Special Edition Using Microsoft Office Outlook 2003

Using Outlook in offline mode and using remote access are actually two different scenarios. Think of them as two sides of the same coin. When you work offline with Outlook, you don't have any sort of connection to your Exchange Server. You might not have any network connection at all, or you might be connected to a network that isn't your own. You have no interaction with the messages actually stored on your Exchange Server and instead are working with only messages stored on your local computer. You can perform just about any operation on any message stored in your Offline Folders file. You can read messages that have been downloaded to your Offline Folders file, reply to those messages, compose new messages, delete messages, and work with all the rest of your Outlook data including contacts, tasks, journal, notes, and calendar items. When you connect to the server at a later time, you move into online mode. All the changes you made when you were working offline are synchronized to the server. Messages you deleted from your Offline Folders file are removed from the server, messages waiting in your Outbox are sent, and messages that you received while you were offline are downloaded to your computer.

Remote access to Exchange requires you to actually be connected to the server. That connection could be over a dial-up connection in a hotel room, a VPN connection over another network, or an HTTP connection from your local coffee shop or airport. When you're connected to Exchange and using the remote mail features, you can preview message headers without actually downloading messages. Much like using cached mode in slow mode, you can download all of your headers and work with only them. You can mark items for download, delete items, and reply to items all without downloading the full text of the message and its attachments. Remote mail can be very useful if you receive a large number of messages when you're away from the office. It can also be helpful if Aunt Irma keeps sending you very large emails with multiple pictures of her cats when you're out of the office and connected over a cellular modem. You can process the headers and decide which messages you want to download, which messages you want to delete, and which messages you want to leave on the server for retrieval when you return to the office and are on a high-speed connection again.

NOTE

Some of the information contained in the sections that follow pertain to administrators only. If you're unsure of how to follow any of these procedures and you are not a network or systems administrator, be sure to contact the appropriate person within your organization before proceeding.

Configure a Remote Connection to Exchange

You can choose from the following methods to establish a remote connection to your Exchange Server:

• Dial-Up Connection Using RRAS to Your Windows 2000 Server Using Routing and Remote Access Services (RRAS) on a Windows 2000 server, you can enable remote users to dial in to the network using a modem. You can install RRAS on your Exchange Server or any other Windows 2000 or Windows 2003 server on your network. You can customize the level of access dial-in users have to network resources.

• Virtual Private Network (VPN) Connection to Your Network Through the Internet You can install Microsoft VPN services on one of your Windows 2000 servers and enable clients to connect using a VPN over the Internet. This is probably one of the most secure methods for allowing remote access to your network.

• RPC over HTTP If your network includes an Exchange 2003 server, a Windows 2003 server, and your clients are all Windows XP SP1 with Outlook 2003, you can use a new method of connecting Outlook to your Exchange Server. You'll need to install a HotFix for Windows XP SP1. That HotFix can be found at http://support.microsoft.com/default.aspx?scid=kb;en-us;331320. This method works only with the preceding configuration, but it can enable your clients to establish a secure connection to the server over any Internet connection. Using remote procedure calls (RPCs) over HTTP, your computer can talk to the Exchange Server just as if it were back in the office plugged into the LAN.

RRAS

Configuring an RRAS connection to a Windows 2000 or Windows 2003 network is fairly straightforward. To enable and configure RRAS, use the following steps:

1. On your Windows 2000 Server, choose Start, Programs, Administrative Tools, Routing and Remote Access to open the RRAS console.

2. Expand the top-level branch on the left pane to locate the server you want to use for RRAS.

3. Right-click the server name and choose Configure and Enable Routing and Remote Access. This will start the Routing and Remote Access Server Setup Wizard.

4. Click Next through the first screen of the setup wizard to display Figure 30.1.

   Figure 30.1. You can choose the type of RRAS server you want to configure.

5. Choose the type of RRAS server you want to configure. For these instructions, choose Remote Access Server and click Next.

6. Choose the protocol you'll support for remote clients. Any protocols you need that aren't listed must be installed on the server before you can select them. If all the required protocols are listed, ensure that Yes, All of the Required Protocols Are on the List is selected and click Next. Otherwise, choose No, I Need to Add Protocols and click Next. This choice requires you to exit the Routing and Remote Access Server Setup Wizard and install the required protocols before continuing.

7. Choose whether the server assigns IP addresses automatically, or manually "from a specified range of addresses." If you use a DHCP server, you can choose either of these options. If you choose automatically, the DHCP server will assign addresses from its pool. However, you can still use a manual IP address assignment from a specified range of addresses even with a DHCP server. Simply specify a range of addresses outside of your normal DHCP scope. Click Next when you have made your choice.

8. If you chose to use a specified range of addresses, you must enter an address range as shown in Figure 30.2. Click New to enter a new range or Edit to edit a range. Click Next when you've finished configuring an IP address range.

   Figure 30.2. You can use this screen to add, edit, and remove IP address ranges from the pool available to your clients.

9. If you have multiple remote access servers on your network, you can configure this server to use a Remote Authentication Dial-In User Service (RADIUS) server to provide centralized authentication and accounting. If you choose to set up this server as a RADIUS server, you must specify a shared secret a password used by all RRAS servers to authenticate on the RADIUS server. For this exercise, choose No, I Don't Want to Setup This Server To Use RADIUS Now and click Next to display the final confirmation screen. Click Finish to complete your setup.

NOTE

Setting up a RADIUS server is beyond the scope of this book. For more information about setting up a RADIUS server, see a book on Windows 2000 Server or Windows 2003 Server, such as Special Edition Using Windows 2000 Server published by Que.

After you've configured the RRAS server, you can manage it through the Routing and Remote Access MMC. You can view connected clients and available ports, configure remote access policies, and view the remote access log files. For more information about configuring RRAS on Windows 2000, see the previous note.

