206632 for Exchange
Map Windows 10 with 32 and 64 bits
Map Drivers from the server
Map with ISO Office 2016
Map with tool to activate KMS (MAK) licenses for Office

Partition C and D must be empty and the ISO of Exchange must be copied from the E to the D.
Unpack that iso with 7zip
The filename of that folder needs to be Exchange.

Boot Dell Poweredge T410 from usb flash drive?
Install Server 2016 with USB or PXE server

There are 2 USB ports on the motherboard.
There you can insert a bootable USB stick.
Start the server and click on F11 and then choose Hard (USB drive)
But installing
from a PXE server is a bit faster.

For the server and the exchange mailserver you need to have a working domain (website) with associated email addresses.
If you still see komputerhulp in the text or on the images, it should be komp-u-ter-hulp.nl

Windows Server 2016 Installation

We are installing new Server 2016 OS and in the article, you can find step by step installation process.

We have minimum hardware requirement for install Server 2016.

You can find system requirements of Server 2016 in the link.

And you can find your hardware compatibility with Server 2016 here.



Installation started now, this screen you can able to configure language, region and time, keyboard settings. We should configure correct settings here and then select “Next” for continue.  


You should select “Install Now” in coming screen.


We can choose the Server 2016 version on this menu. We need Server 2016 Standard with GUI so selected 
Server 2016 Standard (Desktop Experience).

Also, if you need to install Server 2016 without GUI you should select “Windows Server 2016 Standard” here. Further Windows Server 2016 has different edition: Datacenter, Standard and Essentials editions.

You can check here for Comparison of Standard and Datacenter editions of Windows Server 2016 Jump

And here detailed information about editions of Server 2016 Jump.


We can see the licence terms on this screen, select “I accept Licence Terms” then click Next to continue. Choose desktop version


Select “Custom: Install Windows only (advanced)” here because we will do a clean installation OS. But if you need an in-place upgrade you should select “Upgrade: Install and Keep files, settings and applications” here. This option suitable for supported OS, features, services and roles. But keep in mind you should not prefer in-place upgrade for critical roles like Active Directory Directory Services, etc.

We can select and configure disc information on this screen.
(You can set the installation disc, size, etc.) Use default settings here .

You can see that the necessary files are copied and the installation process is running on this screen.


The installation process is done and rebooting.

Screen showing that the necessary settings were made before the server was started.


We can set a password for the local administrator account. You should configure a secure password for local admin.


On the login screen, we can login with “Administrator” account and related password.  


And finally, you can see new Server 2016 interface. It’s similar to old Server 2012 interface but there are a lot of new features coming with Server 2016.  

You should fully patch new Server 2016 before you add or configure roles, services  

Install Google Chrome

After the installation of Server 2016, D and E may have been swapped.
Restore that at disk management
Type:  computer  and then click disk management.

Video card
Install the video card for the 2 screens (see the driver on E)

That driver must have been unzipped to a directory.

If not, do it with 7zip.

Start, right mouse button, device manager.

Go to that videocard and browse to that folder

Another browser

ISO Exchange on D
Delete all data on D.
Copy the ISO from Exchange to D (from E)

Unpack that ISO with 7zip to the folder Exchange

Password not expire

Can only be set when the active directory is working.

What is DNS?
Read about the DNS protocol

Approach Adapters
Server 2019
Bottom left right mouse button:
Settings / network / network and sharing center
Then you will see Wan and Lan

Configure network
only the Wan cable in (LAN cable out) so you can see what the right adapter is.
The LAN adapter will then show a red cross.
Change the name of that adapter to LAN
And the 2nd in WAN
Reconnect the cable.

Type CMD and click CMD.exe
Type:  ipconfig
View provided IP address
Stand on the working adapter

Enter fixed static IP
Go to settings
Ethernet adapter options

On the internet adapter (not the LAN)

Automatically assign IP address


Click on the second adapter (LAN)
Connect the cable
Click on the adapter
Click on IPV4 and Properties
Type IP address
Leave line 3 and 5 empty

Go to services
Disable updates (temporary, turn on later)

Disable firewall
Type firewall and turn it off.

