applicationserver2003

MicrosoftExchangeServer2003ClientAccessGuideMicrosoftCorporationPublished:December12,2006Author:ExchangeServerDocumentationTeamAbstractThisguideprovidesinformationaboutworkingwithMicrosoftExchangeServer2003andclientaccess.
ItdescribesthenewfeaturesforExchange2003andOfficeOutlook2003,inadditiontoimprovementsinOutlookWebAccess2003.
CommentsSendfeedbacktoexchdocs@microsoft.
com.
ContentsExchangeServerClientAccessGuide11IntroductiontotheExchangeServer2003ClientAccessGuide11WhoShouldReadThisGuide11HardwareRequirements12SoftwareRequirements12UnderstandingExchangeServer2003ClientAccess12NewFeaturesforExchange2003andOutlook200313ExchangeServerAccessThroughtheInternet(RPCoverHTTP)13SynchronizationImprovements13NewDataFileType(.
pst)13KerberosAuthenticationProtocol14CachedExchangeMode14ImprovementsinOutlookWebAccess200314MobileServicesforExchange18ExchangeActiveSync18OutlookMobileAccess18UnderstandingOutlookMobileAccessSecurityRequirements19ForMoreInformation19PlanningYourExchangeClientAccessInfrastructure19ConfiguringExchangeServer2003forClientAccess20SecuringYourExchangeMessagingEnvironment20UpdatingYourServerSoftware21SecuringtheExchangeMessagingEnvironment21SecuringCommunications22HowtoUseSSLtoSecuretheCommunicationsBetweentheClientMessagingApplicationsandtheExchangeFront-EndServer26BeforeYouBegin26Procedure26HowtoSetUpSSLonaServer27BeforeYouBegin27Procedure27HowtoObtainaServerCertificatefromaCertificationAuthority28BeforeYouBegin28Procedure28HowtoAddCertificateManagertoMicrosoftManagementConsole29Procedure29HowtoBackUpYourServerCertificate29BeforeYouBegin30Procedure30ForMoreInformation30HowtoConfigureVirtualDirectoriestoUseSSL31BeforeYouBegin31Procedure31EnablingSSLfortheDefaultWebSite32SecuringCommunicationsBetweenExchangeFront-EndServerandOtherServers32UsingIPSectoEncryptIPTraffic32DeployingtheExchangeServerArchitecture33ConfiguringanExchangeFront-EndServer33HowtoDesignateaFront-EndServer34BeforeYouBegin34Procedure34ForMoreInformation35ConfiguringExchangeforClientAccess35ConfiguringOutlook2003Features35ConfiguringRPCoverHTTPforOutlook200336ConfiguringMobileDeviceSupport36ConfiguringSynchronization36ConfiguringExchangeActiveSynctoUseRSASecurID36ConfiguringDevicestoUseExchangeActiveSyncFeatures37ConfiguringExchangeActiveSync37AddingaRootCertificatetoaWindowsMobile-based5.
0Device37HowtoUseRSASecurIDwithExchangeActiveSync38Procedure38ForMoreInformation39HowtoVerifyACE/AgentisConfiguredtoProtecttheEntireWebServer40BeforeYouBegin40Procedure40ForMoreInformation40HowtoLimitSecurIDAuthenticationtotheMicrosoft-Exchange-ActiveSyncVirtualDirectory41BeforeYouBegin41Procedure41ForMoreInformation42HowtoConfigureCustomHTTPResponsesforDevices42BeforeYouBegin42Procedure42HowtoConfigureaMobileDevicetoUseExchangeActiveSync43Procedure43ForMoreInformation43HowtoSpecifyaMobileOperatorforUp-to-DateNotificationsonaDevice44BeforeYouBegin44Procedure44ForMoreInformation45HowtoEnableandDisableExchangeActiveSyncFeaturesattheOrganizationalLevel45Procedure45ForMoreInformation46HowtoEnableandDisableExchangeActiveSyncFeaturesattheUserLevel46BeforeYouBegin46Procedure46ForMoreInformation47ConfiguringOutlookWebAccess47SettingUpaLogonPage47EnablingForms-BasedAuthentication48SettingtheCookieAuthenticationTime-Out48ConfiguringClientSecurityOptionsforUsers49OutlookWebAccessCompression49RequirementsforOutlookWebAccessCompression50SimplifyingtheOutlookWebAccessURL50HowtoEnableForms-BasedAuthentication51BeforeYouBegin51Procedure51ForMoreInformation52HowtoSettheOutlookWebAccessForms-BasedAuthenticationPublicComputerCookieTime-OutValue52BeforeYouBegin53Procedure53ForMoreInformation53HowtoSettheOutlookWebAccessForms-BasedAuthenticationTrustedComputerCookieTime-OutValue54BeforeYouBegin54Procedure54ForMoreInformation55HowtoEnableOutlookWebAccessDataCompression55BeforeYouBegin56Procedure56ForMoreInformation56HowtoSimplifytheOutlookWebAccessURL57BeforeYouBegin57Procedure57ForMoreInformation58ConfiguringPOP3andIMAP4VirtualServers58HowtoEnableaPOP3,IMAP4,orNNTPVirtualServer58Procedure58ForMoreInformation59HowtoStart,Pause,orStopaVirtualServer59Procedure59ForMoreInformation60ConfiguringOutlookMobileAccess60ConfiguringYourExchange2003Front-EndServerforOutlookMobileAccess60EnablingOutlookMobileAccessontheExchangeServer60InstructingUserstoUseaMobileConnectiontoOutlookUsingOutlookMobileAccess61HowtoEnableorDisableOutlookMobileAccessattheOrganizationalLevel61Procedure61ForMoreInformation62HowtoEnableorDisableOutlookMobileAccessattheUserLevel62BeforeYouBegin62Procedure62ForMoreInformation63HowtoAccessExchangeDataUsingOutlookMobileAccess63Procedure63ForMoreInformation64ManagingClientAccesstoExchangeServer200364ManagingProtocols64EnablingaVirtualServer65AssigningPortsandanIPAddresstoaVirtualServer66SettingConnectionLimits67Starting,Pausing,orStoppingaVirtualServer67DisconnectingUsers68HowtoAssignPortsandIPAddressestoVirtualServers68BeforeYouBegin68Procedure69ForMoreInformation69HowtoSetConnectionLimits70BeforeYouBegin70Procedure70ForMoreInformation71HowtoDisconnectUsersfromaVirtualServer71Procedure71ForMoreInformation71ManagingCalendaringOptionsforthePOP3andIMAP4VirtualServers71HowtoConfigureCalendaringOptionsforaPOP3orIMAP4VirtualServer72BeforeYouBegin72Procedure73ForMoreInformation73ManagingtheHTTPVirtualServer74HowtoCreateaNewHTTPVirtualServer74BeforeYouBegin75Procedure75ForMoreInformation75ManagingtheExchangeVirtualServer75WorkingwithIMAP4-SpecificSettings75HowtoEnableFastMessageRetrievalforanIMAP4VirtualServer77Procedure77ForMoreInformation78HowtoIncludeAllPublicFoldersWhenaFolderIsRequestedonanIMAP4VirtualServer79Procedure79ForMoreInformation80ConfiguringNNTPPostingLimitsandModerationSettings80HowtoConfigurePostingLimitsandModerationSettingsforanNNTPVirtualServer81BeforeYouBegin81Procedure82ForMoreInformation83ManagingOutlookWebAccess83EnablingandDisablingOutlookWebAccessforInternalClientsOnly84UsingBrowserLanguageSettings84BlockingWebBeacons85ConfiguringAttachmentHandling86BlockingAttachments86HowtoEnableOutlookWebAccessforInternalClientsOnly87Procedure87ForMoreInformation88HowtoDisableOutlookWebAccessforSpecificUsers88Procedure88ForMoreInformation88HowtoModifytheDefaultBrowserLanguageSettingsforOutlookWebAccess89BeforeYouBegin90Procedure90ForMoreInformation90HowtoDisableBlockingofWebBeacons90BeforeYouBegin91Procedure91ForMoreInformation91HowtoModifyAttachmentHandlingSettings91BeforeYouBegin92Procedure92ForMoreInformation93SpecifyingFront-EndServersThatAllowforAttachmentHandling93HowtoSpecifytheFront-EndServersThatAllowforAttachmentHandling93BeforeYouBegin93Procedure94ForMoreInformation94FilteringJunkE-MailMessages95ManagingMobileServices95ManagingExchangeActiveSync95EnablingUp-to-DateNotificationsforYourOrganization96HowtoEnableorDisableExchangeActiveSyncforYourOrganization97BeforeYouBegin97Procedure98ForMoreInformation98HowtoConfiguretheExchangeActiveSyncUp-to-DateNotificationsFeature98Procedure98ForMoreInformation99HowtoEnableUp-to-DateNotificationsforYourOrganization99Procedure99ForMoreInformation100HowtoEnableandDisableUp-to-DateNotificationsattheUserLevel100Procedure100ForMoreInformation101HowtoConfigureaMobileCarrierWhenUsingUp-to-DateNotifications101Procedure102ForMoreInformation102HowtoSettheEnableNotificationstoUser-SpecifiedSMTPAddressOptionforYourOrganization102Procedure102ForMoreInformation103ManagingOutlookMobileAccess103ConfiguringExchangetoUseOutlookMobileAccess103EnablingOutlookMobileAccessforYourOrganization104Copyright104ExchangeServerClientAccessGuideThisguideprovidesinformationaboutworkingwithMicrosoftExchangeServer2003andclientaccess.
ItdescribesthefeaturesforExchangeServer2003andMicrosoftOfficeOutlook2003,inadditiontoimprovementsinOutlookWebAccess2003.
Itcontainsconfigurationinformation,suchashowtosecureyourmessagingenvironment,deploytheserverarchitecture,andconfigureExchangeserversforyoursupportedclientaccessmethods.
Thisguidealsodescribeshowtomanageprotocols,ExchangeVirtualServer,OutlookWebAccess,ExchangeActiveSync,andOutlookMobileAccess.
Note:DownloadMicrosoftExchangeServer2003ClientAccessGuidetoprintorreadoffline.
IntroductiontotheExchangeServer2003ClientAccessGuideThisguideprovidesessentialinformationaboutworkingwithMicrosoftExchangeServer2003andclientaccess.
ThisguidedescribesthefeaturesforExchange2003andMicrosoftOfficeOutlook2003,inadditiontoimprovementsinMicrosoftOfficeOutlookWebAccess2003.
Itcontainsconfigurationinformation,suchashowtohelpsecureyourmessagingenvironment,deploytheserverarchitecture,andconfiguretheExchangeserversforyoursupportedclientaccessmethods.
Finally,thisguidedescribeshowtomanageprotocols,theExchangeVirtualServer,OutlookWebAccess,ExchangeActiveSync,andMicrosoftOutlookMobileAccess.
WhoShouldReadThisGuideAnyonewithatechnicalbackgroundcanbenefitfromreadingthisguide;however,itisdesignedtoproducemaximumbenefitsforthefollowingprofessionals.
SystemsArchitectsThoseindividualsresponsibleforplanningandcraftingoverallbusinessstrategiesandsolutionsEnterpriseExchangeAdministratorsThoseindividualsresponsibleforinstallation,maintenance,andadministrationofsoftwareintheenterpriseExchangeUserAccountManagersThoseindividualsresponsibleforsettingupindividuale-mailaccountsandmodifyingindividualExchangeaccountsintheMicrosoftActiveDirectorydirectoryserviceMessagingSupportStaffThoseindividualswhospecializeintroubleshootingthecausesofproblemsthatend-usershavewiththeirmessagingenvironmentHelpdeskOperatorsThoseindividualswhohelpend-userswithavarietyofhardwareandsoftwareissues,includingsimplemessagingissuesHardwareRequirementsYouneedthefollowinghardwaretodotheproceduresinthisguide.
ThislistdoesnotincludeyourgeneralExchangeservers,storagehardware,andsoon.
Itincludesonlysecurity-specifichardwarerequirements:Twofirewalls(orrouters)RSASecurIDPINgenerators(foreachmobileclient)Aminimumofonefront-endserverrunningInternetSecurityandAcceleration(ISA)ServerSoftwareRequirementsYouneedthefollowingsoftwaretodotheproceduresinthisguide:MicrosoftExchangeServer2003EnterpriseEditionMicrosoftInternetSecurityandAcceleration(ISA)ServerMicrosoftWindows2000AdvancedServerRSASecurIDServerversion1.
xUnderstandingExchangeServer2003ClientAccessExchange2003providesuserswithincreasedclientmessagingfunctionality.
Exchange2003buildsonthetechnologiesofearlierversionsofExchangeandnowincludesseveralsignificantmessagingcapabilities.
NewforExchange2003arethefollowing:MicrosoftOfficeOutlook2003cachedmodeOutlook2003usingRPCoverHTTPMobiledevicesupportusingOutlookMobileAccessandExchangeActiveSyncImprovedOutlookWebAccessforExchange2003Thenewandimprovedclientsenableyoutoprovideyouruserswithasimplifiedremoteaccess,moreaccessoptions,andanimproveduserexperience.
NewFeaturesforExchange2003andOutlook2003ThefollowingsectionsdescribethenewfeaturesinExchange2003andOutlook2003thatmakeyourmessagingandinformationmanagementtaskseasiertoperform.
ExchangeServerAccessThroughtheInternet(RPCoverHTTP)OutlookcannowconnecttoExchange2003throughtheInternetwithouttheneedtouseslowandsometimesunavailablevirtualprivatenetwork(VPN)connections.
ThisfeatureenablesyoutoaccessyourExchange2003accountfromtheInternetwhenyouareworkingoutsideyourorganization'sfirewallwithoutanyspecialconnectionsorhardware,suchassmartcardsandsecuritytokens.
FormoreinformationaboutconfiguringExchange2003touseRPCoverHTTP,seeExchangeServer2003RPCoverHTTPDeploymentScenarios.
SynchronizationImprovementsToreducetheamountofinformationthatissentbetweentheOutlook2003clientandExchange2003servers,Exchange2003performsdatacompression.
Exchange2003alsoreducesthetotalrequestsforinformationbetweentheclientandserver,therebyoptimizingthecommunicationbetweentheclientandtheserver.
NewDataFileType(.
pst)Outlookintroducesanewfileformatforpersonalfolder(.
pst)filesthatoffersgreaterstoragecapacityforitemsandfoldersandsupportformultilingualUnicodedata.
Note:AfilecreatedwiththenewOutlook.
pstfileformatisnotcompatiblewithearlierversionsofOutlook.
ForcompatibilitywithearlierversionsofOutlook,createfilesbyusingthe.
pstfileformatforOutlook97throughOutlook2002.
Outlook2003canviewandcreatefilesofeithertype.
KerberosAuthenticationProtocolExchange2003allowsOutlook2003clientstoauthenticatetoExchange2003serversbyusingKerberosauthentication.
CachedExchangeModeTheadditionofCachedExchangeMode,combinedwiththesynchronizationandoptimizationimprovements,significantlyenhancestheremoteend-user'sexperiencewithOutlook.
Forexample,inearlierversionsofOutlook,dialogboxeswoulddisplayrequestsforinformationfromanExchangeserver;however,inOutlook2003,theserequestsnolongerappearonauser'sOutlookclientbecausetheuserworksprimarilyfromtheirlocalExchangemailboxdatafile(thisfunctionalityalsoreducesthetotalloadonyourExchangeservers).
Moreimportantly,ifnetworkconnectivityislostbetweentheOutlookclientandthenetwork,Outlook2003willoperatewithoutinterruption.
ImprovementsinOutlookWebAccess2003ThenewversionofOutlookWebAccessinExchange2003containsimprovementssuchasforms-basedauthentication,rules,spellchecking,andtheabilitytosendandreceivedigitallysignedandencryptede-mailmessages.
TheuserinterfacehasalsobeenredesignedtoprovideauserexperiencethatissimilartothatprovidedwithOutlook2003,includingrightpreviewpaneandimprovednavigationpane.
OutlookWebAccessforExchange2003canperformfaster,especiallyoverslowconnections,andthereforewillbemoreresponsivetouserinteractions.
ThefollowingsectionsbrieflydescribessomeofthenewfeaturesforOutlookWebAccessforExchange2003.
BytesoverthewireThespeedofOutlookWebAccesshasbeenimprovedbyreducingtheamountofinformationthatmusttravelfromtheservertothebrowser.
Fewerbytesaresentoverthewirefromservertobrowser.
However,beawarethatthelogonprocessinvolvesmorebytesthanthelogonprocessinOutlook2003.
CompressionsupportAdministratorscanconfigurecompressionsupportforOutlookWebAccess,whichimprovesperformanceonslownetworkconnectionsandprovidesincreasedperformanceformostactionsonslownetworkconnections.
OutlookWebAccesscompressionworksbycompressingeitherstaticordynamicorbothtypesofWebpages,dependingonthecompressionsettingyouareusing.
YoucanenablecompressionfromExchangeSystemManager.
Forms-basedauthenticationYoucanenableanewlogonpageforOutlookWebAccessthatwillstoretheuser'snameandpasswordinacookieinsteadofinthebrowser.
Whenauserclosesthebrowser,thecookieiscleared.
Additionally,afteraperiodofinactivity,thecookieisclearedautomatically.
Thenewlogonpagerequiresuserstoentertheirdomain,username,andpassword,ortheirfulluserprincipalname(UPN)e-mailaddressandpassword.
ToenabletheOutlookWebAccesslogonpage,youmustenableforms-basedauthenticationontheserver.
S/MIMEsupportSecure/MultipurposeInternetMailExtensions(S/MIME)increasesthesecurityofInternete-mailbyenablingdigitalsigningofmessages,inadditiontomessageencryption.
Digitalsignaturesprovideauthentication,non-repudiation,anddataintegrity.
Messageencryptionprovidesconfidentialityanddataintegrity.
OutlookWebAccessinExchange2000didnotsupportsignedandencryptede-mail.
Now,withthenewMicrosoftOutlookWebAccessS/MIMEActiveXcontrol,userscandigitallysignandencrypte-mailmessages.
TheS/MIMEcontrolworkswithanyX.
509v3-basedpublickeyinfrastructure(PKI)toprovidethesigningandencryptioncapabilities.
FormoreinformationaboutS/MIMEsupportinOutlookWebAccess,seeWhat'sNewinExchangeServer2003.
Theimprovementsinfeatures,functionality,andperformancemayaffectdecisionsaboutwhichclientyourusersshouldprimarilyusetoaccesstheirExchangeinformation.
Inremotesites,OutlookWebAccessmaybetheprimarychoice,whichisaconsiderationwhenplanningWANconnectionsandserverplacement.
OutlookWebAccessversionsExchange2003nowincludestwoversionsofOutlookWebAccess:OutlookWebAccessPremiumOutlookWebAccessPremiumisdesignedforMicrosoftInternetExplorer5.
01orlater.
OutlookWebAccessPremiumcontainsalltheOutlookWebAccessfeatures,includingthenewenhancedfeaturesforExchange2003.
Note:MicrosoftInternetExplorer6isrequiredforsomefeatures.
OutlookWebAccessBasicOutlookWebAccessBasicisdesignedtoworkinbrowsersthatsupporttheHTML3.
2andtheEuropeanComputerManufacturersAssociation(ECMA)scriptstandards.
ItprovidesasubsetofthefeaturesavailableinOutlookWebAccessPremium.
IncreasedbrowsersupportThefollowingtableshowsthenewlevelofbrowsersupportfortheoperatingsystemsofferedbyOutlookWebAccessforExchange2003.
BrowsersupportforOutlookWebAccessforMicrosoftoperatingsystemsWindows98SecondEditionWindowsMEWindows2000WindowsXPWindowsServer2003InternetExplorer5.
1B,PNoneB,PNoneNoneInternetExplorer5.
5SP2B,PB,PB,PNoneNoneInternetExplorer6B,PB,PB,PB,PNoneInternetExplorer6SP1B,PB,PB,PB,PB,PMSNversion8andlaterNoneNoneNoneB,PB,PNetscapeNavigator4.
8BBBBBNetscapeNavigator7BBBBBKey:B-BasicversionofOutlookWebAccesssupportedB,P-BoththeBasicandPremiumversionsofOutlookWebAccessaresupportedNone-NeithertheBasicnorPremiumversionsofOutlookWebAccessaresupportedThefollowingtableshowstheleveloffunctionalityfortheoperatingsystemsandbrowsersforOutlookWebAccess.
BrowsersupportforOutlookWebAccesswithotheroperatingsystemsBrowserAppleOS9.
xAppleOS10.
1andlaterSunMicrosystemsSolarisHP/UXInternetExplorer5.
0andlaterforAppleBBN/AInternetExplorer5.
5SP2NoneNoneNoneInternetExplorer6NoneNoneNoneInternetExplorer6SP1NoneNoneNoneMSNversion8andlaterNoneNoneNoneNetscapeNavigator4.
8BBBNetscapeNavigator6.
2BBBNetscapeNavigator7BBBKey:B-BasicversionofOutlookWebAccesssupportedB,P-BoththeBasicandPremiumversionsofOutlookWebAccessaresupportedNone-NeithertheBasicnorPremiumversionsofOutlookWebAccessaresupportedAdditionally,supportforthefollowingbrowsersandoperatingsystemshasbeendiscontinuedforExchange2003:MicrosoftInternetExplorer4.
5InternetExplorer5onallversionsofMicrosoftWindowsInternetExplorer5forUNIX6.
0InternetExplorer4.
57forAppleOS9andlaterMicrosoftWindows95MicrosoftWindows98MicrosoftWindowsNT4.
08AppleOS8.
17Forinformationabout:ComparingmessagingfeaturesinOutlookWebAccess(PremiumandBasic)withearlierversionsofOutlook,seeComparingOfficeOutlookWebAccesstoEarlierVersions.
ThenewfeaturesforOutlookWebAccess,seeWhat'sNewinExchangeServer2003.
ConfiguringandmanagingOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessMobileServicesforExchangeExchangeServer2003supportsmobileaccessbyusingthesynchronizationandbrowsecapabilitiesofmobiledevices.
YoucandeploymobileservicestoenableyouruserstoaccesstheirExchangeinformationfrommobiledevicessuchastheMicrosoftPocketPC2002PhoneEditiondevice,oranymobiledevicewithamobilebrowser.
ForinformationaboutconfiguringandmanagingmobileservicesforExchange,seethefollowingtopics:ConfiguringMobileDeviceSupportManagingMobileServicesExchangeActiveSyncExchange2003nowincludestheabilitytousePocketPC2002devicestosynchronizeExchangedatawithMicrosoftExchangeActiveSync.
Bydefault,whenyouinstallExchange,allyourusersareenabledforsynchronization.
BysynchronizingadevicetoanExchangeserver,youruserscanaccesstheirExchangeinformationwithouthavingtobealwaysconnectedtoamobilenetwork.
Specifically,userscanusetheirmobilecarrierconnectiontosynchronizetheirExchangeinformationtotheirPocketPCPhoneEditionorSmartphonedeviceandthenaccessthisinformationwhileoffline.
OutlookMobileAccessExchange2003nowincludestheMicrosoftOfficeOutlookMobileAccessapplication,whichenablesuserstousemobiledevicestoaccesstheire-mail,Contacts,Calendar,andTasksfolders.
OutlookMobileAccesscanbeusedwithamobiledevicethathasamobilebrowser.
Themobilebrowsermustsupportoneofthefollowingmarkuplanguages:HTML,xHTML,orcHTML.
TodeployyourExchangeservertouseOutlookMobileAccess,followthesamestepsinvolvedindeployinganExchangeservertouseOutlookWebAccess.
UnderstandingOutlookMobileAccessSecurityRequirementsWhenyouenableOutlookMobileAccessforyourusers,asecurityissueexistswhenusingMobileOperatorsthatuseWirelessApplicationProtocol(WAP)1.
xgateways.
ThesegatewaystranslatesecuretrafficfromInternetprotocolstowirelessprotocols.
Becauseofthistranslation,aWAP1.
xgatewaystopsaSecureSocketsLayer(SSL)sessionoverTCP/IP,re-encryptsthedatausingWirelessTransportLayerSecurity(WTLS),andthensendstheinformationoverthewirelessnetworkusingWirelessSessionProtocol(WSP).
DuringthistranslationattheWAPgateway,alldatawillbebrieflyunencryptedasitisdecryptedfromtheSSLsessionandre-encryptedagainaspartoftheWTLSsession.
ThissecurityissueaffectsyourmessaginginfrastructureifyourcorporationisnothostingyourownWAPgatewayintheperimeternetwork.
OutlookMobileAccessforExchange2003supportsWAP2.
0devicesonly.
However,thisdoesnoteliminatethepossibilityofcertaindevicesbeingabletouseaWAP1.
xgateway.
Therefore,thesecurityissueexistswheneveraWAP2.
0device,thatcanuseaWAP1.
xgateway,usesaMobileOperatorwithWAP1.
xgatewaysdeployed.
Toresolvethisissue,youcanpurchaseandinstallyourowncorporateWAPgateway.
ThissolutionrequiresthatyousituateaWAPgatewayintheperimeternetworkandlimityourmobileuserstousethisgatewayalone.
Alternatively,youcanchoosetoprovideonlyWAP2.
0devicesthatuseonlycarriersthathaveWAP2.
0gatewaysdeployed.
WAP2.
0gatewaysallowSSLsessionstobepassedthroughdirectlytoWAP2.
0devicesthatsupportSSLwithoutdecryptingandre-encryptingthesession.
ForMoreInformationFordetailedinformationaboutmobiledevices,seeStep-by-StepGuidetoDeployingWindowsMobile-basedDeviceswithMicrosoftExchangeServer2003SP2.
PlanningYourExchangeClientAccessInfrastructureToplanyourExchangeclientaccessinfrastructure,youmustfirstidentifythetechnicalrequirementsforyourExchangemessagingsystem.
Afteryouunderstandyourtechnicalrequirements,youcanperformagapanalysisanddeterminewhatchangesmustbemadetoyourexistingenvironment,includingnetworkinfrastructure,hardware,andsoftwareupgrades.
Additionally,youmustunderstandthebasicconceptsbehindthefactorsthatyouneedtoconsiderwhenplanningyourExchangeinfrastructure.
Someofthesefactorsare:SecurityTopologicalboundariesandlimitationsCentralizedvs.
distributedmessagingsystemsRoutingdesignServerdesignandplacementServersizingandtuningUserrequirementsAllthesefactorshelpyoutodesigntheclientaccessinfrastructuretomeetyourmessagingrequirements.
Formoreinformationaboutdesigningandplanningyourmessagingsystem,seePlanninganExchangeServer2003MessagingSystem.
ConfiguringExchangeServer2003forClientAccessThissectionprovidesinformationaboutconfiguringtheExchangeServer2003featuresforclientaccess.
Beforeyoudeploytheclientaccessfeatures,taketimetoreviewtheaffectthatthesefeatureswillhaveonyourmessagingenvironment.
Additionally,deployingclientfeaturesforExchange2003involvesthefollowingactivities:SecuringyourExchangemessagingenvironmentDeployingyourserverarchitectureConfiguringtheExchangeserversforyoursupportedclientaccessmethodsSecuringYourExchangeMessagingEnvironmentFollowthesestepstosecureyourExchangemessagingenvironment:1.
Updateyourserversoftware.
2.
Securethemessagingenvironment.
3.
Securecommunications.
Tosecureyourmessagingsystem,completethesestepsintheordergiven.
UpdatingYourServerSoftwareAfteryouinstallExchangeServer2003,youshouldupdatetheserversoftwareonyourExchangeserversandanyotherserverthatExchangecommunicateswith,suchasglobalcatalogserversanddomaincontrollers.
Formoreinformationaboutupdatingyoursoftwarewiththelatestsecurityupdates,seetheMicrosoftExchangeServerSecurityCenterWebsite.
FormoreinformationaboutMicrosoftsecurity,seetheMicrosoftSecurityWebsite.
SecuringtheExchangeMessagingEnvironmentAnalternativebestpracticetoplacingyourfront-endExchange2003serversintheperimeternetworkistodeployMicrosoftInternetSecurityandAcceleration(ISA)Server2000.
ISAServeractsasadvancedfirewallsthatcontrolInternettrafficenteringyournetwork.
Whenyouusethisconfiguration,youputallyourExchange2003serversinyourcorporatenetworkanduseISAServerastheadvancedfirewallserverexposedtoInternettrafficinyourperimeternetwork.
Securingthemessagingenvironmentalsoinvolvesconfiguringthefront-endserversinamannerthatdisablesthefeaturesandsettingsforthefront-endserverthatarenotnecessaryinafront-endandback-endserverarchitecture.
Formoreinformationabouthowtoconfigureafront-endserverforthefront-endandback-endserverarchitecture,seeExchangeServer2003andExchange2000ServerFront-EndandBack-EndTopologies.
AllinboundInternettrafficboundtoyourExchangeservers(suchasOutlookWebAccess,RPCoverHTTPcommunicationfromMicrosoftOfficeOutlook2003clients,OutlookMobileAccess,PostOfficeProtocolversion3(POP3),InternetMessageAccessProtocolversion4rev1(IMAP4),andsoon)isprocessedbytheISAServer.
WhenISAServerreceivesarequestforanExchangeserver,ISAServerproxiestherequeststotheappropriateExchangeserversonyourinternalnetwork.
TheinternalExchangeserversreturntherequesteddatatotheISAServer,andthenISAServersendstheinformationtotheclientthroughtheInternet.
ThefollowingfigureshowsanexampleofarecommendedISAServerdeployment.
DeployingExchange2003behindISAServerSecuringCommunicationsTosecurecommunicationsforyourExchangemessagingenvironment,youneedtodothefollowingtasks:SecurethecommunicationsbetweentheclientmessagingapplicationsandtheExchangefront-endserver.
SecurethecommunicationsbetweentheExchangefront-endserverandtheinternalnetwork.
Thefollowingsectionsincludeinformationaboutsecuringcommunicationsforthesetwosituations.
SecuringCommunicationsBetweentheClientandExchangeFront-EndServerTosecuredatatransmittedbetweentheclientandthefront-endserver,itishighlyrecommendedthatyouenablethefront-endservertouseSecureSocketsLayer(SSL).
Additionally,toensurethatuserdataisalwayssecure,youshouldconfigurethefront-endservertorequireSSL(youcansetthisoptionintheSSLconfiguration).
Whenusingbasicauthentication,itiscriticaltoprotectthenetworktrafficbyusingSSLtoprotectuserpasswordsfromnetworkpacketsniffing.
Caution:IfyoudonotuseSSLbetweenclientsandthefront-endserver,HTTPdatatransmissiontoyourfront-endserverwillnotbesecure.
Itishighlyrecommendedthatyouconfigurethefront-endservertorequireSSL.
ItisrecommendedthatyouobtainanSSLcertificatebypurchasingacertificatefromathird-partycertificationauthority(CA).
Purchasingacertificatefromacertificationauthorityisthepreferredmethodbecausemostbrowserstrustmanyofthesecertificationauthorities.
Asanalternative,youcanuseCertificateServicestoinstallyourowncertificationauthorities.
Althoughinstallingyourowncertificationauthoritymaybelessexpensive,browserswillnottrustyourcertificate,anduserswillreceiveawarningmessageindicatingthatthecertificateisnottrusted.
FormoreinformationaboutSSL,seeMicrosoftKnowledgeBasearticle320291,"XCCC:TurningOnSSLforExchange2000ServerOutlookWebAccess.
"UsingSecureSocketsLayerToprotectoutboundandinboundmail,deploySSLtoencryptmessagingtraffic.
YoucanconfigureSSLsecurityfeaturesonanExchangeservertoverifytheintegrityofyourcontent,verifytheidentityofusers,andencryptnetworktransmissions.
Exchange,likeanyWebserver,requiresavalidservercertificatetoestablishSSLcommunications.
YoucanusetheWebServerCertificateWizardtoeithergenerateacertificaterequestfile(NewKeyRq.
txt,bydefault)thatyoucansendtoacertificationauthority,ortogeneratearequestforanonlinecertificationauthority,suchasMicrosoftCertificateServices.
IfyouarenotusingCertificateServicestoissueyourownservercertificates,athird-partycertificationauthoritymustapproveyourrequestandissueyourservercertificate.
Formoreinformationaboutservercertificates,see"ObtainingandInstallingServerCertificates"laterinthissection.
Dependingonthelevelofidentificationassuranceofferedbyyourservercertificate,youcanexpecttowaitseveraldaystoseveralmonthsforthecertificationauthoritytoapproveyourrequestandsendyouacertificatefile.
YoucanhaveonlyoneservercertificateforeachWebsite.
Afteryoureceiveaservercertificatefile,usetheWebServerCertificateWizardtoinstallit.
Theinstallationprocessattaches(orbinds)yourcertificatetoaWebsite.
Ifyourequire128-bitkeyencryption,yourusersmustuseWebbrowsersthatsupport128-bitencryption.
Formoreinformationaboutupgradingto128-bitencryptioncapability,seetheMicrosoftProductSupportServicesWebsite.
ForadetailedoverviewofthestepsrequiredtoconfigureSecureSocketsLayer,seeHowtoUseSSLtoSecuretheCommunicationsBetweentheClientMessagingApplicationsandtheExchangeFront-EndServer.
ConfiguringtheServertoUseSSLThefirststepinconfiguringSSListoconfiguretheWebsiteorfilethatyouwanttoprotecttorequireSSL.
YoudothisusingIISManager.
Fordetailedstepsforconfiguringthisinitialsetting,seeHowtoSetUpSSLonaServer.
ObtainingandInstallingServerCertificatesYoucanobtainservercertificatesfromanoutsideCA,oryoucanissueyourownservercertificatesbyusingMicrosoftCertificateServices.
Afteryouobtainaservercertificate,youcaninstallit.
WhenyouusetheWebServerCertificateWizardtoobtainandinstallaservercertificate,theprocessisreferredtoascreatingandassigningaservercertificate.
ThissectionexplainstheissuestoconsiderwhendecidingwhethertoobtainyourservercertificatesfromanoutsideCAortoissueyourownservercertificates.
Thissectionincludesthefollowinginformation:ObtainingservercertificatesfromaCAIssuingyourownservercertificatesInstallingservercertificatesBackingupservercertificatesObtainingServerCertificatesfromaCertificationAuthorityIfyouarereplacingyourcurrentservercertificate,IIScontinuestousethatcertificateuntilthenewrequesthasbeencompleted.
WhenyouareselectingaCA,considerthefollowingquestions:WilltheCAbeabletoissueacertificatethatiscompatiblewithallthebrowsersusedtoaccessmyserverIstheCAarecognizedandtrustedorganizationHowwilltheCAprovideverificationofmyidentityDoestheCAhaveasystemforreceivingonlinecertificaterequests,suchasrequestsgeneratedbytheWebServerCertificateWizardHowmuchwillthecertificatecostinitially,andhowmuchwillrenewalorotherservicescostIstheCAfamiliarwithmyorganizationormycompany'sbusinessinterestsNote:Somecertificationauthoritiesrequireyouthatyouproveyouridentitybeforetheywillprocessyourrequestorissueacertificate.
Fordetailedstepsforobtainingaservercertificatefromacertificationauthority,seeHowtoObtainaServerCertificatefromaCertificationAuthority.
IssuingYourOwnServerCertificatesWhendecidingwhethertoissueyourownservercertificates,considerthefollowing:UnderstandthatMicrosoftCertificateServicesaccommodatesdifferentcertificateformatsandprovidesforauditingandloggingofcertificate-relatedactivity.
Comparethecostofissuingyourowncertificatesagainstthecostofbuyingacertificatefromacertificationauthority.
Rememberthatyourorganizationwillrequireaninitialadjustmentperiodtolearn,implement,andintegrateCertificateServiceswithexistingsecuritysystemsandpolicies.
Assessthewillingnessofyourconnectingclientstotrustyourorganizationasacertificatesupplier.
UseCertificateServicestocreateacustomizableserviceforissuingandmanagingcertificates.
YoucancreateservercertificatesfortheInternetorforcorporateintranets,whichgivesyourorganizationcompletecontrolovercertificatemanagementpolicies.
FormoreinformationaboutusingCertificateServices,see"CertificateServices"inMicrosoftWindowsServer2003Help.
OnlinerequestsforservercertificatescanbemadeonlytolocalandremoteEnterpriseCertificateServicesandremotestand-aloneCertificateServices.
TheWebServerCertificateWizarddoesnotrecognizeastand-aloneinstallationofCertificateServicesonthesamecomputerwhenrequestingacertificate.
IfyouneedtouseWebServerCertificateWizardonthesamecomputerasastand-aloneCertificateServicesinstallation,usetheofflinecertificaterequesttosavetherequesttoafileandthenprocessitasanofflinerequest.
FormoreinformationaboutusingCertificateServices,see"CertificateServices"inMicrosoftWindowsServer2003Help.
Note:IfyouopenaServerGatedCryptography(SGC)certificate,youmayreceivethefollowingnoticeontheGeneraltab:Thecertificatehasfailedtoverifyforallitsintendedpurposes.
ThisnoticeisissuedbecauseofhowSGCcertificatesinteractwithWindowsanddoesnotnecessarilyindicatethatthecertificatedoesnotworkcorrectly.
InstallingServerCertificatesAfteryouobtainaservercertificatefromaCA,orafteryouissueyourownservercertificatebyusingCertificateServices,usetheWebServerCertificateWizardtoinstallit.
BackingupServerCertificatesYoucanusetheWebServerCertificateWizardtobackupservercertificates.
BecauseIISworkscloselywithWindows,youcanuseCertificateManager,whichiscalledCertificatesinMicrosoftManagementConsole(MMC),toexportandbackupyourservercertificates.
AfteryouinstallCertificateManager,youcanbackupyourcertificate.
FordetailedstepsforaddingCertificateManagertotheMMC,seeHowtoAddCertificateManagertoMicrosoftManagementConsole.
Fordetailedstepsforbackingupyourservercertificate,seeHowtoBackUpYourServerCertificate.
Afteryouconfigureyournetworktoissueservercertificates,youneedtosecureyourExchangefront-endserverandtheservicesforyourExchangeserverbyrequiringSSLcommunicationtotheExchangefront-endserver.
YoudothisbyenablingSSLforyourdefaultWebsite.
HowtoUseSSLtoSecuretheCommunicationsBetweentheClientMessagingApplicationsandtheExchangeFront-EndServerEncryptingmessagingtrafficcanhelpprotectoutgoingandincomingmail.
ThistopicexplainshowtodeploySecureSocketsLayer(SSL)toencryptmessagingtraffic.
YoucanconfigureSSLsecurityfeaturesonanExchangeservertoverifytheintegrityofyourcontent,verifytheidentityofusers,andencryptnetworktransmissions.
BeforeYouBeginBeforeyouperformtheproceduresinthistopic,itisimportantthatyoufirstread"UsingSecureSocketsLayer"inSecuringYourExchangeMessagingEnvironment.
ProcedureTouseSSLtosecurethecommunicationsbetweenclientmessagingapplicationsandtheExchangefront-endserver1.
SetupSSLonaserver.
Fordetailedsteps,seeHowtoSetUpSSLonaServer.
2.
Obtainandinstallservercertificates.
Youcanobtainaservercertificatefromacertificationauthorityorissueyourowncertificate.
Forinformationaboutobtainingandinstallingservercertificates,see"UsingSecureSocketsLayer"inSecuringYourExchangeMessagingEnvironment.
Fordetailedstepsforobtainingacertificatefromacertificateauthority,seeHowtoObtainaServerCertificatefromaCertificationAuthority.
3.
BackupyourcertificatesusingCertificateManager.
FordetailedstepsforaddingCertificateManagertoMMC,seeHowtoAddCertificateManagertoMicrosoftManagementConsole.
Fordetailedstepsforbackingupcertificates,seeHowtoBackUpYourServerCertificate.
4.
EnableSSLforthedefaultWebsite.
FordetailedstepsforenablingSSLforthedefaultWebsite,seeHowtoConfigureVirtualDirectoriestoUseSSL.
HowtoSetUpSSLonaServerThefirststepinconfiguringSSL,istoconfiguretheWebsiteorfilethatyouwanttoprotecttorequireSSL.
YoudothisusingIISManager.
BeforeYouBeginThisstepisjustonepartofconfiguringSSL.
ForanoverviewtotheproceduresyoumustfollowtoconfigureSSL,see"HowtoUseSSLtoSecuretheCommunicationsBetweentheClientMessagingApplicationsandtheExchangeFront-EndServer"intheExchangeServer2003ClientAccessGuide.
Beforeyouperformthisprocedure,youmustread"UsingSecureSocketsLayer"in"SecuringYourExchangeMessagingEnvironment"intheExchangeServer2003ClientAccessGuide.
Important:YoumustbeamemberoftheAdministratorsgrouponthelocalcomputertoperformthefollowingprocedure,oryoumusthavebeendelegatedtheappropriateauthority.
Asasecuritybestpractice,logontoyourcomputerusinganaccountthatisnotintheAdministratorsgroup,andthenusetheRunascommandtorunInternetInformationServices(IIS)Managerasanadministrator.
Atthecommandprompt,typethefollowingcommand:runas/user:administrative_accountname"mmc%systemroot%\system32\inetsrv\iis.
msc"ProcedureTosetupSSLonaserver1.
InIISManager,expandthelocalcomputer,andthenexpandtheWebSitesfolder.
Right-clicktheWebsiteorfilethatyouwanttoprotectwithSSL,andthenclickProperties.
2.
UnderWebsiteidentification,clickAdvanced.
3.
IntheAdvancedWebsiteidentificationbox,underMultipleidentitiesforthisWebsite,verifythattheWebsiteIPaddressisassignedtoport443(thedefaultportforsecurecommunications),andthenclickOK.
Optionally,toconfiguremoreSSLportsforthisWebsite,clickAddunderMultipleidentitiesofthisWebsite,andthenclickOK.
4.
OntheDirectorySecuritytab,underSecurecommunications,clickEdit.
5.
IntheSecureCommunicationsbox,selecttheRequiresecurechannel(SSL)checkbox.
HowtoObtainaServerCertificatefromaCertificationAuthorityYoucanobtainservercertificatesfromanoutsidecertificationauthority(CA),oryoucanissueyourownservercertificatesbyusingMicrosoftCertificateServices.
BeforeYouBeginObtainingaservercertificatefromacertificationauthorityisonestepintheprocessofconfiguringSSL.
ForanoverviewtotheproceduresyoumustfollowtoconfigureSSL,see"HowtoUseSSLtoSecuretheCommunicationsBetweentheClientMessagingApplicationsandtheExchangeFront-EndServer"intheExchangeServer2003ClientAccessGuide.
Forquestionsyoushouldconsiderwhenselectingacertificateauthority,see"ObtainingServerCertificatesfromaCertificationAuthority"in"SecuringYourExchangeMessagingEnvironment"intheExchangeServer2003ClientAccessGuide.
Note:Somecertificationauthoritiesrequirethatyouproveyouridentitybeforetheywillprocessyourrequestorissueacertificate.
ProcedureToobtainaservercertificatefromacertificationauthority1.
UsetheWebServerCertificateWizardtocreateacertificaterequest.
2.
IntheWebServerCertificateWizard,ontheDelayedorImmediateRequestpage,clickPreparetherequestnow,butsenditlater.
3.
UsetheWebServerCertificateWizardtosendtherequesttothecertificationauthority.
TheCAwillprocesstherequestandthensendyouthecertificate.
4.
FinishusingtheWebServerCertificateWizard.
HowtoAddCertificateManagertoMicrosoftManagementConsoleBeforeyoucanuseCertificateManager,youmustaddCertificateManagertoMicrosoftManagementConsole(MMC).
ProcedureToaddCertificateManagertoMicrosoftManagementConsole1.
ClickStart,andthenclickRun.
