by William Lefkovics
Exchange 2003 and Outlook 2003 introduced a unique method for
accessing Exchange server from both sides of the firewall
securely without a VPN. RPC over HTTPS in Exchange 2007 and
Outlook 2007 is now called simply Outlook Anywhere. Rather than
opening up several RPC ports, RPC is tunneled through HTTP. With
SSL, only port 443 needs to be available for Outlook Anywhere to
work outside of the firewall. Outlook Anywhere requires Outlook
2007 or Outlook 2003 installed on Windows XP SP2 or Windows
Server 2003. Outlook 2003 clients can use Outlook Anywhere as
they did RPC over HTTPS, but they cannot take advantage of the
Autodiscover Service and will need to be configured manually.
Outlook needs to trust the Certificate Authority (CA) issuing a
valid SSL certificate. The SSL certificates used by Exchange for
OWA and ActiveSync do not apply to Outlook Anywhere. You can
either serve as your own CA or use a third party provider. After
the SSL certificate is correctly installed, then the RPC over
HTTP proxy component needs to be installed. On the Exchange
Server, this is found under Add/Remove Programs in the
Add/Remove Windows Components under the Networking Services
heading. After that Windows component is installed, we still
have to enable Outlook Anywhere on the Exchange Server.
Outlook Anywhere in Exchange 2007 is not enabled by default. The
Outlook Anywhere wizard is run from an Exchange Server running
the Client Access Server (CAS) role. From the Exchange
Management Console (EMC), navigate to the Client Access node in
the Server Configuration container. The right pane should have
the option to ‘Enable Outlook Anywhere’. If it is already
enabled, then the option will be to disable it. That opens the
window shown in Figure 1.


Figure 1
We can configure basic or NTLM authentication here, and also
allow SSL offloading. In addition, we need to assign an external
name for the server. We can also use the Exchange Management
Shell (EMS) to enable or disable Outlook Anywhere:
>Enable-OutlookAnywhere -SSLOffloading <$True|$False> -ExternalHostname
<fqdn> -ExternalAuthenticationMethod: <Basic|NTLM>
Microsoft recommends using NTLM authentication over SSL provided
by a third party certificate authority. The switch options are
required. If the required options are not included, EMS will
prompt for them. Figure 2 shows sample output of this cmdlet. In
this output, SSLOffloading is set to True. This means that SSL
encryption processes are being managed by a separate server or
device and should be set to False if that is not the case.


Figure 2
The other cmdlets pertaining to Outlook Anywhere are:
Disable-OutlookAnywhere
Set-OutlookAnywhere
Get-OutlookAnywhere
Finally, the clients need to be able to find and access Outlook
Anywhere. For Outlook 2007, the AutoDiscover service can assist
when the services are configured to provide external URLs. When
the external URLs are different from the internal ones,
Microsoft recommends a certificate that allows for multiple
hosts on the same certificate called a Subject Alternative Name
Certificate. For the first Outlook Anywhere client, a manual
configuration may ease troubleshooting, including SSL
certificate issues. Outlook Anywhere is configured within the
Account Settings for the Exchange account. Select the Exchange
account in Tools -> Account Settings -> More Settings button.
The bottom of the Connections tab presents the box to check for
Outlook to use HTTP. The Exchange Proxy Settings button opens
the window shown in Figure 3. Outlook 2003 will have to be
configured manually as before, because it does not know about
the Autodiscover service.


Figure
Summary
So to deploy Outlook Anywhere there are a few steps to walk
through:
- Install a valid SSL certificate from a CA Outlook can trust
- Install the Windows RPC over HTTP proxy component from Network
Components in Add/Remove Windows Components under Add/Remove
Programs
- Enable Outlook Anywhere using EMS or EMC on an Exchange 2007
server running the CAS role
- Configuring Outlook clients to access Outlook Anywhere
In the 2007 versions, Outlook Anywhere, formerly RPC/HTTPS, is
much simpler to deploy and configure.
The calendar in Outlook Web Access 2007 does not include a month
view. Microsoft hopes to bring a month view back in a later version,
but for now, its day, work week, and week views only. Additionally,
these views are available only in the premium OWA client which is
available in Internet Explorer. The OWA "light" client, which
displays in all other browsers, offers a day view only.
The good news is that Exchange 2007 SP1 is the "future version" and
contains a month view in the premium version while the light version
continues to have a day view only.
IE6+ on Windows is the only supported version for OWA Premium
because of the cost, time constraints, and customer needs. A small
percentage of users use something other than IE6 or greater on
Windows and an even smaller percentage of this group need to access
an Exchange server. At this time the cost to tweak the advanced AJAX
behaviors used by OWA for this small group with is better spent on
improving other aspects of OWA (including adding new features).
Exchange Server 2007 Service Pack 1 Beta 2 was released to MSDN
and TechNet Plus subscribers last week. I can honestly say I'm
impressed with the features in this SP.
I've always felt that upgrading to Exchange 2007 RTM was not an
option for smaller sites because the Exchange Management Console
lacked a GUI to configure many frequently used settings. That's
not going to be an excuse much longer. SP1 adds a GUI for
configuration many common options, including public folders, POP
and IMAP access. A wizard guides you through setting SendAs
permissions.
OWA gets back a lot of features left out of Exchange 2007 RTM
due to time constraints. This includes personal distribution
lists, S/MIME, rules, the monthly calendar view, deleted items
recovery, and public folder access.
Among the other improvements in SP1, you can install the
management tools on Windows Vista and Windows Server 2008 and
the Move Mailbox administrator tool can import and export to a
.pst
Standby Continuous Replication (SCR) is new feature providing
high-availability to organizations, allowing them to quickly
recover from failures. Mailbox data is continuously replicated
to a standby server using the built-in log file shipping
technology so that if the primary server goes down, the standby
server is ready to be activated.
Release notes
http://download.microsoft.com/download/5/e/6/5e672458-592a-44a2-b489-11cec19d3c82/RelNotes.htm