Disabling irritating messages Explorer
Server Manager
Local server.
Enchange security configuration
Click on on and set that to off.

Volume license (MAK)
Click top right on Manage
Ad rolls and feautures
Next, next
Server roles

And then tick Volume Activation Tools and do the same with Windows Deployment Services.

Do the same at Network Policy Services

Click through and then install.
Then click on the yellow flag above.
Configure Volume Activations tools.
You can ignore that, we don't have a KMS volume license key, but we will do the MAK Activation later.

Go to network and sharing center
Network discovery should be on.
If not, change that.
Check that again!
If it jumps back to off
Type in the search window: services.msc
There should be 3 services on automatic.
Function Discovery resource
2) SSDP discovery
3) UpNp device hos

If you don't have internet, click on the Wan adapter

Approach Adapters
Server 2019
Bottom left right mouse button:
Settings / network / network and sharing center
Then you will see Wan and Lan

That may work, but it's actually not good.
It should be like this, but you can change it later when adding the clients
For now you have internet and you can continue.

Even if it looks like you don't have internet, open a browser.
It sometimes reacts rather slowly.

Server 2016 Activation.
Under roles and futures, check that Volume Activation Service is installed.
Below is for server 2016
Look here for Server 2019
Click on the start button with your right mouse button and then click on system.

Verify that Server 2016 is activated
Click on the start button with your right mouse button and then on system.

The Multiple Activation Key (MAK) license has activated the software.
If not, you can still enter the product code.

Server 2016

Check if you have internet

Type slui in the text field and then enter
You will then get a notification that it was successfull.

And then check that 2016 is activated.

Server 2019 activation
Under roles and futures, check that Volume Activation Service is installed
Open CMD and the use the command line below with a space after ipk and the activation code with dashes.
slmgr.vbs /ipk xxxxx-x
Restart the server.

Disable auto lock function (screen saver)

  1. Right-click on the desktop and then click Personalize.
  2. Click 'Lock screen'.
  3. Click 'Screen timeout settings'.
  4. Choose Never

Roles & Features
Install one by one

Roles and features

Select only the Active Directory Domain Services

No others


Click on automatic restart after installation

If the server does not restart automatically, do so yourself.

After the restart, click on that yellow triangle

Add a new forest: kompserver.nl

The following parts each need some time.
So please be patient before you can click or type anything
This is not work for nervous people.


DNS wil be automatically installed and configured
Ignore error message.
Click on show more.

Then it is indicated that this error message has to do with the presence of the active directory you just installed.

The NetBios domain name is automatically configured, just wait a moment


Just wait and you'll get the message that the server is going to restart

Go back to server roles

1) Click on DHCP
2) Click on Remote Access and then click on Routing

That could take a while. 
Click on that yellow triangle: Complete DHCP installation, or you will see the following immediately.

Click on the yellow triangle
Then you will see Getting started Wizzard
That leads to nothing.
We're going to do that with tools

That leads to nothing. Regardless of what you enter

Go to Tools and click on DHCP with your right mouse button.

Klick on ipv4

Click on ipv4 with your right mouse button
New scope

Scope name: DHCP
Discription leave blank

Start IP:
End IP: 
Length: 24
Subnet mask:

Leave empty

Router default gateway
Check if the IP is correct:
That' your router's ip address
Click Add


Parent domain: kompserver.nl

WINS servers: 
Leave Server name and ip blank. next

Yes activate scope, finish

Password never expires
See the instructions

Click on Routing and remote access (that red arrow) with your right mouse button

Reboot the server

The Wan setting isn't right yet.
You probably don't have internet now
Click on the Wan adapter

At first it worked, but after DHCP it didn't.
It should be like this, change that and see if you have internet.

