Step By Step Guide To Setting Up Outlook Anywhere In Exchange 2007

Written by Allen White on. Posted in Exchange 2007

To configure the server side of Outlook Anywhere for Exchange/Outlook 2007 and Outlook 2010 (formerly known as RPC over HTTPS, in Exchange 2003), the following steps are required. This step by step guide through assumes that you have configured your external DNS A record to point at your firewall then redirect to your CAS server, and that you have port 443 forwarded to the CAS.

Firstly we must ensure that the RPC over HTTP proxy component is installed on the server.

  1. From the Add/Remove programs select Windows components
  2. Select Networking Services then details
  3. Select Rpc over http proxy -> OK
  4. Click Next to start the installation. Note that despite its warning, the server will not need to be rebooted.
  5. Click Finish to complete the installation

At this stage you should verify that the component is installed correctly. You can do this via the IIS administrative console.

  1. Check that you have 2 virtual sites/directories named RPC and RPCwithCert
  2. These sites should point to C:\WINDOWS\System32\RpcProxy which will contain the rpcproxy.dll
  3. You should also verify the RPC Proxy server extension is allowed in IIS (this will be enabled after you install the component)

At this stage we need to enable Outlook Anywhere inside of Exchange. This can be done a couple of ways, either through the EMS or EMC.

Enable Outllook Anywhere From The Exchange Management Shell
The three commands available to you are:

  • Get-OutlookAnywhere
  • Set-OutlookAnywhere
  • Enable-OutlookAnywhere

If you are running E2k7 SP1 the command below will get you up and running.

Enable-OutlookAnywhere -ClientAuthenticationMethod -ExternalHostname -SSLOffloading <$true $false> [-Confirm []] [-DomainController ] [-IISAuthenticationMethods ] [-Server ] [-TemplateInstance ] [-WhatIf []]

So for example you would run:
Enable-OutlookAnywhere -Server mail1 -SSLOffloading:$false -ExternalHostname -ClientAuthenticationMethod basic -IISAuthenticationMethods basic

Enable Outllook Anywhere From The Exchange Management Console
I generally find it quicker to do this task through the EMC, but some people prefer to use the command line as much as possible. The steps to get OA running through the EMC are:

  1. Open EMC –> Server configuration –> client Access Server.
  2. Choose the CAS server that you wish to enable for OA.
  3. In the actions panel on the right hand side of the screen choose Enable Outlook Anywhere
  4. You will now be asked to enter in the external host name for the server, so using the same name as the EMS example above, enter (This name should be the same name that is present on your certificate).
    Set your preferred method of authentication and if SSL offloading is required and select enable.
  5. Watch for any errors and if none appear select Finish.

Certificate Generation.

If at this stage you are only running the original self-signed (and self-created) cert that was generated when your CAS box was installed, you will need to generate a trusted certificate to allow clients to connect to the server with the names above. Your default generated cert will only contain the CAS box’ local domain name (eg. mail1.comapny.local)

Refer to my upcoming post on Exchange Certificate Generation .

How To Setup You Outlook Client For Outlook Anywhere

The best way if possible is to set the client up whilst in the office or connected over a VPN. If you haven’t got this available, then it’s not the end of the world, but it will just make your life a bit harder.

To set a new user up you must create a new mail profile using the following steps.If you are using a locally generated certificate from a non-root CA, then you will need to import the certificate into the local client store before the client will be able to access the server.

  1. Select Create new Mail Profile
  2. Check the Manually Configure Server box at the bottom of the window
  3. Select Microsoft Exchange
  4. Enter in the FQDN of your mail server (make sure you enter the external address), enter the user name, and make sure that cached mode is switched on.
  5. Select More settings, and then the connections tab.
  6. Tick the “Connect to Microsoft Exchange using HTTP”, and then select the Exchange Proxy settings button.
  7. Input the external name of your mail server in the first box. Eg
  8. Select the Only connect to Proxy servers that have this name, and enter in “msstd:”
  9. Set the authentication method to match what was selected on the server.
  10. Click ok, and finish to complete the setup.

