locked
How to Configure External OWA in Exchange 2010 RRS feed

  • Question

  • Hello I am wondering how I go about configuring an External OWA for Exchange 2010? Do I still use a front-end exchange server or do I even need one?

    Do I need at least 2 physical servers for this and is there a step by step guide to this? Thanks in advance.

    I am setting this up so I can use my Iphone with Exchange 2010, is this true? Or can I setup Iphone without having to setup external OWA?

    Friday, July 9, 2010 11:08 PM

Answers

All replies

  • For any client access be it OWA, POP, IMAP, Outlook you need to deploy a CAS (Client Access Server) this can be on the same box as other roles or on it's own depending on you plans.

    a good place to start is technet here for guidence http://technet.microsoft.com/en-us/library/bb124778.aspx & http://technet.microsoft.com/en-us/library/dd297950.aspx there are hundreds of blogs out there as well.

    As for the Iphone accessing Exchange you will need to deploy the CAS role for anything device or client to access mailbox data. Iphone will actually use Activesync one the CAS server has been deployed.

    • Proposed as answer by Gavin-Zhang Wednesday, July 14, 2010 9:13 AM
    • Marked as answer by Gavin-Zhang Saturday, July 17, 2010 1:50 AM
    Friday, July 9, 2010 11:46 PM
  • Hello I am wondering how I go about configuring an External OWA for Exchange 2010? Do I still use a front-end exchange server or do I even need one?

    For external access you should still use a "front-end server", but unlike Exchange 2000 / 2003, this should not be an Exchange server. Use ISA 2006 or (preferred) TMG 2010 instead

    Don't put CAS in the Perimeter network!
    http://msexchangeteam.com/archive/2009/10/21/452929.aspx

    Publish Exchange 2010 with TMG (Forefront Threat Management Gateway)
    http://exchangemaster.wordpress.com/2010/04/09/publish-exchange-2010-with-tmg-forefront-threat-management-gateway/


    MCTS: Messaging | MCSE: S+M | Small Business Specialist
    • Proposed as answer by Gavin-Zhang Wednesday, July 14, 2010 9:13 AM
    • Marked as answer by Gavin-Zhang Saturday, July 17, 2010 1:50 AM
    Saturday, July 10, 2010 6:12 AM
  • Thanks guys for your advice and help!

     

    I got it to work as so:

    1. I setup a url like so -> https://subdomain.domain.com/owa

    2. Pointed that url to a static ip, then in our firewall NATed it to the internal CAS server (which is this case is also the Exchange 2010 server as well).

    3. Made sure ports 80 and 443 were fully opened in the firewall.

    4 .Created an internal CA for Exchange 2010. (you can look for "how to's" on this on this forum for this process.)

    5. Made sure Active Sync was configured correctly.

    6. Success.

     

    Thanks again everyone!

    Thursday, July 15, 2010 3:30 PM
  • You should not need to open tcp 80, unless you do a redirect, such as: Redirecting OWA URLs in Exchange 2010
    http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/

    And sure, your approach will work, but is not particular secure. Right now, you have two open pass-trough ports into your internal domain, port tcp 80 historically being the most hacked of all of them.

     


    MCTS: Messaging | MCSE: S+M | Small Business Specialist
    Thursday, July 15, 2010 7:39 PM
  • Hi,

    I want to do the same thing like you did without using TMG server for publishing OWA.

    I need to know from you that it is working perfectly without any problem? If so I need your help how to setup the URL and where?. CA should be installed in CAS servers or in a Firewall. We are using Fortigate 3040B firewall.

    Thanks

    Tuesday, May 21, 2013 9:47 AM
  • It is working great... just follow my steps from above, and like others of have you don't need to open port 80 if you are linking directly to the CAS or Email Server.

    The CA should be installed on the Email Server in my case. Just NAT over the (what your domain is) to the Email server intenally.


    Network Admin....

    Tuesday, May 21, 2013 2:49 PM
  • Thank you so much! I will do the same thing.

    CA certificate is already on the CAS servers. only I have to do the NAT in our Fortigate firewall allowing only 443 from outside to Exchange client access server. is that correct?

    Thanks

    Wednesday, May 22, 2013 3:50 PM
  • Yes Just NAT from outside to inside.. Unless you have a SPAM filter then you should NAT outside to the SPAM filter.


    Network Admin....

    Wednesday, May 22, 2013 5:36 PM
  • Thanks again for your support and information. It is very helpful and it is saved my time.

    Thursday, May 23, 2013 7:38 AM