You can configure user accounts in Microsoft® Office Outlook® 2003 to connect to Microsoft Exchange Server 2003 over the Internet without the need to use virtual private network (VPN) connections. This feature — connecting to an Exchange account by using Remote Procedure Call (RPC) over HTTP — allows Outlook users to access their Exchange Server accounts from the Internet when they are traveling or are working outside their organization's firewall.
This topic describes the requirements and options for you to configure a group of Outlook 2003 users to use RPC over HTTP, including steps for customizing options for this feature in the Custom Installation Wizard. If instead you want to configure this feature on your individual computer, see the user Help topic Connect to Exchange server using HTTP.
Toolbox The Office 2003 Editions Resource Kit core tool set includes the Custom Installation Wizard, which you use to customize Office application deployments. These tools are installed by default when you run the Office Resource Kit Setup program (ork.exe). You can find this downloadable file on the Office 2003 Resource Kit Downloads page.
There are several requirements for this feature. These include:
- Microsoft Windows® XP with Service Pack 1 and the Q331320 hotfix (or a later service pack) installed on users' computers
- Outlook 2003
- Microsoft Exchange Server 2003 e-mail accounts
- Microsoft Windows Server™ 2003 (required for server components only)
Note It is highly recommended that this feature be used with Outlook user profiles configured to use Cached Exchange Mode.
About RPC over HTTP
In a local area network (LAN), Outlook communicates with Exchange servers using direct network (TCP/IP) access, also known as RPC over TCP/IP. This method provides quick, efficient access to a corporate network.
However, remote users accessing Exchange need a VPN connection, which gets them past the corporate firewall onto the corporate network. A VPN is more complex and enables access to more network services than are required for just e-mail access.
Outlook 2003 now offers a simpler alternative to VPN connections — RPC over HTTP. With this feature, users can have security-enhanced access to their Exchange Server accounts from the Internet when they are working outside your organization's firewall. Users do not need any special connections or hardware, such as smart cards and security tokens, and they can still get to their Exchange accounts even if the Exchange server and client computer behind the firewall are on different networks.
RPC over HTTP works by having an Exchange Server front-end computer configured as an RPC proxy server. This RPC proxy server then specifies which ports to use to communicate with the network's domain controller, global catalog (GC) servers, and all Exchange servers that the client user requires. The Exchange group in your organization must first deploy RPC over HTTP for the Exchange servers you use, and then you can configure user accounts that access those Exchange servers to use RPC over HTTP.
Understanding RPC over HTTP configuration settings
Before you configure RPC over HTTP for Outlook, you need the URL for the Exchange proxy server that is configured for RPC over HTTP. This URL should be available from your organization's Exchange administrator.
There are additional settings for RPC over HTTP in the Custom Installation Wizard. However, Outlook uses default values for these options that are likely to provide a good experience for your users and to help provide secure connections to your network. It is recommended that you not change the default options by configuring these settings. However, if necessary, you can change these settings to fit special circumstances in your organization.
Overriding the default connection type choice behavior
By default on a fast network, Outlook attempts to connect by using the LAN connection first. On a slow network, Outlook attempts to connect by using HTTP first. You can override default behavior in either case by changing the following settings:
- On a fast network, connect using HTTP first, then connect using TCP/IP
To change the default behavior for fast networks, select this check box.
- On a slow network, connect using HTTP first, then connect using TCP/IP
To change the default behavior for slow networks, clear this check box.
Note By default, these options are disabled in the Outlook user interface.
Specifying authentication and connection methods
The default authentication method is Password Authentication (NTLM). If you use Basic Password Authentication, you will be prompted for a password each time a connection is made to the Exchange server. In addition, if you are not using Secure Sockets Layer (SSL), the password is sent in clear text, which can pose a security risk.
