Sole's Blog

Posts Tagged ‘Outlook Anywhere’

The easiest way (I love easy!) to order and install an SSL certificate on Exchange 2007, is to order a SAN (Subject Alternative Name) certificate with AutoCSR meaning you dont have to create a CSR but instead get a certificate backup file (PKCS#12, P12. PFX). You also save time with the SAN because you only use one certificate for all services and can move services from one domain to another in the certificate with no problems.

Make sure you get a SAN certificate including the full domain name(s) you use to access Outlook Web Access, Outlook Anywhere, Autodiscover and any internal servernames using the certificate (usually free).

The Certificate you order should contain something like this:

• mail.sole.dk and/or owa.sole.dk – for Outlook Web Access
• autodiscover.sole.dk and any other e-mail domain you use with Autodiscover/OA.
• MYSERVER01 and MyServer01.domain.local – and any other internal servername that will be using the certificate

Personally I setup servers to respond only to OWA and ActiveSync on the mail./owa. domain, and use all other services like Outlook Anywhere, etc. on the autodiscover. address, this way I can use Forms Based Authentication/Basic with my OWA/ActiveSync website, and NTLM with my other services. You can see more information about this from my previous blogs here. Some people argue for and against having internal server names in the certificate, but I figure if they are free anyways, and might help why not add them – and if security is so much an issue that internal server names must not be revealed, you have other much bigger problems anyway.

Now some simple commands to manipulate Exchange 2007 SSL certificates. (Stolen from the danish Exchange 2007 guide on FairSSL, I co-authored the manual) Read the rest of this entry »

Configuration of Exchange 2007 with Outlook Web Access (OWA), Outlook Anywhere (OA), ActiveSync and Autodiscover can add grey hair to any system administrator or IT consultant. Then also trying to get different authentication schemes and ISA 2006 to play nice is not making it any easier.

Most Administrators have a wish to configure their environments used externally as securely as possible, including using SSL certificates with HTTPS instead of no encryption with HTTP, and using NTLM authentication instead of Basic authentication. But security is not everything, a userfriendly interface like Forms Based Authentication (FBA) is a must to avoid user iritation and support calls.

However getting FBA and NTLM to work together in ISA with Exchange 2007 can be quite scary, so lets go deeper and find out what we need to be aware of to get it working.

Read the rest of this entry »

A customer asked me if it was possible during migration from Exchange 2003 to Exchange 2007 to use Outlook Web Access for both mailbox servers, during the migration period. Medium sized companies are not able to migrate everything during a big bang migration, and needs access to both the old system and the new internally as well as externally i.e. using OWA during the migration.

Exchange 2007 has been designed with the CAS role serving the OWA website and it has been designed to work with both Exchange 2007 and Exchange 2003 mailbox servers, so out of the box it will support the customers wishes. In this case they had asked another company to make the design plans for the migration but the system administrator felt uneasy with the plan and asked me to have a look at it.

It turned out the design did not allow OWA access to both mailbox servers during the migration, due to a small oversight, an easy one to make and even easier to fix. If You are planning to or in the progress of migrating to Exchange 2007, make sure you read the following things to consider!

Read the rest of this entry »

A small but anoying bug in Microsoft Exchange 2007 in combination with Windows Server 2008, will under certain conditions make Outlook Anywhere (OA) fail no matter how correct your settings are in Exchange 2007.

The Outlook Anywhere error only shows under theese conditions.

• Any Exchange 2007 version
• Client Access Server (CAS) and Mailbox Server roles installed on the same server
• Operating system any version and edition of Windows Server 2008, with RPC Proxy feature installed (required for OA).

The reason for the bug and the fix is very simple…

Read the rest of this entry »