Outlook Web App (OWA) in Exchange 2010

Exchange OWA (Outlook Web App)

OWA’s purpose is to mimic what Outlook 2010 does on your desktop, in a browser.  Incidentally, there is a name change from  Outlook Web Access to App.

Topics for Exchange OWA 2010

• Rationale, Who Benefits from OWA?
• Features of OWA 2010
• Limitations of Outlook Web App 2010
• What Happens When You Install the CAS role 
• The Light Version of Microsoft Exchange OWA 2010
• Authentication – Basic and Forms-based

 ♠

Rationale, Who Benefits from OWA 2010?

Where could users in your organization benefit from choosing OWA to collect their email?  The answer is anywhere which has internet access, providing you, or your email administrator, take up the challenge of configuring Exchange Server 2010 for OWA.

You don’t need a VPN, you don’t even need Internet Explorer, Mozilla or Chrome will connect to full OWA experience, (not the ‘Lite’ version as in OWA 2007).  The key point is that OWA 2010 is almost indistinguishable from the latest Outlook 2010 client.  All that clients need is internet access, without anyone blocking their browser’s default browser port 80.

What can you do for remote users?  How can you help mobile, travelling users?  Once you decide to provide internet or even intranet access to your corporate Exchange 2010 server, then you may as well provide the best = OWA 2010.  Thus forget Webmail, forget POP3 (or IMAP4) and go for Outlook Web App 2010.

Incidentally, using the Calendar feature is one of Guy’s weaknesses, but thankfully, it’s one of OWA 2010’s strengths.

A Brief History of Exchange OWA

Sometimes it’s worth having a quick look at the history just to see how far a product has come.  Whereas technologies such as POP3 haven’t changed much in ten years, the OWA 2010 client has improved out of all recognition from the clunky featureless product in OWA 5.5.  The two main driving forces have been improvements in the Outlook client from Outlook 98 to Outlook 2010, coupled with a drive to make OWA a clone of Outlook 2010, whereas OWA 2000 and Outlook 2000 looked like distant relatives.

Another sign that OWA is still a fast improving technology is the number of enhancements SP1 brings to OWA.  It’s also a chance to praise Microsoft’s development team for re-designing some pretty average products such as OWA 2000, until they have a smart, and slick technology such as OWA 2010.

To Access your mailbox via owa, this is what to type in your internet explorer :
https://ExchServer/owa.  

Note 1:  You get an error if you don’t use httpS.

Note 2:  owa is a special virtual directory. 

Outlook Web App – Features of OWA 2010

A review of these features will tell you all you need to know about Outlook Web App (OWA).  If you are familiar with the full Outlook 2010 client, you will be hard pressed to spot any omissions.

• Set Outlook Web App mailbox policies.
• Search folders for messages.
• View Favorites in the navigation pane.
• Filter incoming messages.
• Ignore messages feature.
• Attach messages to messages
• Ability to set categories in the message list.
• Side-by-side view for calendars.
• Multiple client language support.
• Ability to attach messages to messages.
• Expanded right-click capabilities.
• Integration with Office Communicator, including presence, chat, and a contact list.
• The same conversation view and experience as Outlook 2010, e.g. messages are grouped.
• Ability to send and receive text messages from Outlook Web App.

Guy Recommends: The SolarWinds Exchange Monitor

Here is a free tool to monitor your Exchange Server.  Download and install the utility, then inspect your mail queues, monitor the Exchange server’s memory, confirm there is enough disk space, and check the CPU utilization.

This is the real deal – there is no catch.  SolarWinds provides this fully-functioning freebie, as part of their commitment to supporting the network management community.

Free Download of SolarWinds Exchange Monitor

Improvements Introduced with OWA 2007

• The basic email jobs such as read and create messages.  But so much more…
• Check address lists.
• right-click context menu is top-notch, also tool-tip info on mailbox size. 
• Drag and drop has improved, and OWA 2010 updates automatically when new email arrives.
• Book meetings and view the calendar.
• Create contacts and also ‘Tasks’.
• Change your passwords.
• Create your own email signatures.
• Spell check your email, also check-on-send.
• Set Out-of-Office messages.  (Guy says use sparingly)
• Configure mobile device settings.
• Read documents in Windows SharePoint Services sites and Windows file shares.
• Bad for users, but good for administrators – quota limits.
• Create junk mail filters.  In fact, everything in OWA is ‘Just like Microsoft Office Outlook 2010’

Exchange Server 2010 SP1 provides additional features for Outlook Web App. These include features include:

• Recover deleted items by using Outlook Web App.  (Much requested)
• Create and edit personal distribution lists.
• Create and edit server-side rules.
• Copy folders and individual items.
• Access public folders through the /Public virtual directory.

