Outlook Web Access

1
Outlook Web Access

• Scott Schnoll
• MCT, MCSE, MCSA, MCPI
• Microsoft MVP
• Manager, Product Support
• http//www.tntsoftware.com

2
Agenda

• Introduction to OWA
• Differences between Ex5.x and E2K
• Deploying OWA
• Front-end/Back-end Configuration
• Securing OWA
• Troubleshooting OWA
• Questions

3
Introduction to OWA 2000

• Web-based Exchange client
• Feature set depends on browser client
• Rich client (IE5) ActiveX, multimedia, DHTML
• Reach client (IE4-/Netscape) Must support HTML
  3.2 and Javascript
• Access to Mailboxes, MAPI TLH (default PF) and
  Alternate TLH (additional PFs)

4
Preview Pane Views
Search Folders Search GAL

• Multimedia messages
• Drag-and-drop
• Calendar Contacts
• Rich-text messages
• Embedded items

Folder Views Outlook Bar
OWA 2000 using IE 6 on Windows XP Pro
5
Differences between Exchange 5.x and Exchange 2000

• First introduced in Exchange 5.0 with basic email
  and public folder support
• SP1 for Ex5.0 added support for attachments,
  foreign languages, better performance and a more
  Outlook-ish appearance
• Calendars were added in Ex5.5
• Contacts were added in Ex5.5 SP1, along with
  ability to change NT passwords, and validate
  names in the GAL.

6
Differences between Exchange 5.x and Exchange 2000

• Exchange 5.x had HTTP support directly in the
  information store process (store.exe). Ex5.x
  also used ASP, CDO and MAPI.
• Exchange 2000 offloads this to Internet
  Information Services. Does not use MAPI or ASP.
  Uses WebDAV and the Web Storage System to render
  items directly from within the information store
  via IIS.
• OWA 2000 can only be used to access Exchange 2000
  mailboxes. OWA 5.5 can be used to access
  Exchange 5.5 and Exchange 2000 mailboxes.

7
Deploying OWA

• Install Exchange 2000!
• All Exchange 2000 Servers are OWA servers by
  default. You cannot separate OWA from Exchange
  2000, although you can disable HTTP access if you
  dont want folks using it.
• Multiple language support out-of-the-box French,
  German, Chinese (simplified traditional),
  Italian, Japanese, Korean, and Spanish.
• Best Config - http//www.microsoft.com/exchange/te
  chinfo/deployment/2000/BestConfig.asp
• Customizing requires Exchange 2000 SDK and a lot
  of coding! OWA is no longer a set of modifiable
  ASP pages.
• Secure it using SSL.

8
Front-end/Back-end Configurations

• Architectural design for scalability
• Clients hit Front-end server(s), which can be
  load-balanced.
• Front-end servers proxy requests to Back-end
  servers, which can be clustered.
• Front-end servers require Enterprise Edition
  Back-end servers can be clustered systems (which
  requires Enterprise Edition) or unclustered
  systems (Standard or Enterprise Edition).

9
Front-end/Back-end Configurations

• Distribution is the key to scalability
• Separating protocols from storage
• Supports HTTP, IMAP4, POP3 only
• MAPI not supported on front-end
• SMTP can be installed
• File-system NNTP only (no store)

10
Front-end/Back-end Configurations
11
Front-end/Back-end Configurations
12
Front-end/Back-end Configurations

• Benefits
• Provides a unified namespace
• Offloads SSL processing from Back-End servers
• Provides an additional security layer
• Enables seamless server consolidation and
  distribution of user data across multiple servers
  without having to re-authenticate
• High-Availability

13
Front-end/Back-end Configurations

• How it works
• Internet client sends logon request
• FE server queries AD using LDAP for BE server
  containing users mailbox
• FE server redirects logon request to BE server
• BE server authenticates user
• BE server sends data to FE server
• FE server sends data to Internet client

14
Securing OWA

• Client Authentication
• Firewalls
• Encryption

15
Securing OWA

• Client Authentication
• Anonymous Access used for truly public folders
  or directly searches
• Basic Authentication
• Integrated Windows Authentication (Kerberos/NTLM)
  cannot be used in FE/BE config
• Digest Authentication
• Certificate Authentication

16
Securing OWA

• Firewalls
• Open only those ports that are needed

17
Securing OWA
Typical Intranet Deployment
18
Securing OWA
Firewall Ports443 (HTTPS)
Standard High-Security Internet Deployment A
19
Securing OWA
Firewall B 53 (DNS TCP/UDP) 80 (HTTP) 88
(Kerberos - TCP/UDP) 135 (RPC Endpoint
Mapper) 143 (IMAP4) 110 (POP3) 389
(AD/LDAP) 445 (Netlogon) 1024 (RPC Service
Ports) 3268 (GC/LDAP) 3269 (GC/LDAPS)
Firewall A443 (HTTPS)
Standard High-Security Internet Deployment B
20
Securing OWA
Firewall A443 (HTTPS)
Firewall B 53 (DNS TCP/UDP) 80 (HTTP) 88
(Kerberos - TCP/UDP) 143 (IMAP4) 110 (POP3)
389 (AD/LDAP) 3268 (GC/LDAP)
Alternate High-Security InternetDeployment A
21
Securing OWA
Firewall B 80 (HTTP) 88 (Kerberos -
TCP/UDP) 143 (IMAP4) 110 (POP3) 389
(AD/LDAP) 3268 (GC/LDAP)
Firewall A443 (HTTPS)
Alternate High-Security InternetDeployment B
22
Troubleshooting OWA

• Handy tools
• Ping/Pathping
• NSLookup
• Netdiag
• DCDiag
• DSADiag
• Event Viewer
• Network Monitor
• Performance Monitor
• ERR
• IIS Logs
• Exchange 2000 Resource Kit

23
Troubleshooting OWA

• Linear Troubleshooting
• Check your typing/CAPS lock
• Verify the problem on another system
• Try using a different browser
• Try using a MAPI client
• Try different authentication
• Logon using full URL (e.g., http//server/exchange
  /user/inbox)

24
Questions?
Scott Schnoll MCT, MCSE, MCSA, MCPI Microsoft
MVP Manager, Product Support http//www.tntsoft
ware.com