locked
Exchange Internal Client vs External Client RRS feed

  • Question

  • I have some mesh about internal clients vs external clients for exchange. How to exchange or outlook client determine wich setting apply?

    For example, i have resource forest model and have some client.

    1. Linked Mailbox in resource forest. User work on domain PC in account forest. Is it internal or external user? wich settings would apply to outlook 2007/2010?

    2. Active Mailbox in resource forest. User work on non domain PC.  Is it internal or external user? wich settings would apply to outlool 2007/2010?

    And I have two scenarios: Outlook in LAN and Outlook connect to exchange from Internet.  I do not use TMG or ISA, only static NAT on CISCO ASA.


    Truly, Valery Tyurin
    Saturday, December 10, 2011 8:37 AM

Answers

  • 1. Typical internal: A user logs on to the account domain and accesses the mailbox in the resource forest. The clue is the link between the objectSid (account forest) and the msExchMasterAccountSid (resource forest). Auto configuration information (Autodiscover) is retrieved from a service connection point (SCP) in the account forest or through an XML redirect. The Outlook connection type would by default be TCP/IP (MAPI RPC).

    2. External as to Autodiscover: A non-domain member has no access to an SCP. As to Outlook connection, this might depend. On an internal network or VPN, it will be TCP/IP; on the Internet it will be HTTP (Outlook Anywhere).

    In this scenario, it makes no difference if you are nating with TMG, ISA or Cisco. The outcome will be the same: Outlook will connect with HTTP (Outlook Anywhere), that is without a VPN connection.

     


    MCTS: Messaging | MCSE: S+M
    • Proposed as answer by Martina_Miskovic Saturday, December 10, 2011 9:04 PM
    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:36 AM
    Saturday, December 10, 2011 10:18 AM
  • Thank you Jon-Alfred. As  I see if client retrive information from SCP (account or recource forest) it internal client. If client (pc computer or user) cannot connect to SCP it treated as external and recive configuration from autodiscover.domain.dom.
    Truly, Valery Tyurin
    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:36 AM
    Saturday, December 10, 2011 8:42 PM
  • Hi Valery,

    May I know why you asked this?

    There is no a exact definition for the external (Outlook) clients or internal (Outlook) clients. Generally we see a client that is connecting Exchange server via TCP/IP as an Internal client, and it can connect the web-services via the internal URLs. All others are external clients.

    Thanks.

     


    Fiona Liao

    TechNet Community Support

    • Proposed as answer by Fiona_Liao Monday, December 12, 2011 8:05 AM
    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:35 AM
    Monday, December 12, 2011 8:04 AM
  • I need it for troubleshooting.  Than I enable Outlook Anywhere all my client (Internal and External) set connection to exchange with "Connect to Exchange with RPC over HTTP/S". I think that for Internal Clients I may use MAPI connection not "RPC over HTTP" 
    Truly, Valery Tyurin


    Thanks Valery,

    If this is the case, you might reverse the order--first connection type and then decide the clients type.

    Whether use Outlook Anywhere or not is depending on your network status. For example, you are in a branch office which is connecting to main office via a 256K dia-up line, you are able to connect Outlook via TCP/IP, however, it is better if you use Outlook Anywhere via Internet connection which has 10M bandwidth.

    Both TCP/IP and http are MAPI connection, they have the same function with different Outlook provider.

    Hope it is helpful.


    Fiona Liao

    TechNet Community Support

    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:35 AM
    Thursday, December 15, 2011 10:43 AM

All replies

  • 1. Typical internal: A user logs on to the account domain and accesses the mailbox in the resource forest. The clue is the link between the objectSid (account forest) and the msExchMasterAccountSid (resource forest). Auto configuration information (Autodiscover) is retrieved from a service connection point (SCP) in the account forest or through an XML redirect. The Outlook connection type would by default be TCP/IP (MAPI RPC).

    2. External as to Autodiscover: A non-domain member has no access to an SCP. As to Outlook connection, this might depend. On an internal network or VPN, it will be TCP/IP; on the Internet it will be HTTP (Outlook Anywhere).

    In this scenario, it makes no difference if you are nating with TMG, ISA or Cisco. The outcome will be the same: Outlook will connect with HTTP (Outlook Anywhere), that is without a VPN connection.

     


    MCTS: Messaging | MCSE: S+M
    • Proposed as answer by Martina_Miskovic Saturday, December 10, 2011 9:04 PM
    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:36 AM
    Saturday, December 10, 2011 10:18 AM
  • Thank you Jon-Alfred. As  I see if client retrive information from SCP (account or recource forest) it internal client. If client (pc computer or user) cannot connect to SCP it treated as external and recive configuration from autodiscover.domain.dom.
    Truly, Valery Tyurin
    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:36 AM
    Saturday, December 10, 2011 8:42 PM
  • This is correct. For instance my laptop is in the smith.something domain. Where I work most of the time and have an e-mail account, I receive the configuration information from https://autodiscover.domain.no, but I do connect with MAPI RPC to the Exchange CAS array when I'm at the office.
    MCTS: Messaging | MCSE: S+M
    Saturday, December 10, 2011 9:54 PM
  • Hi Valery,

    May I know why you asked this?

    There is no a exact definition for the external (Outlook) clients or internal (Outlook) clients. Generally we see a client that is connecting Exchange server via TCP/IP as an Internal client, and it can connect the web-services via the internal URLs. All others are external clients.

    Thanks.

     


    Fiona Liao

    TechNet Community Support

    • Proposed as answer by Fiona_Liao Monday, December 12, 2011 8:05 AM
    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:35 AM
    Monday, December 12, 2011 8:04 AM
  • I need it for troubleshooting.  Than I enable Outlook Anywhere all my client (Internal and External) set connection to exchange with "Connect to Exchange with RPC over HTTP/S". I think that for Internal Clients I may use MAPI connection not "RPC over HTTP" 
    Truly, Valery Tyurin
    Wednesday, December 14, 2011 8:18 AM
  • I need it for troubleshooting.  Than I enable Outlook Anywhere all my client (Internal and External) set connection to exchange with "Connect to Exchange with RPC over HTTP/S". I think that for Internal Clients I may use MAPI connection not "RPC over HTTP" 
    Truly, Valery Tyurin


    Thanks Valery,

    If this is the case, you might reverse the order--first connection type and then decide the clients type.

    Whether use Outlook Anywhere or not is depending on your network status. For example, you are in a branch office which is connecting to main office via a 256K dia-up line, you are able to connect Outlook via TCP/IP, however, it is better if you use Outlook Anywhere via Internet connection which has 10M bandwidth.

    Both TCP/IP and http are MAPI connection, they have the same function with different Outlook provider.

    Hope it is helpful.


    Fiona Liao

    TechNet Community Support

    • Marked as answer by Fiona_Liao Friday, December 16, 2011 7:35 AM
    Thursday, December 15, 2011 10:43 AM