In order to access emails from Internet using Outlook application, Outlook Anywhere feature must be enabled in Exchange 2010. Outlook Anywhere replaces the need for VPN to access Exchange mailbox from Internet. Outlook Anywhere uses HTTPS/443 port and uses digital certificate to encrypt traffic. So the domain name that will be used to access Exchange server from outside needs to be in Subjective Alternative Name of the digital certificate. Make sure you have installed SAN certificate correctly with proper domain names. This article shows steps to enable Outlook Anywhere in Exchange 2010.
Enable Outlook Anywhere in Exchange 2010
When you install Exchange 2010, Outlook Anywhere is not enabled by default. You have to manually enable it. You need to provide domain name, like mail.mustbegeek.com while enabling Outlook Anywhere. This domain will be access from Outside to login to Exchange mailbox. From internally, SCP or Autodiscover DNS record will be used to lookup Outlook Anywhere information from domain joined clients. To enable Outlook Anywhere, log on to Exchange server and open Exchange Management Console.
Expand Server Configuration and select Client Access. Right-click client access server and click Enable Outlook Anywhere.
Type domain name to access mail server. Here I have mail.mustbegeek.com. Make sure this external domain is pointed to corporate Exchange server’s public IP address. You should do this from public domain hosting like GoDaddy. Choose authentication method. You can choose Basic or NTLM. NTLM uses the cached login cred to login to Outlook when user goes out of corporate network and logs in via Internet. So choosing this option allows user to login to Outlook using cached login without having user to enter the password. If cache is not present user is unable to login. Basic authentication transmits username and password in clear text but is encrypted by SSL connection. While accessing Outlook from Internet, Basic authentication will ask for credential, you can check box to remember the password. Both method are secure as they are transmitting through SSL connection and are encrypted by digital certificate. Here, I will choose Basic authentication. Now, click Enable.
Click Finish. Outlook Anywhere is now enabled for all mailboxes. To enable Outlook Anywhere through PowerShell or Exchange Management Shell use following cmdlets,
Enable-OutlookAnywhere -Server MBG-CAS01 -ExternalHostname 'mail.mustbegeek.com' -DefaultAuthenticationMethod 'Ntlm' -SSLOffloading $False
In this way you can enable Outlook Anywhere in Exchange 2010. You can disable Outlook Anywhere per user if need using following cmdlet,
Get-Mailbox —Identity BGiri@mustbegeek.com | Set-CASMailbox -MAPIBlockOutlookRpcHttp $True