Solved

Outlook Anywhere and Internal Users

Posted on 2009-05-05
3
776 Views
Last Modified: 2012-05-06
I'm in the process of building a new Exchange 2007 environment.  I have enabled Outlook Anywhere in my Exchange 2007 environment and have setup the appropriate internal and external URLs.   I have separate CAS, HT, and Mailbox servers.  

How are internal domain users supposed to be configured in Outlook?  Using Outlook Anywhere (RPC over HTTPS) and connecting to the CAS serves or should they be using MAPI and connecting directly to the mailbox server?

Currently when I configure Outlook 2007 on a domain connected workstation, the AutoDiscover process configures the Outlook profile to connect using Outlook Anywhere (RPC over HTTPS).  Is this correct?
0
Comment
Question by:cobrian
3 Comments
 
LVL 2

Accepted Solution

by:
Dave_Angel_Portsmouth earned 250 total points
Comment Utility
Personally, i use RPC over HTTPs internally and externally, it means having less ports open and therefor more secure.

If you have no need to use MAPI, i'd turn it off all together. There is a good artical on how to turn it off here:
http://msexchangeteam.com/archive/2005/07/27/408274.aspx

The only issue i can see you having is you will have to maintain a split DNS so that your certificates will work, but this is fairly straight forward.
0
 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 250 total points
Comment Utility

Autodiscover uses an internal Service Connection Point (SCP) in the domain to locate all the authoritative autodiscover URLs on the network. Outlook then connects to one of these Exchange Servers defined by the URL and locates the correct mailbox for the user. It also configures RPC/HTTPS so it works externally.

Internally, MAPI will probably still be used; I would expect Exchange to configure Outlook in this fashion. However, Outlook Anywhere is also configured as part of the process, so that user's machine (particularly if it is a laptop or portable device) will work immediately when connected up outside the network.

Since MAPI is still used internally it would therefore be counter-productive to disable MAPI as the previous poster suggested, because that would require every Outlook client being reconfigured away from the default Exchange/Autodiscover setting in order for it to connect to Exchange.

In short, the behaviour you are seeing is fine and how things should be working.

-Matt
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now