Use Secure/Multipurpose Internet Mail Extensions (S/MIME) to sign and encrypt email
and to read signed and encrypted e-mail.

Try Solarawinds Free Web Transaction Watcher »

(Few) Limitations of Outlook Web App 2010

Remember that Outlook Web App is browser based, therefore it cannot provide offline access to mailboxes and there are no .PST files.  If the Exchange server hosting OWA becomes unavailable, users are not able to read or send messages. If offline access to files is required, you must select a different remote-access method to Exchange Server.  Outlook 2010 using Outlook Anywhere, POP3, and IMAP clients can cache messages to provide offline access.

Other limitations of OWA that you may anticipate are, no Personal Address Book – you could not store it locally.  There is also no integration with Microsoft Office, and forget about using Outlook forms.

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM) v11.5

SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of SolarWinds’ Network Performance Monitor

Exchange Server 2010 Side

• Client Access Server  (RPC to Exchange 2010 Mailbox, HTTP Exchange 2003)
• Exchange Management Console
• Mailbox Server
• Active Directory Server
• Authentication Methods:
• Active Directory
  Basic Authentication
  Forms-based authentication
  Role of cookies
• Optional ISA 2006 with Pre-authentication and Web Publishing Load Balancing (WPLB)
•  Unified Messaging

What Happens When You Install the CAS role.  (Client Access Server)

To recap, Exchange Server 2010, as with its predecessors, needs IIS, when you add the CAS role.  The purpose of IIS is to that Exchange 2010 can create and access these four special virtual directories, and thus support OWA clients.  The best server for the Mailbox Role would be Exchange 2010, for instance, they can utilize Windows SharePoint Services.  However CAS will happily connect to the older Exchange 2003 and 2000 back-end servers, but alas, these OWA clients cannot even view SharePoint folders or libraries.

/owa. This is the virtual directory accessed by users whose mailboxes are located on Exchange Server 2010 Mailbox servers.

/Exchange. This virtual directory is only used if you have mailboxes located on Exchange Server 2003 or 2000 back-end servers.

/Exchweb. This virtual directory is required to access mailboxes that are located on Exchange Server 2003 or 2000 back-end servers.  However, by default, requests to the Exchweb virtual directory are redirected to the user’s Mailbox server.

/Public. This virtual directory is particularly used by Exchange 2003 or 2000 OWA clients to access public folders on Exchange Server 2003. 

In a new twist with SP1, Exchange Server 2010 SP1 provides access to public folders on an Exchange Server 2010 mailbox server through this /Public virtual directory.

Troubleshooting OWA

Start with the Exchange Server Best Practices Analyzer

OWA usage reports from IIS logs through the LogParser tool

The Light Version of Microsoft Exchange OWA 2010

All the glossy reviews, including the above information, feature Outlook Premium, however, there is a cut-down version called: Outlook Web App Light – formerly OWA Basic in Exchange 2003.

Since the regular OWA supports more browsers there are fewer uses for the Light version.

OWA Light has none of these features:

No:- Html messages (plain text only), Spell checker, Search mail (Yes, you can search contacts), Tasks, Categories.  What hit me hardest was the lack of tree control which I am used to in Outlook 2010 and OWA Premium.

Guy Recommends:  SolarWinds’ Free Bulk Mailbox Import Tool

Import users from a spreadsheet, complete with their mailbox.  Just provide a list of the users with the fields in the top row, and save as .csv file.  Then launch this FREE utility, match your Exchange fields with AD’s attributes, click and import the users.  Optionally, you can provide the name of the OU where the new mailboxes will be born.

There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:

1. Bulk-import new users and mailboxes into Active Directory.
2. Seek and zap unwanted user accounts.
3. Find inactive computers.

Download your FREE bulk mailbox import tool.

Basic Authentication

Basic authentication is a relatively simple authentication mechanism that encodes each user’s logon name and password, then forwards these credentials to the server.  Unfortunately, basic authentication does not support single sign-on.

Microsoft Windows Server 2003 authentication enables single sign-on to all network resources. With single sign-on, a user can log on to the domain one time by using a single password or smart card and authenticate to any computer in the domain.  Basic authentication is supported by all Web browsers, but is not secure unless you require Secure Sockets Layer (SSL) encryption.