2.
IntheOpenbox,typemmc,andthenclickOK.
3.
IntheFilemenu,clickAdd/RemoveSnap-in.
4.
IntheAdd/RemoveSnap-inbox,clickAdd.
5.
IntheAvailableStandaloneSnap-inslist,clickCertificates,andthenclickAdd.
6.
ClickComputerAccount,andthenclickNext.
7.
ClicktheLocalcomputer(thecomputerthisconsoleisrunningon)option,andthenclickFinish.
8.
ClickClose,andthenclickOK.
HowtoBackUpYourServerCertificateTobackupyourservercertificates,youusetheExportfeatureofCertificateManager.
BeforeYouBeginBackingupaservercertificateisjustonestepinconfiguringSSL.
ForanoverviewoftheproceduresyoumustfollowtoconfigureSSL,see"HowtoUseSSLtoSecuretheCommunicationsBetweentheClientMessagingApplicationsandtheExchangeFront-EndServer"intheExchangeServer2003ClientAccessGuide.
Note:IfyoudonothaveCertificateManagerinstalledinMicrosoftManagementConsole(MMC),seeHowtoAddCertificateManagertoMicrosoftManagementConsole.
AfteryouinstallCertificateManager,youcanbackupyourservercertificate.
ProcedureTobackupyourservercertificate1.
Locatethecorrectcertificatestore.
ThisstoreistypicallytheLocalComputerstoreinCertificateManager.
Note:WhenyouhaveCertificateManagerinstalled,itpointstothecorrectLocalComputercertificatestore.
2.
InthePersonalstore,clickthecertificatethatyouwanttobackup.
3.
OntheActionmenu,pointtoAlltasks,andthenclickExport.
4.
IntheCertificateManagerExportWizard,clickYes,exporttheprivatekey.
5.
Followthewizarddefaultsettings,andenterapasswordforthecertificatebackupfilewhenprompted.
Note:DonotselectDeletetheprivatekeyifexportissuccessfulbecausethisoptiondisablesyourcurrentservercertificate.
6.
Completethewizardtoexportabackupcopyofyourservercertificate.
ForMoreInformationForconceptualinformationabouthowconfiguringSSL,see"UsingSecureSocketsLayer"in"SecuringYourExchangeMessagingEnvironment"intheExchangeServer2003ClientAccessGuide.
FordetailedstepsforaddingCertificateManagertoMMC,seeHowtoAddCertificateManagertoMicrosoftManagementConsole.
HowtoConfigureVirtualDirectoriestoUseSSLAfteryouobtainanSSLcertificatetouseeitherwithyourExchangefront-endserveronthedefaultWebsiteoronthesitewhereyouhostthe\RPC,\OMA,\Microsoft-Server-ActiveSync,\Exchange,\Exchweb,and\Publicvirtualdirectories,youcanconfigurethedefaultWebsitetorequireSecureSocketsLayer(SSL).
Note:The\Exchange,\Exchweb,\Public,\OMA,and\Microsoft-Server-ActiveSyncvirtualdirectoriesareinstalledbydefaultonanyExchange2003installation.
The\RPCvirtualdirectoryforRPCoverHTTPcommunicationisinstalledmanuallywhenyouconfigureExchangetosupportRPCoverHTTP.
FormoreinformationabouthowtosetupExchangetouseRPCoverHTTP,seeExchangeServer2003RPCoverHTTPDeploymentScenarios.
BeforeYouBeginConfiguringvirtualdirectoriestouseSSLisjustonestepinconfiguringSSL.
ForanoverviewoftheproceduresthatyoumustfollowtoconfigureSSL,see"HowtoUseSSLtoSecuretheCommunicationsBetweentheClientMessagingApplicationsandtheExchangeFront-EndServer"intheExchangeServer2003ClientAccessGuide.
Beforeyouperformthisprocedure,youmustread"UsingSecureSocketsLayer"in"SecuringYourExchangeMessagingEnvironment"intheExchangeServer2003ClientAccessGuide.
ProcedureToconfigurevirtualdirectoriestouseSSL1.
InInternetInformationServices(IIS),selecttheDefaultWebsiteortheWebsitewhereyouarehostingyourExchangeservices,andthenclickProperties.
2.
OntheDirectorySecuritytab,inSecureCommunications,clickEdit.
3.
InSecureCommunications,selectRequireSecureChannel(SSL).
4.
Afteryoucompletethisprocedure,allvirtualdirectoriesontheExchangefront-endserveronthedefaultWebsiteareconfiguredtouseSSL.
EnablingSSLfortheDefaultWebSiteAfteryouobtainanSSLcertificatetouseeitherwithyourExchangefront-endserveronthedefaultWebsiteoronthesitewhereyouhostthe\RPC,\OMA,\Microsoft-Server-ActiveSync,\Exchange,\Exchweb,and\Publicvirtualdirectories,youcanconfigurethedefaultWebsitetorequireSSL.
Note:The\Exchange,\Exchweb,\Public,\OMA,and\Microsoft-Server-ActiveSyncvirtualdirectoriesareinstalledbydefaultonanyExchange2003installation.
The\RPCvirtualdirectoryforRPCoverHTTPcommunicationisinstalledmanuallywhenyouconfigureExchangetosupportRPCoverHTTP.
FormoreinformationabouthowtosetupExchangetouseRPCoverHTTP,see"ConfiguringRPCoverHTTPforOutlook2003"inConfiguringOutlook2003Features.
FordetailedstepsforenablingSSLforthedefaultWebsite,seeHowtoConfigureVirtualDirectoriestoUseSSL.
SecuringCommunicationsBetweenExchangeFront-EndServerandOtherServersAfteryousecureyourcommunicationsbetweentheclientcomputersandtheExchangeservers,youmustsecurethecommunicationsbetweentheExchangeserverandotherserversinyourorganization.
HTTP,POP,andIMAPcommunicationsbetweenthefront-endserverandanyserverwithwhichthefront-endservercommunicates(suchasback-endservers,domaincontrollers,andglobalcatalogservers)isnotencrypted.
Whenthefront-endandback-endserversareinatrustedphysicalorswitchednetwork,thislackofencryptionisnotanissue.
However,iffront-endandback-endserversarekeptinseparatesubnets,networktrafficmaypassovernonsecureareasofthenetwork.
Thesecurityriskincreaseswhenthereisgreaterphysicaldistancebetweenthefront-endandback-endservers.
Inthiscase,itisrecommendedthatthistrafficbeencryptedtoprotectpasswordsanddata.
UsingIPSectoEncryptIPTrafficWindows2000supportsInternetProtocolsecurity(IPSec),whichisanInternetstandardthatallowsaservertoencryptanyIPtraffic,excepttrafficthatusesbroadcastormulticastIPaddresses.
Generally,youuseIPSectoencryptHTTPtraffic;however,youcanalsouseIPSectoencryptLightweightDirectoryAccessProtocol(LDAP),RPC,POP,andIMAPtraffic.
WithIPSecyoucan:ConfiguretwoserversrunningWindows2000torequiretrustednetworkaccess.
Transferdatathatisprotectedfrommodification(usingacryptographicchecksumoneverypacket).
EncryptanytrafficbetweenthetwoserversattheIPlayer.
Inafront-endandback-endtopology,youcanuseIPSectoencrypttrafficbetweenthefront-endandback-endserversthatwouldotherwisenotbeencrypted.
FormoreinformationaboutconfiguringIPSecwithfirewalls,seeMicrosoftKnowledgeBasearticle233256,"HowtoEnableIPSecTrafficThroughaFirewall.
"DeployingtheExchangeServerArchitectureAfteryousecureyourExchangemessagingenvironment,youcandeploytheExchangefront-endandback-endserverarchitecture.
FormoreinformationabouttheExchangefront-endandback-endserverarchitecture,seeFront-EndandBack-EndServerTopologyGuideforExchangeServer2003andExchange2000Server.
ToconfiguretheExchangefront-endandback-endserverarchitecture,youneedtoconfigureoneExchangeserverasafront-endserver.
Makesureyoureviewyourdeploymentoptionsbeforeyoucontinuewiththeinstallationprocess.
ThefollowingsectionshelpyoudecideifyouwanttodeployExchange2003inafront-endandback-endserverconfiguration.
Afront-endandback-endconfigurationisrecommendedformultiple-serverorganizationsthatuseOutlookWebAccess,POP,orIMAPandfororganizationsthatwanttoprovideHTTP,POP,orIMAPaccesstotheiremployees.
ConfiguringanExchangeFront-EndServerAfront-endserverisanordinaryExchangeserveruntilitisconfiguredasafront-endserver.
Afront-endservermustnothostanyusersorpublicfoldersandmustbeamemberofthesameExchange2003organizationastheback-endservers(therefore,amemberofthesameWindows2000ServerorWindowsServer2003forest).
ServersthatarerunningeitherExchangeServer2003EnterpriseEditionorExchangeServer2003StandardEditioncanbeconfiguredasfront-endservers.
Fordetailedstepsfordesignatingaservertobeafront-endserver,seeHowtoDesignateaFront-EndServer.
Formoreinformationaboutfront-endandback-endscenarios,configurations,andinstallation,seethefollowingguides:PlanninganExchangeServer2003MessagingSystemExchangeServer2003andExchange2000ServerFront-EndandBack-EndTopologiesHowtoDesignateaFront-EndServerAfront-endserverisanExchangeserverthatacceptsrequestsfromclientsandproxiesthemtotheappropriateback-endserverforprocessing.
BeforeYouBeginTosuccessfullycompletetheproceduresinthistopic,confirmthefollowing:Theserverthatyouwilldesignateasafront-endserverisamemberofthesameMicrosoftWindowsforestastheback-endservers.
Theserverthatyouwilldesignateasafront-endserverisamemberofthesameExchangeorganizationastheback-endservers.
ProcedureTodesignateafront-endserver1.
InstalltheserverthatwillberunningExchangeServerintheorganization.
Note:WithExchange2000Server,onlyEnterpriseEditionserverscanbeconfiguredasfront-endservers.
InExchangeServer2003,bothStandardEditionandEnterpriseEditioncanbeconfiguredasfront-endservers.
2.
UseExchangeSystemManagertogototheserverobject,right-clicktheserverobject,andthenclickProperties.
3.
SelectThisisafront-endserver,andthenclosethepage.
4.
Tobeginusingthefront-endserverdooneofthefollowing:Restartthecomputer.
StopandrestarttheHTTP,POP3,andIMAP4services.
5.
ThedefaultExchangevirtualdirectorieshavenowbeenconfiguredforyou.
However,itisrecommendedthatyoualsoconfigureSSL.
FordetailedinstructionsonhowtoconfigureSSLforPOP3,IMAP4,andSMTP,see"HowtoConfigureSSLforPOP3,IMAP4,andSMTP"intheExchangeServer2003andExchange2000ServerFront-EndandBack-EndServerTopologyGuide.
FordetailedinstructionsabouthowtoconfigureSSLforHTTP,seeHowtoConfigureSSLforHTTPintheExchangeServer2003andExchange2000ServerFront-EndandBack-EndServerTopologyGuide.
ForMoreInformationFormoreinformation,see:"ConfiguringExchangeFront-endServers"intheExchangeServer2003andExchange2000ServerFront-EndandBack-EndServerTopologyGuide"HowtoSetUpaFront-EndandBack-EndTopologywithaFront-EndServerBehindaFirewall"intheExchangeServer2003andExchange2000ServerFront-EndandBack-EndServerTopologyGuideExchangeServer2003ClientAccessGuideConfiguringExchangeforClientAccessConfiguringExchangeforclientaccessinvolvesconfiguringExchangetohandletheprotocolsandclientsthatyouwanttosupport.
ThefollowingsectiondescribeshowtoenabletheclientprotocolssupportedbyExchangeontheExchangeserver.
Thissectionincludesthefollowingsections:ConfiguringOutlook2003FeaturesConfiguringMobileDeviceSupportConfiguringOutlookWebAccessConfiguringPOP3andIMAP4VirtualServersConfiguringOutlook2003FeaturesOutlook2003enablesyoutousetheWindowsRPCoverHTTPfeaturetoprovideremoteaccesstoExchangeforyourusers.
CombinedwithCachedExchangeMode,whichenablesyouruserstouseacopyoftheirExchangemailboxontheirlocalcomputer,youruserswillbeabletoaccessExchangefromenvironmentsinwhichnetworkconnectivityisslow,inconsistent,ornon-existent.
ConfiguringRPCoverHTTPforOutlook2003DeployingRPCoverHTTPtosupportyourOutlook2003clientsforremoteaccesstoExchangerequiresthatyoucarefullyfollowthestepsnecessarytodeploythisfeature.
FormoreinformationabouthowtodeploythisfeatureandconfigureyouruserswithOutlook2003,seeExchangeServer2003RPCoverHTTPDeploymentScenarios.
ConfiguringMobileDeviceSupportPerformthefollowingactivitiestoconfiguremobiledevicesupportforExchange2003:Configuresynchronization.
ConfigureExchangeActiveSynctouseRSASecurID.
EnableOutlookMobileAccess.
ForanoverviewofmobiledevicessupportfeaturesforExchangeServer2003,seeMobileServicesforExchange.
ConfiguringSynchronizationWhenyouinstallExchange,synchronizationaccesstoExchangeisenabledbydefaultforallusersinyourorganization.
YoucandisablesynchronizationattheorganizationallevelusingExchangeSystemManager.
YoucanalsousetheActiveDirectoryUsersandComputerssnap-intoenableordisablesynchronizationaccessforauserorgroupsofusers.
ConfiguringExchangeActiveSynctoUseRSASecurIDAsanaddedlevelofsecurity,youcanuseMicrosoftWindowsMobiledeviceswithExchangeActiveSyncwithRSASecurIDtwo-factorauthentication.
Note:NoadditionaldeviceconfigurationisrequiredtosupportRSASecurID.
ThedevicepresentstheappropriateauthenticationautomaticallywhensynchronizingwithanExchangeActiveSyncserverprotectedbyRSASecurID.
ThestepstouseRSASecurIDwithExchangeActiveSyncincludethefollowing:1.
SetuptheRSASecurIDservercomponents.
2.
ConfigureIIStouseRSASecurID.
3.
Setupuseraccounts.
FordetailedstepsforconfiguringRSASecurIDwithExchangeActiveSync,seeHowtoUseRSASecurIDwithExchangeActiveSync.
ConfiguringDevicestoUseExchangeActiveSyncFeaturesAfteryouhaveconfiguredyourExchangeenvironmentforsynchronization,youmustalsoconfiguretheclientdevices.
Youmustindividuallyconfigureeachmobiledeviceinyourorganization.
Alternativelyyoucaninstructusershowtoconfiguretheirowndevices.
FordetailedstepsforconfiguringamobiledevicetouseExchangeActiveSync,seeHowtoConfigureaMobileDevicetoUseExchangeActiveSync.
FordetailedstepsforconfiguringamobiledevicetouseAUTD,seeHowtoSpecifyaMobileOperatorforUp-to-DateNotificationsonaDevice.
ConfiguringExchangeActiveSyncThefollowingtopicsexplainhowtoconfigureExchangeActiveSyncinyourorganization.
FordetailedinformationabouthowtoenableActiveSyncfeaturesattheorganizationallevel,seeHowtoEnableandDisableExchangeActiveSyncFeaturesattheOrganizationalLevel.
ForinformationabouthowtoenableExchangeActiveSyncforindividualusersorgroupsofusers,seeHowtoEnableandDisableExchangeActiveSyncFeaturesattheUserLevel.
AddingaRootCertificatetoaWindowsMobile-based5.
0DeviceMicrosoftWindowsMobile-based5.
0devicesusetheMicrosoftCryptoAPI(CAPI)certificatestoretosecurelystorerootcertificates.
ExchangeActiveSynccheckstherootcertificatestoreonthemobiledevicetoverifythatthecertificateontheserveritisconnectingtowasissuedbyatrustedauthority.
RootcertificatesthatareincludedwithaWindowsMobile5.
0devicerepresentthefollowingcertificateauthorities:VeriSignGTECyberTrustEquifaxEntrustGlobalSignThawteFortheproceduretoaddarootcertificatetoaWindowsMobile-based5.
0device,seetheInstallingaRootCertificateintheWindowsMobileVersion5.
0SDK.
ForinformationabouthowtoaddrootcertificatestotheWindowsMobile2003SmartphoneandtoWindowsMobile2002Smartphone,seetheMicrosoftKnowledgeBasearticle841060,"HowtoaddrootcertificatestoWindowsMobile2003SmartphoneandtoWindowsMobile2002Smartphone.
"HowtoUseRSASecurIDwithExchangeActiveSyncAsanaddedlevelofsecurity,youcanuseMicrosoftWindowsMobiledeviceswithExchangeActiveSyncwithRSASecurIDtwo-factorauthentication.
Note:NoadditionaldeviceconfigurationisrequiredtosupportRSASecurID.
ThedevicepresentstheappropriateauthenticationautomaticallywhensynchronizingwithanExchangeActiveSyncserverprotectedbyRSASecurID.
UsetheproceduresinthistopictouseRSASecurIDwithExchangeActiveSync.
ProcedureHowtouseRSASecurIDwithExchangeActiveSync1.
SetuptheRSASecurIDservercomponents.
ToconfiguretheRSASecurIDservercomponents,youneedto:SetuptheRSAACE/ServerTheRSAACE/ServeristheRSAserverthatstoresandmanagesauthenticationticketsandcredentialsforyourusers.
TosetuptheRSAACE/Server,followtheproceduresasoutlinedintheRSASecurIDdocumentationprovidedbyRSASecurityInc.
SetuptheRSAACE/Agentonthefront-endserverTheRSAACE/AgentistheInternetServerApplicationProgrammingInterface(ISAPI)filterthatperformsauthenticationandcommunicatestotheACE/ServertoretrieveSecurIDcredentials.
TosetuptheRSAACE/Agent,followtheproceduresasoutlinedintheRSAdocumentationprovidedbyRSASecurityInc.
2.
ConfigureInternetInformationServices(IIS)touseRSASecurID.
ToconfigureIIStouseRSASecureID,dothefollowing:a.
ProtecttheExchangeActiveSyncvirtualdirectories.
Youcanprotectthisvirtualdirectoryinoneofthefollowingtwoways:ProtecttheentireWebserver(recommended)Inthisoption,youprotectallvirtualrootsontheIISserverwithRSAACE/Agent,includinganyotherservicesimplementedbythefront-endserver.
Forexample,youmayhaveconfiguredyourfront-endExchangeserverasanaccesspointforOutlookMobileAccessorforOutlookWebAccess.
ForinformationabouthowtoverifythattheACE/AgentisconfiguredtoprotecttheentireWebserver,seeHowtoVerifyACE/AgentisConfiguredtoProtecttheEntireWebServer.
ProtectonlytheExchangeActiveSyncvirtualdirectoriesInthisoption,youconfiguretheRSAACE/AgentsothatSecurIDprotectsonlyExchangeActiveSync.
Usethisoptionifyouintendtoenableadditionalservices,suchasOutlookWebAccessandOutlookMobileAccess,onthesameserverwithoutprotectingthoseserviceswithSecurID.
FordetailedstepsforhowtolimitRSASecurIDauthenticationtoExchangeActiveSync,seeHowtoLimitSecurIDAuthenticationtotheMicrosoft-Exchange-ActiveSyncVirtualDirectory.
Note:Bydefault,theACE/AgentisconfiguredtoprotecttheentireWebserver.
3.
Setupuseraccounts.
UseraccountsforSecurIDshouldbesetupbytheadministratorasrecommendedbytheRSASecurIDproductdocumentation,withthefollowingrestriction:Important:Forallusers,SecurIDuserIDsmustbeselectedtomatchtheWindowsaccountname.
ExchangeActiveSyncwithSecurIDdoesnotfunctionforuserswhohaveadistinctRSAuserIDthatdoesnotmatchtheirWindowsaccountname.
ForMoreInformationForanoverviewofRSASecureID,see"ConfiguringExchangeActiveSynctoUseRSASecureID"inConfiguringMobileDeviceSupport.
HowtoVerifyACE/AgentisConfiguredtoProtecttheEntireWebServerWhendeployingRSASecureIDinyourorganization,youmustconfigureInternetInformationServices(IIS)toprotectthevirtualdirectoriesthatyourusersaccesswhentheyuseExchangeActiveSync.
MicrosoftExchangeServer2003usesthe\Microsoft-Server-ActiveSyncvirtualdirectory.
ThisprocedureshowsyouhowtoverifythattheACE/AgentisconfiguredtoprotecttheentireWebserver.
Bydefault,theACE/AgentisconfiguredtoprotecttheentireWebserver.
BeforeYouBeginThisprocedureisonlyoneofaseriesofstepsthatyoumustperformwhendeployingRSASecurIDtwo-factorauthentication.
Beforeperformingthestepsinthisprocedure,see"HowtoUseRSASecurIDwithExchangeActiveSync"intheExchangeServer2003ClientAccessGuide.
IfyoudonotwanttoprotecttheentireWebserverwithRSASecurID,youconfiguretheRSAACE/AgentsothatSecurIDprotectsonlyExchangeActiveSync.
Youmaywanttodothisifyouintendtoenableadditionalservices,suchasOutlookWebAccessandOutlookMobileAccess,onthesameserverwithoutprotectingthoseserviceswithSecurID.
FordetailedstepsforhowtolimitRSASecurIDauthenticationtoExchangeActiveSync,seeHowtoLimitSecurIDAuthenticationtotheMicrosoft-Exchange-ActiveSyncVirtualDirectory.
ProcedureToverifyACE/AgentisconfiguredtoprotecttheentireWebserver1.
IntheInternetInformationServicessnap-inforMMC,right-clickthedefaultWebserverandselectProperties.
2.
ClicktheRSASecurIDtab,andverifythattheProtectThisResourcecheckboxisselected.
ForMoreInformationForanoverviewofRSASecureID,see"ConfiguringExchangeActiveSynctoUseRSASecureID"in"ConfiguringMobileDeviceSupport"intheExchangeServer2003ClientAccessGuide.
