Step By Step Guide To Setting Up Outlook Anywhere In Exchange 2007

Written by Allen White on. Posted in Exchange 2007

To configure the server side of Outlook Anywhere for Exchange/Outlook 2007 and Outlook 2010 (formerly known as RPC over HTTPS, in Exchange 2003), the following steps are required. This step by step guide through assumes that you have configured your external DNS A record to point at your firewall then redirect to your CAS server, and that you have port 443 forwarded to the CAS.

Firstly we must ensure that the RPC over HTTP proxy component is installed on the server.

  1. From the Add/Remove programs select Windows components
  2. Select Networking Services then details
  3. Select Rpc over http proxy -> OK
  4. Click Next to start the installation. Note that despite its warning, the server will not need to be rebooted.
  5. Click Finish to complete the installation

At this stage you should verify that the component is installed correctly. You can do this via the IIS administrative console.

  1. Check that you have 2 virtual sites/directories named RPC and RPCwithCert
  2. These sites should point to C:\WINDOWS\System32\RpcProxy which will contain the rpcproxy.dll
  3. You should also verify the RPC Proxy server extension is allowed in IIS (this will be enabled after you install the component)

At this stage we need to enable Outlook Anywhere inside of Exchange. This can be done a couple of ways, either through the EMS or EMC.

Enable Outllook Anywhere From The Exchange Management Shell
The three commands available to you are:

  • Get-OutlookAnywhere
  • Set-OutlookAnywhere
  • Enable-OutlookAnywhere

If you are running E2k7 SP1 the command below will get you up and running.

Enable-OutlookAnywhere -ClientAuthenticationMethod -ExternalHostname -SSLOffloading <$true $false> [-Confirm []] [-DomainController ] [-IISAuthenticationMethods ] [-Server ] [-TemplateInstance ] [-WhatIf []]

So for example you would run:
Enable-OutlookAnywhere -Server mail1 -SSLOffloading:$false -ExternalHostname -ClientAuthenticationMethod basic -IISAuthenticationMethods basic

Enable Outllook Anywhere From The Exchange Management Console
I generally find it quicker to do this task through the EMC, but some people prefer to use the command line as much as possible. The steps to get OA running through the EMC are:

  1. Open EMC –> Server configuration –> client Access Server.
  2. Choose the CAS server that you wish to enable for OA.
  3. In the actions panel on the right hand side of the screen choose Enable Outlook Anywhere
  4. You will now be asked to enter in the external host name for the server, so using the same name as the EMS example above, enter (This name should be the same name that is present on your certificate).
    Set your preferred method of authentication and if SSL offloading is required and select enable.
  5. Watch for any errors and if none appear select Finish.

Certificate Generation.

If at this stage you are only running the original self-signed (and self-created) cert that was generated when your CAS box was installed, you will need to generate a trusted certificate to allow clients to connect to the server with the names above. Your default generated cert will only contain the CAS box’ local domain name (eg. mail1.comapny.local)

Refer to my upcoming post on Exchange Certificate Generation .

How To Setup You Outlook Client For Outlook Anywhere

The best way if possible is to set the client up whilst in the office or connected over a VPN. If you haven’t got this available, then it’s not the end of the world, but it will just make your life a bit harder.

To set a new user up you must create a new mail profile using the following steps.If you are using a locally generated certificate from a non-root CA, then you will need to import the certificate into the local client store before the client will be able to access the server.

  1. Select Create new Mail Profile
  2. Check the Manually Configure Server box at the bottom of the window
  3. Select Microsoft Exchange
  4. Enter in the FQDN of your mail server (make sure you enter the external address), enter the user name, and make sure that cached mode is switched on.
  5. Select More settings, and then the connections tab.
  6. Tick the “Connect to Microsoft Exchange using HTTP”, and then select the Exchange Proxy settings button.
  7. Input the external name of your mail server in the first box. Eg
  8. Select the Only connect to Proxy servers that have this name, and enter in “msstd:”
  9. Set the authentication method to match what was selected on the server.
  10. Click ok, and finish to complete the setup.

If you have set up the auto discover service then you also have the option of using this method to set up the client. I’ll detail this in another blog soon.

You should now be able to fire up Outlook and enter in the credentials.

Verify client connection status

To verify that the client is connecting to the CAS box using HTTPS run through the following steps.

  1. Run outlook and log on using the required credentials.
  2. In the system tray hold down the Ctrl key and right click on the Outlook icon.
  3. Select connection status.

You should now be able to see if the connection is via TCP or HTTPS.


If you have any issues with connectivity microsoft provide this great site for testing.



Allen White
Allen is a Consultant for ITPS in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure.

ITPS provides strategic IT consultancy, implementation, data centre provision and unified communications, as well as support services and workspace and disaster recovery. If you require a consultation then please contact me via the contacts section or direct on 07931222991, add me on linkedin.


Comments (2)

  • sandip


    Hello Allan,

    thanks for the great post , but i still have some queries

    we have two domains in our envrironment, and and wanted to enable outlook


    1. do we need to create A record for autodiscover internally
    2. do we need to create new zone in DNS for autodiscover
    3. which domain name i shoud put in certificates
    like.,,, , *, *

    4. do we need to create auotiscover record on public dns , if yes what should be host name
    e.g. ,



    • Allen White


      Hello, just create the DNS forward look up zones for both domains..then create the Autodiscover record in both zones pointing to the correct CAS server.
      You do not need an external A record for autodiscover, but you do need it on your certificate as a SAN.




Leave a comment


(c) Please be aware, all information is provided freely, any information used is done so at your risk and Techieshelp will not be held responsible for any issue that may occur.
!-- BuySellAds On-Site Shopping Cart -->