yohayon
asked on
Connect Outlook 2007 non-domain client To Exchange 2003
I have one laptop user running XP Pro/Outlook2007 that cannot join domain for other reasons. Mail will be managed by Exchange 2003. How can this laptop user who is not joined to domain, send & receive email via Exchange? If he can some how send via relaying through Exchange & download mail from Exchange. Or perhaps some other way. Currently this user is accessing mail via POP3. User will be mobile with laptop. Please provide details.
simply setup the account as usual and when prompted for domain credentials, enter domain\username instead of username..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tonie16, I will try your recommendation. But what about adding POP3 functionality to the Exchange Server for this laptop user? Is that a quick easy option? I am not responsible for backup up his email.
Hi yohayon
A non domain PC will work fine with exchange.. just use domain\username to establish domain credentials In My Opinion, if you have a VPN then it's the simplest / safest / most secure / quickest to implement option for a remote or mobile user.
I agree, OMA's a great way of doing it, but you'll need to sort out certificates, possibly a DNS A record,
etc, ensure https and not https is available and MOST importantly, ensure EVERYTHINGs locked down.. as you will get attacked from this interface. Turn on password lockout, disable guest, ensure passwords are all secure and preferably standard named accounts aren't accessible.
ONLY then, open port 443 from your firewall to your internal mail server and test. Then keep on top of firewall & server logs .. (keep an eye out for Event ID 529 in your event logs).
I'd simlply give them VPN access (restricted to just the internal mail server if they're not standard internal users) and get them to logon using standard Exchange Services.. preferably using Outlook's Cached Exchange mode (logging on using domain\username instead of just username)... or again, even OWA once connected internally.
yep, for just one user.. given the security hole OWA would create, I'd really stick with VPN... unless you have time on your hands to ensure your security's definitely OK ..
yep, you could setup a POP server.. but you've opened a hole in your security again.. so if there's any chance of KISS (keeping it Simple), I'd recommend doing that.
hope this helps
A non domain PC will work fine with exchange.. just use domain\username to establish domain credentials In My Opinion, if you have a VPN then it's the simplest / safest / most secure / quickest to implement option for a remote or mobile user.
I agree, OMA's a great way of doing it, but you'll need to sort out certificates, possibly a DNS A record,
etc, ensure https and not https is available and MOST importantly, ensure EVERYTHINGs locked down.. as you will get attacked from this interface. Turn on password lockout, disable guest, ensure passwords are all secure and preferably standard named accounts aren't accessible.
ONLY then, open port 443 from your firewall to your internal mail server and test. Then keep on top of firewall & server logs .. (keep an eye out for Event ID 529 in your event logs).
I'd simlply give them VPN access (restricted to just the internal mail server if they're not standard internal users) and get them to logon using standard Exchange Services.. preferably using Outlook's Cached Exchange mode (logging on using domain\username instead of just username)... or again, even OWA once connected internally.
yep, for just one user.. given the security hole OWA would create, I'd really stick with VPN... unless you have time on your hands to ensure your security's definitely OK ..
yep, you could setup a POP server.. but you've opened a hole in your security again.. so if there's any chance of KISS (keeping it Simple), I'd recommend doing that.
hope this helps
ASKER
Chops uk, thank you for responding in detail. I have initially attempted to configure the POP3 service on Exchange. The issue is that the laptop user can connect & send/receive email while he is remote. But once this laptiop user comes into the office he cannot. I believe it is related to the fact that the user is using the external ip of the exchange server internally & therefore cannot connect while in the office. Any solution to that?
Is there a dns record that can be created ? How?
Is there a dns record that can be created ? How?
Hi Yohayon. Sorry if I'm not clear on what you've currently got running.. does this mean that he's accessing POP email remotely.. or using Exchange Services through a hole opened on the firewall?.. or is he currently using VPN? I assume it's not 'Outlook Anywhere' (over RPC)..