If you have set up the auto discover service then you also have the option of using this method to set up the client. I’ll detail this in another blog soon.

You should now be able to fire up Outlook and enter in the credentials.

Verify client connection status

To verify that the client is connecting to the CAS box using HTTPS run through the following steps.

  1. Run outlook and log on using the required credentials.
  2. In the system tray hold down the Ctrl key and right click on the Outlook icon.
  3. Select connection status.

You should now be able to see if the connection is via TCP or HTTPS.


If you have any issues with connectivity microsoft provide this great site for testing.




Related Problems

Step By Step Guide On Installing Trend Scanmail On Exchange 2010
Step By Step Guide on Installing and Configuring Trend Micro Scanmail On Microsoft Exchange 2010.This is a simple process.
How To Remove An Expired Exchange 2007/ 2010 Certificate and Create A New Certificate
How to renew your expired exchange 2007 certificate.A guide on How To Remove An Expired Exchange 2007 Certificate and Create A New Certificate. This needs to be done every so ...
Outlook 2010, 2007 0x8004010f
This guide will help you resolve the Outlook 2010, 2007 0x8004010f error when it downloads the OAB it may be a corrupt OAB or a misconfigured OAB. Here is how ...
Connecting outlook 2003 to exchange 2010
OUtlook 003 will not connect correctly to exchange 2010 by default, exchange 2010 only accepts encrypted connections. Here is how to configure exchange and outlook 2003 to do so.
Things to consider if you run Outlook 2003 on Exchange 2010
If you are migrating to exchange 2010 and run outlook 2003 on your clients there are a number of things that must be considered in advance. Read this guide.
Outlook 2003 Gives Connect To Instance Error When Connecting To Exchange 2010
When you connect to exchange 2010 with outlook 2003 , you may see the error connect to instance. This is a known issue and microsoft have provided a fix
Allow non encrypted connections to Exchange 2010
A step by step guid on how to Allow non encrypted connections to Exchange 2010. Connect outook 2003 to exchange 2010 problems
Allow a Server to Relay Email. Exchange 2007 / 2010
If you want a server or another pc to send emails through your exchange server then you need to configure the relay options. Here is how to allow relaying through ...
Step By Step Guide On Installing Trend Scanmail
How To Remove An Expired Exchange 2007/ 2010
Outlook 2010, 2007 0x8004010f
Connecting outlook 2003 to exchange 2010
Things to consider if you run Outlook 2003
Outlook 2003 Gives Connect To Instance Error When
Allow non encrypted connections to Exchange 2010
Allow a Server to Relay Email. Exchange 2007


Allen White

Allen is a Technical Consultant for an IT company in the North East of England and holds the following accreditations. MCSA, MCSE, MCTS, MCITP, CCA, CCSP, VCP 4,5 and HP ASE, AIS - Network Infrastructure. Backup Academy Certified. I run this site in my spare time so if I help you then PLEASE take the time to share using the share tools on the site.

Comments (2)

  • sandip


    Hello Allan,

    thanks for the great post , but i still have some queries

    we have two domains in our envrironment, and and wanted to enable outlook


    1. do we need to create A record for autodiscover internally
    2. do we need to create new zone in DNS for autodiscover
    3. which domain name i shoud put in certificates
    like.,,, , *, *

    4. do we need to create auotiscover record on public dns , if yes what should be host name
    e.g. ,



    • Allen White


      Hello, just create the DNS forward look up zones for both domains..then create the Autodiscover record in both zones pointing to the correct CAS server.
      You do not need an external A record for autodiscover, but you do need it on your certificate as a SAN.




What Do You Think?

Search Solutions


(c) Please be aware, all information is provided freely, any information used is done so at your risk and Techieshelp will not be held responsible for any issue that may occur.