Publishing Outlook Web Access on a Forefront UAG portal

Updated: February 15, 2013

Applies To: Unified Access Gateway

This topic describes how to publish the Outlook Web Access Exchange service on a Forefront Unified Access Gateway (UAG) portal, using the Add Application Wizard.

Note

Depending on your publishing scenario, the portal may be invisible to the user.

Note

Publishing Outlook Web Access as the initial portal application with the Display home page within portal frame option enabled is not supported.

Before you begin, you must configure the Exchange Client Access server to use either Basic, NTLM, or KCD authentication, because Forefront UAG does not support forms-based authentication to perform single sign-on (SSO) to Outlook Web Access. The following procedure describes how to configure the Exchange Client Access server for basic authentication.

To configure Exchange to use basic authentication

  1. Start the Exchange Management Console.

  2. In the Exchange Management Console, expand Server Configuration, and then click Client Access.

  3. Select your Client Access server, and then on the Outlook Web Access (or Outlook Web App) tab, select owa (Default Web Site).

  4. In the Actions pane, under owa (Default Web Site), click Properties.

  5. On the Authentication tab, click Use one or more of the following standard authentication methods, make sure that only the Basic authentication (password is sent in clear text) check box is selected, and then click OK.

Note

Perform this procedure for every Exchange Client Access server in your environment that will be used for OWA.

To publish Outlook Web Access on a Forefront UAG portal

  1. In the Forefront UAG Management console, click the portal through which you want to publish Exchange services, and then, below the Applications list, click Add. The Add Application Wizard opens.

  2. On the Select Application page of the wizard, in the Web list, click Microsoft Exchange Server (all versions).

  3. On the Select Exchange Services page of the wizard, in the Exchange version list, click the version of the Exchange server you want to publish. Under Exchange services, select the Outlook Web Access check box.

    Note

    In Outlook 2010, if you want to allow access to the Exchange Control Panel only (without other Outlook Web Access functionality), run the Add Application Wizard as described, and then after finishing the wizard, edit the application properties and remove the /owa path.

  4. On the Configure Application page of the wizard, enter a name for the application.

  5. On the Select Endpoint Policies page of the wizard, select the policies to use for this application.

  6. On the Deploying an Application page of the wizard, choose whether to publish a single Exchange Client Access server or a farm of load-balanced Exchange Client Access servers.

    Note

    After the application is published, you cannot edit the application properties and change it from a single server to a farm, or vice-versa.

  7. On the Web Servers page of the wizard:

    • In the Addresses list, enter the IP address or host name of the Client Access server.

    • In the Public host name box, enter the public host name for this application. The public host name must match the FQDN in the certificate. The public host name can be the same as the public host name of the trunk, if required.

      Note

      You can enter a public host name only when publishing Exchange 2013, Exchange 2010, or Exchange 2007.

    Note

    When publishing OWA, you can choose whether Forefront UAG communicates with the Exchange Client Access server over HTTP or HTTPS.

  8. On the Authentication page of the wizard, select an authentication server to authenticate users to the application, and click 401 request.

  9. On the Portal Link page of the wizard, configure the portal link for the application.

    If you are publishing Exchange 2013 or Exchange 2010 and OWA is not the initial portal application, make sure that the Open in a new window check box is selected.

  10. On the Authorization page of the wizard, select which users are authorized to access this application.

  11. On the Completing the Add Application Wizard page of the wizard, click Finish.

    The Add Application Wizard closes, and the application that you defined appears in the Forefront UAG Management console, in the Applications list.

  12. If you want to define the Outlook Web Access application as the portal home page, in the Forefront UAG Management console, in the Initial application list, click the application that you added in this procedure.

  13. To apply the Outlook Web Access look and feel to the Forefront UAG user interaction pages, in the Forefront UAG Management console, next to Configure trunk settings, click Configure, click the Authentication tab, and then select the Apply an Outlook Web Access look and feel check box. Confirm the changes to the logon settings, and then click OK.

  14. On the toolbar of the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate.

    When the configuration is activated, the message "Forefront UAG configuration activated successfully" appears.