HowtoLimitSecurIDAuthenticationtotheMicrosoft-Exchange-ActiveSyncVirtualDirectoryBydefault,theACE/AgentisconfiguredtoprotecttheentireWebserver.
WhendeployingRSASecurIDinyourorganization,youcanconfigurethefront-endserversothatRSASecurIDauthenticationislimitedtoExchangeActiveSync.
BeforeYouBeginThisprocedureisonlyoneofaseriesofstepsthatyoucanperformwhendeployingRSASecurIDtwo-factorauthentication.
Beforeperformingthestepsinthisprocedure,see"HowtoUseRSASecurIDwithExchangeActiveSync"intheExchangeServer2003ClientAccessGuide.
ProcedureTolimitSecurIDauthenticationtotheMicrosoft-Exchange-ActiveSyncvirtualdirectory1.
Todisableserver-wideprotection,intheInternetInformationServices(IIS)snap-in,right-clickthedefaultWebserver,andthenclickProperties.
2.
ClicktheRSASecurIDtab,andthencleartheProtectThisResourcecheckbox.
(ThisstepensuresthatRSASecurIDisnotenabledfortheentireserver,butratheronlyforthevirtualrootsthatyouspecify.
)3.
Toenableprotectionforthevirtualdirectories,intheIISsnap-in,right-clicktheMicrosoft-Server-ActiveSyncvirtualdirectory,andthenclickProperties.
4.
SelecttheRSASecurIDtab,andthenselecttheProtectThisResourcecheckbox.
Note:Ifthecheckboxisselectedandshaded,thismeansthatthevirtualdirectoryisinheritingitssettingfromtheparentdirectory.
Inspectthepropertiesfortheparentdirectory,andcleartheProtectThisResourcecheckboxifyoudonotwanttheparentdirectorytobeprotected.
Then,returntothechilddirectoryandmakesurethecheckboxisselected.
ForMoreInformationForanoverviewofRSASecureID,see"ConfiguringExchangeActiveSynctoUseRSASecureID"in"ConfiguringMobileDeviceSupport"intheExchangeServer2003ClientAccessGuide.
HowtoConfigureCustomHTTPResponsesforDevicesWhendeployingRSASecurIDinyourorganization,theActiveSyncclientontheMicrosoftWindowsMobiledevicemustbeabletodistinguishbetweenRSASecurIDauthenticationandExchangeActiveSyncresponses.
Toenablethiscapability,youmustconfigurecustomHTTPresponseheadersontheWebIDvirtualrootthatcontainstheHTMLformsconfiguredbyRSAACE/Agent.
BeforeYouBeginThisprocedureisonlyoneofaseriesofstepsthatyoumustperformwhendeployingRSASecurIDtwo-factorauthentication.
Beforeperformingthestepsinthisprocedure,read"HowtoUseRSASecurIDwithExchangeActiveSync"intheExchangeServer2003ClientAccessGuide.
ProcedureToconfigurecustomHTTPresponsesfordevices1.
IntheIISsnap-inforMMC,locatetheWebIDvirtualdirectoryonthefront-endserver.
ThisvirtualdirectoryiscreatedbySecurIDandcontainstheSecurIDauthenticationformsandresponses.
2.
Right-clicktheWebIDvirtualdirectory,andthenclickPropertiestoopenthepropertiesforthisvirtualdirectory.
3.
ClicktheHTTPHeaderstab,clicktheAddbutton,andthenenterthefollowingheaderinformation.
Note:Thefollowingvalueiscase-sensitiveandmustbeenteredononeline.
CustomHeaderName:MSAS-TwoFactorAuthCustomHeaderValue:TrueCustomHeaderName:MS-ASProtocolVersionsCustomHeaderValue:1.
0,2.
0CustomHeaderName:MS-ASProtocolCommandsCustomHeaderValue:Sync,SendMail,SmartForward,SmartReply,GetAttachment,GetHierarchy,CreateCollection,DeleteCollection,MoveCollection,FolderSync,FolderCreate,FolderDelete,FolderUpdate,MoveItems,GetItemEstimate,MeetingResponseHowtoConfigureaMobileDevicetoUseExchangeActiveSyncThefollowingprocedureexplainshowtoconfigureamobiledevicesuchasthePocketPCPhoneEditiontouseExchangeActiveSync.
Werecommendyouperformthisprocedureoneachmobiledeviceinyourorganization.
Asanalternative,youcaninstructyourusershowtoconfiguretheirowndevices.
ProcedureToconfigureamobiledevicetouseExchangeActiveSync1.
Onthemobiledevice,fromtheTodayscreen,tapStart,andthentapActiveSync.
2.
TapTools,tapOptions,andthentaptheServertab.
3.
Selectthecheckboxnexttoeachtypeofinformationthatyouwanttosynchronizewiththeserver.
4.
Toconfiguresynchronizationoptionsforeachtypeofinformation,selectthetypeofinformation,andthentapSettings.
5.
IntheServerNamefield,entertheaddressornameoftheservertoconnecttowhensynchronizingExchangedata.
6.
TapAdvanced.
7.
OntheConnectiontab,entertheusername,password,anddomainname.
8.
OntheRulestab,selecttherulethatbestappliestoyou,forhowyouwantsynchronizationtoworkwheneverinformationaboutyourdeviceandyourExchangeserverhavebothbeenchanged.
9.
TapOKtoacceptthechangesyoumadetoActiveSync.
10.
Repeatthisprocedureforeachofyourusers'PocketPCPhoneEditiondevices.
Asanalternative,instructyourusersabouthowtoconfiguretheirdevicesforusewithExchangeActiveSync.
ForMoreInformationToresolveExchangeActiveSyncandOutlookMobileAccesserrors,seetheMicrosoftKnowledgeBasearticle817379:ExchangeActiveSyncandOutlookMobileAccesserrorsoccurwhenSSLorforms-basedauthenticationisrequiredforExchangeServer2003.
TotroubleshootExchangeActiveSyncissues,seeMicrosoftsupportWebcast,TroubleshootingMicrosoftExchangeServer2003ActiveSyncissues(TechNetSupportWebCast).
TogetinformationonExchangeActiveSync4.
0errorcodes,seetheMicrosoftKnowledgeBasearticle915152:InformationaboutMicrosoftActiveSync4.
0errorcodes,errormessages,andhowtotroubleshoottheerrorcodes.
HowtoSpecifyaMobileOperatorforUp-to-DateNotificationsonaDeviceThistopicexplainshowtospecifyamobileoperatoronadevicethatwillbeusingMicrosoftExchangeActiveSyncup-to-datenotifications.
BeforeYouBeginTheprocedureinthistopicisdesignedtohelpyouunderstandhowtosetthemobileoperatoronadevice.
ProcedureTospecifyamobileoperatorforup-to-datenotificationsonadevice1.
InActiveSync,onamobiledevicethatispoweredbyMicrosoftWindows,tapTools,andthentapOptions.
2.
OntheServertab,tapOptions.
3.
OntheServerSynchronizationOptionsscreen,tapDeviceAddress.
4.
OntheDeviceAddressscreen,dooneofthefollowing:Ifyourusersareusingamobileoperatorthatyouspecify,selectCorporateServiceProvider,andthenentertheDevicePhoneNumberandServiceProviderNameinthefieldsthatareprovided.
5.
Ifyourusersareusingtheirownmobileoperators,selectDeviceSMSAddress,andthenenterthedeviceaddressinthefieldprovided.
ForMoreInformationForconceptualinformationaboutup-to-datenotifications,see"EnablingUp-to-DateNotificationsforYourOrganization"in"ManagingClientAccesstoExchangeServer2003"intheExchangeServer2003ClientAccessGuide.
HowtoEnableandDisableExchangeActiveSyncFeaturesattheOrganizationalLevelThefollowingproceduredescribeshowtoenableordisableuser-initiatedsynchronizationandup-to-datenotificationsforyourorganization.
ProcedureToenableanddisableExchangeActiveSyncfeaturesattheorganizationallevel1.
StartExchangeSystemManager.
2.
ExpandGlobalSettings,right-clickMobileServices,andthenclickProperties.
3.
OntheMobileServicesPropertiespage,underExchangeActiveSync,selectfromthefollowingcheckboxes:SelectEnableuserinitiatedsynchronizationtoallowuserstousePocketPC2002devicestosynchronizetheirExchangedata.
SelectEnableup-to-datenotificationstoenableuserstoreceivenotificationsthataresentfromtheExchangeservertodevicesthatallownotifications.
SelectEnablenotificationstouserspecifiedSMTPaddressestoenableuserstousetheirownSMTPcarrierfornotifications.
Note:Withthisfeatureenabled,whenanewmessagearrivesinauser'smailbox,up-to-datenotificationsallowsynchronizationtooccuronauser'sdevice.
Enablethisfeatureifyouhaveuserswhoareusingmobiledevicestosynchronize,andyoudonotwanttospecifythecarrier.
4.
ClickApply,andthenclickOK.
ForMoreInformationFordetailedstepsforenablingActiveSyncfeaturesattheuserlevelseeHowtoEnableandDisableExchangeActiveSyncFeaturesattheUserLevel.
FordetailedstepsforhowtoconfigureamobiledevicetouseExchangeActiveSync,seeHowtoConfigureaMobileDevicetoUseExchangeActiveSync.
HowtoEnableandDisableExchangeActiveSyncFeaturesattheUserLevelThefollowingproceduresdescribehowtoenableordisabletheExchangeActiveSyncapplicationforaspecificuserorgroupofusersinyourorganization.
BeforeYouBeginYoucanperformthesetasksusingActiveDirectoryUserandComputers,withorwithouttheExchangeTaskWizard.
TheadvantagetoperformingitwiththeExchangeTaskWizardisthatyoucanmodifythesettingsformultipleobjectsatonetime.
ProcedureToenableanddisableExchangeActiveSyncfeaturesattheuserlevel1.
OntheExchangeserverwiththeuser'smailbox,logonwiththeExchangeadministratoraccount,andthenstartActiveDirectoryUsersandComputers.
2.
Expandthedomain,andthenopenthelocationfortheusersthatyouwanttomanage.
3.
Right-clicktheuseroruserswhoseExchangeActiveSyncsettingsyouwanttomodify,andthenselectExchangeTasks.
4.
IntheExchangeTaskWizard,ontheAvailableTaskspage,selectConfigureExchangeFeatures,andthenclickNext.
5.
OntheConfigureExchangeFeaturespage,selectUserinitiatedsynchronization,andthenselectoneofthefollowing:TopermituserstouseExchangeActiveSynctosynchronizetheirExchangemailboxwiththeirmobiledevices,selectEnable.
TopreventusersfromusingExchangeActiveSync,selectDisable.
Topreventtheusers'settingsfrombeingmodifiedwhenyouhaveselectedmorethanoneuser,selectDonotmodify.
6.
ClickNexttoapplyyourchanges.
7.
ClickFinish.
Note:Toviewadetailedreportofthesettingsandthechangesyoumadetousers,selectViewdetailedreportwhenthiswizardcloses.
ForMoreInformationFordetailedstepsforenablingActiveSyncfeaturesattheorganizationallevel,seeHowtoEnableandDisableExchangeActiveSyncFeaturesattheOrganizationalLevel.
FordetailedstepsforhowtoconfigureamobiledevicetouseExchangeActiveSync,seeHowtoConfigureaMobileDevicetoUseExchangeActiveSync.
ForcompleteinformationaboutconfiguringtheExchangeActiveSyncup-to-datenotificationsfeatureinyourorganization,seeHowtoConfiguretheExchangeActiveSyncUp-to-DateNotificationsFeature.
ConfiguringOutlookWebAccessBydefault,OutlookWebAccessisenabledforallyourusersafteryouinstallExchange2003.
However,youcanenablethefollowingfeaturesforOutlookWebAccess:Setupalogonpage.
Configureauthentication.
Configuresecurityoptions.
ConfigureOutlookWebAccesscompression.
SimplifytheOutlookWebAccessURL.
SettingUpaLogonPageYoucanenableanewlogonpageforOutlookWebAccessthatstorestheuser'snameandpasswordinacookieinsteadofinthebrowser.
Whenauserclosesabrowser,thecookieiscleared.
Additionally,afteraperiodofinactivity,thecookieisclearedautomatically.
Thenewlogonpagerequirestheusertoenteradomain,username,andpassword,orafulluserprincipalname(UPN)e-mailaddressandpassword,toaccesse-mail.
Toenablethislogonpage,youmustfirstenableforms-basedauthenticationontheserver,andthensecurethelogonpagebysettingthecookietime-outperiodandadjustingclient-sidesecuritysettings.
EnablingForms-BasedAuthenticationToenabletheOutlookWebAccesslogonpage,youmustenableforms-basedauthenticationontheserver.
Fordetailedstepsaboutenablingforms-basedauthentication,seeHowtoEnableForms-BasedAuthentication.
SettingtheCookieAuthenticationTime-OutInExchange2003,OutlookWebAccessusercredentialsarestoredinacookie.
WhentheuserlogsoffOutlookWebAccess,thecookieisclearedanditisnolongervalidforauthentication.
Additionally,bydefault,ifyouruserisusingapubliccomputer,andselectsthePublicorsharedcomputeroptionontheOutlookWebAccesslogonscreen,thecookieonthiscomputerexpiresautomaticallyafter15minutesofuserinactivity.
Theautomatictime-outisvaluablebecauseithelpsprotectauser'saccountfromunauthorizedaccess.
However,althoughtheautomatictime-outgreatlyreducestheriskofunauthorizedaccess,itdoesnotcompletelyeliminatethepossibilitythatanunauthorizedusermightaccessanOutlookWebAccessaccountifasessionisleftrunningonapubliccomputer.
Therefore,makesurethatyoueducateusersaboutprecautionstotaketoavoidrisks.
Tomatchthesecurityrequirementsofyourorganization,anadministratorcanconfiguretheinactivitytime-outvaluesontheExchangefront-endserver.
Toconfigurethetime-outvalue,youmustmodifytheregistrysettingsontheserver.
Note:Incorrectlyeditingtheregistrycancauseseriousproblemsthatmayrequireyoutoreinstallyouroperatingsystem.
Problemsresultingfromeditingtheregistryincorrectlymaynotbeabletoberesolved.
Beforeeditingtheregistry,backupanyvaluabledata.
Fordetailedstepsabouthowtoconfigurethepubliccomputercookietimeoutvalue,seeHowtoSettheOutlookWebAccessForms-BasedAuthenticationPublicComputerCookieTime-OutValue.
Fordetailedstepsabouthowtoconfigurethetrustedcomputercookietimeoutvalue,seeHowtoSettheOutlookWebAccessForms-BasedAuthenticationTrustedComputerCookieTime-OutValue.
ConfiguringClientSecurityOptionsforUsersTheOutlookWebAccesslogonpageenablestheusertoselectthesecurityoptionthatbestfitstheirrequirements.
ThePublicorsharedcomputeroption(selectedbydefault)providesashortdefaulttime-outoptionof15minutes.
UsersshouldselectthePrivatecomputeroptiononlyiftheuseristhesoleoperatorofthecomputer,andthecomputeradherestothatuser'sorganizationalsecuritypolicies.
Whenselected,thePrivatecomputeroptionallowsforamuchlongerperiodofinactivitybeforeautomaticallyendingthesession—itsinternaldefaultvalueis24hours.
Essentially,thisoptionisintendedtobenefitOutlookWebAccessuserswhoareusingpersonalcomputersintheirofficeorhome.
Tomatchthesecurityrequirementsofyourorganization,anadministratorcanconfiguretheinactivitytime-outvalues.
Note:Thedefaultvalueforthepubliccomputercookietime-outisfifteenminutes.
Tochangethis,youmustmodifytheregistrysettingsontheserver.
Note:Incorrectlyeditingtheregistrycancauseseriousproblemsthatmayrequireyoutoreinstallyouroperatingsystem.
Problemsresultingfromeditingtheregistryincorrectlymaynotbeabletoberesolved.
Beforeeditingtheregistry,backupanyvaluabledata.
Fordetailedstepsabouthowtoconfigurethepubliccomputercookietimeoutvalue,seeHowtoSettheOutlookWebAccessForms-BasedAuthenticationPublicComputerCookieTime-OutValue.
Fordetailedstepsabouthowtoconfigurethetrustedcomputercookietimeoutvalue,seeHowtoSettheOutlookWebAccessForms-BasedAuthenticationTrustedComputerCookieTime-OutValue.
OutlookWebAccessCompressionOutlookWebAccesssupportsdatacompression,whichisoptimalforslownetworkconnections.
Dependingonthecompressionsettingyouuse,OutlookWebAccesscompressesstaticWebpages,dynamicWebpages,orboth.
ThefollowingtableliststhecompressionsettingsthatareavailableinExchangeServer2003forOutlookWebAccess.
CompressionsettingsforOutlookWebAccessCompressionsettingDescriptionHighCompressesbothstaticanddynamicpages.
LowCompressesonlystaticpages.
NoneNocompressionisused.
RequirementsforOutlookWebAccessCompressionTousedatacompressionforOutlookWebAccessinExchangeServer2003,verifythatyourorganizationmeetsthefollowingprerequisites:TheExchangeserverthatusersauthenticateagainstforOutlookWebAccessmustberunningWindowsServer2003.
Yourusers'mailboxesmustbeonExchange2003servers.
(IfyouhaveamixeddeploymentofExchangemailboxes,youcancreateaseparatevirtualserveronyourExchangeserverjustforExchange2003usersandenablecompressiononit.
)ClientcomputersmustberunningInternetExplorerversion6orlater.
TheclientcomputersmustalsoberunningMicrosoftWindowsXPorMicrosoftWindows2000ServerandhaveinstalledonthemthesecurityupdatethatisdiscussedinMicrosoftSecurityBulletinMS02-066,"CumulativePatchforInternetExplorer(Q328970).
"Note:Ifauserdoesnothaveasupportedbrowserforcompression,theclientcomputerstilloperatesnormally.
YoumayneedtoenableHTTP1.
1supportthroughproxyserversforsomedial-upconnections.
(HTTP1.
1supportisrequiredforcompressiontofunctioncorrectly.
)FordetailedstepsabouthowtoenableOutlookWebAccesscompression,seeHowtoEnableOutlookWebAccessDataCompression.
SimplifyingtheOutlookWebAccessURLTheHTTPvirtualserverthatiscreatedbyExchangeduringinstallationhasthefollowingURLsforuseraccess:http://server_name/publicThisURLprovidesaccesstopublicfolders.
http://server_name/exchange/mailbox_nameThisURLprovidesaccesstomailboxes.
However,usersfrequentlyrequestthataURLthatissimplerthanthedefaultURLbemadeavailableforaccessingtheirmailboxes.
CreatingthissimpleURLmakestheURLbotheasiertorememberandeasiertoenterinaWebbrowser.
Forexample,http://www.
contoso1.
comisaneasierURLforuserstorememberthanhttp://contosoexchange01/exchange.
ThefollowingprocedureprovidesamethodforsimplifyingtheURLthatisusedtoaccessOutlookWebAccess.
ThisprocedureconfiguresarequestsenttotherootdirectoryoftheWebserver(http://server_name/)toredirecttotheExchangevirtualdirectory.
Forexample,arequesttohttp://server_name/isdirectedtohttp://server_name/exchange/,whichthentriggersimplicitlogon.
FordetailedstepsabouthowtosimplifytheOutlookWebAccessURL,seeHowtoSimplifytheOutlookWebAccessURL.
HowtoEnableForms-BasedAuthenticationToenabletheOutlookWebAccesslogonpage,youmustenableforms-basedauthenticationontheserver.
BeforeYouBeginIfyouareusingforms-basedauthenticationwithSecureSocketsLayer(SSL)offloading,youmustconfigureyourExchangeServerfront-endserverstohandlethisscenario.
Fordetailedsteps,see"HowtoEnableForms-BasedAuthenticationWhenUsingSSLOffloading"intheExchangeServer2003andExchange2000ServerFront-EndandBack-EndServerTopologyGuide.
ProcedureToenableforms-basedauthentication1.
OntheExchangeserver,logonwiththeExchangeadministratoraccount,andthenstartExchangeSystemManager.
2.
Intheconsoletree,expandServers.
3.
Expandtheserverforwhichyouwanttoenableforms-basedauthentication,andthenexpandProtocols.
4.
ExpandHTTP,right-clickExchangeVirtualServer,andthenclickProperties.
5.
IntheExchangeVirtualServerPropertiesdialogbox,ontheSettingstab,intheOutlookWebAccesspane,selecttheEnableFormsBasedAuthenticationoption.
6.
ClickApply,andthenclickOK.
ForMoreInformationFormoreinformation,seethefollowingtopicsintheExchangeServer2003ClientAccessGuide:Fordetailedstepsabouthowtoconfigurethepubliccomputercookietime-outvalue,see"HowtoSettheOutlookWebAccessForms-BasedAuthenticationPublicComputerCookieTime-OutValue.
"Fordetailedstepsabouthowtoconfigurethetrustedcomputercookietime-outvalue,see"HowtoSettheOutlookWebAccessForms-BasedAuthenticationTrustedComputerCookieTime-OutValue.
"ForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:"ConfiguringOutlookWebAccess""ManagingOutlookWebAccess"HowtoSettheOutlookWebAccessForms-BasedAuthenticationPublicComputerCookieTime-OutValueInMicrosoftExchangeServer2003,OutlookWebAccessusercredentialsarestoredinacookie.
WhentheuserlogsoffOutlookWebAccess,thecookieisclearedanditisnolongervalidforauthentication.
Additionally,bydefault,ifyouruserisusingapubliccomputer,andselectsthePublicorsharedcomputeroptionontheOutlookWebAccesslogonscreen,thecookieonthiscomputerexpiresautomaticallyafter15minutesofuserinactivity.
Theautomatictime-outisvaluablebecauseithelpsprotectauser'saccountfromunauthorizedaccess.
Tomatchthesecurityrequirementsofyourorganization,anadministratorcanconfiguretheinactivitytime-outvaluesontheExchangefront-endserver.
Toconfigurethetime-outvalue,youmustmodifytheregistrysettingsontheserver.
BeforeYouBeginCaution:Althoughtheautomatictime-outgreatlyreducestheriskofunauthorizedaccess,itdoesnotcompletelyeliminatethepossibilitythatanunauthorizedusermightaccessanOutlookWebAccessaccountifasessionisleftrunningonapubliccomputer.
Therefore,makesurethatyoueducateusersaboutprecautionstotaketoavoidrisks.
ProcedureTosettheOutlookWebAccessforms-basedauthenticationpubliccomputercookietime-outvalue1.
OntheExchangefront-endserver,logonwiththeExchangeadministratoraccount,andthenstartRegistryEditor(regedit).
2.
InRegistryEditor,locatethefollowingregistrykey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb\OWA3.
OntheEditmenu,pointtoNew,andthenclickDWORDValue.
4.
Inthedetailspane,namethenewvaluePublicClientTimeout.
5.
Right-clickthePublicClientTimeoutDWORDvalue,andthenclickModify.
6.
InEditDWORDValue,underBase,clickDecimal.
7.
IntheValueDatabox,typeavalue(inminutes)between1and432,000.
8.
ClickOK.
ForMoreInformationFordetailedstepsabouthowtoconfigurethetrustedcomputercookietime-outvalue,seeHowtoSettheOutlookWebAccessForms-BasedAuthenticationTrustedComputerCookieTime-OutValue.
ForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessHowtoSettheOutlookWebAccessForms-BasedAuthenticationTrustedComputerCookieTime-OutValueInMicrosoftExchangeServer2003,OutlookWebAccessusercredentialsarestoredinacookie.
WhentheuserlogsoffOutlookWebAccess,thecookieisclearedanditisnolongervalidforauthentication.
UsersshouldselectthePrivatecomputeroptiononlyiftheuseristhesoleoperatorofthecomputer,andthecomputeradherestothatuser'sorganizationalsecuritypolicies.
Whenselected,thePrivatecomputeroptionallowsforamuchlongerperiodofinactivitybeforeautomaticallyendingthesession—itsinternaldefaultvalueis24hours.
ThisoptionisintendedtobenefitOutlookWebAccessuserswhoareusingpersonalcomputersintheirofficeorhome.
Tomatchthesecurityrequirementsofyourorganization,anadministratorcanconfiguretheinactivitytime-outvalues.
BeforeYouBeginCaution:Asindicatedearlier,usersshouldselectthePrivatecomputeroptiononlyiftheuseristhesoleoperatorofthecomputer,andthecomputeradherestothatuser'sorganizationalsecuritypolicies.
UsersshouldbeeducatedaboutprecautionstotaketoavoidriskswhentheyselectthePrivatecomputeroption.
Note:Incorrectlyeditingtheregistrycancauseseriousproblemsthatmayrequireyoutoreinstallyouroperatingsystem.
Problemsresultingfromeditingtheregistryincorrectlymaynotbeabletoberesolved.
Beforeeditingtheregistry,backupanyvaluabledata.
ProcedureTosettheOutlookWebAccessforms-basedauthenticationtrustedcomputercookietime-outvalue1.
StartRegistryEditor(regedit).
2.
Navigatetothefollowingregistrykey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb\OWA3.
OntheEditmenu,pointtoNew,andthenclickDWORDValue.
4.
Inthedetailspane,namethenewvalueTrustedClientTimeout.
5.
Right-clicktheTrustedClientTimeoutDwordvalue,andthenclickModify.
6.
InEditDWORDValue,underBase,clickDecimal.
7.
IntheValueDatabox,typeavalue(inminutes)between1and432,000.
8.
ClickOK.
ForMoreInformationFordetailedstepsforhowtoconfigurethepubliccomputercookietime-outvalue,seeHowtoSettheOutlookWebAccessForms-BasedAuthenticationPublicComputerCookieTime-OutValue.
ForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessHowtoEnableOutlookWebAccessDataCompressionOutlookWebAccesssupportsdatacompression,whichisoptimalforslownetworkconnections.
Dependingonthecompressionsettingyouuse,OutlookWebAccesscompressesstaticWebpages,dynamicWebpages,orboth.
ThefollowingtableliststhecompressionsettingsthatareavailableinMicrosoftExchangeServer2003forOutlookWebAccess.
CompressionsettingsforOutlookWebAccessCompressionsettingDescriptionHighCompressesbothstaticanddynamicpages.
LowCompressesonlystaticpages.
NoneNocompressionisused.
BeforeYouBeginTousedatacompressionforOutlookWebAccessinExchangeServer2003,verifythatyourorganizationmeetsthefollowingprerequisites:TheExchangeserverthatusersauthenticateagainstforOutlookWebAccessmustberunningMicrosoftWindowsServer2003.
Yourusers'mailboxesmustbeonExchange2003servers.
(IfyouhaveamixeddeploymentofExchangemailboxes,youcancreateaseparatevirtualserveronyourExchangeserverjustforExchange2003usersandenablecompressiononit.
)ClientcomputersmustberunningMicrosoftInternetExplorerversion6orlater.
TheclientcomputersmustalsoberunningMicrosoftWindowsXPorMicrosoftWindows2000ServerandhaveinstalledonthemthesecurityupdatethatisdiscussedinMicrosoftSecurityBulletinMS02-066,"CumulativePatchforInternetExplorer(Q328970).
"Note:Ifauserdoesnothaveasupportedbrowserforcompression,theclientcomputerstilloperatesnormally.
YoumayneedtoenableHTTP1.
1supportthroughproxyserversforsomedial-upconnections.
(HTTP1.
1supportisrequiredforcompressiontofunctioncorrectly.
)ProcedureToenableOutlookWebAccessdatacompression1.
StartExchangeSystemManager.
2.
Inthedetailspane,expandServers,expandtheserveryouwant,andthenexpandProtocols.
3.
ExpandHTTP,right-clickExchangeVirtualServer,andthenclickProperties.
4.
InExchangeVirtualServerProperties,ontheSettingstab,underOutlookWebAccess,usetheCompressionlisttoselectthecompressionlevelyouwant(None,Low,orHigh).
5.
ClickApply,andthenclickOK.
ForMoreInformationForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopicsintheExchangeServer2003ClientAccessGuide:ConfiguringOutlookWebAccessManagingOutlookWebAccessHowtoSimplifytheOutlookWebAccessURLUserscommonlyrequestthatasimplerURLforOutlookWebAccessbemadeavailableforaccessingtheirmailbox.
ThisprocedureconfiguresarequestsenttotherootoftheWebserver(http://server/)toredirecttotheExchangevirtualdirectory.
Forexample,arequesttohttps://mail/isdirectedtohttps://mail/exchange/,whichthentriggersimplicitlogon.
BeforeYouBeginBeforeyouperformtheproceduresinthistopic,itisimportantthatyoufirstread"HowaFront-EndandBack-EndTopologyWorks"intheExchangeServer2003andExchange2000ServerFront-EndandBack-EndServerTopologyGuide.
Tosuccessfullycompletetheproceduresinthistopic,confirmthefollowing:Thefront-endserverhasauthenticationenabled.
ProcedureTosimplifytheOutlookWebAccessURL1.
UsingtheInternetServicesManager,openthepropertiesfortheDefaultWebSite.
2.
ClicktheHomeDirectorytab,andthenselectAredirectiontoaURL.
3.
InRedirectto,type/,andthenclickAdirectorybelowURLentered.
Forexample,toredirecthttps://mail/requeststohttps://mail/exchange,inRedirectto,youwouldtype/exchange.
IfyouwantyouruserstouseSSLtoaccesstheirserver,youcanredirectclientrequeststohttps://mail/.
TorequireuserstouseSSL,InRedirectto,typehttps://mail/,andthenclickAdirectorybelowURLentered.
Thissettinghardcodesthenameoftheserver;thereforeifyouredirectclientrequeststohttps://mail,theclientmustbeabletoresolvethenamemail.
Note:UsersstillmustenterthefullURL,includingusername,toaccessothermailboxesorcontentinfoldersotherthantheinbox.
ForMoreInformationFormoreinformationaboutenablingauthenticationonthefront-endserver(alsoknownasimplicitlogon),see"HowaFront-EndandBack-EndTopologyWorks"intheExchangeServer2003andExchange2000ServerFront-EndandBack-EndServerTopologyGuide.
ConfiguringPOP3andIMAP4VirtualServersBydefault,thePOP3andIMAP4virtualserversaredisabledonanewinstallationofExchangeServer2003.
ToenablethePOP3andIMAP4virtualservers,youmustfirstusetheServicessnap-intoMMCandsettheservicestostartautomatically.
FordetailedstepsabouthowtoenablePOP3,orIMAP4usingtheServicessnap-in,seeHowtoEnableaPOP3,IMAP4,orNNTPVirtualServer.
Ifyousettheservicestostartautomaticallyandthenneedtostart,pause,orstoptheservices,useExchangeSystemManager.
Fordetailedsteps,seeHowtoStart,Pause,orStopaVirtualServer.
.
HowtoEnableaPOP3,IMAP4,orNNTPVirtualServerBydefault,thePOP3andIMAP4virtualserversaredisabledonanewinstallationofMicrosoftExchangeServer2003.
ToenablethePOP3andIMAP4virtualservers,youmustfirstusetheServicessnap-intoMicrosoftManagementConsole(MMC)andsettheservicestostartautomatically.
ProcedureToenableaPOP3,IMAP4,orNNTPvirtualserver1.
IntheServicessnap-in,intheconsoletree,clickServices(Local).
2.
Inthedetailspane,right-clickMicrosoftExchangePOP3orMicrosoftExchangeIMAP4,orNetworkNewsTransferProtocol(NNTP),andthenclickProperties.
3.
OntheGeneraltab,underStartuptype,selectAutomatic,andthenclickApply.
4.
UnderServicestatus,clickStart,andthenclickOK.
5.
RepeatthisprocedureonallnodesthatwillberunningthePOP3,IMAP4,orNNTPvirtualserver.
ForMoreInformationForinformationabouthowtostart,pause,orstopavirtualserver,seeHowtoStart,Pause,orStopaVirtualServer.
Forinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
HowtoStart,Pause,orStopaVirtualServerIfyousetservicestostartautomaticallyandthenmuststart,pause,orstoptheservices,useExchangeSystemManager.
ProcedureTostart,pause,orstopthevirtualserverInExchangeSystemManager,right-clicktheIMAP4,POP3,orNNTPvirtualserveryouwanttomanage,anddooneofthefollowing:Tostarttheservice,clickStart.
Tochangetheserverstatustopausedortorestartaserverthathaspreviouslybeenpaused,clickPause.
Note:Whenaserverispaused,aniconindicatingthattheserverispausedappearsnexttotheservernameintheconsoletree.
Tochangetheserverstatustostopped,clickStop.
Note:Whenaserverisstopped,aniconindicatingthattheserverisstoppedappearsnexttotheservernameintheconsoletree.
ForMoreInformationFormoreinformation,seethefollowingtopicsintheExchangeServer2003ClientAccessGuide:ForinformationabouthowtoenablePOP3,IMAP4,andNNTPvirtualservers,seeHowtoEnableaPOP3,IMAP4,orNNTPVirtualServer.
Forinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
ConfiguringOutlookMobileAccessBydefault,allusersareenabledforExchangeActiveSyncandOutlookMobileAccess.
However,onlyExchangeActiveSyncisenabledontheExchangeserver;bydefault,OutlookMobileAccessisdisabled.
ThissectiondescribeshowtoenableOutlookMobileAccessonyourExchangeserver.
FollowthesestepstoenableyourExchange2003userstouseOutlookMobileAccess.
1.
ConfigureyourExchange2003front-endserverforOutlookMobileAccess.
2.
EnableOutlookMobileAccessontheExchangeserver.
3.
Configureuserdevicestouseamobileconnection.
4.
InstructyourusersabouthowtouseOutlookMobileAccess.
ConfiguringYourExchange2003Front-EndServerforOutlookMobileAccessBydefault,theOutlookMobileAccessvirtualdirectory(whichallowsyouruserstoaccessExchangefromamobiledevice)isinstalledwithExchange2003.
ThisvirtualdirectoryhasthesameconfigurationsettingsastheOutlookWebAccessvirtualdirectory.
WhenyouconfigureaservertouseOutlookMobileAccess,youshouldconfiguretheserverinthesamewayyouconfigureaserverforOutlookWebAccess.
FormoreinformationabouthowtoconfigureyourExchange2003serverstouseOutlookWebAccess,seeExchangeServer2003andExchange2000ServerFront-EndandBack-EndTopologies.
EnablingOutlookMobileAccessontheExchangeServerAfteryouconfigureyourfront-endservertouseOutlookMobileAccess,youneedtoenableOutlookMobileAccessonyourExchangeservers.
AfteryouenableOutlookMobileAccess,youcanmodifytheOutlookMobileAccesssettingsforusersorgroupsofusersbyusingtheActiveDirectoryUsersandComputerssnap-in.
FordetailedinformationaboutenablingOutlookMobileAccessattheorganizationallevel,seeHowtoEnableorDisableOutlookMobileAccessattheOrganizationalLevel.
FordetailedstepsforenablingOutlookMobileAccessattheuserlevel,seeHowtoEnableorDisableOutlookMobileAccessattheUserLevel.
InstructingUserstoUseaMobileConnectiontoOutlookUsingOutlookMobileAccessToaccessExchange2003usingOutlookMobileAccess,usersmusthaveamobiledevicefromamobileoperatorwhohasanestablisheddatanetworkformobiledata.
However,beforeyourusersconnecttoExchange2003anduseOutlookMobileAccess,theyneedtoknowhowtoaccesstheirExchangeserveranduseOutlookMobileAccess.
Youmustthereforeinstructthemabouthowtoconfiguretheirdevicestouseamobilenetwork,orprovidethemwithresourcesthatexplainhowtodoso.
FordetailedstepsabouthowtoconfigureaPocketPCPhoneEditiondevicetouseOutlookMobileAccess,seeHowtoAccessExchangeDataUsingOutlookMobileAccess.
HowtoEnableorDisableOutlookMobileAccessattheOrganizationalLevelBydefault,OutlookMobileAccessisdisabledwhenyouinstallMicrosoftExchangeServer2003.
ForuserstouseOutlookMobileAccess,youmustfirstenableit.
YouenableOutlookMobileAccessattheorganizationallevelusingExchangeSystemManager.
ProcedureToenableordisableOutlookMobileAccessattheorganizationallevel1.
OntheExchangeserverwheretheuser'smailboxislocated,logonasanExchangeadministratorandstartExchangeSystemManager.
2.
ExpandGlobalSettings,right-clickMobileServices,andthenclickProperties.
3.
OntheMobileServicespropertiespage,inOutlookMobileAccess,selectEnableOutlookMobileAccess.
4.
Toenableuserstouseunsupporteddevices,selecttheEnableunsupporteddevicescheckbox.
Note:FormoreinformationaboutsupporteddevicesforExchangeandplanningformobiledevicesupportwithExchange,seethesection"MobileDeviceSupportforExchangeServer2003"inPlanninganExchangeServer2003MessagingSystem.
5.
ClickOK.
ForMoreInformationFordetailedstepsforconfiguringOutlookMobileAccessforaspecificuserorgroupofusers,seeHowtoEnableorDisableOutlookMobileAccessattheUserLevel.
ForanoverviewofhowtodeployOutlookMobileAccessinyourorganization,see"ConfiguringOutlookMobileAccess"intheExchangeServer2003ClientAccessGuide.
HowtoEnableorDisableOutlookMobileAccessattheUserLevelBydefault,OutlookMobileAccessisdisabledwhenyouinstallMicrosoftExchangeServer2003.
ForuserstouseOutlookMobileAccess,youmustfirstenableit.
YouenableOutlookMobileAccessforspecificusersorgroupsofuserswithActiveDirectoryUsersandComputers.
BeforeYouBeginYoucanperformthistaskusingActiveDirectoryUsersandComputers,withorwithouttheExchangeTaskWizard.
TheadvantagetodoingitwiththeExchangeTaskWizardisthatyoucanmodifythesettingsformultipleobjectsatonetime.
ProcedureToenableordisableOutlookMobileAccessattheuserlevel1.
LogontotheExchangeserverasanExchangeadministratorwiththeuser'smailbox,andthenstartActiveDirectoryUsersandComputers.
2.
Expandthedomain,andthenopenthelocationfortheuserswhosesettingsthatyouwanttomodify.
3.
Right-clicktheuseroruserswhoseOutlookMobileAccesssettingsyouwanttomodify,andthenselectExchangeTasks.
4.
IntheExchangeTaskWizard,ontheAvailableTaskspage,selectConfigureExchangeFeatures,andthenclickNext.
5.
OntheConfigureExchangeFeaturespage,selectOutlookMobileAccess,andthenselectoneofthefollowing:ToallowuserstouseOutlookMobileAccess,selectEnable.
TopreventusersfromusingOutlookMobileAccess,selectDisable.
Topreventtheusers'settingsfrombeingmodifiedwhenyouhaveselectedmorethanoneuser,selectDonotModify.
6.
ClickNexttoapplyyourchanges.
7.
ClickFinish.
ForMoreInformationFordetailedstepsforconfiguringOutlookMobileAccessattheorganizationallevel,seeHowtoEnableorDisableOutlookMobileAccessattheOrganizationalLevel.
ForanoverviewofhowtodeployOutlookMobileAccessinyourorganization,see"ConfiguringOutlookMobileAccess"intheExchangeServer2003ClientAccessGuide.
HowtoAccessExchangeDataUsingOutlookMobileAccessAfteryouconfigureMicrosoftExchangeServer2003forOutlookMobileAccess,andyourusershavemobiledevicesthatcanuseamobilenetworktoaccessExchange2003servers,theymustknowhowtoaccesstheirExchangeserveranduseOutlookMobileAccess.
ThefollowingproceduredescribeshowtouseOutlookMobileAccessonaPocketPCPhoneEditiondevice.
ProcedureToaccessExchangedatausingOutlookMobileAccess1.
Onthedevice,fromtheTodayscreen,tapStart,andthentapInternetExplorer.
2.
OntheInternetExplorerscreen,tapView,andthentapAddressBartoopentheaddressbarinyourbrowserwindow.
3.
Tapanywhereinsidetheaddressbar,enterthefollowingURL,andthentaptheGobutton:https://ExchangeServerName/oma,whereExchangeServerNameisthenameofyourExchangeserverrunningOutlookMobileAccess.
Note:Ifaconnectionbubbledoesnotappear,youmayhavetoconnecttoyournetworkmanually.
4.
AttheNetworkLogOnscreen,entertheusername,password,anddomaininthespacesprovided,andthentapOK.
5.
Repeatthisprocedureforeachofyourusers'PocketPCPhoneEditiondevices.
Asanalternative,instructyourusersabouthowtoconfiguretheirdevicesforusewithExchangeActiveSync.
ForMoreInformationForanoverviewofhowtodeployOutlookMobileAccessinyourorganization,see"ConfiguringOutlookMobileAccess"intheExchangeServer2003ClientAccessGuide.
ManagingClientAccesstoExchangeServer2003Thissectiondescribeshowtomanagetheclientaccesssettingsfortheprotocolsandclientsthatyousupport.
Thissectionalsoreviewsbasicclientaccessconcepts,andhowyoumanagetheprotocolsthatareusedbytheindividualclientsthataccessMicrosoftExchangeServer2003andthefront-endandback-endserverarchitecture.
Note:TocorrectlymanageclientaccesstoExchange2003,youmustfirstunderstandhowMicrosoftWindowstechnologies,suchasInternetInformationServices(IIS)andMicrosoftActiveDirectorydirectoryservice,interactwithExchange.
YoumustalsounderstandprotocolssuchasHTTPandMAPI,andhowclientapplicationssuchasExchangeActiveSyncandMicrosoftOfficeOutlook2003usetheserespectiveprotocolstointeractwithExchange.
ManagingProtocolsInyourExchangemessagingdeploymentconfiguration,youuseExchangeSystemManagertomanagetheprotocolsthatyousupport.
WhenyouuseExchangeSystemManagertomanageprotocols,youhandlesettingsontheindividualvirtualserversfortheprotocolthatistobeconfigured.
Thevirtualserversthatareassociatedwiththevariousprotocols,suchastheExchangeVirtualServerandtheInternetMessageAccessProtocolversion4rev1(IMAP4)virtualserver,containsettingsbasedonthecapabilitiesanduseofthespecificprotocol.
Forexample,theExchangeVirtualServer,whichmanagesHTTPaccesstoExchange,providessettingsforMicrosoftOfficeOutlook2003WebAccess,suchasgzipcompressionsupport.
Generally,managingthevirtualserverforoneprotocolisthesameasmanagingavirtualserverforadifferentprotocol.
Thecommonmanagementtasksincludeenablingavirtualserver,assigningports,settingconnectionlimits,startingorstoppingavirtualserver,anddisconnectingusers.
However,therearesomeserver-specificmanagementtasks.
Thefollowingsectionsdescribethecommontasksforallvirtualserversassociatedwithprotocolsandtheserver-specifictasksfortheExchangeVirtualServer,IMAP4virtualserver,andtheNetworkNewsTransferProtocol(NNTP)virtualserver.
Note:TomanageindividualExchangeclientaccesssettings,useActiveDirectoryUsersandComputers.
EnablingaVirtualServerWhenyouinstallExchange,theservicesthatarenecessarytosupportclientssuchasOutlook2003,OutlookWebAccess,andExchangeActiveSyncareenabledbydefault.
Forexample,ExchangeenablestheSMTPservicebecauseitistheunderlyingprotocolusedtoroutemessagesinternallywithinanExchangeorganizationandexternallytomessagingsystemsoutsideanExchangeorganization.
Similarly,ExchangeenablesHTTPbecauseitistheunderlyingprotocolforallInternetcommunication.
Note:AlthoughOutlookMobileAccessusestheHTTPprotocol,OutlookMobileAccessisdisabledbydefaultandmustbeenabledbyusingExchangeSystemManager.
