Exchange Server 2007 has a new feature called AutoDiscover which provides Outlook 2007 with configuration information. This is sent as an XML file and contains all the information needed to create the profile automatically as the URLs used by Outlook 2007. The following services can be set up through the AutoDiscover service:
- Offline Address Book (OAB)
- Unified Messaging
- Out of Office (OOF)
- Availability Services
Internally the Exchange Server 2007 works out of the box, just using the self-signed certificate that comes in the Exchange Server 2007 installation process. The built-in certificate contains two names: the NetBIOS name of the Exchange Server box like srv-cashub1 and a second one using the FQDN (Full Qualified Domain Name) like srv-cashub1.apatricio.local. The built-in certificate can be viewed using the local machine Certificate snap-in, as shown in Figure 01, or using the Get-ExchangeCertificate cmdlet.
Figure 1: The built-in certificate created by the Exchange Server 2007 installation process
In this scenario we will allow the internal joined workstations to be configured by the AutoDiscover service. The internal clients will receive a Certificate error pop-up when they access the OWA address, as shown in Figure 02.
Figure 2: The certificate does not have a trusted Certification Authority on the client because it was self-signed
Okay, we can avoid this kind of issue by using a certificate by a Certification Authority that is trusted by all clients. This certificate might be issued by an internal or external Certification Authority. Let’s create a request using the Internal CA and using the certificate name mail.apatricio.local and we are going to create a DNS entry for mail using the CAS IP address as well.
Now, we can use https://mail.apatricio.local in any workstation and we should not get any certificate error.
Configuring the Outlook URLs
Now, after installing our certificate all Outlook 2007 clients will receive the following error message the next time that they open Outlook, as shown in Figure 03.
Figure 3: Security Alert error when we change the certificate on the Client Access Server
What’s happening? Exchange Server 2007 works out of the box with the self-signed certificate, when we change the AutoDiscover certificate we start getting this error.
Outlook 2007 has a built-in tool that allows us to validate the current URLs we are using. This tool is called Test E-mail Autoconfiguration. We can access it by opening the Outlook 2007 client, holding the Ctrl key and right-clicking on the Outlook icon located on the systray.
In the tool we can uncheck Use Guessmart and Secure Guessmart Authentication and click on Test. Then, we will receive all the current URLs set up for Outlook 2007 clients. As you can see in Figure 04, our clients have been receiving the initial configuration that points them to the FQDN name of CAS Server using HTTPS. But we have just deployed the certificate using the name mail.apatricio.local.
Figure 4: The default configuration of the Web Services URLs on Outlook 2007
Okay then, let’s change our URLs to the correct address.
AutoDiscover
The internal clients that belong to the domain will use the SCP (Service Connection Point) object to retrieve the Web Services URL information. We can manage the Autodiscover URL through a couple of cmdlets. To set this, use the following procedures (the entire process is shown in Figure 05):
- Check the current configuration.
Get-ClientAccessServer | Select Name, *Internal* | fl
- Define the new URL.
Set-ClientAccessServer –Identity <CAS Server Name> -AutoDiscoverServiceInternalUri: <Internal URL>
- Execute step 1 again to validate the changes.
Figure 5: Setting up the AutoDiscover URL to use the correct address
OAB
The OAB URLs can be set up by either the Exchange Management Console or the Exchange Management Shell. To configure using the Exchange Management Console, the following steps are required:
- Open the Exchange Management Console.
- Expand Server Configuration.
- Click Client Access.
- Select the Client Access Server.
- Click the Offline Address Book Distribution tab, and click Virtual Directory below.
- In the Actions Toolbox, click Properties, and then click on the URLs tab (as shown in Figure 06).
Figure 6: Changing the URL value for the OAB virtual directory
This setting is per server; if you have more than one CAS server you have to configure the other servers as well.
We can also use Get-OABVirtualDirectory and Set-OABVirtualDirectory to list and set up the OAB URLs, as shown in Figure 07.
Figure 7: The OAB Virtual Directory
Web services
The Web Services are responsible for the Availability Service and OOF URL items in the Outlook 2007 configuration. We can set them up through the Web Services Virtual Directory; the following procedure can be used to accomplish this task (the entire process is shown in Figure 08):
- List the current values for Internal and External URLs.
Get-WebServicesVirtualDirectory | Select name, *url* | fl
- Configure the Internal URL to use the new address.
Set-WebServicesVirtualDirectory –Identity “<EWS Name>” –InternalUrl: https://url.domain.local/EWS/Exchange.asmx
- List the configuration of the Web Services Virtual Directory and check the new values.
Figure 8: Setting up the Internal URL attribute in the Web Services Virtual Directory
Unified Messaging
Now it’s time to set up the Unified Messaging Service URL, we can do that using the following procedure (the entire process is shown in Figure 09):
- List the current values of the UM Virtual Directory.
Get-UMVirutalDirectory | Select Name, *url* | fl
- Configure the Internal URL attribute of the UM Virtual Directory (per server).
Set-UMVirtualDirectory –Identity: “<UM Virtual Directory>” –InternalURL: <URL/UnfiiedMessaging/Service.asmx>
Figure 9: Setting up the UM Virtual Directory Internal URL
Validating the changes
Okay, we have worked on the URLs for Outlook 2007, we can now check the results through the Test E-mail AutoConfiguration feature, as shown in Figure 11.
Figure 10: The new Web Services URLs
Just to make sure that our clients are using Web Services, go to an Outlook 2007 client, click Tools / Send/Receive / Download Address Book, and click OK in the new window. Now check the IIS log files, and you should see the connection made by Outlook 2007 to retrieve the OAB through web services, as shown in Figure 11.
Figure 11: The OAB download process by an Outlook 2007 client
Configuring the URLs’ Outlook Anywhere clients
Until this point we have just set up the Internal URLs for Outlook 2007 clients; now we are going to configure Outlook 2007 URLs for Outlook Anywhere clients.
When you enable the Outlook Anywhere feature on the CAS Server (Figure 12), you can define the External host name and the authentication method; both these parameters are available through AutoDiscover services.
Figure 12: Enabling OutlookAnywhere on a CAS Server
Now, we can check the tool again in the Outlook 2007 client and we will see a new configuration set called Exchange HTTP which is designated for the Outlook Anywhere clients. By default the values are the same as the Exchange RPC section, as shown in Figure 13.
Figure 13: New set of configuration to be used by the Outlook anywhere clients
Now our task is to change those values to be accessible for the Outlook anywhere clients (usually external clients). How can I change those values? It’s easy! We use the same cmdlets used for the Exchange RPC Section but instead of the -InternalURL parameter we will change to -ExternalURL.
Summary of cmdlets used to configure Outlook 2007 Web Services
Okay, we have just seen how to configure the Exchange Server 2007 Virtual Directories using Internal and External URLs. We would have to go through this process when we have a CAS NLB (Network Load Balancing), or define a new URL to use either internally or externally.
The following table summarizes the cmdlets that are used to define the Web Services URLs, permission required, and the internal/external parameters.
Item | Cmdlet | Internal Parameter | External Parameter | Permission Required |
OAB | Set-OabVirtualDirectory | InternalURL | ExternalURL | Exchange Server Administrator role and local Administrators group for the target server |
Web Services / OOF | Set-WebServicesVirtualDirectory – | |||
Unified Messaging | Set-UMVirtualDirectory |
Conclusion
In this article we saw how to configure the Web Services URL to be used by Outlook 2007. This is important during the Exchange Server deployment process because it is used by all clients running Outlook 2007.