Even if it looks like you don't have internet, open a browser.
It sometimes reacts rather slowly.

No internet yet?
Check if those 3 services are
on automatic.
Function Discovery resource
2) SSDP discovery
3) UpNp device hos

Password never expire.

Add client
On computer client 1 and 2
Password on clients.
Settings, accounts, login options.
Enter password.
It can take a while before the clients have internet
Access can be fast, but 15 minutes is no exception.
If nothing happens, restart the server.

Add clients on server:
Tools: Active Directery Users and Computers
Click on that user image

Now create Ernie as a user.

Check if remote access is ticked on the server

Now on the clients, not on the server!

If the clients have been added before then you have to remove them from the domain.

Click on This PC, Properties

Right click on Change settings

Klick on change (wijzigen)

Click on Domain and then type kompserver.nl
Do the same for Bert.
Restart the clients

Add: on client!
This PC
Right mouse button

Click left on advanced system settings


Click on Allow external connections.
Do the same at the server

Check the network adapter on the clients

Office 2016 standard on server
Install Office
After installation, restart Office setup again
Change product key
Type product code.
Click on Word
If it's okay, you'll see the activation screen.
Reboot the server

Excel doesn't work.
In the search window, type:  regedit
Go to File, find,
Type:  DontRefresh
Change Dword value from 1 to 0

Set service update to enable and get the (latest) updates.
Create an image of C.
With Macrium Reflect

(Step 1 of C)
Macrium-Reflect Free does not work on a server.
However, you can use the boot rescue CD to create an image and restore it.

Set up another domain name.
The following procedure applies if you need to change the domain name due to the change of the company name, a merger or other reason.

Change Domain Name

Domain registration
DNS forwarding

We have registered the domain kompserver.nl at Vimexx
And there we have created 2 mail accounts. Bert and Ernie
The intention is actually to create 2 mailboxes on the server for Bert and Ernie.
MBO-4 goes no further than creating folders for storing documents.

We also want the mailboxes on that server.
But if you use the DNS of Vimexx, you mail from Ernie to Bert via Vimexx.
It has to go through the server and then to Bert so that a copy remains on the server.
In this case it is outside the server.

You need a registered domain.
In this case kompserver.nl whose DNS must be forwarded to the IP address of the company.
A static address of the provider (isp)

In this case

It's about:

mail.kompserver.nl (Vimexx IP address)
mail (Ziggo incoming IP address)
pop (Ziggo incoming IP address)
smtp (Ziggo incoming IP address)

NS1 (Vimexx)
NS2 (Vimexx)
NS3 (Vimexx)

MX mail (10 mail.kompserver.nl)



0% loss
It comes down to forwarding the DNS of Vimexx to Ziggo's own IP address.
Then you only have 1 cable from the router directly to the server.

The following is the normal existing situation and then everything has internet.
But then you can't have that forged DNS at your disposal



If you go from the router with only 1 cable to that server, you can have that DNS at your disposal.
But only when the server is configured and the clients have internet, you can reconnect the rest from that hub.
As long as that doesn't work, the rest has no internet.

Below you see 2 servers because it is not recommended to configure Exchange and the company server on 1 machine
To configure the Mailflow, the Wan needs to be connected directly to
the Exchange server, because the domain is forwarded to the DNS of that server.
Instead of having that server directly behind it, we just need a hub.

Disadvantage is that if the Exchange does not have a network, the rest will not work either.
Upgrading to Ziggo Business Pro provides 5 IP addresses so you can connect multiple servers to it.
This means that you also need to create a number of subdomains and then you need to activate LD-LDS (Lightweight Directory) as a role.
But that has probably already happened because that's why you get a remark with the yellow flag that ADAM is not enumerated and that refers to the fact that you have not yet created subdomains.

Below is a possible solution, but it means that the server has to work.
With restart or if the server is still being configured the rest has no internet.