However,Exchangeinstalls,butdoesnotenableservicesforPostOfficeProtocolversion3(POP3),IMAP4,andNNTP.
IfyourclientaccessmodelreliesoncommunicationsthatusePOP3,IMAP4,orNTTP,youmustmanuallyenablethem.
ToenableeitherthePOP3orIMAP4service,youusetheServicessnap-intosettheservicetostartautomatically.
Then,youstarttheservicebyusingExchangeSystemManager.
ToenableNNTP,usetheServicessnap-intosettheNNTPservicetostartautomatically,andthenuseExchangeSystemManagertostarttheservice.
FordetailedstepsonhowtoconfigurethePOP3,IMAP4,orNNTPservicestostartautomatically,seeHowtoEnableaPOP3,IMAP4,orNNTPVirtualServer.
Fordetailedstepsonhowtostart,pause,orstopaPOP3,IMAP4,orNNTPvirtualserver,seeHowtoStart,Pause,orStopaVirtualServer.
AssigningPortsandanIPAddresstoaVirtualServerWhenyoucreateavirtualserverforaprotocol,youhavetheoptionofusingthedefaultportassignmentsandInternetProtocol(IP)addressfortheserver.
Thefollowingtableshowsthedefaultportassignmentsassociatedwiththeprotocols.
ThedefaultIPaddressis(AllUnassigned),whichmeansthataspecificIPaddresshasnotbeenassignedandthevirtualserverwillusetheIPaddressoftheExchangeserverthatiscurrentlyhostingthevirtualserver.
Thesedefaultvaluesprovideavirtualserverwithautomaticdiscovery—theservercanimmediatelyreceiveincomingconnectionsbyusingthedefaultIPaddressandports.
DefaultportassignmentsProtocolsTCPportSecureSocketsLayer(SSL)portSMTP25NotavailableIMAP4143993POP3110995NNTP119563Important:Ifyoudonotusetherecommendedportassignments,someclientsmaybenotabletoconnect.
Youmayalsohavetoreconfigureyourclientsoftwaremanuallytoconnecttothenewportassignments.
Note:TofullyenableSSLonthePOP3virtualserver,youmustrequestandinstallacertificate.
YoumustdothisevenifyouleavethedefaultSSLportsetat995onthePOP3virtualserver.
Formoreinformationaboutinstallingcertificates,see"UsingSecureSocketsLayer"inSecuringYourExchangeMessagingEnvironment.
Althoughitishighlyrecommendedthatyouusethedefaultportassignments,youdonothavetousethedefaultIPaddress.
YoucanusetheIPaddressfromanyavailablenetworkcardastheIPaddressforthevirtualserver.
Ifyouplantocreatemultiplevirtualservers,eachvirtualservermusthaveauniquecombinationofportsandIPaddress.
Becausetheportsettingsarestandardandshouldnotbechanged,youwillneedtoprovideeachvirtualserverwithauniqueIPaddress.
BesidescreatingauniquecombinationofportsandIPaddressforeachvirtualserver,youcanalsoconfiguremultipleidentitiesforyourvirtualserver.
Multipleidentitiesenableyoutoassociatemultiplehostordomainnameswithasinglevirtualserver.
FordetailedstepsforassignauniqueIPaddresstoavirtualserverortoassignmultipleidentitiestoavirtualserver,seeHowtoAssignPortsandIPAddressestoVirtualServers.
SettingConnectionLimitsAvirtualservercanacceptanunlimitednumberofinboundconnectionsandislimitedonlybytheresourcesofthecomputerwherethevirtualserverisrunning.
Topreventacomputerfrombecomingoverloaded,youcanlimitthenumberofconnectionsthatcanbemadetothevirtualserveratthesametime.
Bydefault,Exchangedoesnotlimitthenumberofincomingconnections.
Afterusersareconnected,youcanalsolimitthelengthoftimethatidleconnectionsremainloggedontotheserver.
Bydefault,Exchangedisconnectsidlesessionsafter10minutes.
IntopologiesthatcontainExchangefront-endandback-endservers,theconnectiontime-outsettingvariesbasedonserverrole.
Onback-endservers,theconnectiontime-outsettinglimitsthelengthoftimeclientscanbeconnectedtotheserverwithoutperforminganyactivity.
However,onfront-endservers,theconnectiontime-outsettinglimitsthetotallengthoftheclientsession,regardlessofclientactivity.
Therefore,infront-endandback-endserverenvironments,youshouldconfigurethetime-outvalueonyourfront-endservershighenoughsothatuserscandownloadthemaximummessagesizethatispermittedovertheslowestconnectionspeedthatyouwanttosupport.
Settingthisvaluehighenoughensuresthatclientsarenotdisconnectedwhiletheyaredownloadingmessages.
FormoreinformationaboutconfiguringyourExchangefront-endandback-endserverarchitecture,seetheExchangeServer2003DeploymentGuide.
Note:Settingtheconnectiontime-outsettingtoolowcancauseclientstobeunexpectedlydisconnectedfromtheserverandpossiblyreceiveerrormessages.
Thirtyminutesisthelowestrecommendedconnectiontime-outsetting.
Fordetailedstepsabouthowtoconfigureconnectionlimits,seeHowtoSetConnectionLimits.
Starting,Pausing,orStoppingaVirtualServerManagingvirtualserversfrequentlyrequiresyoutostart,pause,orstopExchangeservices.
YoumanageExchangeservicesthroughtheComputerManagementconsoleandExchangeSystemManager.
Fordetailedstepsonhowtostart,pause,orstopaPOP3,IMAP4,orNNTPvirtualserver,seeHowtoStart,Pause,orStopaVirtualServer.
DisconnectingUsersYoucanimmediatelydisconnectasingleuserorallusersiftheyareaccessingthevirtualserverwithoutpermission.
Fordetailedstepsonhowtodisconnectusers,seeHowtoDisconnectUsersfromaVirtualServer.
HowtoAssignPortsandIPAddressestoVirtualServersWhenyoucreateavirtualserverforaprotocol,youhavetheoptionofusingthedefaultportassignmentsandInternetProtocol(IP)addressfortheserver.
Thefollowingtableshowsthedefaultportassignmentsassociatedwiththeprotocols.
ThedefaultIPaddressis(AllUnassigned),whichmeansthataspecificIPaddresshasnotbeenassignedandthevirtualserverwillusetheIPaddressoftheMicrosoftExchange2003serverthatiscurrentlyhostingthevirtualserver.
Thesedefaultvaluesprovideavirtualserverwithautomaticdiscovery—theservercanimmediatelyreceiveincomingconnectionsbyusingthedefaultIPaddressandports.
DefaultportassignmentsProtocolsTCPportSecureSocketsLayer(SSL)portSMTP25NotavailableIMAP4143993POP3110995NNTP119563BeforeYouBeginAlthoughitishighlyrecommendedthatyouusethedefaultportassignments,youdonothavetousethedefaultIPaddress.
YoucanusetheIPaddressfromanyavailablenetworkcardastheIPaddressforthevirtualserver.
Ifyouplantocreatemultiplevirtualservers,eachvirtualservermusthaveauniquecombinationofportsandIPaddress.
Becausetheportsettingsarestandardandshouldnotbechanged,youwillneedtoprovideeachvirtualserverwithauniqueIPaddress.
BesidescreatingauniquecombinationofportsandIPaddressforeachvirtualserver,youcanalsoconfiguremultipleidentitiesforyourvirtualserver.
Multipleidentitiesenableyoutoassociatemultiplehostordomainnameswithasinglevirtualserver.
Important:Ifyoudonotusetherecommendedportassignments,someclientsmaybenotabletoconnect.
Youmayalsohavetoreconfigureyourclientsoftwaremanuallytoconnecttothenewportassignments.
Note:TofullyenableSSLonthePOP3virtualserver,youmustrequestandinstallacertificate.
YoumustdothisevenifyouleavethedefaultSSLportsetat995onthePOP3virtualserver.
Formoreinformationaboutinstallingcertificates,see"UsingSecureSocketsLayer"inSecuringYourExchangeMessagingEnvironment.
ProcedureToassignportsandIPaddressestovirtualservers1.
LogontheExchangeserverwherethevirtualserverisrunningusingtheExchangeadministratoraccountthathaslocalAdministratorpermissionsandExchangeFullAdministratorpermissions.
2.
InExchangeSystemManager,expandProtocols,right-clicktheprotocolthatistobeassignedanewIPaddressortowhichyouwanttoaddanewidentity,andthenclickProperties.
3.
OntheGeneraltab,clickAdvanced.
4.
IntheAdvanceddialogbox,clickEdittochangetheIPaddresstoauniquevalue,orclickAddtoaddanewidentity(thatis,anewIPaddressandportcombination).
ForMoreInformationForinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
HowtoSetConnectionLimitsAvirtualservercanacceptanunlimitednumberofinboundconnectionsandislimitedonlybytheresourcesofthecomputerwherethevirtualserverisrunning.
Topreventacomputerfrombecomingoverloaded,youcanlimitthenumberofconnectionsthatcanbemadetothevirtualserveratthesametime.
Bydefault,MicrosoftExchangedoesnotlimitthenumberofincomingconnections.
Afterusersareconnected,youcanalsolimitthelengthoftimethatidleconnectionsremainloggedontotheserver.
Bydefault,Exchangedisconnectsidlesessionsafter10minutes.
BeforeYouBeginIntopologiesthatcontainExchangefront-endandback-endservers,theconnectiontime-outsettingvariesbasedonserverrole.
Onback-endservers,theconnectiontime-outsettinglimitsthelengthoftimeclientscanbeconnectedtotheserverwithoutperforminganyactivity.
However,onfront-endservers,theconnectiontime-outsettinglimitsthetotallengthoftheclientsession,regardlessofclientactivity.
Therefore,infront-endandback-endserverenvironments,youshouldconfigurethetime-outvalueonyourfront-endservershighenoughsothatuserscandownloadthemaximummessagesizethatispermittedovertheslowestconnectionspeedthatyouwanttosupport.
Settingthisvaluehighenoughensuresthatclientsarenotdisconnectedwhiletheyaredownloadingmessages.
Note:Settingtheconnectiontime-outsettingtoolowcancauseclientstobeunexpectedlydisconnectedfromtheserverandpossiblyreceiveerrormessages.
Thirtyminutesisthelowestrecommendedconnectiontime-outsetting.
ProcedureTosetconnectionlimits1.
LogontotheExchangeserverwherethevirtualserverisrunningusingtheExchangeadministratoraccountthathaslocalAdministratorpermissionsandExchangeFullAdministratorpermissions.
2.
InExchangeSystemManager,expandProtocols,right-clicktheprotocolforwhichyouwanttochangeconnectionlimits,andthenclickProperties.
3.
OntheGeneraltab,settheappropriateconnectionlimits.
ForMoreInformationForinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
FormoreinformationaboutconfiguringanExchange2003front-endserver,seeandback-endserverarchitecture,seeConfiguringanExchangeFront-EndServer.
HowtoDisconnectUsersfromaVirtualServerUsethisproceduretoimmediatelydisconnectasingleuserorallusersiftheyareaccessingthevirtualserverwithoutpermission.
ProcedureTodisconnectusersfromavirtualserver1.
InExchangeSystemManager,expandSMTP,IMAP4,orPOP3,andthendouble-clickthevirtualserverfromwhichyouwanttodisconnectusers.
2.
TodisconnectusersfromtheCurrentSessionsnodeunderthevirtualserver,useoneofthefollowingmethods:Todisconnectasingleuser,clickTerminate.
Todisconnectallusers,clickTerminateall.
ForMoreInformationForinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
ManagingCalendaringOptionsforthePOP3andIMAP4VirtualServersYoucanconfigureaURLforaccesstocalendaringinformationforyourPOP3andIMAP4messagingclients.
ThisfunctionalityenablesyoutouseaPOP3orIMAP4messagingclientandOutlookWebAccesstomanageyourcalendar.
TheoptionsthatyouselectforthisfeaturecontroltheformatoftheURL.
Note:IntopologiesthatcontainExchangefront-endandback-endservers,configuretheURLthatisusedtoaccesscalendaringinformationabouttheback-endserver.
ExchangedoesnotrecognizeanyURLsettingsthatyouconfigureonthefront-endservers.
WhendownloadingmeetingrequeststhroughPOP3andIMAP4,aURLtothemeetingrequestinOutlookWebAccessisaddedtotheplaintext/HTMLpartofthemessage.
UsersclicktheURLtoaccessthemeetingrequest,andthenacceptordeclinetherequest.
(SomeIMAP4andPOP3messagingclientsincludeagraphicaluserinterfacethatallowsthoseclientstoacceptordeclinemeetingswithouthavingtoclicktheURL.
)Ifusersaccepttherequest,Exchangeautomaticallyaddsittotheircalendar.
Note:TheURLtothemeetingrequestdoesnotworkforPOP3clientsthatareconfiguredtodownloadmessagesfromtheserver.
Thissituationoccursbecausethemessageisdownloadedtotheclient.
Asaresult,theURLpointstoamessagethatisnolongerontheserver.
Fordetailedsteps,seeHowtoConfigureCalendaringOptionsforaPOP3orIMAP4VirtualServer.
HowtoConfigureCalendaringOptionsforaPOP3orIMAP4VirtualServerYoucanconfigureaURLtogainaccesstocalendaringinformationforyourPOP3andIMAP4messagingclients.
ThisenablesyoutouseaPOP3orIMAP4messagingclientandOutlookWebAccesstomanageyourcalendar.
TheoptionsthatyouselectforthisfeaturecontroltheformatoftheURL.
BeforeYouBeginFormoreinformationabouttheuserexperiencewhencalendaringusingPOP3orIMAP4,seeManagingCalendaringOptionsforthePOP3andIMAP4VirtualServers.
Note:IntopologiesthatcontainExchangefront-endandback-endservers,configuretheURLthatisusedtoaccesscalendaringinformationabouttheback-endserver.
ExchangedoesnotrecognizeanyURLsettingsthatyouconfigureonthefront-endservers.
Note:TheURLtothemeetingrequestdoesnotworkforPOP3clientsthatareconfiguredtodownloadmessagesfromtheserver.
TheURLdoesnotworkbecausethemessageisdownloadedtotheclient.
Asaresult,theURLpointstoamessagethatisnolongerontheserver.
ProcedureToconfigurecalendaringoptionsforaPOP3orIMAP4virtualserver1.
InExchangeSystemManager,expandFirstAdministrativeGroup,expandtheServersnode,andthenexpandtheExchangeserverforwhichyouwanttomanagePOP3orIMAP4calendaringoptions.
2.
ExpandtheProtocolsnode,andthenright-clickthePOP3orIMAP4protocolandselectProperties.
3.
OntheCalendaringtab,selecttheserverwhererecipientsdownloadmeetingrequests:Todesignatetherecipient'shomeserverastheserverwheretherecipientdownloadsmeetingrequests,selectUserecipient'sserver.
Thisisthedefaultsetting.
Ifyouselectthisoption,theURLhasthefollowingformat:http:///Exchange/Username/Inbox/Team%20Meeting.
emlTodesignateafront-endserverastheserverwhererecipientsdownloadmeetingrequests,selectUsefront-endserver.
ThisoptionisusefulifyouhaveconfiguredyourOutlookWebAccessuserstoaccesstheirmailboxesthroughafront-endserver.
Ifyouselectthisoption,theURLhasthefollowingformat:http:///Exchange/Username/Inbox/Team%20Meeting.
eml4.
TouseSSLtoconnecttotheExchangeservers,selectUseSSLconnections.
Note:Ifyouselectthisoption,theURLsyntaxincludeshttps://insteadofhttp://.
5.
ClickOKtosaveyoursettings.
ForMoreInformationForinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
ManagingtheHTTPVirtualServerOutlookWebAccess,OutlookMobileAccess,andExchangeActiveSyncrelyontheHTTPprotocoltoaccessExchangeinformation.
TheseclientsalsousetheWebDAVprotocol,asetofrulesthatenablecomputerstoexchangeinformationandexecuteinstructionsthroughtheExchangefront-endserver,aswellasretrieveandhandleinformationintheExchangestore.
BysupportingbothHTTPandWebDAV,Exchange2003canprovidemoredataaccessfunctionalitytousers.
Forexample,usersofOutlookWebAccesscandocalendarrequestoperationsandcanstoreMicrosoftOfficefiles,suchasMicrosoftOfficeWorddocuments,intheExchangestore.
ExchangeprovidessupportforbothHTTPandWebDAVthroughtheHTTPvirtualserver.
WhenyouinstallExchange,ExchangeautomaticallyinstallsandconfiguresanHTTPvirtualserver.
YouadministerthisdefaultserveronlyfromIIS.
However,toprovideforseveralcollaborationscenariosandtosupplementtheaccesstofoldersthatisprovidedbythedefaultWebsiteinIIS,youcancreatenewHTTPvirtualserversinExchangeSystemManager.
Aswithanyvirtualserver,eachnewHTTPvirtualserverthatyoucreaterequiresauniquecombinationofIPaddress,TCPport,SSLport,andhostname.
Furthermore,foreachvirtualserverthatyoucreate,youmustdefineonevirtualdirectoryastherootdirectoryoftheserverforpublishingcontent.
Note:ThefoldercontentsdisplayedbytheHTTPvirtualserverareconvertedtoWebpagesandsenttoauser'sbrowserbyIIS.
FordetailedstepsabouthowtocreateanewHTTPvirtualserver,seeHowtoCreateaNewHTTPVirtualServer.
HowtoCreateaNewHTTPVirtualServerWhenyouinstallMicrosoftExchangeServer2003,ExchangeautomaticallyinstallsandconfiguresanHTTPvirtualserver.
YouadministerthisdefaultserveronlyfromInternetInformationServices(IIS).
However,toprovideforseveralcollaborationscenariosandtosupplementtheaccesstofoldersthatisprovidedbythedefaultWebsiteinIIS,youcancreatenewHTTPvirtualserversinExchangeSystemManager.
Note:ThefoldercontentsdisplayedbytheHTTPvirtualserverareconvertedtoWebpagesandsenttoauser'sbrowserbyIIS.
BeforeYouBeginAswithanyvirtualserver,eachnewHTTPvirtualserverthatyoucreaterequiresauniquecombinationofIPaddress,TCPport,SSLport,andhostname.
Furthermore,foreachvirtualserverthatyoucreate,youmustdefineonevirtualdirectoryastherootdirectoryoftheserverforpublishingcontent.
ProcedureTocreateanewHTTPvirtualserver1.
InExchangeSystemManager,expandtheFirstAdministrativeGroup,expandtheServersnode,andthenexpandtheExchangeserverwhereyouwanttocreateanewHTTPvirtualdirectory.
2.
ExpandtheProtocolsnode,right-clicktheHTTPprotocol,selectNewandthenclickHTTPVirtualServer.
3.
InthePropertiesdialogboxforthenewHTTPvirtualserver,configurethesettingsforyournewExchangevirtualdirectory.
ForMoreInformationForinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
ManagingtheExchangeVirtualServerTheExchangeVirtualServercontainsthevirtualdirectoriesthatprovideaccesstoExchangefortheHTTPclientsthatExchangesupports,suchasOutlookWebAccess,OutlookMobileAccess,andExchangeActiveSync.
AlthoughyouenablesettingsforOutlookWebAccess,includingforms-basedauthenticationandgzipcompression,byusingtheExchangeVirtualServer,youmanagemostsettingsfortheExchangevirtualdirectoriesintheIISsnap-in.
Specifically,inExchange2003,ifyouneedtoconfigureauthenticationsettingstoyourExchangevirtualdirectories,usetheIISsnap-in.
Toconfigureaccesscontrolforthe\Exchange,\Public,and\Exadminvirtualdirectories,useExchangeSystemManagerinstead.
WorkingwithIMAP4-SpecificSettingsTheIMAP4virtualserverhastwoprotocol-specificsettings:IncludeallpublicfolderswhenafolderisrequestedUnlikePOP3,whichallowsclientstoaccessonlymailmessages,IMAP4clientshaveaccesstofoldersotherthantheInboxfolder.
However,thisabilitytoaccessotherfoldersmustbeenabledonthevirtualserver.
EnablefastmessageretrievalFastmessageretrievalimprovesperformancebyapproximatingmessagesize,asopposedtoactuallycalculatingthemessagesize.
Performanceimprovesbecauselessprocessorworkisrequired.
YouselectthesesettingsontheGeneraltabintheDefaultIMAP4VirtualServerPropertiesdialogbox.
TheGeneraltabintheDefaultIMAP4VirtualServerPropertiesdialogboxFordetailedstepsabouthowtoconfigurethesesettings,seethefollowingtopics:HowtoEnableFastMessageRetrievalforanIMAP4VirtualServerHowtoIncludeAllPublicFoldersWhenaFolderIsRequestedonanIMAP4VirtualServerHowtoEnableFastMessageRetrievalforanIMAP4VirtualServerFastmessageretrievalimprovesperformancebyapproximatingmessagesize,asopposedtoactuallycalculatingthemessagesize.
Performanceimprovesbecauselessprocessorworkisrequired.
YouselectthesesettingsontheGeneraltabintheDefaultIMAP4VirtualServerPropertiesdialogbox.
ProcedureToenablefastmessageretrievalforanIMAP4virtualserver1.
InExchangeSystemManager,navigatetotheIMAP4VirtualServeryouwanttoconfigure.
2.
Intheconsoletree,right-clickavirtualserver,andthenclickProperties.
3.
OntheGeneraltab,clickEnablefastmessageretrievaltoimproveperformance.
TheGeneraltabintheDefaultIMAP4VirtualServerPropertiesdialogboxForMoreInformationAnotheroptionyoucanconfigureonanIMAP4virtualserveristoincludeallpublicfolderswhenafolderisrequested.
Fordetailedsteps,seeHowtoIncludeAllPublicFoldersWhenaFolderIsRequestedonanIMAP4VirtualServer.
Forinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
HowtoIncludeAllPublicFoldersWhenaFolderIsRequestedonanIMAP4VirtualServerUnlikePOP3,whichallowsclientstoaccessonlymailmessages,IMAP4clientshaveaccesstofoldersotherthantheInboxfolder.
However,thisabilitytoaccessotherfoldersmustbeenabledonthevirtualserver.
YouselectthesesettingsontheGeneraltabintheDefaultIMAP4VirtualServerPropertiesdialogbox.
ProcedureToincludeallpublicfolderswhenafolderisrequestedonanIMAP4virtualserver1.
InExchangeSystemManager,navigatetotheIMAP4virtualserverthatyouwanttoconfigure.
2.
Intheconsoletree,right-clickavirtualserver,andthenclickProperties.
3.
OntheGeneraltab,configuretheoptionsyouwant:ClickIncludeallpublicfolderswhenafolderlistisrequestedtoallowIMPA4clientstoaccessfoldersotherthantheInboxfolder.
ClickEnablefastmessageretrievaltoimproveperformance.
TheGeneraltabintheDefaultIMAP4VirtualServerPropertiesdialogboxForMoreInformationAnotheroptionyoucanconfigureonanIMAP4virtualserverisfastmessageretrieval.
Fordetailedstepsabouthowtodothis,seeHowtoEnableFastMessageRetrievalforanIMAP4VirtualServer.
Forinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
ConfiguringNNTPPostingLimitsandModerationSettingsExchangeServer2003usesNNTPtoenableuserstoparticipateinnewsgroupdiscussions.
ExchangealsoenablesuserswhoarerunningclientapplicationsthatsupportNNTPtoaccessnewsgrouppublicfoldersoncomputersthatarerunningExchange.
Userscanreadandpostitems,suchasmessagesanddocuments,toNNTPnewsgroupsthatarerepresentedinExchangeaspublicfolders.
Forexample,userscanshareinformationbypostingmessagestoanewsgrouppublicfolderintheirareaofinterest.
Otheruserscanreadandrespondtoitemsinthenewsgroup.
ItemsinnewsgroupscanbereplicatedtoUSENEThostcomputersthroughnewsfeeds.
AnewsfeedistheflowofitemsfromoneUSENETsitetoanother.
Newsfeedsenableusersofdifferentnewssitestoreadandpostarticlestonewsgroupsasthoughtheyareusingonenewssite.
Anewssiteisacollectionofrelatednewsgroups.
Anarticlepostedtoonenewssiteissenttoothernewssiteswhereitcanberead.
Youneedtocreateanewsfeedtoeachremoteservertowhichyouwanttodistributenewsarticles.
Becausethereasonforusingnewsgroupsistopostandshareinformation,youwilllikelyneedtomanagethesizeofthesepostingsinrelationtotheresourcesavailableontheNNTPvirtualserver.
Acceptingarticlesthataretoolargeoracceptingtoomuchdataduringoneconnectioncancauseincreasedtraffic,overloadyournetwork,andquicklyfillyourharddisk.
Besuretosetasizelimitthatmatchesyourserver'scapabilities.
Fordetailedstepsonhowtoconfigurepostinglimitsandmoderationssettings,seeHowtoConfigurePostingLimitsandModerationSettingsforanNNTPVirtualServer.
HowtoConfigurePostingLimitsandModerationSettingsforanNNTPVirtualServerMicrosoftExchangeServer2003usesNNTPtoenableuserstoparticipateinnewsgroupdiscussions.
Becausenewsgroupsareusedtopostandshareinformation,youwilllikelyneedtomanagethesizeofthesepostingsinrelationtotheresourcesavailableontheNNTPvirtualserver.
Acceptingarticlesthataretoolargeoracceptingtoomuchdataduringoneconnectioncancauseincreasedtraffic,overloadyournetwork,andquicklyfillyourharddisk.
Besuretosetasizelimitthatmatchesthecapabilitiesofyourserver.
BeforeYouBeginBeforeperformingthisprocedure,seeConfiguringNNTPPostingLimitsandModerationSettings.
ProcedureToconfigurepostinglimitsandmoderationsettingsforanNNTPvirtualserver1.
LogontotheExchangeserverwherethevirtualserverisrunningusingtheExchangeadministratoraccountthathaslocalAdministratorpermissionsandExchangeFullAdministratorpermissions.
2.
InExchangeSystemManager,expandProtocols,right-clicktheprotocolforwhichyouwanttochangeconnectionlimits,andthenclickProperties.
3.
OntheSettingstab(seethefigurebelow),selectfromthefollowingoptions:ToallowclientstopostarticlestonewsgroupsonthisNNTPvirtualserver,selectAllowclientposting.
Thisoptionpermitsuserstopostandreadarticlesinnewsgroupsthattheycanaccess,unlessthenewsgroupissettoread-only.
Youcanalsolimitthesizeofthearticlethatclientspostinadditiontothesizeoftheconnection.
ToallowclientstopostarticlestonewsfeedsontheNNTPvirtualserver,selectAllowfeedposting.
YoucanlimitthesizeofarticlesthatarepostedbyusingtheLimitpostsizecheckbox.
YoucanlimittheamountofdatathatissenttoanewsfeedduringasingleconnectionbyusingtheLimitconnectionsizecheckbox.
TheSettingstabintheDefaultNNTPVirtualServerPropertiesdialogboxNote:FormoreinformationaboutconfiguringNTTP,seetheExchangeServer2003Help.
ForMoreInformationForinformationaboutconfiguringandmanagingclientprotocols,seeManagingProtocols.
ManagingOutlookWebAccessOutlookWebAccessforExchange2003includessignificantimprovementsrelatedtotheuserinterfaceandadministration.
ForinformationabouttheuserexperienceimprovementsinOutlookWebAccess,see"ClientFeatures"inWhat'sNewinExchangeServer2003.
YouusebothExchangeSystemManagerandtheIISsnap-intomanageOutlookWebAccess.
Use:ExchangeSystemManagertomodifysettingsforaccesscontroltoOutlookWebAccess.
TheIISsnap-intocontroltheauthenticationsettingsforthevirtualdirectoriesforOutlookWebAccess,including\Exchange,\Exchweb,and\Public.
TheIISsnap-intoenableSSLforOutlookWebAccess.
FormoreinformationaboutusingSSLwithOutlookWebAccess,see"ConfiguringExchangeServer2003forClientAccess"intheExchangeServer2003DeploymentGuide.
ThefollowingsectionsshowhowtouseExchangeSystemManagerandtheIISsnap-intodomanagementtasksassociatedwithOutlookWebAccess.
EnablingandDisablingOutlookWebAccessforInternalClientsOnlyYoucanenableusersinyourcorporatenetworktoaccessOutlookWebAccess,whileatthesametimedenyingaccesstoexternalclients.
ThestepsyouneedtofollowtodothisinvolvecreatinganewrecipientpolicyandcreatinganewHTTPvirtualserver.
Afteryoucompletethesesteps,userswhosee-mailaddressesdonothavethesameSMTPdomainastheHTTPvirtualserverwillnotbeabletologonandaccessOutlookWebAccess.
Also,aslongasyoudonotusetheSMTPdomainasthedefaultdomain,externaluserscannotdeterminewhattheSMTPdomainisbecausethedomaindoesnotappearintheFromfieldwhenuserssende-mailmessagesoutsidetheorganization.
FordetailedstepsonhowtoenableOutlookWebAccessforinternalclientsonly,seeHowtoEnableOutlookWebAccessforInternalClientsOnly.
BesidesenablingOutlookWebAccessforusersinyourcorporatenetwork,youcanalsopreventspecificinternalusersfromaccessingOutlookWebAccess.
YoudothisbydisablingtheHTTPandNNTPprotocolsforthoseusers.
FordetailedstepsonhowtodisableOutlookWebAccessforspecificusers,seeHowtoDisableOutlookWebAccessforSpecificUsers.
UsingBrowserLanguageSettingsWhenusingMicrosoftInternetExplorer5orlatertoaccessOutlookWebAccess,newinstallationsandupgradestoExchange2003usethebrowser'slanguagesettingstodeterminethecharactersettousetoencodeinformation,suchase-mailmessagesandmeetingrequests.
IfyouupgradeaserverrunningExchange2000thatwasmodifiedtouseabrowser'slanguagesetting,Exchange2003continuestofunctioninthesamemanner.
Thefollowingtableliststhelanguagegroupsandrespectivecharactersets.
OutlookWebAccesslanguagegroupandcharactersetsLanguagegroupCharactersetArabicWindows1256Balticiso-8859-4Chinese(Simplified)Gb2131Chinese(Traditional)Big5Cyrillickoi8-rEasternEuropeaniso-8859-2Greekiso-8859-7Hebrewwindows-1255Japaneseiso-2022-jpKoreanks_c_5601-1987Thaiwindows-874Turkishiso-8859-9Vietnamesewindows-1258WesternEuropeaniso-8859-1IfyouexpectOutlookWebAccessusersinyourorganizationtosendmailfrequently,youcanmodifyregistrysettingssothatuserswhoarerunningInternetExplorer5orlatercanuseUTF-8encodedUnicodecharacterstosendmail.
Note:Incorrectlyeditingtheregistrycancauseseriousproblemsthatmayrequireyoutoreinstallyouroperatingsystem.
Problemsresultingfromeditingtheregistryincorrectlymaynotbeabletoberesolved.
Beforeeditingtheregistry,backupanyvaluabledata.
Fordetailedstepsonmodifyingthedefaultlanguagesetting,seeHowtoModifytheDefaultBrowserLanguageSettingsforOutlookWebAccess.
BlockingWebBeaconsInExchange2003,OutlookWebAccessmakesitmoredifficultforpeoplewhosendjunke-mailmessagestousebeaconstoretrievee-mailaddresses.
Beaconsfrequentlycomeintheformofimagesthataredownloadedontoauser'scomputerwhentheuseropensajunke-mailitem.
Aftertheimagesdownload,abeaconnotificationissenttothesenderofthejunke-mailinformingthesenderthatthee-mailaddressofyouruserisvalid.
Theresultisthattheuserwillreceivejunke-mailmorefrequentlybecausethejunke-mailsendernowknowsthatthee-mailaddressisvalid.
InOutlookWebAccess,anincomingmessagewithanycontentthatcanbeusedasabeacon,regardlessofwhetherthemessageactuallycontainsabeacon,promptsOutlookWebAccesstodisplaythefollowingwarningmessage:Ifusersknowthatamessageislegitimate,theycanclicktheClickheretounblockcontentlinkinthewarningmessageandunblockthecontent.
Ifyourusersdonotrecognizethesenderorthemessage,theycanopenthemessagewithoutunblockingthecontentandthendeletethemessagewithouttriggeringbeacons.
Ifyourorganizationdoesnotwanttousethisfeature,youcandisabletheblockingoptionforOutlookWebAccess.
FordetailedstepsfordisablingtheblockingofWebbeacons,seeHowtoDisableBlockingofWebBeacons.
ConfiguringAttachmentHandlingOutlookWebAccesscanbeconfiguredtohandlee-mailattachmentsasyourorganizationrequires.
YouhavethreeoptionsforhowyourExchangeservershandleattachments:DonotallowattachmentsAllowattachments(pendingfile-typefiltering)Allowattachmentaccessonlythroughspecificback-endserversAdditionally,youcanspecifyalistoffront-endserversthatareexceptionstothe"Allowattachmentaccessthroughbackendservers"optiontherebyallowingtheusersthatconnectthroughthespecifiedfront-endserverstobeabletoacceptattachments.
Notethatifyousettheserverto"Allowallattachments"or"Don'tallowanyattachments,"thisvalueisignored.
Also,ifarequestisthroughafront-endserverspecifiedinthislistoffront-endserversthatcanacceptattachments,theattachmentsmuststillpassLevel1and2restrictions.
BlockingAttachmentsWithOutlookWebAccess,youcanblockusersfromopening,sending,orreceivingspecifiedattachmenttypes.
Inparticular,youcan:PreventusersfromaccessingcertainfiletypeattachmentsBydefault,allnewExchange2003installationsblockattachmentsofLevels1and2filetypes,andLevels1and2MIMEtypes.
ThisfeatureisparticularlyusefulinstoppingOutlookWebAccessusersfromopeningattachmentsatpublicInternetterminals,whichcouldpotentiallycompromisecorporatesecurity.
Ifanattachmentisblocked,awarningmessageindicatingthattheusercannotopentheattachmentappearsintheInfoBarofthee-mailmessage.
OutlookWebAccessuserswhoareworkingintheirofficesorconnectedtothecorporatenetworkfromhomecanopenandreadattachments.
YoucanenablefullintranetaccesstoattachmentsbyprovidingtheURLtotheback-endserversandallowingattachmentsontheExchangeback-endservers.
PreventusersfromsendingorreceivingattachmentswithspecificfileextensionsthatcouldcontainvirusesThisfeatureinOutlookWebAccessmatchestheattachmentblockingfunctionalityinOutlook.
Forreceivedmessages,awarningmessageindicatingthatanattachmentisblockedappearsintheInfoBarofthee-mailmessage.
Forsentmessages,userscannotuploadanyfileswithextensionsthatappearontheblocklist.
Tochangetheattachmentblockingsettings,youmustmodifytheregistrysettingsontheserver.
Fordetailedstepsformodifyingattachmentblockingsettings,seeHowtoModifyAttachmentHandlingSettings.
HowtoEnableOutlookWebAccessforInternalClientsOnlyYoucanenableusersinyourcorporatenetworktoaccessOutlookWebAccess,whileatthesametimedenyingaccesstoexternalclients.
ToenableOutlookWebAccessforinternalclientsonly,youmustcreateanewrecipientpolicyandcreateanewHTTPvirtualserver.
Afteryoucompletethesesteps,userswhosee-mailaddressesdonothavethesameSMTPdomainastheHTTPvirtualserverwillnotbeabletologonandaccessOutlookWebAccess.
Also,ifyoudonotusetheSMTPdomainasthedefaultdomain,externaluserswillnotbeabletodeterminewhattheSMTPdomainisbecausethedomaindoesnotappearintheFromfieldwhenuserssende-mailmessagesoutsidetheorganization.
ProcedureToenableOutlookWebAccessforinternalclientsonly1.
CreatearecipientpolicywithanSMTPdomainname.
UserswhoareconnectingtoanHTTPvirtualservermusthaveane-mailaddresswiththesameSMTPdomainasthevirtualserver.
CreationofarecipientpolicyisanefficientwaytoapplythesameSMTPdomaintomultipleusers.
Note:OutlookWebAccessusersdonothavetoknowthenameoftheSMTPdomain.
2.
Applytherecipientpolicytotheuseraccountsforwhichyouwanttoenableaccess.
3.
Then,onthefront-endserver,createanewHTTPvirtualserverthatspecifiesthedomainthatisusedintherecipientpolicy.
ForMoreInformationFordetailedstepsforhowtodisableOutlookWebAccessforspecificusers,seeHowtoDisableOutlookWebAccessforSpecificUsers.
ForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessHowtoDisableOutlookWebAccessforSpecificUsersYoucanpreventspecificusersfrominsideyourorganizationfromaccessingOutlookWebAccess.
YoudothisbydisablingtheHTTPandNNTPprotocolsforthoseusers.
ProcedureTodisableOutlookWebAccessforspecificusers1.
InActiveDirectoryUsersandComputers,opentheuser'sPropertiesdialogbox.
2.
OntheExchangeFeaturestab,clearthesettingsforHTTPandNNTP.
ForMoreInformationFordetailedstepsforhowtoenableOutlookWebAccessforinternalclientsonly,seeHowtoEnableOutlookWebAccessforInternalClientsOnly.
ForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessHowtoModifytheDefaultBrowserLanguageSettingsforOutlookWebAccessWhentheyuseMicrosoftInternetExplorer5orlaterversionstoaccessOutlookWebAccess,newinstallationsandupgradestoMicrosoftExchangeServer2003usethebrowser'slanguagesettingstodeterminethecharactersettousetoencodeinformation,suchase-mailmessagesandmeetingrequests.
IfyouupgradeaserverrunningExchange2000Serverthatwasmodifiedtouseabrowser'slanguagesetting,ExchangeServer2003continuestofunctioninthesamemanner.
Thefollowingtableliststhelanguagegroupsandrespectivecharactersets.
OutlookWebAccesslanguagegroupandcharactersetsLanguagegroupCharactersetArabicWindows1256Balticiso-8859-4Chinese(Simplified)Gb2131Chinese(Traditional)Big5Cyrillickoi8-rEasternEuropeaniso-8859-2Greekiso-8859-7Hebrewwindows-1255Japaneseiso-2022-jpKoreanks_c_5601-1987Thaiwindows-874Turkishiso-8859-9Vietnamesewindows-1258WesternEuropeaniso-8859-1IfyouexpectOutlookWebAccessusersinyourorganizationtosendmailfrequently,youcanmodifyregistrysettingssothatuserswhoarerunningInternetExplorer5orlaterversionscanuseUTF-8-encodedUnicodecharacterstosendmail.
BeforeYouBeginNote:Incorrectlyeditingtheregistrycancauseseriousproblemsthatmayrequireyoutoreinstallyouroperatingsystem.
Problemsresultingfromeditingtheregistryincorrectlymaynotbeabletoberesolved.
Beforeeditingtheregistry,backupanyvaluabledata.
ProcedureTomodifythedefaultlanguagesettingforOutlookWebAccess1.
OntheExchangeserver,logonwiththeExchangeadministratoraccount,andstartRegistryEditor(regedit).
2.
InRegistryEditor,locatethefollowingregistrykey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWEB\OWA\UseRegionalCharset3.
CreateaDWORDvaluenamedUseRegionalCharset.
4.
Right-clicktheUseRegionalCharsetDWORDvalue,andthenclickModify.
5.
InEditDWORDValue,intheValuedatabox,type1,andthenclickOK.
ForMoreInformationForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessHowtoDisableBlockingofWebBeaconsInMicrosoftServerExchange2003,OutlookWebAccessimplementedaWebbeaconblockingfeaturethatmakesitmoredifficultforpeoplewhosendjunke-mailmessagestousebeaconstoretrievee-mailaddresses.
InOutlookWebAccess,anincomingmessagewithanycontentthatcanbeusedasabeacon,regardlessofwhetherthemessageactuallycontainsabeacon,promptsOutlookWebAccesstodisplaythefollowingwarningmessage:Tohelpprotectyourprivacy,linkstoimages,sounds,orotherexternalcontentinthismessagehavebeenblocked.
Clickheretounblockcontent.
Ifyourorganizationdoesnotwanttousethisfeature,youcanhaveyourusersperformthefollowingproceduretodisabletheblockingoptionforOutlookWebAccess.
BeforeYouBeginForanoverviewofhowWebbeaconsapplytoOutlookWebAccessdeployments,see"BlockingWebBeacons"inManagingOutlookWebAccess.
ProcedureTodisabletheblockingofWebbeacons1.
UseaWebbrowsertogainaccesstoOutlookWebAccess.
2.
ClickOptions.
3.
UnderPrivacyandJunkE-mailPrevention,cleartheBlockexternalcontentinHTMLe-mailmessagescheckbox.
ForMoreInformationForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessHowtoModifyAttachmentHandlingSettingsMicrosoftOutlookWebAccesscanbeconfiguredtohandlee-mailattachmentsindifferentways,dependingontherequirementsofyourorganization.
Youcanblockusersfromopening,sending,orreceivingspecifiedattachmenttypes.
YourExchangeservercanhandleattachmentsinthefollowingthreeways:DonotallowattachmentsAllowattachments(pendingfile-typefiltering)Allowattachmentaccessonlythroughspecificback-endserversBeforeYouBeginBeforemodifyingattachmenthandlingsettings,read"ConfiguringAttachmentHanding"inManagingOutlookWebAccess.
Notethatifyousettheattachmenthandlingsettingontheserverto"Allowallattachments"or"Don'tallowanyattachments,"theattachmentsettingthatyouconfiguretodeterminewhichfront-endserverswillhandlemessagesisignored.
Forspecificstepsforhowtospecifythefront-endserversthatwillhandleattachments,seeHowtoSpecifytheFront-EndServersThatAllowforAttachmentHandling.
Caution:Incorrectlyeditingtheregistrycancauseseriousproblemsthatmayrequireyoutoreinstallyouroperatingsystem.
Problemsresultingfromeditingtheregistryincorrectlymaynotbeabletoberesolved.
Beforeeditingtheregistry,backupanyvaluabledata.
ProcedureTomodifytheattachmentblockingsettingsonanExchangeserver1.
LogontotheExchangeserverusingtheExchangeadministratoraccount,andthenstartRegistryEditor(regedit).
2.
InRegistryEditor,locatethefollowingregistrykey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb\OWA3.
OntheEditmenu,pointtoNew,andthenclickDWORDValue.
4.
Inthedetailspane,namethenewvalueDisableAttachments.
5.
Right-clickDisableAttachments,andthenclickModify.
6.
UnderBase,inEditDWORDValue,clickDecimal.
7.
IntheValuedatabox,typeoneofthefollowingnumbers:Toallowallattachments,type0.
Todisallowallattachments,type1.
Toallowattachmentsfromback-endserversonly,type2.
8.
ClickOK.
ForMoreInformationYoumayalsowanttodeterminewhichserverswillallowattachmenthandling.
Forspecificsteps,seeHowtoSpecifytheFront-EndServersThatAllowforAttachmentHandling.
ForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessSpecifyingFront-EndServersThatAllowforAttachmentHandlingYoucanspecifyalistoffront-endserversthatareexceptionstothe"Allowattachmentaccessthroughbackendservers"optiontherebyallowingtheusersthatconnectthroughthespecifiedfront-endserverstobeabletoacceptattachments.
Notethatifyousettheserverto"Allowallattachments"or"Don'tallowanyattachments,"thisvalueisignored.
Also,ifarequestisthroughafront-endserverspecifiedinthislistoffront-endserversthatcanacceptattachments,theattachmentsmuststillpassLevel1and2restrictions.
