Getting the Most Out of the Microsoft Outlook Client : Implementing Outlook Anywhere

3/6/2011 2:57:06 PM
In Exchange Server 2010, the Outlook Anywhere feature (formerly known as RCP over HTTP) enables Outlook 2007 (and Outlook 2003) clients to connect to their Exchange server over the Internet by using the RPC over HTTP Windows networking component. By wrapping Remote Procedure Calls (RCPs) with a HyperText Transfer Protocol (HTTP) layer, the communication between the Outlook client and the Exchange server can go through network firewalls without requiring RPC ports to be opened. Users can have the benefits of a native MAPI connection to the Exchange server without having to utilize a virtual private network. Additionally, as HTTP protocols were designed to function on networks with unreliable connectivity (such as the Internet), Outlook Anywhere enables users with higher latency to connect to Exchange Server, in which MAPI (for example) functions unreliably when the latency goes above 250ms.

Administrators should configure at least one CAS server per site that is dedicated to providing client access to the Exchange Server 2010 mailbox server. For improved performance and redundancy, multiple CAS servers can be configured.

Additionally, Microsoft recommends that Outlook Anywhere be enabled on at least one CAS server per site. This enables Outlook 2007 clients to connect to the CAS server that is in the same site as their mailbox and minimizes the risks that come from using RPCs across the Internet, which can negatively impact performance.

Enabling Outlook Anywhere—Server Side

Enabling Outlook Anywhere in Exchange Server 2010 is much simpler to configure and manage RPC over HTTP than in Exchange Server 2003. Outlook Anywhere can be enabled using the Enable Outlook Anywhere Wizard from the Exchange Management Console. To do so, navigate to the following container in the Exchange Management Console:

Go to Microsoft Exchange\Microsoft Exchange On-Premises\Server Configuration\Client Access.

Select the CAS server that you are enabling Outlook Anywhere on and, in the actions pane on the right side, select Enable Outlook Anywhere.

Define the External host name. This is the name that users will use to connect to the Exchange Server. In our example we use webmail.companyabc.com.

Select the Client authentication method. Administrators can select different authentication as follows:

  • Basic Authentication— Username and password are sent in clear text. The users are required to enter their domain, username, and password every time they connect to the Exchange server.

  • NTLM Authentication— The user’s credentials are never sent over the network. The client computer and server exchange hashed values of the user’s credentials, or NTLM can utilize the current system logon information from the client’s Windows operating system. Using NTLM is more secure than Basic Authentication, but it might not work with firewalls that examine and modify traffic. NTLM can be used with an advanced firewall server, such as Microsoft’s Internet Security and Acceleration (ISA) server.

  • Allow secure channel (SSL) offloading— This option can be used in environments in which a separate server handles the Secure Sockets Layer (SSL) encryption and decryption.

Connecting to Outlook Anywhere with Outlook 2007

After Outlook Anywhere is configured on the CAS servers, the Outlook client can be configured to connect to Exchange Server via RPC over HTTPS.

For Outlook 2007 to use RPC over HTTPS, the workstation should be running Windows XP or higher, with the latest available service packs.

To install the required patch and configure the Outlook 2007 client for RPC over HTTP access, complete the following:

In Outlook 2007, select Tools; then select Account Settings.

Highlight the Exchange Server connection, and click Change.

On the Change E-mail Account screen, click More Settings.

Click the Connection tab.

Place a check mark in the box labeled Connect to Microsoft Exchange Using HTTP.

Click Exchange Proxy Settings.

On the Exchange Proxy Settings screen, configure the following:

For Connection Settings, enter the URL of the Exchange server that has been configured as the RPC proxy server.

Click Connect using SSL only.

Click the two boxes to use HTTP as the first choice for both fast and slow connections, as shown in Figure 1. Click OK, and then click OK again.

Figure 1. Outlook Anywhere client configuration.

Click OK to accept the information box about restarting Outlook.

Click Next, click Finish, and then click Close.

Exit the Outlook application, and open it again to apply the new settings.


To ensure that Outlook 2007 is now using RPC over HTTPS, hold the Ctrl key and right-click the Outlook icon in the taskbar. Select Connection Status. This screen shows you the connection type to the Exchange server, which should state HTTPS.

