How to Configure and Manage OWA on Exchange Server 2007

Mobile messaging has become widely used since the release of Exchange Server 2003 Service Pack 2 (SP2), which provided much needed functionality. SP2 has been able to offer remote access users much of the same functionality as users working within the network.

Outlook Web Access (OWA) provides remote users access to their messaging system via any compliant web browser, making mobile messaging universally accessible to any user with a browser enabled device.

Anywhere Access

The release of Outlook Web Access 2007 further increases the functions available to the remote user, including:

  • Out of office messaging
  • Scheduling assistant
  • Access to SharePoint documents within the browser
  • Web-ready document viewing within the browser
  • Access to managed e-mail folders
  • Voice and fax access via UM
  • Search access to GAL
  • Access to RSS feeds

Configuration and Management Tools

OWA is made available via the Exchange Server, deployed in the client access server role. There are five tools available to manage and configure OWA:

  • the Exchange Management Console graphic interface
  • the IIS Manager
  • direct registry configuration settings using the Registry Editor
  • the Outlook Web Access Web Administration tool
  • the Exchange Management Shell which provides command line and automated plug-ins

Some settings are only configurable via certain tools; settings, such as the PublicClientTimeout, TrustedClientTimeout, and SSLOffloaded values can only be configured by using the Registry Editor.

Configuring the Virtual Directories

When you install the client server access role on the Exchange Server, four default virtual directories are created to be used by Outlook Web Access. The directories are:

  • /owa – which is used for mailbox access
  • /Public – used to access public folders
  • /Exchange – used to access mailboxes and provide backwards compatibility
  • /Exadmin – which provides access for administrative settings and properties

These directories are usually sufficient for most deployments, but you can create additional virtual directories if you require them using the New-OWAVirtualDirectory command. Note that the forms based auth and secure socket layer encryption enabled by default in the /owa virtual directory will not apply to the new directory and these security services must be enabled manually.

Simplifying the OWA URL

Users like simplicity and simplicity reduces the need for tech support from the IT helpdesk. The URL that users use to access their mailbox via OWA can be simplified using the IIS manager. The process simply employs an http redirect and you can also set the IIS web page to automatically send the user to the secure http URL.

Simply create the html redirect code to URL=https://servername/exchange, open the IIS manager and program the redirect in the properties of the default web site.

Modifying Attachment Handling Settings

A new service introduced in Exchange Server 2007 is Web Ready Document Viewing, which allows users accessing the messaging servers via OWA to view certain types of common documents rendered within the browser.

The document types include Word, PDF, Excel and PowerPoint. You can use either the Exchange Management Console or the Set-OwaVirtualDirectory command under the manager shell. In the console, the settings are located under Web Ready Document Viewing settings under the OWA properties in the server properties Client Access settings.

Public and private file access can be configured to either allow access, block access, or force save the file to the client’s device before viewing. All attached files with either a default or a known file extension, are by default set to one of these three options.

You can also choose one of the options for unkown file extensions. Again, you can either use the Exchange Management Console or the Set-OwaVirtualDirectory command under the manager shell.

In the console you can set the file name extensions in the allow, block or force save list under the Direct File Access settings page. To modify the list you must select Customize direct file access and Direct file access must be enabled. There are two sets of settings, one for public file access and one for private file access.

Available only in Outlook Web Access Premium client, SharePoint and Windows File Share (UNC) integration provides read-only access to documents. Administrators can configure OWA to allow or block access on individual servers, allow or block access from private or public computers, create a list of remote servers to be treated as internal (only documents on internal host can be accessed via OWA), and allow or block access using segmentation.

To set access to individual servers simply add the host name to the block or allow list under Remote File Servers in the OWA configuration settings. You can also use the Set-OwaVirtualDirectory command in the manager shell.

To allow or block private or public computers, enable or disable the Windows SharePoint Services or Windows File Shares under the OWA setting. You can also enable or disable via the command shell using the Set-OwaVirtualDirectory command.

To add a domain suffix to be treated as internal, simply add the suffix to the list of domain suffixes to be treated as internal under the Remote File Server tab in OWA settings. To set access to individual virtual directories or to individual users you must use the command shell commands Set-OwaVirtualDirectory and Set-CASMailbox respectively.

Other configuration and management tasks for OWA include: configuring authentication methods, modifying language and character handling settings, configuring Gzip compression settings and disabling Web Beacons.
But we’ll save these for another time …



This site uses Akismet to reduce spam. Learn how your comment data is processed.