Deploying Outlook Anywhere
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
Topic Last Modified: 2016-11-10
The Outlook Anywhere feature for Microsoft Exchange Server 2007 lets users connect to their Microsoft Exchange information from any location by using the Internet. This feature eliminates the need to use a virtual private network (VPN) to access computers that are running Exchange 2007 or Microsoft Exchange Server 2003 from outside an organization's network. You can access your Microsoft Exchange information by using the RPC over HTTP Windows networking technology. This technology wraps remote procedure calls (RPCs) with an HTTP layer. This allows the traffic to traverse network firewalls without requiring RPC ports to be opened.
By default, when you install the Client Access server role on a computer that is running Exchange 2007, Outlook Anywhere is not enabled. Additionally, based on your topology, there are several post-installation tasks that you might have to perform after you enable Outlook Anywhere.
To enable Outlook Anywhere, you must follow these steps in order:
Install a valid Secure Sockets Layer (SSL) certificate from a certification authority (CA) that is trusted by Outlook clients.
Install the Windows RPC over HTTP proxy component.
Enable Outlook Anywhere on an Exchange 2007 Client Access server by using the Enable Outlook Anywhere Wizard.
Configure Exchange services, such as the Availability service, for external access. For more information, see How to Configure Exchange Services for the Autodiscover Service.
When you install Exchange 2007, you can install a default SSL certificate that is created by Exchange Setup. However, this certificate is not a trusted SSL certificate and will not work for Outlook Anywhere.
Outlook Anywhere uses the Autodiscover service to provide the external URLs for the Exchange services such as the Availability service and the offline address book. After you configure your Exchange 2007 deployment for Outlook Anywhere, you must configure the external URLs for these services for your Outlook 2007 clients to access these services from the Internet.
When you deploy Outlook Anywhere, you have several deployment options. The option that you choose depends on your current messaging environment.
Generally, when you deploy Exchange 2007, we recommend that you start by deploying Client Access servers. Client Access servers provide Outlook Anywhere access to clients that are running Microsoft Office Outlook 2007 or RPC over HTTP access to clients that are running Outlook 2003. Access is provided to Exchange 2007 servers that have the Mailbox server role installed or to Exchange 2003 back-end servers that have been enabled for RPC over HTTP.
Note also that the number of connections that a server can handle for Outlook requests is determined primarily by the hardware that you are using. If your organization requires many concurrent Outlook Anywhere users, use hardware that will support these connections. We recommend that you use 64-bit servers to support many Outlook Anywhere users.
The following table describes the Client Access server deployment options that you can choose from. It shows which clients you can use with the various versions of Microsoft Exchange.
Outlook Anywhere deployment options
|Mailbox location||Deployment details|
Exchange 2007 servers that have the Mailbox server role installed
Client Access servers can provide Outlook Anywhere access for Outlook 2007 and Outlook 2003 to Exchange 2007 servers that have the Mailbox server role installed. However, Outlook 2003 clients will be unable to use the Autodiscover service to automatically configure and manage their profiles for Outlook Anywhere. For more information, see How to Enable Outlook Anywhere.
Exchange 2003 back-end servers that are running Exchange 2003 Service Pack 1 (SP1) or a later version
Client Access servers can provide access to Exchange 2003 back-end servers that are running SP1 or a later version for Outlook 2007 and Outlook 2003. After you enable the Client Access server for Outlook Anywhere, you can enable any new Exchange 2003 back-end servers for RPC over HTTP access by using Exchange System Manager in Exchange 2003. Existing servers that are enabled for RPC over HTTP will not require additional changes. For more information, see How to Configure Outlook Anywhere with Exchange 2003.
Exchange 2003 back-end servers
Client Access servers can provide access to Exchange 2003 back-end servers that are not running SP1 or a later version. However, you must manually manage your servers. This means that you must manually edit the registry to provide access to Outlook 2007 and Outlook 2003 clients. If you must support a combination of Exchange 2003 back-end servers that are running SP1 or a later version and Exchange 2003 back-end servers that are not running SP1 or a later version, you must manually edit the registry to enable Outlook Anywhere. For more information, see How to Configure Outlook Anywhere with Exchange 2003.
You can deploy the Client Access server role and the Mailbox server role on a single computer that is running Exchange 2007. This kind of installation is known as a single server deployment. To use Outlook Anywhere in this deployment scenario, you must restart the server after you see the event that reads "MSExchange RPC over HTTP Autoconfig Event ID: 3002". For more information about this and other events, see the Events and Errors Message Center.