If you don't want to change from your current access mehod, create a DNS 'A' record pointing to the IP address he's accessing.. i.e. mailgate.example.com and configure his Outlook to point at that. Internally, create a DNS Forward Lookup Record for mailgate.example.com that points to the internal address of that machine. That way, when he's internal, he'll be using internal DNS and his machine will still be looking at the correct place. when external, he'll use the Internet DNS and get the external IP address.
Or.. and I really can't stress enough that (if he is currently accessing via a hole in the firewall), then you should switch to VPN access or, if you don't want a VPN.. then to Outlook over RPC (Outlook Anywhere on Exchange '07).
It just seems a shame to have the power of Exchange available and having to drop back to POP for this one user when there are othe options open to you!
I hope this helps.. please feel free to reply with to correct me if I've misunderstood anything in your existing setup or requirement... over to you!
If you don't want to change from your current access mehod, create a DNS 'A' record pointing to the IP address he's accessing.. i.e. mailgate.example.com and configure his Outlook to point at that. Internally, create a DNS Forward Lookup Record for mailgate.example.com that points to the internal address of that machine. That way, when he's internal, he'll be using internal DNS and his machine will still be looking at the correct place. when external, he'll use the Internet DNS and get the external IP address.
Or.. and I really can't stress enough that (if he is currently accessing via a hole in the firewall), then you should switch to VPN access or, if you don't want a VPN.. then to Outlook over RPC (Outlook Anywhere on Exchange '07).
It just seems a shame to have the power of Exchange available and having to drop back to POP for this one user when there are othe options open to you!
I hope this helps.. please feel free to reply with to correct me if I've misunderstood anything in your existing setup or requirement... over to you!
ASKER
Recap: Laptop users us using pop3 to download mail from 3rd party. When Exchange will be introduced all mail for BandB,com will be received via Exchange. The laptop user will not be part of the domain but I need to make mail accessible to him. Internally the domain is called (example) bb.com. So how & what type of record is created to allow the remote user to connect to Exchange POP3 mail server with external IP configured in his Outlook when the user is internal & behind the firewall? Remember that internal domain name is different than external domain name.
My comment about the DNS forward lookup will still work, so this is the answer (don't think IP addresses.. think of pointing at a server name).
However, my question is WHY you want to use POP mail when you could simply give them the power of a full Exchange using VPN or Outlook over RPC? You've not yet explained if and why this isn't an option for you? Don't forget, his laptop doesn't need to be a domain member to use exchange email.
the answer from above, ref the solution to internal / external resolution >> "If you don't want to change from your current access mehod, create a[n Internet] DNS 'A' record [via your ISP] pointing to the IP address [of the external Exchange POP server] he's accessing.. i.e. mailgate.example.com and configure his Outlook to point at that. Internally, create a DNS Forward Lookup Record for mailgate.example.com that points to the internal address of that machine [it shouldn't matter what the actual internal domain name is]. That way, when he's internal, he'll be using internal DNS and his machine will still be looking at the correct place. when external, he'll use the Internet DNS and get the external IP address."
over to you!
However, my question is WHY you want to use POP mail when you could simply give them the power of a full Exchange using VPN or Outlook over RPC? You've not yet explained if and why this isn't an option for you? Don't forget, his laptop doesn't need to be a domain member to use exchange email.
the answer from above, ref the solution to internal / external resolution >> "If you don't want to change from your current access mehod, create a[n Internet] DNS 'A' record [via your ISP] pointing to the IP address [of the external Exchange POP server] he's accessing.. i.e. mailgate.example.com and configure his Outlook to point at that. Internally, create a DNS Forward Lookup Record for mailgate.example.com that points to the internal address of that machine [it shouldn't matter what the actual internal domain name is]. That way, when he's internal, he'll be using internal DNS and his machine will still be looking at the correct place. when external, he'll use the Internet DNS and get the external IP address."
over to you!
ASKER
The reason to use POP3 is since I am not supposed to store permanently this users mail on our server. I still do not understand what type of record I am creating on my internal dns. A record? CNAME? (details please) & how do I overcome issue with the fact that my internal domain name is different than my external domain name with regards to creating the internal dns record?
Dns record on my isp is not an issue & was done long ago & works.
Dns record on my isp is not an issue & was done long ago & works.