Netwerk agemeen = Network general

You can also only use the Exchange with Server 2016 (on 1 machine) with a hub/switch.


If you forward Ziggo's IP address to the server, you can use the network as it is now.

But you can also ask what the costs are of having that mailflow taken care of by another company.
To maintain a mail server the company needs a specialist and that costs time and money.
Outsourcing this can even lead to considerable savings.

 Because we have another problem.
With the upgrade of the version Windows1903 to 1909 it went completely wrong.
We set the data to D so that on C there is only the OS with the programs.
OneDrive has also been moved to D.
And then it went wrong.
The testers had already warned about it, but those warnings were ignored.

With the upgrade of 1909 OneDrive on C was expected.
However, it was on a different partition. (D)
Omdt that was not on C was assumed that nothing was stored there in OneDrive.
And that was synchronized with the cloud and nothing was synchronized with nothing.

Everything gone in the cloud.
Then connect to OneDrive on that other partition and synchronize it with nothing.
It took another 14 days before the rollout was stopped.
And the response of M$:
We will try to retrieve your data, but cannot guarantee it.
Fine, and then you can go to the employer with that info.
Data loss is job loss. That is unforgivable.

Back to the mailboxes of Outlook.
The story above is to understand the following and to be able to estimate the risks.
Until Office 2013 the mail was stored in an Outlook.pst file.
Had you moved the documents to the D then that file was also on the D under Documents/Outlook
So you could put an (older) image back without any risk of losing mail.
Since Office 2016 they use a link with Office 365 and your mail is also stored in the cloud.
Then you no longer have a PST file but an OST file which is set to C and cannot be moved.
You can create a folder on D and then you can create a symbolic link from that OST on C to that folder on D.

That is 1 direction of traffic.

Then you get a copy of C on D but if there is still old mail in that D folder, it will not go to C.
And then the big question.
If you put an image of 6 months old back on C the cloud will put that 6 months mail back in that folder, or is it assumed that you deleted 6 months mail yourself and synchronized it with the cloud, so that mail is lost?

What do you think?
It is plausible that the old mail on D is not synchronized with C and also not with the cloud.

With this information you then have enough arguments to convince the employer that this mail handling (mail flow) is better handled by an external party.
First of all, it costs a lot of time (and money) to install and maintain a mail server.

Time that prevents you from doing other things.
And the employer has to hire a specialist and that also costs more.
Then there is the hacking risk that confidential mail will end up on the street.
It is therefore advisable to request a quote from an external party for the handling of that mail flow.

Server 2016 can be installed on a server without forwarding.

For the preparations for Exchange and Exchange itself.
Then you need to connect that hard disk to the server behind with that forged DNS and you could configure the mail flow.
With the disadvantage that the rest has no internet.
We are not going to do that.
Continue with the rest of the installation and see how far you get.

Forwarding the Ziggo Wan
to the DNS of the Exchange server.








Now you are going to configure the mail account.
Actually it should be via mailflow, but we use 2 mailboxes from the domain kompserver.nl which is registered at Vimexx.
This to prevent that the rest has no internet during the configuration of server 2016.
Click on Outlook
Then you can activate an account right away.

On client Bert follow the instructions below and on Ernie it will become ernie@kompserver.nl.

Click m More settings and then on advaced.

SMTP should also be web.0105.zxcs.nl with port 587, but with that router from Ziggo it doesn't work.
Then but port 25 unencrypted.

Send a mail to yourself to check
If it doesn't work, see if Work Offline is dark.
In Outlook 2016 and higher there is an annoying bug so the program goes offline and then you won't receive any mail and you can't send anything.
Sometimes you wonder if that M$ is still someone who can think logically, or if they only employ idiots.

Click on send/recieve all folders, and then on that work ofline icon.


Storage data on server

Work Folders in Windows Server 2016

That goes largely well, but goes wrong with entering the email address.

