Outlook Anywhere In Exchange Server 2010

When Outlook® and Exchange Server exist on same network; the client establishes connection with the Server using MAPI protocol via RPC (Remote Procedure Call) connection. This is one of the efficient ways of communicating within organization firewall. However, when you are out of Exchange environment (example on a trip) then it is important that a VPN (Virtual Private Network) is established to the network of organization.

Or just consider that you are expanding your business and its branches are set up at different geographical area. In such case when data has to be securely transferred between the organizations, need for VAN architecture would be required.

• When your offices are connected with each other, this type of VPN is called Intranet.
• Suppose your office and any of your business partners is connected, then this type of VPN is called Extranet.
• When remote users (say someone whose job continuously requires roaming) connect to organization through VPN, then this is called Access VPN.

However, for remote connections instead of using Access VPN service, an alternative called Outlook Anywhere can be used that allows using Outlook just like you do in LAN network. By wrapping RPC inside HTTPS, remote users are allowed to connect to Exchange Server via Internet.

What Exactly Outlook Anywhere Is?

In simple words, it is a service by Client Access Server role that gives an opportunity to Outlook users to establish a connection to Exchange mailbox remotely. This service was previously called as RPC over HTTPS which is renamed in Exchange 2007 and 2010 as Outlook Anywhere.

"When remote email access is the requirement, Outlook Anywhere serves the purpose in much better way than POP or IMAP as the end user experience remains the same while using Outlook remotely or under LAN. This has been made possible by Secure Socket Layer (SSL) encryption."

By default, Outlook Anywhere is not enabled and you have to manually enable this service on one or more Client Access Server role. Before that, keep in consideration following facts:

• The Client Access Server (CAS) should have valid SSL certificate from a Certificate Authority. Although Exchange Server self-signs the certificate but that is not sufficient for client workstations.
• Make sure that RPC over HTTP Proxy is installed over Server. This has to be done when requisites for Operating System are fulfilled before Exchange Server installation.

Enable Outlook Anywhere Exchange 2010

» Using Exchange Management Console (EMC):

Step1) Open EMC. In the console tree expand "Server Configuration" and select "Client Access" node.

Step2) Choose the CAS for which Outlook Anywhere service has to be enabled and in the actions pane, select "Enable Outlook Anywhere"

Step3) In the new window that pops up on screen, provide external hostname that will be used to connect with Exchange mailboxes through remote Outlook. Here, make sure that the external hostname being used is same as that mentioned in the certificate for CAS. Click on Finish button after providing asked credentials. The configuration process will take few minutes.

• External Hostname: This will be Fully Qualified Domain Name (FQDN) that is typically used by Exchange Server in order to establish connection with MS Outlook. Make sure that a DNS (Domain Name System) record is created for the FQDN that resolves to CAS. For managing more than one Exchange site, it is important that an external hostname is generated for each site having CAS with Outlook Anywhere enabled.

Configure External Hostname for Outlook Anywhere using EMC:

1. Under the console tree, move to "Server Configuration" and then select "Client Access"
2. Click on the "Properties" link in the actions pane.
3. A page named "Exchange (Default Web Site) Properties" will pop up on screen. Click on "Outlook Anywhere" tab.
4. In the provided text box, provide "External Host Name" for the site and click OK to save the changes made.

• Client Authentication Method: This will determine how users will authenticate to Outlook Anywhere.

Basic Authentication: Here, the user has to enter the username and password to utilize Outlook Anywhere service. In this case, the password will be sent to Server as a plain text but will be encrypted on its way through SSL. It can be used for workstations that are not domain-joined.

NTLM Authentication: If domain–joined users (those access Exchange mailboxes remotely from home or out of network) are using Outlook Anywhere, then this type of authentication can be used. This is a safer mode of authentication as NTLM (NT LAN Manager) will send a hash value for login details like username and password to the Server. Another benefit of choosing this authentication method is Outlook users will not be asked for login credentials when they connect with Outlook Anywhere.

• Secure Channel (SSL) Offloading: This allows removing encryption and decryption of SSL connection to third party device. Unless SSL offloading solution is established, it is suggested to keep "Allow secure channel (SSL) offloading" option disabled.

» Using Exchange Management Shell (EMS):

For enabling Outlook Anywhere through Shell, use the GetOutlookAnywhere cmdlet:

For example:

How to Check If Outlook Anywhere is Enabled Exchange 2010

Step1) Click on Start button and run "Eventvwr". In the console tree, expand "Windows Logs" and select "Application".

Step2) In the actions pane, click on the event "MSExchange RPC over HTTP Autoconfig" and verify that its event ID is 3006. If same exists, it means Outlook Anywhere is configured.

Set Up Outlook Anywhere for Outlook 2010

Step1) Open Control Panel and click on "Mail" icon. I the "Mail Setup-Outlook" wizard, click on "E-mail Accounts…"

Step2) In the "Email" tab, click on "New".

Step3) Define with what type of account you do you want to configure Outlook with.

Step4) Select "Manually configure server settings or additional server types".

Step5) Again define the email service that you want to chose (Select Microsoft Exchange)

Step6) In the "Microsoft Exchange Settings" window, provide Exchange Server name and the user name. Click on "More Settings" button.

Step7) In the "Connection" tab, enable check box for "Connect to Microsoft Exchange using HTTP". Click on "Exchange Proxy Settings" tab.

Step8) Provide URL for proxy Server under connection settings tab. Enable check box for "Connect using SSL only"

Step9) Define the authentication method for connecting to proxy Server (Basic or NTLM). Click OK twice.

Now next time when you will open Outlook 2010, you will be able to access Outlook Anywhere service, which means accessing Exchange mailboxes from remote connections will be possible.