Installation and Setup of Outlook Anywhere (OA) in Exchange 2007/2010
Exchange 2007/2010 is an enterprise solution from Microsoft that can be used in small/medium size companies since it is part of the SBS (Small Business Server) package.
One of Exchange advantages is the centralized account management and the seamless integration with Microsoft’s AD (Active Directory). Additionally Exchange offers - out of the box with little or no effort - features like Outlook Web App (OWA), Exchange ActiveSync and last but not least Outlook Anywhere (OA). Outlook Anywhere is a feature that combined with the ability of Exchange to fully utilize RPC over HTTP protocol (as HTTPS Proxy) will allow an Outlook desktop application (2007/2010/2013 are all supported) to connect to Exchange so a user could work with full rich client capabilities.
To setup Outlook Anywhere you need the following two (2) prerequisites, first you need to install RPC over HTTP Proxy in the server. This can be easily done from Server Manager Console via Features option. The installation is done in minutes and you don’t need to configure anything.
Second you need to purchase a valid SSL certificate since Outlook will not allow you to connect via SSL(https) to Exchange if the certificate subject does not match the proxy’s URL (which is the Exchange website with a hostname bind to port 443(https) and the external IP). Exchange’s website hostname is required to be a FQDN (Fully Qualified Domain Name) assigned to external IP (which we presume that it is public) accessible from the Internet via https protocol. In the last couple of years a lot of companies are offering free SSL certificates which are valid and work without any issues. One of these companies - that I personally recommend - is StartSSL. You can check the StartSSL Company and get a valid certificate here: https://www.startssl.com.
The creation of the SSL request as well as the sign of it by StartSSL authority and the installation of the certificate in Exchange is out of this article’s scope but I will certainly blog about that in a dedicated article later this year.
After the two prerequisites are met you can continue on setting up Exchange Outlook Anywhere via Exchange’s Management Console.
You launch Console and in Server Configuration you go to Client Access. There by double clicking on server’s name you will open its properties. You continue by clicking on Outlook Anywhere tab and you update the textbox field to your External host name. Remember this name is the FQDN that Outlook will try to access via SSL (https) and it should be accessible from the Internet. For the Client authentication method we select the Basic authentication and we don’t check the Allow secure channel (SSL) offloading since our Exchange will be the SSL proxy. Then you go ahead and click on Enable Outlook Anywhere option on the right of your console screen in Actions toolbar.
That’s it and now you should be able to open Microsoft’s Remote Connectivity Analyzer and test your configuration. The website address is: https://testconnectivity.microsoft.com
First we need to fill the form with the required to connect information for our user and Exchange Server. Please pay extra attention to your typing to avoid any errors. In addition do not try to test using a local administrator account since it will not work, instead create a user in AD and assign that user a mailbox with normal access from Outlook.
After 20-30 seconds if all tests are successful you will see the following screen.
Success, except a minor issue that has to do with the fact that the StartSSL certificate is not in default Root Certification Authorities which is not an issue at all since these are automatically updated via Windows Update Service.
The last step is to setup our Outlook to use HTTP to access Exchange Server. One issue that needs to be addressed is to do the setup while Outlook has local access to Exchange Server, otherwise it will not connect and it will fail. To locally access the Exchange Server via Internet you need to setup a VPN (PPTP or L2TP) connection or if you have a laptop computer just login locally to your domain as usual and open your Outlook.
You will need to first setup your Exchange account with local access and after restarting Outlook go to Account Settings then your Exchange Account and click on More Settings …
Then you click on Connection Tab and check the box Connect to Microsoft Exchange with HTTP. Next click on the settings button to continue.
Then type in the textboxes the required proxy URL and select Basic Authentication from the list of Authentication Providers. After you select Basic Authentication the checkbox Connect only with SSL will be checked and grey meaning that you only can connect via SSL with Basic (Clear Text) Authentication.
Finish the setup of the account and restart Outlook. You should be able to connect without any issues and the following screen of Outlook Connection Status validates the connection. This screen is called by right-clicking on the Outlook icon in notification area with Alt pressed.
if you follow the instructions you will be able to securely access Exchange from your Outlook installed in any computer with Internet access via RPC/HTTP protocol and SSL encryption.
Thank you for reading, any questions or comments are most welcome.