Remote Client Access for Exchange 2003

stevenvanheerden
stevenvanheerden used Ask the Experts™
on
Hi there

I have just installed Windows Server 2003 SBE with Exchange 2003.
I have also updated the server with SP1 and relevant updates.

Everything is working fine and the server is running smooth.

I need to know however, how can I configure this exchange to be available to people working on laptops outside the local area network?

I need the outlook to connect directly to the exchange.

Thanks a lot
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Adrian CantrillSolutions Architect

Commented:
With that version of windows you may be better configuring 2003 to act as a VPN server and then allowing remote people to connect over a secure tunnel to the exchange server

http://articles.techrepublic.com.com/5100-10878_11-6155394.html
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Assuming that you mean Windows 2003 Small Business Server (which has Exchange 2003 installed, not Exchange 6.5), then please have a read of the following and configure RPC over HTTPs
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm 
Make sure your certificate is named correctly, such as mail.yourdomain.com or better still, buy a 3rd party one from somewhere like GoDaddy otherwise you will have to install the SBS certificate onto each and every laptop / PC you want to connect to your server.

OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Commented:
if this exchange for internal use only (i.e authoritave for a domain different than company domain) and not connected to the internet and does not has internet mx records, then you can use either vpn or publish it by opining incoming pop3, smtp ports and map it to your local exchange server ip,
kevinhsiehNetwork Engineer

Commented:
RPC over HTTPS is the way to go as Alan said. Laptops users can just start Outlook, enter in their username.password, and connect. No VPN or other fussing around. On Outlook 2007 and Exchange 2007, I don't even need to enter in the password if I am logged into the laptop with valid credentials. I don't know if that needs Outlook 2007, Exchange 2007, or both to take advantage of the single sign on.

Author

Commented:
hi Alan

thanks for your help so far.
according to the link, the only steps i still have to do is to create the certificate on this server and configure outlook.

i'm struggling a bit with the certificate. when i go to the part to create the new certificate i dont have the option to create a new one. (See Attached)

i have a certificate already available though that i can export, but i dont know how to see if it uses port 443

do you know how i can get around this one?

thanks so far.
ISS.JPG

Author

Commented:
hi Guys

do yo u have any suggestions for me please....i'm almost there, just the last bit to do still.

thanks
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Sorry - missed the last email notif as I was up to my eyes in FTMG fun :)
With SBS - just re-run the Connect To The Internet Wizard and get that to create a new Certificate.
Start> SBS Management> To-Do List> Connect To The Internet.
Change nothing apart from the Certificate part and make sure you use something like mail.yourdomain.com or www.yourdomain.com (something that resolves in DNS to your server.

Author

Commented:
hi Alan

No worries. i have done the new certificate and have used the dyndns account that i use for remote access in the new certificate setup. it still gave me no option to specify port 443.
by sounds of things it seems like SBS does everything automatically - sp i'm not sure if i must worry about this.

i will test the outlook 2003 tomorrow and will get back to you on that.

thanks a lot so far - u have been most helpful!
Alan HardistyCo-Owner
Top Expert 2011

Commented:
You are welcome - here if you need me.
Alan

Author

Commented:
hi Alan

I'm still not getting this right.
i have run the connect to the internet wizard again and created a new certificate which i have exported and installed on the laptop connecting remotely.
i use a dyndns account to resolve my dynamic ip from the ISP. it works fine for remote desktop.
so i just created that address in the certificate.
i have also opened port 443 on the router to forward to the ip address of the exchange server.(not sure if i should open port 80 as well?
the other thing i noticed is that if i go to my browser and type in https://mydomain.dyndns.info, i get to the server and it displays a welcome to the windows small business server "home page"
i'm also not to sure what to put in at the https: adress under exchange proxy settings page, wil this be my dyndns name?

hope all this makes sense to you...

thanks

steven

Author

Commented:
hi  Alan

hope you can assist me further here with this issue.
i'm not completely coming right here.

thanks so far
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - sounds like you are making good progress.
Please visit https://testexchangeconnectivity.com and run the Outlook Anywhere (RPC over HTTP) test and then post the results.
Alan

Author

Commented:
Hi Alan

ok here it is

      ExRCA is testing RPC/HTTP connectivity.
       The RPC/HTTP test failed.
       
      Test Steps
       
      Attempting to resolve the host name autohaus.dyndns.info in DNS.
       Host successfully resolved
       
      Additional Details
       IP(s) returned: 41.145.145.51
      Testing TCP Port 443 on host autohaus.dyndns.info to ensure it is listening and open.
       The port was opened successfully.
      ExRCA is testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The certificate name is being validated.
       Successfully validated the certificate name
       
      Additional Details
       Found hostname autohaus.dyndns.info in Certificate Subject Common name
      Certificate trust is being validated.
       Certificate trust validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       The certificate chain did not end in a trusted root. Root = CN=autohaus.dyndns.info, CN=companyweb, CN=cahsrv, CN=localhost, CN=cahsrv.Autohaus.local
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Okay - forgot you have a self-certified cert - that test won't work!  Sorry.
So - your certificate is named properly. Are you using autohaus.dyndns.info in the proxy settings withing Outlook?
Also, which version of Outlook do you have?

Author

Commented:
Hi Alan

ok, so i think my certificate is correctly named: it has the correct info when i view it under IIS, and that is the certificate i exported and installed on the client pc.

in outlook at the exchange proxy settings i have put in autohaus.dyndns.info yes...

it just bothers me a bit tat it has a prefix "https://"

its Outlook 2003 Pro
Co-Owner
Top Expert 2011
Commented:
It is and you have installed it correctly - I checked remotely ; )
The prefix is fine as it will be using the SSL cert.
So - have you installed the certificate on the local PC okay?
You need to install it via IIS and click on Tools, Internet Options, Content Tab, Certificates Button, Trusted Root Certificates Tab, Import, Next, Browse to the Certificate you exported from IIS, Next, Choose "Place all Certificates in the following Store", then click on the Browse Button, Make Sure you tick the Show Physical Stores button and then Choose Trusted Root Certification Authorities, then the Registry, click OK, click next, then Finish.  You will then have to confirm the installation.
Then test the Outlook Configuration.

Author

Commented:
Hi Alan

Eureka! got it!

thanks a lot for your help with this.
seems like i had the certificate installed in the wrong directory on the client pc.

Cheers

Steven

Author

Commented:
Great Help thanks Alan
Alan HardistyCo-Owner
Top Expert 2011

Commented:
Great news - glad you are sorted now.  Certs can be tricky little fellas to install in the right place.
Enjoy remote mail now : )
Thanks for the points.
Alan

Author

Commented:
Pleasure!

Cheers...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial