• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 798
  • Last Modified:

Outlook Anywhere and Internal Users

I'm in the process of building a new Exchange 2007 environment.  I have enabled Outlook Anywhere in my Exchange 2007 environment and have setup the appropriate internal and external URLs.   I have separate CAS, HT, and Mailbox servers.  

How are internal domain users supposed to be configured in Outlook?  Using Outlook Anywhere (RPC over HTTPS) and connecting to the CAS serves or should they be using MAPI and connecting directly to the mailbox server?

Currently when I configure Outlook 2007 on a domain connected workstation, the AutoDiscover process configures the Outlook profile to connect using Outlook Anywhere (RPC over HTTPS).  Is this correct?
0
cobrian
Asked:
cobrian
2 Solutions
 
Dave_Angel_PortsmouthCommented:
Personally, i use RPC over HTTPs internally and externally, it means having less ports open and therefor more secure.

If you have no need to use MAPI, i'd turn it off all together. There is a good artical on how to turn it off here:
http://msexchangeteam.com/archive/2005/07/27/408274.aspx

The only issue i can see you having is you will have to maintain a split DNS so that your certificates will work, but this is fairly straight forward.
0
 
tigermattCommented:

Autodiscover uses an internal Service Connection Point (SCP) in the domain to locate all the authoritative autodiscover URLs on the network. Outlook then connects to one of these Exchange Servers defined by the URL and locates the correct mailbox for the user. It also configures RPC/HTTPS so it works externally.

Internally, MAPI will probably still be used; I would expect Exchange to configure Outlook in this fashion. However, Outlook Anywhere is also configured as part of the process, so that user's machine (particularly if it is a laptop or portable device) will work immediately when connected up outside the network.

Since MAPI is still used internally it would therefore be counter-productive to disable MAPI as the previous poster suggested, because that would require every Outlook client being reconfigured away from the default Exchange/Autodiscover setting in order for it to connect to Exchange.

In short, the behaviour you are seeing is fine and how things should be working.

-Matt
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now