HTTPS is indicated, but there is no SSL certificate available.
Then you can create an administrative SSL certificate.

No Video? Click here

Client  access to own shared folder on server

Follow the instructions for the Client  access to own shared folder on server and also keep that Z as a shared folder partition.
The maximum size for individual files is 10 GB by default.
There is no storage limit per user, although administrators can use File Server Resource Manager's quota functionality to implement quotas.
You can also decide to directly reserve 100 gb for each client.

Put something in that Z partition and see if it syncs with the folder on the server

If that works, go to C:\ Users and then select the specified folders.

You cut them and then paste them into Z
OneDrive cannot be moved to Z

Share common folder on server

Share common folder on client

Create mail-accounts for clients

Create restorepoints for  server 2016

Zie ook:

More about client data on server (pdf)

Syncronizing data from Servers to each other (pdf)

You don't have to do that right now.
Then you can do it later if necessary.



Preparations Exchange Mail Server

Create an Exchange folder on D
Put the Exchange ISO ( 6797mb ) in there if it is not there.
Unpack the ISO with 7 zip in the folder
The name of the folder has to be Exchange

It is recommended to have a C (OS), a D (Exchange), and an E (Software).
On that E partition you will find all the already downloaded software you need.

If all of this is already there, you don't have to download anything and you can install it from that E

If after installing a component you get an error message when installing the next component, it is often a matter of rebooting and then trying again.

nstall Media Foundation Feature

Launch Server Manager (ServerManager.exe), navigate to Manage → Add Roles and Features→ Next → Next → Features → Scroll Down → Select Media Foundation → Next → Install.

Install API 4 & API 6 or higherUnified
Communications Managed API 4.5.2. Runtime

Get the updates first, otherwise it won't work.

Install Framework 4.7


Install-WindowsFeature Net-Framework-Core -source®network®share®sxs

Install Visual Studio 2013 C++

Update KB3206632 installation is no longer necessary
If you download the updates, it will be updated automatically.

Open Windows PowerShell.  

Here it is assumed that you have the unpacked ISO in the Exchange folder on D!

The ADSI below has not (yet) proved necessary.
You can skip that. Contin
ue here

  1. Open Active Directory Service Interfaces (ADSI) Edit. To do this, click Start, click Run, type ADSIEdit.msc, and then click OK.
  2. After the ADSI Edit window is loaded, right-click ADSI Edit in the navigation pane, and then click Connect To.
  3. In the Connection Settings window, click Select a well known Naming Context in the Connection Point area, and then click Schema.
  4. Expand the Schema [DC.domain.com] node, and then click CN=Schema, CN=Configuartion,DC=domain,DC=com.

In the result pane, right-click CN= ms-Exch-Resource-Schema, click Property, and then change the value of the lDAPDisplayName attribute to msExchResourceSchema



Right mouse button on properties

Go to Display name and edit
CN= ms-Exch-Resource-Schema

Click on the start button at the bottom left and search for PowerShell, then click on Windows PowerShell.

We set the installation directory of Exchange to D under that name.


Open PowerShell and navigate to the folder where the installation files of Exchange 2016 are located.

This can take a while per command.

Enter the command below:
Install-WindowsFeature RSAT-ADDS

If you see >> press enter  

cd d:\exchange

To install the Features, run the cmdlet below.


Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, ADLDS, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS


You can use the Lightweigth Directory wizard if you have Ziggo Business Pro.
Then you get 4 extra IP addresses, with which you can also forward to the DNS of other servers with subdomain names.

cd d:\exchange

To perform the schedule update, run the cmdlet below:
Don't forget the point at the front

.\setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Active Directory Schema update is finished.

To make the Active Directory suitable for Exchange 2016 the cmdlet below needs to be executed. When the scheme update hasn't been executed yet it will still be executed in this step. In this step you will need to specify the Organization Name.