For increased security, it is recommended that you specify Password Authentication (NTLM), together with Connect with SSL only and Mutually authenticate the session when connecting with SSL. These are the default settings in the Custom Installation Wizard where you configure RPC over HTTP. You can also ensure that these settings in the user interface are disabled to help prevent users from using less secure choices for RPC over HTTP communications.
Note To prevent users in your organization from configuring RPC over HTTP settings in the user interface, set a policy to disallow the settings in the user interface. In Group Policy, under User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools | E-Mail Accounts, double-click Exchange over the Internet User Interface. Click Enabled to enable configuring the policy, then in the drop-down list, select Hidden.
Configuring RPC over HTTP to deploy with Outlook 2003
To configure Outlook 2003 with RPC over HTTP as part of your Outlook 2003 deployment, you enable the option in the Custom Installation Wizard and (optionally) specify additional settings — such as security level requirements for the communication with the Exchange server. After you specify these options, you save the settings with other configurations in the transform you use to deploy Outlook 2003 to your users.
Note It is recommended that the user accounts that you are configuring for RPC over HTTP use Cached Exchange Mode. For more information about defining Outlook profiles with Cached Exchange Mode, see Setting Up Outlook 2003 Cached Exchange Mode Accounts.
To configure RPC over HTTP
- In the Custom Installation Wizard, on the Specify Exchange Settings page, select Configure settings for a new Exchange Server connection or replace the settings in an existing Exchange Server connection.
- If you are defining a new Exchange server for users, enter a value or replaceable parameter in User name.
For instance, you might specify =%UserName% to use the exact logon name for each user. This helps prevent user prompts when Outlook starts asking users to choose between several variations.
- If you are defining a new Exchange server, for Exchange Server, enter the name of the Exchange server.
You can skip steps 2 and 3 if you are configuring RPC over HTTP for existing Exchange users who are not moving to a new Exchange server.
- Click More Settings.
- Select the Connect to Exchange Mailbox using HTTP check box.
- Type the server name for the RPC over HTTP proxy server.
Do not enter http:// or https:// as part of the name. The appropriate entry (http:// or https://) will be included automatically in the box after you enter the name, based on the authentication settings you choose.
- Choose whether or not to reverse default behavior for how Outlook chooses which connection type to try to use first, LAN or RPC over HTTP.
- Select an authentication method.
The default method is Password Authentication (NTLM).
- Click OK to return to the Specify Exchange Settings page.
- Complete any other Outlook or Office configurations, then click Finish to create the transform that you can deploy to your users.
Configuring RPC over HTTP user interface options
You can configure your Outlook deployment to enable all RPC over HTTP options or disable all RPC over HTTP options. You deploy a registry key to configure these options (for example, by using the Add/Remove Registry Entries page in the Custom Installation Wizard).
By default, the RPC over HTTP options are enabled, if the user's computer has the required operating system version.
You add the value entry in the following subkey:
Value name: EnableRPCTunnelingUI
Value data: DWORD
Set the value to 1 to enable RPC over HTTP user interface options. Set the value to 0 to disable the options.
Note that even if you enforce enabling the RPC over HTTP user interface options, the options will be dimmed if the user's computer does not have the required operating system version.
Deploying RPC over HTTP after deploying Outlook 2003
You can update an Outlook 2003 installation to configure RPC over HTTP or make changes to an existing RPC over HTTP installation by using the Custom Maintenance Wizard. The settings available for configuring RPC over HTTP in the Custom Maintenance Wizard are the same as those provided in the Custom Installation Wizard.
After you run the Custom Maintenance Wizard and configure the changes you want to make to your Outlook installation, you save the maintenance file and deploy it to your users.
You have considerable flexibility in configuring and deploying Outlook 2003. For more information about using the Custom Installation Wizard to create a custom transform for deploying Outlook 2003, see Customizing Outlook Features and Installation With the Custom Installation Wizard.
You can make changes to existing Outlook deployments by using the Custom Maintenance Wizard. For more information, see Custom Maintenance Wizard.