Fordetailedstepsabouthowtospecifythefront-endserversthatcanacceptattachments,seeHowtoSpecifytheFront-EndServersThatAllowforAttachmentHandling.
HowtoSpecifytheFront-EndServersThatAllowforAttachmentHandlingYoucanspecifyalistoffront-endserversthatarenotimpactedbytheattachmentblockingsettingslevelyouhaveconfiguredintheregistry.
Userswhoconnectthroughthefront-endserversspecifiedinthislistcanopenattachments.
BeforeYouBeginIfyouhaveconfiguredattachmenthandlingontheservertoeitherallowattachmentsorblockattachments,thelistoffront-endserversthatyoudonotwanttobeimpactedbyattachmentblockingisignored.
Also,anyrequestthroughafront-endserverspecifiedinthelistmuststillpassLevel1and2restrictions.
Forinformationabouttheserestrictions,see"ConfiguringAttachmentHanding"inManagingOutlookWebAccess.
Forstepsforhowtoconfigurethevaluethatdetermineshowaserverwillblockattachments,seeHowtoModifyAttachmentHandlingSettings.
Caution:Incorrectlyeditingtheregistrycancauseseriousproblemsthatmayrequireyoutoreinstallyouroperatingsystem.
Problemsresultingfromeditingtheregistryincorrectlymaynotbeabletoberesolved.
Beforeeditingtheregistry,backupanyvaluabledata.
ProcedureTospecifythefront-endserversthatallowforattachmenthandling1.
LogontotheExchangeserverusingtheExchangeadministratoraccount,andthenstartRegistryEditor(regedit).
2.
InRegistryEditor,locatethefollowingregistrykey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb\OWA3.
OntheEditmenu,pointtoNew,andthenclickStringValue.
4.
Inthedetailspane,namethenewvalueAcceptedAttachmentFrontEnds.
5.
Right-clickAcceptedAttachmentFrontEnds,andthenclickModify.
6.
InEditStringValue,underValueData,enterthenamesofthefront-endserversthatyouwanttoallowattachments.
7.
ClickOK.
ForMoreInformationYoumayalsowanttoconfigurethelevelatwhichaserverwillblockattachments.
Forspecificsteps,seeHowtoModifyAttachmentHandlingSettings.
ForinformationaboutmanagingandconfiguringOutlookWebAccess,seethefollowingtopics:ConfiguringOutlookWebAccessManagingOutlookWebAccessFilteringJunkE-MailMessagesYoucancontrolhowExchange2003managesjunke-mailforyourorganization.
Todothis,youneedtoenablefiltering,andthenconfiguresender,recipient,andconnectionfiltering.
Formoreinformationaboutcontrollingjunke-mailwithExchange2003,see"ConfiguringFilteringandControllingSpam"intheExchangeServer2003TransportandRoutingGuide.
ManagingMobileServicesThissectionincludesinformationaboutmanagingmobileservicesforExchange.
Forproceduresthatrelatetomobileservices,seeConfiguringMobileDeviceSupport.
ManagingExchangeActiveSyncByusingExchangeActiveSync,userswithamobiledevicethatispoweredbyWindowswiththedesktopActiveSyncsoftwarecansynchronizetheirdeviceswiththeirExchangeserversovertheInternet.
UsersconnectacrosstheInternettotheirExchangefront-endserverandrequestinformationfromtheirExchangemailboxserver.
WhenyouenableaccesstoExchangeusingExchangeActiveSync,followthesesteps.
1.
Usethefront-endandback-endserverarchitecturetoprovideasinglenamespaceforuserstoconnecttoyournetwork(recommended).
Formoreinformation,seePlanninganExchangeServer2003MessagingSystem.
2.
InstallanSSLcertificateonthefront-endserver.
Formoreinformation,seetheExchangeServer2003DeploymentGuide.
3.
InformusershowtoconnecttotheInternetfromtheirdeviceanduseActiveSyncontheirdevicetoconnecttotheirExchangeserver.
Formoreinformation,seetheExchangeServer2003DeploymentGuide.
ThefollowingsectionsprovideinformationabouthowtomanageExchangeActiveSyncforyourorganization,includinghowtoenableanddisabletheExchangeActiveSyncapplication,andhowtoenableActiveSyncforyourusers.
EnablingExchangeActiveSyncforYourOrganizationBydefault,ExchangeActiveSyncisenabledforalltheusersinyourorganization.
IfyourusershavemobiledevicesthatarepoweredbyWindows,youcaninformthemhowtoconfiguretheirdevicestouseExchangeActiveSync.
ToenableanddisableExchangeActiveSyncforyourorganization,useExchangeSystemManager.
However,whenyouaddnewuserstoyourorganizationandyouwanttoenablethemtouseExchangeActiveSynctoaccessExchangewithamobiledevicethatispoweredbyWindows,useActiveDirectoryUsersandComputerstomodifythesettingsforauserorgroupsofusers.
Important:ExchangeActiveSyncmustusethedefaultvirtualdirectorycreatedbyExchangeServer2003Setup.
Deleting,renaming,andcreatingadditionalvirtualdirectoriesonthesamevirtualserverwillpreventExchangeActiveSyncfromfunctioningproperly.
Additionally,ifyouattempttore-createtheExchangeActiveSyncvirtualdirectoryinExchangeSystemManager,ExchangeActiveSyncwillnotfunction.
FordetailedstepsaboutenablinganddisablingExchangeActiveSyncfeaturesattheorganizationallevel,seeHowtoEnableorDisableExchangeActiveSyncforYourOrganization.
FordetailedstepsabouthowtomodifyActiveSyncsettingsforauserorgroupsofusers,seeHowtoEnableandDisableExchangeActiveSyncFeaturesattheUserLevel.
HowtoConfiguretheExchangeActiveSyncUp-to-DateNotificationsFeatureThefollowingaretheserver-sideproceduresyouusetoenableAUTDnotifications:FordetailedstepsaboutenablingAUTDattheorganizationallevel,seeHowtoEnableUp-to-DateNotificationsforYourOrganization.
FordetailedstepsonhowtomodifyAUTDsettingsforauserorgroupsofusers,seeHowtoEnableandDisableUp-to-DateNotificationsattheUserLevel.
EnablingUp-to-DateNotificationsforYourOrganizationAfteryouconfigureyourorganizationtouseExchangeActiveSync,youcanconfigureyourExchange2003serverssothatuserscanreceiveup-to-datenotificationstokeeptheirdevicescurrentwiththechangesthatoccurwhenanewitemarrivesintheirExchangemailbox.
Thisnotificationpromptstheuser'sdevicetosynchronizethedevicewiththeExchangemailboxautomatically.
Thefollowingaretheserver-sideproceduresyouusetoenableAUTDnotifications:FordetailedstepsaboutenablingAUTDattheorganizationallevel,seeHowtoEnableUp-to-DateNotificationsforYourOrganization.
FordetailedstepsabouthowtomodifyAUTDsettingsforauserorgroupsofusers,seeHowtoEnableandDisableUp-to-DateNotificationsattheUserLevel.
EnablingUserstoUseaMobileOperatortoReceiveNotificationsIfyouenabletheExchangeActiveSyncup-to-datenotificationsfeature,yourusersuseamobileoperatortodelivermessagesfromthecorporatenetworktotheirdevices.
Youcanenableyouruserstoreceivenotificationintwoways.
Option1:SpecifyamobileoperatorforyourusersTospecifyamobileoperatorforyourusers,disabletheEnablenotificationstouserspecifiedSMTPaddressesontheExchangeserverthathasthemailboxesfortheseusers.
Ifyouselectthisoption,youneedtoinformyourusershowtosettheirdevicestousethemobileoperatorthatyouspecifyforup-to-datenotifications.
Option2:AllowuserstousetheirownmobileoperatorsIfyourusershavetheirownmobiledevicesthatarepoweredbyWindows,youcanallowthemtousetheirownmobileoperatorstodelivernotificationstotheirdevices.
Ifyouselectthisoption,youneedtoinformyourusershowtosettheirdevicestousethemobileoperatorsthattheywanttouseforup-to-datenotifications.
UsethefollowingprocedurestoconfiguredevicesforAUTD:Fordetailedstepsonhowtospecifyamobileoperatorforanup-to-datenotificationsonadevice,seeHowtoSpecifyaMobileOperatorforUp-to-DateNotificationsonaDevice.
HowtoEnableorDisableExchangeActiveSyncforYourOrganizationThefollowingproceduredescribeshowtoenableordisableuser-initiatedsynchronizationforyourorganization.
BeforeYouBeginThisproceduredoesnotexplainotherMicrosoftExchangeActiveSyncoptionssuchasup-to-datenotifications.
ForaprocedurethatexplainshowtoenableallExchangeActiveSyncfeatures(includingup-to-datenotifications)attheorganizationallevel,seeHowtoEnableandDisableExchangeActiveSyncFeaturesattheOrganizationalLevel.
ProcedureToenableordisableExchangeActiveSyncforyourorganization1.
OntheExchangefront-endserverthatisrunningExchangeActiveSync,logonwiththeExchangeadministratoraccount,andthenstartExchangeSystemManager.
2.
ExpandGlobalSettings,right-clickMobileServices,andthenclickProperties.
3.
OntheMobileServicesPropertiespage,intheExchangeActiveSyncpane,selectorclearthecheckboxnexttoEnableuserinitiatedsynchronization.
4.
ClickOK.
ForMoreInformationFordetailedstepsforenablingActiveSyncfeaturesattheuserlevel,seeHowtoEnableandDisableExchangeActiveSyncFeaturesattheUserLevel.
FordetailedstepsforhowtoconfigureamobiledevicetouseExchangeActiveSync,seeHowtoConfigureaMobileDevicetoUseExchangeActiveSync.
HowtoConfiguretheExchangeActiveSyncUp-to-DateNotificationsFeatureAfteryouconfigureyourorganizationtouseMicrosoftExchangeActiveSync,youcanconfigureyourExchangeServer2003serverssothatuserscanreceiveup-to-datenotificationstokeeptheirdevicescurrentwiththechangesthatoccurwhenanewitemarrivesintheirExchangemailbox.
Thisnotificationpromptstheuser'sdevicetosynchronizethedevicewiththeExchangemailboxautomatically.
ProcedureToconfiguretheExchangeActiveSyncup-to-datenotificationsfeature1.
EnsurethatExchangeisconfiguredtosupportthealwaysup-to-datenotificationfeature.
Fordetailedsteps,seethefollowingprocedures:HowtoEnableandDisableExchangeActiveSyncFeaturesattheOrganizationalLevel.
"HowtoEnableandDisableUp-to-DateNotificationsattheUserLevel"intheExchangeServer2003ClientAccessGuide.
2.
Configureanymobilecarriersthatyouneedtosupportyourdeployment.
Fordetailedsteps,see"HowtoConfigureaMobileCarrierWhenUsingUp-to-DateNotifications"intheExchangeServer2003ClientAccessGuide.
3.
Configureyouruserdevicestousetheup-to-datenotificationfeature.
Fordetailedsteps,seeHowtoSpecifyaMobileOperatorforUp-to-DateNotificationsonaDevice.
ForMoreInformationForconceptualinformationabouttheExchangeActiveSyncup-to-datenotificationsfeature,see"EnablingUp-to-DateNotificationsforYourOrganization"in"ManagingMobileServices"intheExchangeServer2003ClientAccessGuide.
HowtoEnableUp-to-DateNotificationsforYourOrganizationAfteryouconfigureyourorganizationtouseMicrosoftExchangeActiveSync,youcanconfigureyourExchangeServer2003serverssothatuserscanreceiveup-to-datenotificationstokeeptheirdevicescurrentwiththechangesthatoccurwhenanewitemarrivesintheirExchangemailbox.
Thisnotificationpromptstheuser'sdevicetosynchronizewiththeExchangemailboxautomatically.
ProcedureToenableup-to-datenotificationsforyourorganization1.
OntheExchangefront-endserverrunningExchangeActiveSync,logonwiththeExchangeadministratoraccount,andthenstartExchangeSystemManager.
2.
ExpandGlobalSettings,right-clickMobileServices,andthenclickProperties.
3.
OntheMobileServicesPropertiespage,intheExchangeActiveSyncpane,selectEnableup-to-datenotifications.
4.
ClickOK.
ForMoreInformationFordetailedstepsforhowtospecifyalistofmobilecarriersfromwhichyouruserscanchoose,seeHowtoConfigureaMobileCarrierWhenUsingUp-to-DateNotifications.
Afteryouspecifyalistofcarriers,youruserswillbeabletochooseamobileoperatorusingadrop-downmenuontheirmobiledevice.
Fordetailedstepsforhowtoconfigureup-to-datenotificationssothatusersinyourorganizationcanspecifytheirownmobileoperator,seeHowtoSettheEnableNotificationstoUser-SpecifiedSMTPAddressOptionforYourOrganization.
Fordetailedstepsforhowtomodifyup-to-datenotificationsettingsforauserorgroupsofusers,seeHowtoEnableandDisableUp-to-DateNotificationsattheUserLevel.
Forconceptualinformationabouttheup-to-datenotificationfeature,see"EnablingUp-to-DateNotificationsforYourOrganization"inManagingMobileServices.
HowtoEnableandDisableUp-to-DateNotificationsattheUserLevelIfyouenabletheMicrosoftExchangeActiveSyncalwaysup-to-datenotificationsfeature,yourusersuseamobileoperatortodelivermessagesfromthecorporatenetworktotheirdevices.
Youcanenableindividualusersorgroupsofuserstouseup-to-datenotifications.
ProcedureToenableanddisablealwaysup-to-datenotificationsattheuserlevel1.
OntheExchangeserveronwhichtheuser'smailboxresides,logonwiththeExchangeadministratoraccount,andthenstartActiveDirectoryUsersandComputers.
2.
Expandthedomain,andthenopenthelocationfortheuserswhosesettingsyouwanttomodify.
3.
Right-clicktheuseroruserswhoseup-to-datenotificationssettingsyouwanttomodify,andthenselectExchangeTasks.
4.
InExchangeTaskWizard,ontheAvailableTaskspage,selectConfigureExchangeFeatures,andthenclickNext.
5.
OntheConfigureExchangeFeaturespage,selectUp-to-datenotifications,andthenselectoneofthefollowing:Toallowuserstouseup-to-datenotifications,selectEnable.
Topreventusersfromusingup-to-datenotifications,selectDisable.
6.
Topreventtheusers'settingsfrombeingmodifiedwhenyouhaveselectedmorethanoneuser,selectDonotmodify.
ForMoreInformationFordetailedstepsforenablingAUTDattheorganizationallevel,seeHowtoEnableUp-to-DateNotificationsforYourOrganization.
ForanoverviewofthestepsthatyouneedtoconsiderwhendeployingAUTDnotifications,seeHowtoConfiguretheExchangeActiveSyncUp-to-DateNotificationsFeature.
ForconceptualinformationabouttheAUTDfeature,see"EnablingUp-to-DateNotificationsforYourOrganization"inManagingMobileServices.
HowtoConfigureaMobileCarrierWhenUsingUp-to-DateNotificationsYouspecifythemobilecarriersthatyouwantyouruserstouseforup-to-datenotifications.
Specifyingmobilecarrierscanmakeiteasierforyouruserstoconfigureup-to-datenotifications.
Additionally,whenusedinconjunctionwithclearingtheEnablenotificationtouserspecifiedSMTPaddressesoption,youcancontrolthecarrierstowhichyourusersconnect.
Note:Afteryouconfigureyourmobilecarriers,youruserswillbeabletoselectamobilecarrierfromtheServiceProviderNamedrop-downlistwhenconfiguringtheirdevicesforup-to-datenotifications.
Ifyoudonotconfiguremobilecarriersforyourusers,userswhoareconfiguredwiththeEnablenotificationtouserspecifiedSMTPaddressesoptioncanspecifyamobilecarrierbyenteringtheSMSaddressoftheirdevice.
ThisaddressusesthesameformatasanSMTPaddress(forexample,@).
Important:Notallmobilecarriersanddevicessupportup-to-datenotifications.
OnereasonisbecausethemobilecarrierandthedevicemustspecificallysupporttheconversionofSMTPe-mailmessagesintoSMSmessages.
ProcedureToconfigureamobilecarrierwhenusingalwaysup-to-datenotifications1.
InExchangeSystemManager,right-clickMobileServices,selectNew,andthenselectMobileCarrier.
2.
InthePropertiesdialogbox,intheNamefield,typeadisplaynameforthecarrier.
Thenameyouuseherewillbethenamedisplayedonthemobiledevice.
3.
InSMTPdomain,typetheSMTPdomainbeingservedbythecarrier,forexample,typetmomail.
netifyourcarrierisT-Mobile.
ForMoreInformationFordetailedstepsforconfiguringAUTD,seeHowtoConfiguretheExchangeActiveSyncUp-to-DateNotificationsFeature.
HowtoSettheEnableNotificationstoUser-SpecifiedSMTPAddressOptionforYourOrganizationAfteryouconfigureyourorganizationtouseMicrosoftExchangeActiveSync,youcanconfigureyourExchangeServer2003serverssothatuserscanreceiveup-to-datenotificationstokeeptheirdevicescurrentwiththechangesthatoccurwhenanewitemarrivesintheirExchangemailbox.
Thisnotificationpromptstheuser'sdevicetosynchronizethedevicewiththeExchangemailboxautomatically.
ProcedureTosettheEnablenotificationstouser-specifiedSMTPaddressoptionforyourorganization1.
OntheExchangefront-endserverthatisrunningExchangeActiveSync,logonwiththeExchangeadministratoraccount,andthenstartExchangeSystemManager.
2.
ExpandGlobalSettings,right-clickMobileServices,andthenclickProperties.
3.
OntheMobileServicesPropertiespage,intheExchangeActiveSyncpane,settheEnablenotificationstouserspecifiedSMTPaddressoptionasfollows:Ifyouwanttospecifyamobileoperatorforyouruser,clearEnablenotificationstouserspecifiedSMTPaddress.
Ifyouwanttoallowyouruserstospecifytheirownmobileoperators,selectEnablenotificationstouserspecifiedSMTPaddress.
4.
ClickOK.
ForMoreInformationFordetailedstepsforhowtospecifyamobileoperatorforup-to-datenotificationsonadevice,seeHowtoSpecifyaMobileOperatorforUp-to-DateNotificationsonaDevice.
Fordetailedstepsforhowtomodifyup-to-datenotificationsettingsforauserorgroupsofusers,seeHowtoEnableandDisableUp-to-DateNotificationsattheUserLevel.
Forconceptualinformationaboutup-to-datenotifications,see"EnablingUp-to-DateNotificationsforYourOrganization"inManagingMobileServices.
ManagingOutlookMobileAccessByusingOutlookMobileAccess,userscanbrowsetheirExchangemailboxusingadevicesuchasaSmartphonethatispoweredbyMicrosoftWindowsoracHTML-capabledevice.
YoucanalsoenableuserstousedevicesthatarenotofficiallysupportedbyMicrosoft,butwhicharelikelytofunctioncorrectlywithonlyminorcompatibilityissuesbyenablingunsupporteddevicestouseOutlookMobileAccess.
ThefollowingsectionsprovideinformationabouthowtomanageOutlookMobileAccessforyourorganization,includinghowtoenabletheOutlookMobileAccessapplicationforyourorganizationandhowtoenableusersforOutlookMobileAccess.
ConfiguringExchangetoUseOutlookMobileAccessBydefault,OutlookMobileAccessisdisabledwhenyouinstallExchange2003.
ForuserstouseOutlookMobileAccess,youmustfirstenableit.
WhenyouenableaccesstoExchangebyusingOutlookMobileAccess,youshoulddothefollowing:1.
Usethefront-endandback-endserverarchitecturetoprovideasinglenamespaceforuserstoconnecttoyournetwork.
Formoreinformation,seeExchangeServer2003andExchange2000ServerFront-EndandBack-EndTopologies.
2.
InstallanSSLcertificateonthefront-endserver.
Formoreinformation,seetheExchangeServer2003DeploymentGuide.
3.
InformusershowtoconnecttotheInternetfromtheirdevicesandhowtouseOutlookMobileAccesstoaccesstheirExchangeinformation.
FordetailedstepsforhowtouseOutlookWebAccesstoaccessExchangedata,seeHowtoAccessExchangeDataUsingOutlookMobileAccess.
EnablingOutlookMobileAccessforYourOrganizationToenableOutlookMobileAccessforyourorganization,useExchangeSystemManager.
AfteryouenableOutlookMobileAccess,youcanuseActiveDirectoryUsersandComputerstomodifytheOutlookMobileAccesssettingsforusersorgroupsofusers.
FordetailedstepsforenablingOutlookMobileAccessforyourorganization,seeHowtoEnableorDisableOutlookMobileAccessattheOrganizationalLevel.
FordetailedstepsformodifyingOutlookMobileAccesssettings,seeHowtoEnableorDisableOutlookMobileAccessattheUserLevel.
CopyrightTheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.
BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.
ThisWhitePaperisforinformationalpurposesonly.
MICROSOFTMAKESNOWARRANTIES,EXPRESS,IMPLIEDORSTATUTORY,ASTOTHEINFORMATIONINTHISDOCUMENT.
Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.
Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans(electronic,mechanical,photocopying,recording,orotherwise),orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.
ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
Unlessotherwisenoted,thecompanies,organizations,products,domainnames,e-mailaddresses,logos,people,places,andeventsdepictedinexampleshereinarefictitious.
Noassociationwithanyrealcompany,organization,product,domainname,e-mailaddress,logo,person,place,oreventisintendedorshouldbeinferred.
2006MicrosoftCorporation.
Allrightsreserved.
Microsoft,MS-DOS,Windows,WindowsServer,WindowsVista,ActiveDirectory,ActiveSync,ActiveX,Entourage,Excel,FrontPage,Hotmail,JScript,MicrosoftPress,MSDN,MSN,Outlook,SharePoint,VisualBasic,VisualC++,VisualStudio,Win32,WindowsMobile,WindowsNT,andWindowsServerSystemareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Allothertrademarksarepropertyoftheirrespectiveowners.