The Organization Name cannot be changed afterwards, so choose a name you are satisfied with until the end!

Run the cmdlet below.
You need to replace the command line name company between the brackets below for the organization name.

Copy that line to Notepad and change the company name to the desired one, then paste that line into PowerShell.

.setup.exe /PrepareAD /OrganizationName: "company name" /IA\cceptExchangeServerLicenseTerms

In this case

cd d:\exchange

Don't forget the point at the front

.\setup.exe /PrepareAD /OrganizationName:"kompserver" /IAcceptExchangeServerLicenseTerms

Preparing the Active Directory has succeeded.

Install Framework 3.5
Use Manage, Roles and featurus and click through until you see framework 3.5 at the top.
And that may take a while.

All preparations for the Active Directory have now been completed. To be able to install Exchange 2016 a number of Features will be installed.  


Reboot the machine.
Then you'll see a warning

Installing  Exchange 2016
Mailbox Role in Power Shell

cd d:\exchange

Make sure you copy the first point of the following command line with it 


./Setup.exe /Mode:Install /IacceptExchangeServerLicenseTerms /Role:Mailbox /CustomerFeedbackEnabled:False /TargetDir:”D:\\Exchange\\” /DbfilePath: “D:\\ExchangeDb\\” /LogFolderPath:”D:\\logs\\”

If you can login with administrator and password then the installation succeeded and you do not have to do the following with that setup.


You may get an error message.
If you get an error message when installing, it's often a matter of rebooting and then trying again.
But you can also install Exchange from the setup file on D

The Exchange Server setup operation didn't complete
There may be a lack of space on the D.
 It has to be 25-40 gb

If you have enough space then you have to run setup from D again

Open setup.exe in the installation directory of Exchange 2016. 
So not the exchangeserver file but the setup.exe which is located at the bottom.

It can also take a long time before you get the following in view

Check Connect to the Internet and check for updates, then click Next. After that the updates will be downloaded, if no updates are available this will be indicated. Next the installation files will be copied to a temporary folder.

  • Click on Next to start the installation.

Of course we read the 'License Agreement' and of course we agree with it;) Click on Next

  • Select Use Recommended Settings and click next



If you get error messages in Readiness Check after this, restart your setup and choose  do'nt use recommended settings


  • In the next step, it is important to consider what choice you are going to make. A mailserver suffices with the Mailbox Role. 
    Select only this option and click on Next.

Edge Transport Role

The Edge Transport Role is an optional feature for added security and provides a secure email flow for inbound and outbound email traffic. This becomes important when the mail server is placed behind a DMZ. Unwanted programs and viruses are kept out. Although it's not as strong as other similar products like Exchange Online Protection, it's certainly worth considering if you want to add this functionality to your mailserver. 


  • If necessary, change the installation location of Exchange 2016. Consider placing Exchange 2016 on a C:\ drive and the Transport Queue and Database on another partition with more storage space and disk performance. For this I would like to refer you to an article from Microsoft: Change the location of the queue database. Click on Next.


If you have followed the initial steps of this tutorial, you will not be able to choose an Organization Name now, as we have already prepared this. If you didn't follow these steps you will have to choose an Organization Name in the next dialog box. Then click on Next.

If it has been prepared properly, you will
not see the image below.


Select No and then Next. If you are using your own anti-virus and/or spam software, this option can be disabled. This can also be changed afterwards


  • It checks whether the server meets the requirements. That is now the case, click on Install. The installation of Exchange 2016 will start, this may take a while depending on the speed of the server.


The warnings are not errors but relate to not being able to upgrade Exchange 2010 and 2013 because that installation isn't there.
You can ignore that


Do not forget to tick Launch Exchange... before you finish.

You only get 1 chance to set a check at that box.
If you forget, you can start all over again.

If everything went well OWA will opens with this link.
Here is win-psvei42pkd6 the name of the server that is being worked on.
It will be different on yours then.




