by William Lefkovics

Exchange 2003 and Outlook 2003 introduced a unique method for accessing Exchange server from both sides of the firewall securely without a VPN. RPC over HTTPS in Exchange 2007 and Outlook 2007 is now called simply Outlook Anywhere. Rather than opening up several RPC ports, RPC is tunneled through HTTP. With SSL, only port 443 needs to be available for Outlook Anywhere to work outside of the firewall. Outlook Anywhere requires Outlook 2007 or Outlook 2003 installed on Windows XP SP2 or Windows Server 2003. Outlook 2003 clients can use Outlook Anywhere as they did RPC over HTTPS, but they cannot take advantage of the Autodiscover Service and will need to be configured manually.

Outlook needs to trust the Certificate Authority (CA) issuing a valid SSL certificate. The SSL certificates used by Exchange for OWA and ActiveSync do not apply to Outlook Anywhere. You can either serve as your own CA or use a third party provider. After the SSL certificate is correctly installed, then the RPC over HTTP proxy component needs to be installed. On the Exchange Server, this is found under Add/Remove Programs in the Add/Remove Windows Components under the Networking Services heading. After that Windows component is installed, we still have to enable Outlook Anywhere on the Exchange Server.

Outlook Anywhere in Exchange 2007 is not enabled by default. The Outlook Anywhere wizard is run from an Exchange Server running the Client Access Server (CAS) role. From the Exchange Management Console (EMC), navigate to the Client Access node in the Server Configuration container. The right pane should have the option to ‘Enable Outlook Anywhere’. If it is already enabled, then the option will be to disable it. That opens the window shown in Figure 1.

Figure 1

We can configure basic or NTLM authentication here, and also allow SSL offloading. In addition, we need to assign an external name for the server. We can also use the Exchange Management Shell (EMS) to enable or disable Outlook Anywhere:

>Enable-OutlookAnywhere -SSLOffloading <$True|$False> -ExternalHostname <fqdn> -ExternalAuthenticationMethod: <Basic|NTLM>

Microsoft recommends using NTLM authentication over SSL provided by a third party certificate authority. The switch options are required. If the required options are not included, EMS will prompt for them. Figure 2 shows sample output of this cmdlet. In this output, SSLOffloading is set to True. This means that SSL encryption processes are being managed by a separate server or device and should be set to False if that is not the case.

Figure 2

The other cmdlets pertaining to Outlook Anywhere are:

Disable-OutlookAnywhere
Set-OutlookAnywhere
Get-OutlookAnywhere

Finally, the clients need to be able to find and access Outlook Anywhere. For Outlook 2007, the AutoDiscover service can assist when the services are configured to provide external URLs. When the external URLs are different from the internal ones, Microsoft recommends a certificate that allows for multiple hosts on the same certificate called a Subject Alternative Name Certificate. For the first Outlook Anywhere client, a manual configuration may ease troubleshooting, including SSL certificate issues. Outlook Anywhere is configured within the Account Settings for the Exchange account. Select the Exchange account in Tools -> Account Settings -> More Settings button. The bottom of the Connections tab presents the box to check for Outlook to use HTTP. The Exchange Proxy Settings button opens the window shown in Figure 3. Outlook 2003 will have to be configured manually as before, because it does not know about the Autodiscover service.


Figure

Summary

So to deploy Outlook Anywhere there are a few steps to walk through:

• Install a valid SSL certificate from a CA Outlook can trust
• Install the Windows RPC over HTTP proxy component from Network Components in Add/Remove Windows Components under Add/Remove Programs
• Enable Outlook Anywhere using EMS or EMC on an Exchange 2007 server running the CAS role
• Configuring Outlook clients to access Outlook Anywhere

In the 2007 versions, Outlook Anywhere, formerly RPC/HTTPS, is much simpler to deploy and configure.

The calendar in Outlook Web Access 2007 does not include a month view. Microsoft hopes to bring a month view back in a later version, but for now, its day, work week, and week views only. Additionally, these views are available only in the premium OWA client which is available in Internet Explorer. The OWA "light" client, which displays in all other browsers, offers a day view only.

The good news is that Exchange 2007 SP1 is the "future version" and contains a month view in the premium version while the light version continues to have a day view only.

IE6+ on Windows is the only supported version for OWA Premium because of the cost, time constraints, and customer needs. A small percentage of users use something other than IE6 or greater on Windows and an even smaller percentage of this group need to access an Exchange server. At this time the cost to tweak the advanced AJAX behaviors used by OWA for this small group with is better spent on improving other aspects of OWA (including adding new features).

Exchange Server 2007 Service Pack 1 Beta 2 was released to MSDN and TechNet Plus subscribers last week. I can honestly say I'm impressed with the features in this SP.

I've always felt that upgrading to Exchange 2007 RTM was not an option for smaller sites because the Exchange Management Console lacked a GUI to configure many frequently used settings. That's not going to be an excuse much longer. SP1 adds a GUI for configuration many common options, including public folders, POP and IMAP access. A wizard guides you through setting SendAs permissions.

OWA gets back a lot of features left out of Exchange 2007 RTM due to time constraints. This includes personal distribution lists, S/MIME, rules, the monthly calendar view, deleted items recovery, and public folder access.

Among the other improvements in SP1, you can install the management tools on Windows Vista and Windows Server 2008 and the Move Mailbox administrator tool can import and export to a .pst

Standby Continuous Replication (SCR) is new feature providing high-availability to organizations, allowing them to quickly recover from failures. Mailbox data is continuously replicated to a standby server using the built-in log file shipping technology so that if the primary server goes down, the standby server is ready to be activated.

Release notes
http://download.microsoft.com/download/5/e/6/5e672458-592a-44a2-b489-11cec19d3c82/RelNotes.htm