Exchange 2003 allows Outlook to connect using HTTPS and still receive all of the messaging features. This has been a much requested feature since regular RPC/MAPI was sometimes very slow or just timed out on WAN connections. Also, most companies would not want RPC exposed to the Internet and connecting over VPN with Outlook was usually a costly nightmare of slowness and lost packets. Some VPN clients would not work behind other corporate Firewalls, meaning bad news for outsourced employees and people involved in outsourced projects having to use the not so full features Outlook Web Access.
So, now supposedly all this is behind us, but this might not be so for quite some time. A common practice with Microsoft innovations, this feature is only available with the latest server and client applications: Outlook 2003, Windows XP SP1 (with a post SP1 fix) connected to Exchange 2003 installed on Windows 2003 Server. So I guess it’s major upgrading time for you if you really need this feature.
Setting up SSL
First you would need to add a certificate authority to Windows 2003 Server and generate an SSL certificate for HTTP access. Look at Mark Fugatt’s Article Securing Outlook Web Access using SSL for step-by-step instructions. The process has not changed much with Windows 2003.
Configure RPC over HTTP
It’s time to verify that RPC over HTTP is installed by going yet again to Control Panel’s Add/Remove Programs, Add/Remove Windows Components.
If Exchange 2003 is installed on a Global Catalog server it can now answer RPC over HTTP calls. If not or if you have a Front End/Back End setup it might not work. There are some workarounds for this problem but the best thing is simply to install Exchange 2003 SP1 and in the server properties configure your RPC over HTTP topology.
On some installation you should also look at IIS Manager settings for the rpc virtual directory. The process is similar to that of setting up the exchange virtual directory for Outlook Web Access.
Configuring Outlook 2003
First, install the hotfix from this location:
All that is left is to run Outlook 2003 E-mail Accounts Wizard. Please note the Cached Exchange Mode is enabled. This is really important for reducing traffic over the WAN. In this mode Outlook 2003 caches all mail locally and synchronizes with Exchange 2003 only when necessary.
Following is the place where HTTPS access is configured.
If you are part of a LAN, that is not using an ADSL or other sort of dialer, the “On fast networks, connect using HTTP first, then connect using TCP/IP” must be selected. Use Basic Authentication because NTLM will not work behind Firewalls.
Mutual authentication can boost security but you have to have an SSL certificate on the client too and have it mapped to a user.
Due to recent changes in security of Microsoft products, this might not be enough. If you have a self signed SSL certificates you should import the certificates to your local store.
To do this login to Outlook Web Access. You will get the following prompt:
Choose “View Certificate” and follow the screenshots to install the certificate.
Following this, you will be able to connect.
I’ve tested this over the WAN and it works great, combining all the great Exchange features with speed similar to that of POP3/SMTP protocols. I would recommend it for all those who can afford the upgrade and definitely for all those ISPs out there offering hosted Exchange services.