Export (0) Print
Expand All

Enable-OutlookAnywhere

[This is pre-release documentation and subject to change in future releases.]  

Applies to: Exchange Server 2013 Preview

Topic Last Modified: 2012-07-12

Use the Enable-OutlookAnywhere cmdlet to enable Outlook Anywhere on a computer running Microsoft Exchange Server 2013 Preview. Running the Enable-OutlookAnywhere cmdlet enables the server to accept requests from Microsoft Outlook by using Outlook Anywhere, also known as RPC over HTTP.

For information about the parameter sets in the Syntax section below, see Parameters.


          
            Enable-OutlookAnywhere -SSLOffloading <$true | $false> [-Confirm [<SwitchParameter>]] [-DefaultAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic | WSSecurity | Certificate | NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate | Misconfigured>] [-DomainController <Fqdn>] [-ExtendedProtectionFlags <MultiValuedProperty>] [-ExtendedProtectionSPNList <MultiValuedProperty>] [-ExtendedProtectionTokenChecking <None | Allow | Require>] [-ExternalClientAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic | WSSecurity | Certificate | NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate | Misconfigured>] [-ExternalHostname <Hostname>] [-IISAuthenticationMethods <MultiValuedProperty>] [-InternalClientAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic | WSSecurity | Certificate | NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate | Misconfigured>] [-InternalHostname <Hostname>] [-Role <FrontEnd | BackEnd>] [-Server <ServerIdParameter>] [-WhatIf [<SwitchParameter>]] [-XropUrl <Uri>]
          
        

This example enables the server Server01 for Outlook Anywhere. The external host name is set to mail.contoso.com, NTLM authentication is used for external client authentication, and SSL offloading is set to $true.

Enable-OutlookAnywhere -Server:Server01 -ExternalHostname:mail.contoso.com -ExternalClientAuthenticationMethod:Ntlm -SSLOffloading:$true

This example enables Outlook Anywhere on the Exchange 2013 Preview server. The SSLOffloading parameter is set to $false, the ExternalHostname parameter is specified as mail.contoso.com, and the DefaultAuthenticationMethod parameter is set to NTLM.

Enable-OutlookAnywhere -DefaultAuthenticationMethod:Ntlm -ExternalHostname:mail.contoso.com -SSLOffloading:$false

This example enables the Exchange server for Outlook Anywhere. The SSLOffloading parameter is set to $false, the ExternalHostname parameter is set to mail.contoso.com, the IISAuthenticationMethods parameter is set to NTLM, and the InternalClientAuthenticationMethod parameter is set to Basic.

Enable-OutlookAnywhere -IISAuthenticationMethods NTLM -SSLOffloading:$false -InternalClientAuthenticationMethod:Basic -ExternalHostname:mail.contoso.com

The Enable-OutlookAnywhere cmdlet enables the Exchange 2013 Preview Client Access server for Outlook Anywhere. This lets the server accept requests from Outlook clients by using Outlook Anywhere.

importantImportant:
This cmdlet can be successfully run only if the RPC over HTTP proxy Windows networking component is already installed.
noteNote:
When you run this cmdlet, it can take as long as an hour for the settings to become effective, depending on how long it takes for Active Directory to replicate.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "Outlook Anywhere configuration" entry in the Clients and Mobile Devices Permissions topic.

 

Parameter Required Type Description

SSLOffloading

Required

System.Boolean

The SSLOffloading parameter specifies whether the Client Access server requires Secure Sockets Layer (SSL). This value should be set only to $true when an SSL hardware solution is running in front of the Client Access server.

Confirm

Optional

System.Management.Automation.SwitchParameter

The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.

DefaultAuthenticationMethod

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.AuthenticationMethod

The DefaultAuthenticationMethod parameter specifies whether to set the InternalClientAuthenticationMethod, ExternalClientAuthenticationMethod, and IISAuthenticationMethods parameters to the same authentication value.

When you set an authentication value by using the DefaultAuthenticationMethod parameter, you force the specified authentication method to be used on the /rpc virtual directory in Internet Information Services (IIS). The authentication method can be set to one of the following:

  • Basic (Basic authentication)
  • Ntlm (NTLM authentication)
  • Digest (Digest authentication)
  • Fba (forms-based authentication)
  • WindowsIntegrated (Integrated Windows authentication)
  • LiveIdFba (Windows Live ID forms-based authentication)
  • LiveIdBasic (Windows Live ID Basic authentication)
  • WSSecurity (Windows SharePoint Security)
  • Certificate
  • NegoEx   Negotiate Ex authentication is an authentication type reserved for future Microsoft use and shouldn't be used. Use of this setting will cause authentication to fail.
  • Misconfigured
noteNote:
If the DefaultAuthenticationMethod parameter is specified, the InternalClientAuthenticationMethod, ExternalClientAuthenticationMethod, and IISAuthenticationMethods parameters can't be used.

DomainController

Optional

Microsoft.Exchange.Data.Fqdn

The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.

