How to Configure Exchange Server 2010 Outlook Anywhere
In this tutorial I will demonstrate how to enable and configure Exchange Server 2010 Outlook Anywhere to provide secure mailbox connectivity for remote Outlook users.Outlook Anywhere is a much better solution for remote email access than POP or IMAP because the end user experience is the same when the user is using Outlook on the LAN or remotely. Thanks to SSL encryption Outlook Anywhere is also inherently more secure than other protocols that have non-encrypted options that companies often deploy.
What is Outlook Anywhere?
Outlook Anywhere is a service provided by the Client Access server role that allows Outlook clients to make a secure connection over SSL/HTTPS to the mailbox from remote locations. Previously this was known as RPC-over-HTTPS but was renamed to Outlook Anywhere in Exchange 2007 and 2010.By wrapping normal Outlook RPC requests in HTTPS the connections are able to traverse firewalls over the common SSL/HTTPS port without requiring the RPC ports to be opened.
There are three main tasks to deploy Outlook Anywhere in an Exchange environment:
- Enable and configure Outlook Anywhere on the Client Access server
- Configure the perimeter firewall to allow SSL/HTTPS connections from external networks to the Client Access server
- Configure the Outlook clients to use Outlook Anywhere when connecting from remote networks
Enable Outlook Anywhere on Exchange Server 2010
In the Exchange Management Console navigate to Server Configuration -> Client Access, and select the Client Access server you want to enable for Outlook Anywhere.If you have multiple Client Access servers in an Active Directory site then choose the one that is the internet-facing Client Access server. Or if you have deployed a CAS array you will need to repeat this process on all members of the array.

Choose the Exchange Server 2010 Client Access Server to configure for Outlook Anywhere

Enable Outlook Anywhere for Exchange Server 2010

Configure Outlook Anywhere for Exchange Server 2010
The Outlook Anywhere authentication method you choose will depend on a few factors in your environment.
- Basic Authentication – this requires that Outlook users enter their username and password each time they connect to Outlook Anywhere. The credentials are sent in clear text so therefore it is critical that Outlook Anywhere connections only occur over SSL/HTTPS. You may need to choose Basic Authentication if the connecting computers are not members of the domain, if the ISA Server publishing rule and listener are shared with other Exchange services that require Basic Authentication, or if the firewall being used does not support NTLM authentication.
- NTLM Authentication – this is ideal for connecting clients that are domain members because the username and password will not need to be entered by the user each time they connect. However NTLM may not work with some firewalls or ISA Server publishing scenarios.
The Outlook Anywhere configuration for Exchange 2010 will take effect within 15 minutes of completing the wizard. The Application Event Log will record Event ID 3008 and a series of other events when the configuration has been applied to the server.
Configure the Firewall for Exchange Server 2010 Outlook Anywhere
To enable remote Outlook users to connect to Outlook Anywhere the perimeter firewall for the network must be configured to allow the SSL/HTTPS connections to pass through to the Client Access server.The precise steps for this will depend on which firewall you are using in your environment. However the basic components of this configuration are:
- A public DNS record for the external host name you are using for Outlook Anywhere
- A public IP address on the firewall that the public DNS record resolves to
- A NAT or publishing rule to allow SSL/HTTPS connections to reach the Client Access server

Exchange Server 2010 Outlook Anywhere Firewall Overview
Configure Outlook Clients for Exchange Server 2010 Outlook Anywhere
Before an Outlook client can connect to Outlook Anywhere it needs to be configured with the correct settings. In Outlook 2010 open the Account Settings for the Outlook profile that is configured.
Outlook 2010 Account Settings for Exchange Server 2010 Outlook Anywhere

Outlook 2010 Exchange Server Profile Settings

Outlook 2010 Connection Settings

Enable Outlook Anywhere in Outlook 2010

Configure the Outlook Anywhere External Host Name and Authentication Settings in Outlook 2010
Now that Outlook 2010 has been configured for Exchange Server 2010 Outlook Anywhere, any time the user launches Outlook from a remote connection and can reach the perimeter firewall over the internet they will be able to securely access their mailbox as though they were still on the corporate network.
Original Link:
No comments:
Post a Comment