VPN

Configuring a VPN connection through Microsoft Virtual Private Networking services is very similar to configuring RRAS on a Windows 2000 Server. In fact, you can use many of the same steps that were used to configure RRAS. If you haven't configured RRAS yet, you can use steps 1 through 4 in the previous section to begin the VPN configuration. Choose Virtual Private Network (VPN) Server from the Common Configurations screen shown in Figure 30.1 and click Next. Confirm that the available protocols have been installed and click Next.

You need to choose the Internet connection this server uses. To serve as a VPN server, you must have two available connections available. If you have only one connection available, Windows informs you that you cannot continue. If you have more than one Internet connection available, choose one of the connections and click Next. Continue with steps 7 through 9 in the previous section to complete the setup of your VPN server.

RPC over HTTP

First, you can use RPC over HTTP only if your network includes the following setup:

• Windows 2003 Server

• Exchange Server 2003

• Windows XP SP1 + 331320 Patch clients with Outlook 2003

NOTE

You can download and install the Windows XP SP1 patch at http://support.microsoft.com/default.aspx?scid=kb;en-us;331320.

There are security enhancements with Windows 2003, Exchange Server 2003, and Windows XP SP1 (plus a patch) that make RPC over HTTP possible. Without this configuration, there's no way to ensure adequate security for this protocol. If your network is currently set up this way, you can enable RPC over HTTP on your Exchange Server 2003 with only a few steps.

When you deploy RPC over HTTP, you have a couple of options to choose from for the configuration of your Exchange Server and RPC proxy server. You can configure your Exchange Server as an RPC proxy server, or you can use Internet Security and Acceleration (ISA) Server to serve as your RPC proxy server. No matter which choice you make, the RPC proxy server then specifies which ports to use to communicate with the domain controllers, global catalog servers, and all Exchange servers that the RPC client needs to communicate with.

NOTE

Microsoft's official recommendation for deploying RPC over HTTP is to use ISA Server as your RPC proxy server. This provides even more security than simply using your Exchange server as your RPC proxy server. For more information about configuring an RPC proxy server, see the Exchange 2003 Web site at http://www.microsoft.com/Exchange.

To configure your Exchange 2003 Server as an RPC proxy server, use the following steps:

1. On the server, click Start, Control Panel, and Add or Remove Programs.

2. Click the Add/Remove Windows Components icon in the left pane of the Add or Remove Programs page.

3. Highlight Networking Services and click the Details button to display Figure 30.3.

   Figure 30.3. Check RPC over HTTP to install the RPC proxy server.

4. Check the box next to RPC over HTTP Proxy and click OK.

5. Click Next to install the RPC over HTTP proxy component.

Now you'll need to configure the virtual directory in IIS (Internet Information Services). Use the following steps to configure the virtual directory:

1. Click Start, All Programs, Administrative Tools, and select Internet Information Services (IIS) Manager.

2. Expand the Web Sites folder, and then expand Default Web Site.

3. Right-click the RPC Virtual directory and choose Properties.

4. Choose the Directory Security tab and click Edit in the Authentication and Access control pane.

5. Disable Anonymous access in the Authentication Methods window.

6. In the Authentication access pane, choose Basic authentication if your RPC proxy server is either inside the perimeter network or within the corporate network. Click OK, Apply, and OK. Choose Integrated Windows authentication if your RPC proxy server is outside the network firewall.

You're now ready to configure ports for the RPC clients (Outlook 2003) to use to access Exchange Server. To configure ports, open the Registry Editor and navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy

Right-click the Valid Ports Registry key and choose Modify. In the Edit String window enter the following data:

ExchangeServer:593;ExchangeServer:1024-65535; DomainController:593;DomainController:1024-65535

You must replace ExchangeServer with the NetBIOS name of your Exchange 2003 Server and DomainController with the NetBIOS name of your domain controller. Your Edit String dialog box should now look similar to Figure 30.4.

Save your changes and you should be ready to configure Outlook 2003 to access Exchange Server 2003 using RPC over HTTP.

In addition to the setup you must perform on the server, you must take several steps on the client in order to use RPC over HTTP. First, you must make sure that you're running Windows XP SP1. After that, you need to install hotfix Q331320, which can be found through the Windows Update site. RPC over HTTP won't run without this hotfix.

After you've made sure that your computer meets these requirements, you're ready to configure Outlook 2003. It's best if you first configure an Exchange account on the network and connect to your mailbox at least once. Although it isn't officially required to configure RPC over HTTP, I've found that there are significantly fewer errors this way.

Select Tools, Email Accounts, View or Change Existing Email Accounts to display the Email Accounts screen. Choose your Exchange account and click Change to edit its properties.

Click More Settings to display the Microsoft Exchange Server dialog box. Click the Connection tab to display Figure 30.5.

Click the check box marked Connect to My Exchange Mailbox Using HTTP. Click the Exchange Proxy Settings button to display Figure 30.6.

Enter the server name or IP address you use to communicate with your Exchange RPC proxy server from the outside world. If you want to always connect using SSL, check the box marked Connect Using SSL Only and choose whether you would like to Mutually Authenticate the Session When Connecting with SSL. If required, enter the principal name for the proxy server.

If you want to connect over the LAN after you authenticate over HTTP, check the box marked Connect Using HTTP First, then Connect Using My Local Area Network (LAN).

You need to also choose an authentication method. You can use NTLM authentication or basic authentication. If you use basic authentication, you must use SSL to communicate.

Click OK to save your changes and then click OK, Next, and Finish to return to Outlook. You need to restart Outlook to finish the configuration.

The next time you start Outlook, you should be able to authenticate and connect using RPC over HTTP.