How to Configure OWA for Forms-based Authentication

By default, forms-based authentication is enabled in Exchange 2010.  This is how to check the configuration:

• Launch the Exchange Management Console.
• Open the properties of owa (Default Web Site) on the Outlook Web App tab.
• Set the type of logon prompt.  The emphasis on ‘Prompt’, users can ignore your suggestion if they know any of the other methods.  Here are the choices of prompts for forms-based authentication: FullDomain (cp\guy) , PrincipalName ([email protected]), or plain UserName (guy).
• Reset IIS as recommended in the warning message.
• If necessary, you can adjust the format by configuring the Active Directory directory service and Internet Information Services (IIS).  If you do use Active Directory and IIS to set which user name formats users can enter, this is independent of the above OWA forms-based authentication prompt.

Outlook Anywhere

When you first try and understand the Outlook Anywhere feature of Microsoft Exchange Server 2010, focus on Microsoft Office Outlook 2010.  This means that while Outlook Anywhere is designed to work over the internet, we are not discussing OWA.  What Outlook Anywhere does is manage the technology which enables a client with the full Outlook 2010 (or 2003) to connect to their Exchange servers over the Internet.  The underlying networking component is RPC over HTTP.

Summary of Exchange Server 2010 OWA

Think about what these three words mean – Outlook Web App.  It is the role of OWA 2010 to deliver virtually all the features of Microsoft Office Outlook 2010.  For those with UNIX or Apple Mac operating systems, Microsoft has developed OWA 2010 Light to enable users to access their corporate email stored on  Exchange Server 2010.

Microsoft has pulled off the amazing feat of reproducing the experience of the desktop version of Outlook 2010 in a browser.   Moreover, the Microsoft OWA team have enabled administrators to create this service easily and securely.

Objects Found in the Exchange 2010 GAL

I often say that being good at computing means being aware of subtle difference in Microsoft names.  Exchange 2010’s mail objects is a case in point.  Pay careful attention to the difference between a mailbox enabled user and a mail-enabled user; a security group and a distribution group.  Here is a list of the objects which you find the Global Address List.

• Mailbox enabled accounts.  Regular users with MAPI mailboxes Active Directory accounts.
• Mail-enabled users.  Contractors who have an Active Directory logon but no mailbox.  (No mailbox in your Exchange Organization.)
• Contacts.  Suppliers, customers, people with email address outside your organization.  No Active Directory account.  Thankfully, contacts have a different symbol in the GAL.
• Distribution groups. These can be Global or Universal Groups, but they are designed for email rather than security.  These are sometimes referred to as DLs – Distribution lists instead of distribution groups.  Pay attention to detail and examine the Members and MemberOf tabs.
• Query-based distribution groups.  Well worth setting up.  Again, note the different symbol from other groups.  Incidentally, I wish Microsoft would use different colors for different scopes of group. Say, Red for Universal and Green for Local Groups.
• Mail-enabled groups.  Security groups that have mailboxes.  Guy says that unless you have a good reason, favour the classic Distribution group and avoid Mail Enabled Security Groups.
• Public Folders.  Mail-enabled public folders if your users need an easy way to post.

How the Exchange 2010 GAL works

All the address information is held by Active Directory.  To the left of the @ is the username, to the right of the @, the email domain name.  In fact, I think of the GAL as merely a fancy LDAP query which produces a list of addresses, for example guyt @ cp.com.  The final piece of the address jigsaw is RUS (Recipient Update Service.  RUS is the engine which generates and updates the email addresses that you see in the GAL.

If the GAL is slow to update, then look to the Global Catalog servers.  Make sure that there is Windows 2010 Global Catalog server near the Exchange 2010 server.  As you may know, the Global Catalog replicates a sub-set of all the user’s properties, including Exchange features such as email address.  So if Exchange has access to a local Global Catalog server, then its GAL will be up-to-date.

Clients

Potentially, any client who can query Active Directory can access the GAL.  However, you can control who sees which list through read permission on the security tab found on the lists.

Summary – Exchange 2010 Global Address List (GAL)

It’s only natural that Outlook users try and find each others email addresses in the GAL.  But why would an administrator need to configure Exchange 2010’s GAL?  The most likely answers are: control how the names are displayed in the Global Address List, and possible the need for custom lists.

See more Microsoft Exchange Server 2010 topics:

• Exchange 2010 Home   • Exchange 2010 Transition   • Exchange 2010 Migration  • Exchange Stores

• Server Roles   • Office 365 Migration   • Exchange 2010 Performance Monitor   • Eseutil Commands

• Exchange 2010 NDR   • Exchange 2010 GAL   • Exchange OWA 2010  • Exchange 2010 New Features