Introduction to
OWA (Outlook Web Access) in Exchange Server 2003
Ever since Exchange 5.5, OWA (Outlook Web Access) has empowered browsers to collect email from Exchange servers. I would
like to illustrate the progress of OWA 2003 through the eyes of my old friend 'Barking' Eddie. Incidentally, we call him 'Barking' Eddie because he comes from Barking Essex. As you will see,
he is a man of few words and I have to admit, Eddie is slightly eccentric.
I asked Eddie, 'What was OWA 5.5. like? 'Rubbish, no right click'.
'How was OWA 2000 for you Eddie? 'Mediocre, no drag and drop, no spell checker'.
So, it was with an air of eager anticipation that I showed Eddie OWA 2003, with its drag and drop, right click short cut menus and spellchecker. Eddie's verdict. 'Too many features'. Now Eddie is a Unix specialist so I
said, 'There's a Basic version of OWA, accessible by Mozilla, what do think to that?' 'Perfect' said Eddie. Now I was gob smacked; at last Eddie found a version of OWA that he liked.
With computing in general, and Exchange OWA 2003 in particular, I believe in starting with an easy configuration. Once I have success, then I am ready for all the challenges that the advanced features can throw
at me.
Let us begin by logging on at the very
console of the Exchange 2003 server. To launch OWA 2003, all we need to type in the browser is the name of the Exchange 2003 server name followed by /exchange. For example, *http:// Paris/exchange. Where Paris is the name of your Exchange 2003 server. (Over the internet you would need the FQDN of your server
for example, paris.cp.com/exchange).
What I expect to happen next is that Outlook opens up in your browser. However, you may have to deal with the IE 6.0's Enhanced security, by saying Add to Trusted Zone. Because you must have already logged on to the machine, you will get an
implicit OWA logon. This means there is no need to type your name and password for this default OWA 2003 setup. Later, when if you set up Forms Based Authentication, you will need an explicit logon where you supply username
and password.
Incidentally, I know this is really obvious, but the reason that you get the 2003 version of OWA is because you connect to Exchange 2003.
Guy Recommends: SolarWinds Engineer's Toolset v10
The Engineer's Toolset v10 provides a
comprehensive console of utilities for troubleshooting computer problems. Guy says
it helps me monitor what's occurring on the network, and the tools
teaches me more about how the system literally operates.
There are so many good gadgets, it's like having free rein of a
sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.
Download your copy of the Engineer's Toolset v 10
As 'Barking Eddie' will testify, when it comes to OWA 2003 features, one man's meat is another man's poison. So I have two sections, my favourites features, and other features that may be handy, but I do not
need at this time.
Guy's favourite OWA 2003 Features.
Spellchecker - Multi language support controlled at the Exchange 2003 server
Drag and Drop. Right click, properties - just like Outlook 2003
Signatures - Saves me time (I like to add an individual sign off)
View the Global Address Lists properties sheet inside email messages
Add to Contacts - Put that new email in your address book
Spam 'Web Beacon Blocking' for unwanted email - Great idea zaps spam with alerting sender.
Rules Wizard - Spend a minute creating folders, then create rules which automatically filter incoming email into the appropriate folder
Guy Recommends:
The SolarWinds Exchange Monitor
Here is a
free tool to monitor your Exchange Server. Download and
install the utility, then inspect your mail queues, monitor the Exchange
server's memory, confirm there is enough disk space and check the CPU
utilization. This is the real deal - there is no catch. SolarWinds
provides this fully-functioning product for free, as part of their commitment to
supporting the network management community.
Unsurprisingly, Microsoft set the Premium version of OWA to be the default. The Basic version is available once you set up Forms Based Authentication at the Exchange 2003 server. Now this Basic
version may
look like an easy configuration but I found it tricky. However, that may be because Certificates are my Achilles heel.
From a theory point of view, you need a 3 part 'package', comprising of: Forms Based Authentication at the HTTP virtual server, IIS configured for SSL, and HTTPS (not http) in the browser. I say again, its the combination
of IIS, SSL and certificates that I find the most difficult.
Forms Based Authentication
Forms Based Authentication means the users get a choice of Premium or Basic OWA 2003, and they have to supply their username, password and domain. Setting up
Forms Based Authentication is simple; launch the Exchange System Manager, Server Icon, Protocols, and HTTP virtual server (Not SMTP). Right click, properties, and check the
Forms Based Authentication tab.
Tip encourage users to logon with their UPN e.g. guyt@
cp.com
We are going to start with the assumption that you have Certificate Services installed on your domain.
Mission to Install the Certificate at IIS
From the IIS Snap-in (not the Exchange System Manager) expand the server name so that you see the Web sites. Right-click the Web site on which you want to install the certificate, and then
click Properties. Click the Directory Security tab, and then select Server Certificate under Secure Communications. Now launch the Web Server Certificate Wizard and select: Create a new certificate.
Now this certificate configuration section will either be a matter of following your nose and the certificate installs smoothly, or else it will be a whole separate project in getting these certificates up and
running. If it's the latter, then take a time-out and seek extra advice on certificates.
Configuring IIS for SSL
Navigate to IIS, select the Directory Security tab, the observe 3 options under Secure Communications. We need to set the Web site to require secure connections, click Edit and
then Select Require Secure Channel (SSL). See diagram opposite.
We are ready to test SSL, here is a deliberate mistake, in your browser type http:// localhost/Postinfo.html. Did you you receive this error message? HTTP 403.4 - Forbidden: SSL required. What could be the problem?
The answer is to start with httpS; so repeat but this time type: https:// localhost/Postinfo.htm
If you get a security alert 'The certificate is not from a trusted root CA'. Click Yes and a web page will appear - success.
Premium OWA 2003 requires IE 5.01 or later at the clients browser. Good news, OWA 2003 basic supports
Mozilla Firefox and other non Internet Explorer browsers.
What you see at the browser when you connect depends on how the Exchange 2003 administrator sets the HTTP Virtual server. To get a choice of Premium (IE 5.01+) or Basic OWA, the Exchange 2003
administrator must configure Forms Based Authentication. The settings are on the Virtual HTTP server (not the Virtual SMTP.)
Note 1: In addition to OWA, you can connect the full Outlook 2003 to Exchange 2003 using RPC over HTTP. Previously, your users may have collected their email via a VPN. With this latest
feature it's so much easier for roaming Outlook 2003 users to connect. See more about RPC over HTTP
With Exchange Server 2003, OWA has truly arrived and is here to stay. I am certain that in this 2003
version you can find the thin client / browser combination to suit your organization. While setting up the default OWA version is easy, the Forms Based Authentication requires certificates and that makes it tricky
configure.
The
extra features you get in your eBook include: 20 checklists to
plan your migration. Detailed instructions and advice on the best
strategy for your organization.
Lots of tips, recommendations and troubleshooting advice. Problem
solving section. Active Directory explained. Printer friendly
pages.
.
Guy Recommends: GFi EventsManager
Let GFI EventsManager do the dirty work! Have
event logs monitored automatically and get warned about critical events!
Download a copy
here
Tip encourage users to logon with their UPN e.g. guyt@
cp.com
The
extra features you get in your eBook include: 20 checklists to
plan your migration. Detailed instructions and advice on the best
strategy for your organization.