ExtendedProtectionFlags

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionFlags parameter is used to customize the options you use if you're using Extended Protection for Authentication. The possible values are:

  • None   Default setting.
  • Proxy   Specifies that a proxy is terminating the SSL channel. A Service Principal Name (SPN) must be registered in the ExtendedProtectionSPNList parameter if proxy mode is configured.
  • ProxyCoHosting   Specifies that both HTTP and HTTPS traffic may be accessing the Client Access server and that a proxy is located between at least some of the clients and the Client Access server.
  • AllowDotlessSPN   Specifies whether you want to support valid SPNs that aren't in the fully qualified domain name (FQDN) format, for example ContosoMail. You specify valid SPNs with the ExtendedProtectionSPNList parameter. This option makes extended protection less secure because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was established over a secure channel.
  • NoServiceNameCheck   Specifies that the SPN list won't be checked to validate a channel binding token. This option makes Extended Protection for Authentication less secure. We generally don't recommend this setting.

ExtendedProtectionSPNList

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using Extended Protection for Authentication on the specified virtual directory.

The possible values are:

  • Null   This is the default value.
  • Single SPN or comma delimited list of valid SPNs   By default, you must specify the fully qualified domain name (FQDN) (for example mail.contoso.com) for each SPN. If you want to add an SPN that's not an FQDN (for example, ContosoMail), you must also use the ExtendedProtectionTokenChecking parameter with the AllowDotlessSPN value. You specify the domain in SPN format. The SPN format is <protocol>/<FQDN>. For example, a valid entry could be HTTP/mail.contoso.com.

ExtendedProtectionTokenChecking

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.ExtendedProtectionTokenCheckingMode

The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for Authentication on the specified Exchange virtual directory. Extended Protection for Authentication isn't enabled by default. The available settings are:

  • None   Extended Protection for Authentication won't be used. Connections between the client and Exchange won't use Extended Protection for Authentication on this virtual directory. This is the default setting.
  • Allow   Extended Protection for Authentication will be used for connections between the client and Exchange on this virtual directory if both the client and server support Extended Protection for Authentication. Connections that don't support Extended Protection for Authentication on the client and server will work, but may not be as secure as a connection using Extended Protection for Authentication.
noteNote:
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-to-proxy SSL channel, you must also configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.
  • Require   Extended Protection for Authentication will be used for all connections between clients and Exchange servers for this virtual directory. If either the client or server doesn't support Extended Protection for Authentication, the connection between the client and server will fail. If you set this option, you must also set a value for the ExtendedProtectionSPNList parameter.
noteNote:
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-to-proxy SSL channel, you must also configure one or more SPNs using the parameter ExtendedProtectionSPNList.

To learn more about Extended Protection for Authentication, see Understanding Extended Protection for Authentication.

ExternalClientAuthenticationMethod

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.AuthenticationMethod

The ExternalClientAuthenticationMethod parameter specifies the authentication method to use for external clients. The following options are available:

  • Basic
  • Digest
  • Ntlm
  • Fba
  • WindowsIntegrated
  • LiveIdFba
  • LiveIdBasic
  • WSSecurity
  • Certificate
  • NegoEx
  • OAuth
  • Adfs
  • Kerberos
  • Negotiate
  • Misconfigured

ExternalHostname

Optional

Microsoft.Exchange.Data.Hostname

The ExternalHostname parameter specifies the external host name to use in the Outlook profiles for users enabled for Outlook Anywhere.

IISAuthenticationMethods

Optional

Microsoft.Exchange.Data.MultiValuedProperty

The IISAuthenticationMethods parameter specifies the authentication method that's enabled on the /rpc virtual directory in IIS. You can set the virtual directory to allow Basic authentication or NTLM authentication. Alternatively, you can also set the virtual directory to allow both Basic and NTLM authentication. All other authentication methods are disabled.

You may want to enable both Basic and NTLM authentication if you're using the IIS virtual directory with multiple applications that require different authentication methods.

noteNote:
When you configure this setting using the IIS interface, you can enable as many authentication methods as you want.

For more information about configuring this parameter with multiple values, see the Examples section.

InternalClientAuthenticationMethod

Optional

Microsoft.Exchange.Data.Directory.SystemConfiguration.AuthenticationMethod

The InternalClientAuthenticationMethod parameter specifies the authentication method to use for internal clients. The following options are available:

  • Basic
  • Digest
  • Ntlm
  • Fba
  • WindowsIntegrated
  • LiveIdFba
  • LiveIdBasic
  • WSSecurity
  • Certificate
  • NegoEx
  • OAuth
  • Adfs
  • Kerberos
  • Negotiate
  • Misconfigured

InternalHostname

Optional

Microsoft.Exchange.Data.Hostname

This parameter is reserved for future use.

Role

Optional

Microsoft.Exchange.Management.SystemConfigurationTasks.VirtualDirectoryRole

This parameter is reserved for future use.

Server

Optional

Microsoft.Exchange.Configuration.Tasks.ServerIdParameter

The Server parameter specifies the name of the Client Access server to be enabled for Outlook Anywhere.

WhatIf

Optional

System.Management.Automation.SwitchParameter

The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

XropUrl

Optional

System.Uri

This parameter is reserved for internal Microsoft use.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft