Outlook Anywhere, formerly known as RPC over HTTP, is an Exchange server feature that has been around since 2003 and allows Outlook clients to connect anywhere as long as they have an internet connection. There is no need to go to a website or VPN into the company’s intranet; just fire up Outlook and let the email flow.
Outlook Anywhere wraps Remote Procedure Calls inside an HTTP layer to allow connectivity with the Exchange server. This simplifies the firewall administration process requiring only the SSL port 443 to be opened to the CAS (Client Access Server) instead of several ports to the actual Mailbox Server (MBX).
In Exchange 2003 and 2007 you must manually enable Outlook Anywhere. In Exchange 2013, this feature is turned on by default as it is now the primary way to connect Outlook to Exchange. In any event, Outlook Anywhere needs to be set up correctly in order for clients to seamlessly utilize it.
Step 1 – RPC over HTTP Proxy Feature
Because Outlook Anywhere is now installed with Exchange 2013 by default, the RPC over HTTP Proxy feature should be automatically installed. However, it is always best to verify this because this is the bread and butter of Outlook Anywhere.
Open the Server Manager from the Start Menu.
Click on Features in the left window pane in order to open the Features Summary window.
You should now see the RPC over HTTP Proxy under the Features: heading.
If this is not the case and you do not see it installed, you will need to add it manually by clicking the Add Features on the right side of the screen.
Then select the feature and click Install.
Step 2 – DNS and Security Certificates
Most likely you have already added the mail subdomain that points to your CAS server. In this example, the domain is aetest.com. Therefore, our subdomain is mail.aetest.com. We need to add a Host (A) record that points internally to our CAS server and externally to the NAT for that server. It should look something like this:
mail Host (A) 10.131.14.90
mail Host (A) <external NAT IP>
Depending on how your site’s DNS is set up, you may have to get your ISP to add the external record for you.
Now that we have the DNS set up we need to verify/install the security certificate for mail.aetest.com to our CAS server. Again, most likely you have already accomplished this when setting up your Exchange server. You must first obtain a valid security certificate from a trusted source such as Symantec. Ensure that you get it for mail.<your_domain>.com.
Depending on what type of certificate and who it was requested through, the installation steps may be different. Please refer to your vendor’s installation instructions. You must have a valid certificate installed on your CAS server in order for Outlook Anywhere to work properly. Otherwise, Outlook will just report an error and not allow the Outlook Anywhere connection.
Step 3 – Outlook Anywhere Configuration (EAC or EMS)
After verifying the prerequisites for Outlook Anywhere, we are ready to configure the settings. There are two ways we can accomplish this: EAC (Exchange Admin Center – the web based replacement for the EMC) and EMS (Exchange Management Shell).
Arguably, the easiest route is to use EMS. There is a lot less effort involved and this is the direction Microsoft is pushing admins to manage their environments. However, some people are still more comfortable using a GUI to configure Outlook Anywhere.
Exchange Admin Center
Open a browser from your CAS server and go to http://localhost/ecp. You will be met with the following:
Enter your logon credentials and press enter. When you have successfully logged in, click the servers link on the left.
And then the pencil icon above the server name on the subsequent page.
The next window that pops up will be the Edit screen for the CAS server. On the left, click Outlook Anywhere and fill in the information. We want to set the internal and external URL’s to mail.aetest.com, the authentication method to NTLM, and uncheck Allow SSL offloading. If you plan on offloading the SSL certs, you may keep it checked.
Click the Save button to save the new configuration and close the Edit window.
Exchange Management Shell (EMS)
To configure Outlook Anywhere via the EMS, open the Exchange Management Shell from the Start menu.
The syntax for the cmdlets to configure Outlook Anywhere look like the following:
Set-OulookAnywhere –Identity ‘<CAS Server>\rpc (Default Web Site)’ <commands>
In our example, to set the internal and external URL’s we will use the following:
Set-OutlookAnywhere -Identity 'AETESTEXCD01\rpc (Default Web Site)' –ExternalHostname mail.aetest.com –InternalHostname mail.aetest.com –ExternalClientAuthenticationMethod Ntlm -ExternalClientsRequireSsl:$true –InternalClientAuthenticationMethod Ntlm -InternalClientsRequireSsl:$true –IISAuthentication Ntlm –SSLOffloading:$false
Remember to enter this all together on one line without pressing enter. The command may be long, but we successfully configured everything from a cmdlet without having to go into the EAC, logging in, clicking here, clicking there, etc…
Step 4 – Verification
Microsoft has come up with an amazing site to test the connectivity of Exchange: Microsoft Remote Connectivity Analyzer
As you can see, there are many testing options we can select from. We want to test Outlook Anywhere, so select the Outlook Anywhere (RPC over HTTP) radio button under Microsoft Office Outlook Connectivity Tests and click Next.
Enter the valid information into the form and click Perform Test at the bottom.
The website will then begin to test your Outlook Anywhere settings.
Once complete, the site will give you the status and any other pertinent information such as how to fix an issue.
Step 5 – Client configuration
To do this, open Outlook and go to File on the menu bar and then click the Account Setting button and the Account Settings…
When the Account Settings dialogue box pops up, click the account and then the Change… button.
Another dialogue box will pop up. Click the More Settings… button. Stay with me. We’re almost there!
Now we get to the Exchange Settings dialogue box. Click on the Connection tab. You will see that there is a section for Outlook Anywhere and a tick box that says Connect to Microsoft Exchange using HTTP. As you can see from the screenshot, mine is greyed out. I have set this up via Group Policy. Now click on the Exchange Proxy Settings… button.
Finally we are at the spot where we can enter our information for Outlook Anywhere. Enter the required information into form as shown in the screenshot. The principal name text box must be preceded with the msstd: prefix in order for the certificate to be valid. This will automatically be added.
Once you have completed the form click the OK button close Outlook completely.
Note: As I mentioned, I set up Outlook Anywhere via GPO. In order to do so, you must download an admin template. Microsoft has provided instructions on how to do this and the admin template download.
In this article we looked at how to install and configure Outlook Anywhere for Exchange 2013. We verified the prerequisites and talked about some gotcha’s with DNS and SSL certificates. We then configured our Client Access Server for Outlook Anywhere using both the GUI and the command line. Finally we verified our configuration using Microsoft’s Remote Connectivity Analyzer and configured the Outlook client.