At that moment Chrome was the default browser

And no sign of insecure.



And when you sign in, it will ask to save the password

After sign in it will be this link


Change the default browser to Chrome if it is not already.
Make  a bookmark from that url

Copy that bookmark to the desktop by pulling it from the bookmarks folder to the desktop

Drag that bookmark to the desktop

If you forget to tap that Launch exchange at the end of the Exchange Setup, then you can expect a lot of problems

The only way to access that OWA then is to go via the Exchange Administrative Center.

Ignore the security warnings from Explorer

Continue to this website


If you see the following, then it went well

But you are still missing a valid security certificate

And then you have to create your own certificate and you fall from one thing to another

But you can also get this message

to Resolve the HTTP 500 and other Errors in Exchange Server 2016

A few ways to solve different problems

If you followed the instructions properly then hopefully you won't have to deal with that.

Reboot the server


And then you have to update server 2016 (settings, update)
Reboot the server
Then update again.

Probably you will get a number of updates after that.
Search for updates again.

Create an image of C (step 2 of C)
And an image of D
(step 2 of D)

Exchange tends to forget to turn on some services at startup.
Therefore you are going to create a script to make that sometimes reluctant Exchange work properly.

After that, sign in via Chrome at the Exchange Administative Center

If you see the following, then it went well
Click on Servers

Stand on that black bar

And then click on the pencil

Enter the product code


Look for updates, and restart again.

Create mail clients
Click on Tools at the top right
Active directory users and computers

Next you go to add the contacts
Go to tools, here you click on Active Directory Users And Computers
Here you go: compserver and click on the icon with a puppet and an asterisk.
You will be given the option to change your password when you first log in or continue to use the password you have entered.
Choose to continue using the password you entered.


Instead of komp-u-ter-hulp.nl you fill in kompserver

As soon as the contacts are added you
log in to Exchange mail server with that bookmark from Chrome.
o to Mail Flow


See also this manual about mailflow
But first follow the instructions below.

In Mail Flow you go to send connectors
Click on the plus
-Here you choose the option internal with the name kompserver
here you go through the menu for the rest.


Fill in by name: kompserver

Choose internet   

Ignore error message and click through

Then you go to Servers

Here you click on the pencil and create a server
In that menu you go to outlook anywhere


The first line is: mail. komp-u-ter-hulp.nl kompserver.nl
The following line becomes kompserver.nl



 After this step you go in the folder server to virtual directories


On screen it must be compserver

Here you can limit the mail with attachments to at least 10MB
how to set it to less than 10 mb.




More about configuring external urls (info only)

Once this is done, you can go to the internet on the clients' PCs and enter the internal server: https://mail.kompserver.nl/owa.

You may receive a warning that the website is not secure but you click on more options and then continue anyway. This will take you to an email page where you can log in with the details you have given your contact person.

Now mail can be sent there again.
If you want to maximize the attachment of mail file to 2 MB type the following, in exchange management shell:
Set-TransportConfig -MaxSendSize 2MB -MaxReceiveSize 2mb  



If this went well and you would send an attachment larger than 2 MB with the mail, you will get this error message.




And the reason for that restriction includes the prevention of steganography

Running a website on the server is not recommended.
If someone manages to break through the website there is also access to the company data.
That's the first security that doesn't cost you a lot of effort.
You host that website externally or you create a subdomain
 with Lightweight Directory and run a separate web server on it.

Turn on the firewall

Continue with entering Whitelist rules

And how to delete the entered rules


But first make an image of C before you start with whitelisting

Upgrade/migration server 2016 to 2019

See also:

1-VPN connection

2-nstall VM server with Windows Deployment Service (WDS) W10 and Remote Desktop Service (RDS)
3-Quota. Adjusting the storage space (Z)
4-Sharing trough File and Storage Services V1
5-DFS Share and Replication

6-Windows Server Backup


Access Exchange with Chrome