In Exchange Server 2010, the Outlook Anywhere feature
(formerly known as RCP over HTTP) enables Outlook 2007 (and Outlook
2003) clients to connect to their Exchange server over the Internet by
using the RPC over HTTP Windows networking component. By wrapping Remote
Procedure Calls (RCPs) with a HyperText Transfer Protocol (HTTP) layer,
the communication between the Outlook client and the Exchange server
can go through network firewalls without requiring RPC ports to be
opened. Users can have the benefits of a native MAPI connection to the
Exchange server without having to utilize a virtual private network.
Additionally, as HTTP protocols were designed to function on networks
with unreliable connectivity (such as the Internet), Outlook Anywhere
enables users with higher latency to connect to Exchange Server, in
which MAPI (for example) functions unreliably when the latency goes
above 250ms.
Administrators
should configure at least one CAS server per site that is dedicated to
providing client access to the Exchange Server 2010 mailbox server. For
improved performance and redundancy, multiple CAS servers can be
configured.
Additionally,
Microsoft recommends that Outlook Anywhere be enabled on at least one
CAS server per site. This enables Outlook 2007 clients to connect to the
CAS server that is in the same site as their mailbox and minimizes the
risks that come from using RPCs across the Internet, which can
negatively impact performance.
Enabling Outlook Anywhere—Server Side
Enabling Outlook
Anywhere in Exchange Server 2010 is much simpler to configure and manage
RPC over HTTP than in Exchange Server 2003. Outlook Anywhere can be
enabled using the Enable Outlook Anywhere Wizard from the Exchange
Management Console. To do so, navigate to the following container in the
Exchange Management Console:
1. | Go to Microsoft Exchange\Microsoft Exchange On-Premises\Server Configuration\Client Access.
|
2. | Select
the CAS server that you are enabling Outlook Anywhere on and, in the
actions pane on the right side, select Enable Outlook Anywhere.
|
3. | Define
the External host name. This is the name that users will use to connect
to the Exchange Server. In our example we use webmail.companyabc.com.
|
4. | Select the Client authentication method. Administrators can select different authentication as follows:
- Basic Authentication—
Username and password are sent in clear text. The users are required to
enter their domain, username, and password every time they connect to
the Exchange server.
- NTLM Authentication—
The user’s credentials are never sent over the network. The client
computer and server exchange hashed values of the user’s credentials, or
NTLM can utilize the current system logon information from the client’s
Windows operating system. Using NTLM is more secure than Basic
Authentication, but it might not work with firewalls that examine and
modify traffic. NTLM can be used with an advanced firewall server, such
as Microsoft’s Internet Security and Acceleration (ISA) server.
- Allow secure channel (SSL) offloading—
This option can be used in environments in which a separate server
handles the Secure Sockets Layer (SSL) encryption and decryption.
|
Connecting to Outlook Anywhere with Outlook 2007
After Outlook
Anywhere is configured on the CAS servers, the Outlook client can be
configured to connect to Exchange Server via RPC over HTTPS.
For Outlook 2007 to use
RPC over HTTPS, the workstation should be running Windows XP or higher,
with the latest available service packs.
To install the required patch and configure the Outlook 2007 client for RPC over HTTP access, complete the following:
1. | In Outlook 2007, select Tools; then select Account Settings.
|
2. | Highlight the Exchange Server connection, and click Change.
|
3. | On the Change E-mail Account screen, click More Settings.
|
4. | Click the Connection tab.
|
5. | Place a check mark in the box labeled Connect to Microsoft Exchange Using HTTP.
|
6. | Click Exchange Proxy Settings.
|
On the Exchange Proxy Settings screen, configure the following:
1. | For Connection Settings, enter the URL of the Exchange server that has been configured as the RPC proxy server.
|
2. | Click Connect using SSL only.
|
3. | Click the two boxes to use HTTP as the first choice for both fast and slow connections, as shown in Figure 1. Click OK, and then click OK again.
|
4. | Click OK to accept the information box about restarting Outlook.
|
5. | Click Next, click Finish, and then click Close.
|
6. | Exit the Outlook application, and open it again to apply the new settings.
|
Tip
To ensure that Outlook
2007 is now using RPC over HTTPS, hold the Ctrl key and right-click the
Outlook icon in the taskbar. Select Connection Status. This screen shows
you the connection type to the Exchange server, which should state
HTTPS.
The
most secure method of connecting uses the following settings, which are
also the default settings when RPC over HTTP is first configured:
