Exchange 2013: Configuring Outlook anywhere
In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere anyways.
Thats’ right. Its all HTTP now from exchange 2013. The Windows RPC over HTTP Proxy component, which Outlook Anywhere clients use to connect, wraps remote procedure calls (RPCs) with an HTTP layer. This allows traffic to traverse network firewalls without requiring RPC ports to be opened.
Follow the steps to configure Outlook anywhere in Exchange 2013 server.
- From EAC, click Servers as shown and double click on the server name.
2. Before you proceed please ensure that you have configured a certificate to use with Outlook Anywhere. You may leave the external hostname blank if you do not want your external clients to connect to Outlook Anywhere from internet.
If you wish to disable Outlook anywhere over the internet in Exchange 2013, simply leave the external hostname entry blank !!! This will ensure that only internal users can access Outlook…
Outlook Anywhere for a user depends on the attribute “MAPIBlockOutlookRpcHttp” which can be found by running the cmdlet:
Get-CASMailbox alias | Name, *MAPIBlock*
It is important for you to understand the difference between several authentication types Exchange offers for Outlook Anywhere
Basic authentication: If you select this authentication type, Outlook will prompt for username and password while attempting a connection with Exchange.
NTLM authentication: If you select this authentication type, exchange does not prompt users for a user name and password. The current Windows user information on the client computer is supplied by the browser through a cryptographic exchange involving hashing with the Web server. If the authentication exchange initially fails to identify the user, the browser will prompt the user for a Windows user account user name and password. So, when Outlook is trying to connect to Exchange and if the machine is domain joined, there isn’t a need to provide password.
Negotiate authentication: Enabled by default in Exchange 2013. This is a combination of Windows integrated authentication and Kerberos authentication. If we employ negotiate authentication, exchange will authenticate the client using NTLM authentication type and if unable to verify authenticity, will challenge the client to authenticate using a username and password.
If you look at Outlook settings –> Account Settings –> More Settings –> Connection, you may see the same authentication settings.
When we configure Outlook Anywhere and select an authentication type, Autodiscover will update outlook client with all URL details and authentication type.
Configuring high availability for Outlook anywhere in Exchange 2013:
In my case, I have the following configuration for load balancing and redundancy:
URL oa.msexchangeguru.com will have 2 interface on a hardware load balancer as shown:
Any client which tries to establish a connection from internet will talk to the external DNS record for the OA URL pointing to a firewall which inturn points to the load balancer.
All internal clients are pointed to the load balancer internal ip to bypass the firewall.
Testing Outlook Anywhere in exchange 2013:
Testexchangeconnectivity.com or Exchange Remote Connectivity Analyzer (ExRCA) is an service offered by Microsoft in their inhouse data center which enables companies to test their Exchange features over the internet.
Navigate to testexchangeconnectivity.com and select the following option:
You may also use Test-OutlookConnectivity. The cmdlet tests for Outlook Anywhere (RPC over HTTP) connections. If the cmdlet test fails, the output notes the step that failed.
Keywords: Setup Exchange 2013, Setup Exchange 2013 Outlook anywhere, Exchange 2013 Outlook anywhere design document, Exchange 2013 Outlook anywhere, how to configure Exchange 2013 Outlook anywhere, Exchange 2013 Outlook anywhere design diagram, Disable Outlook anywhere in Exchange 2013.