The most secure method of connecting uses the following settings, which are also the default settings when RPC over HTTP is first configured:

  • Connect with SSL Only

  • Mutually Authenticate the Session When Connecting with SSL

  • Password Authentication is NTLM

  •  Getting the Most Out of the Microsoft Outlook Client : Security Enhancements in Outlook 2007
  •  Getting the Most Out of the Microsoft Outlook Client : Highlighted Features in Outlook 2007
  •  Sharepoint 2010 : Deploying Transport-Level Security for SharePoint
  •  sharepoint 2010 : Verifying Security Using the Microsoft Baseline Security Analyzer
  •  sharepoint 2010 : Utilizing Security Templates to Secure a SharePoint Server
  •  Integrating Office Communications Server 2007 in an Exchange Server 2010 Environment : Web Conferencing
  •  Integrating Office Communications Server 2007 in an Exchange Server 2010 Environment : Installing and Using the Communicator 2007 Client
  •  Integrating Office Communications Server 2007 in an Exchange Server 2010 Environment : Exploring Office Communications Server Tools and Concepts
  •  SharePoint 2010 : Securing SharePoint’s SQL Server Installation
  •  SharePoint 2010 : Physically Securing SharePoint Servers
  •  SharePoint 2010 : Identifying Isolation Approaches to SharePoint Security
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 5) - Starting the OCS Services on the Server & Validating Server Functionality
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 4) - Configuring the Server & Configuring Certificates for OCS
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 3) - Configuring Prerequisites & Deploying an OCS 2007 Server
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 2) - Prepping the Domain & Delegating Setup and Administrative Privileges
  •  Exchange Server 2010 : Installing OCS 2007 R2 (part 1) - Extending the Active Directory (AD) Schema & Preparing the AD Forest
  •  Integrating Office Communications Server 2007 in an Exchange Server 2010 Environment - Understanding Microsoft’s Unified Communications Strategy
  •  Protecting SharePoint 2010 from Viruses Using Forefront Protection 2010 for SharePoint
  •  Protecting SharePoint with Advanced Antivirus and Edge Security Solutions : Securing SharePoint Sites Using Forefront UAG
  •  Developing Applications for the Cloud on the Microsoft Windows Azure Platform : Accessing the Surveys Application - Geo-Location
    Top 10
    Nikon 1 J2 With Stylish Design And Dependable Image And Video Quality
    Canon Powershot D20 - Super-Durable Waterproof Camera
    Fujifilm Finepix F800EXR – Another Excellent EXR
    Sony NEX-6 – The Best Compact Camera
    Teufel Cubycon 2 – An Excellent All-In-One For Films
    Dell S2740L - A Beautifully Crafted 27-inch IPS Monitor
    Philips 55PFL6007T With Fantastic Picture Quality
    Philips Gioco 278G4 – An Excellent 27-inch Screen
    Sony VPL-HW50ES – Sony’s Best Home Cinema Projector
    Windows Vista : Installing and Running Applications - Launching Applications
    Most View
    Bamboo Splash - Powerful Specs And Friendly Interface
    Powered By Windows (Part 2) - Toshiba Satellite U840 Series, Philips E248C3 MODA Lightframe Monitor & HP Envy Spectre 14
    MSI X79A-GD65 8D - Power without the Cost
    Canon EOS M With Wonderful Touchscreen Interface (Part 1)
    Windows Server 2003 : Building an Active Directory Structure (part 1) - The First Domain
    Personalize Your iPhone Case
    Speed ​​up browsing with a faster DNS
    Using and Configuring Public Folder Sharing
    Extending the Real-Time Communications Functionality of Exchange Server 2007 : Installing OCS 2007 (part 1)
    Google, privacy & you (Part 1)
    iPhone Application Development : Making Multivalue Choices with Pickers - Understanding Pickers
    Microsoft Surface With Windows RT - Truly A Unique Tablet
    Network Configuration & Troubleshooting (Part 1)
    Panasonic Lumix GH3 – The Fastest Touchscreen-Camera (Part 2)
    Programming Microsoft SQL Server 2005 : FOR XML Commands (part 3) - OPENXML Enhancements in SQL Server 2005
    Exchange Server 2010 : Track Exchange Performance (part 2) - Test the Performance Limitations in a Lab
    Extra Network Hardware Round-Up (Part 2) - NAS Drives, Media Center Extenders & Games Consoles
    Windows Server 2003 : Planning a Host Name Resolution Strategy - Understanding Name Resolution Requirements
    Google’s Data Liberation Front (Part 2)
    Datacolor SpyderLensCal (Part 1)