Module 10: Outlook Mobile Access Contents Overview Lesson 1: Managing Mobile Service Components Lesson 2: Outlook Mobile Access Browse
1 2 16
Lesson 3: Beneath the GUI
24
Lesson 4: Troubleshooting
40
Lesson 5: Tools
48
Lab A: Outlook Mobile Access
51
Review
55
Appendix A
56
Appendix B
60
Appendix C
64
Appendix D
70
Appendix E
77
Appendix F
85
Appendix G
92
Appendix H
97
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2005 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows 2000, Active Directory, ActiveX, BackOffice, FrontPage, Hotmail, Jscript, MSN, NetMeeting, Outlook, PowerPoint, SQL Server, Visual Studio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States, and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Module 10: Outlook Mobile Access
Overview
*****************************illegal for non-trainer use******************************
Introduction
Microsoft® Exchange Server 2003 includes built-in mobile functionality, which allows users to access Exchange data by using mobile devices. Exchange Server 2003 offers two services for your mobile users: Microsoft® Exchange ActiveSync® and Microsoft® Outlook® Mobile Access.
Objectives
After completing this module, you will be able to:
Manage mobile service components.
Understand what Outlook Mobile Access Browse can do.
Know the interworking and how it interacts with other components.
Know how to troubleshoot Outlook Mobile Access and what tools you can use.
1
2
Module 10: Outlook Mobile Access
Lesson 1: Managing Mobile Service Components
*****************************illegal for non-trainer use******************************
Introduction
This lesson introduces you to the mobile service components of Exchange Server 2003. It explains how to administer and secure these mobile service components.
Lesson objectives
After completing this lesson, you will be able to:
Describe the mobile service components of Exchange Server 2003.
Explain the requirements for Exchange Server 2003 mobile service components.
Explain the utilities that are needed to administer mobile components.
Identify the Mobile Services object properties that you can modify by using Exchange System Manager.
Configure Exchange ActiveSync and up-to-date notifications.
Describe the considerations necessary for securing mobile components.
Module 10: Outlook Mobile Access
3
What Are the Mobile Service Components of Exchange Server 2003?
*****************************illegal for non-trainer use******************************
Exchange Server 2003 allows users of wireless and small devices, such as mobile phones, personal digital assistants (PDAs), or smart phones (hybrid devices that combine the functionality of mobile phones and PDAs), access to Exchange data. Exchange ActiveSync and Outlook Mobile Access are two of the mobile service components that are built into Exchange Server 2003. These components enable mobile users to browse Exchange information, in addition to synchronizing calendar, contact, and inbox information. What Is Exchange ActiveSync?
Exchange ActiveSync is a service provided in Exchange Server 2003 that allows users to synchronize their Exchange information (inbox, subfolders, calendar, contacts, and tasks) with their Exchange ActiveSync-enabled mobile device (such as Pocket PC 2002, Smartphone 2002 and Microsoft® Windows Mobile™ 2003 devices). The two types of client initiated remote synchronizations supported by Exchange ActiveSync are:
What are up-to-date notifications?
Manual end-user driven. Allows users of mobile devices to perform a manual synchronization.
Scheduled. Allows users of mobile devices to schedule synchronization.
In addition, Exchange supports server initiated synchronization through Exchange ActiveSync and up-to-date notifications. Up-to-date notifications allow synchronization of mobile devices to be automated by using an up-to-date notification. This option in the Mobile Services Properties dialog box sends a notification to the mobile device to initiate an automatic synchronization through Exchange ActiveSync.
4
Module 10: Outlook Mobile Access
How do up-to-date notifications work?
After a user completes the first successful synchronization from the Pocket PC, the device is automatically populated with the user’s mailbox folder tree, exposing all mailbox folders available for synchronization. Each folder can be selected for an up-to-date notification. After a folder is chosen for an up-to-date notification, an event is set on the folder, which looks for new e-mail to be delivered to the folder. When the new e-mail arrives, an event runs inside the Exchange server mailbox store and creates a Simple Mail Transfer Protocol (SMTP) notification. When the notification on the device is received (devices receive notifications, based on the network type, the notification could be as a Short Message Service–based message), the device will start an Exchange ActiveSync session, enabling the device to become up to date. All this occurs without waking the device. Note The up-to-date notification feature is only supported on the Windows Mobile 2003 devices.
What Is Outlook Mobile Access?
Outlook Mobile Access is a service provided in Exchange Server 2003 that allows your users to access their Exchange mailbox by using a browser-enabled mobile device. Devices such as mobile phones and PDAs that use Extensible Hypertext Markup Language (XHTML), compact HTML (cHTML), or standard HTML browsers allow your users to connect to their inbox, calendar, contacts, tasks, and perform global address list (GAL) searches. In addition to mobile phones, Windows Mobile devices using Microsoft Pocket Internet Explorer and desktop personal computers using Microsoft® Internet Explorer 6.0 or later also support Outlook Mobile Access. Note If your Exchange server has Device Update 2 installed (the default), Internet Explorer 6.0 will work but it will receive the following error message “The device type you are using is not supported. Press OK to continue.”
Outlook Mobile Access Features
Compatibility with Microsoft Mobile Information Server
This is a partial list of the messaging and collaboration features that Outlook Mobile Access supports:
E-mail: Read, Reply, Forward, Delete, Flag, Compose. Navigate multiple folders. Look up sender or other recipients.
Calendar: Accept, Decline, Tentative meeting requests. Navigate via date picker control. Compose/Edit appointments with attendees’ support.
Contacts: View, Create, Edit personal contacts. Search personal and GAL contacts. Save global address list contacts to personal contacts. E-mail and Call contacts
Tasks: View, Create, Edit tasks
If you have previously used Microsoft® Mobile Information Server 2001 Enterprise Edition or Microsoft® Mobile Information Server 2002 Enterprise Edition to provide mobile access to your users, you need to be aware of the following compatibility issues with Exchange Server 2003 mobile components to determine the requirements for co-existence:
Mobile Information Server can communicate with Microsoft® Exchange 5.5 mailbox servers to provide Outlook Mobile Access (real-time browse access) and with Microsoft® Exchange 2000 Server mailbox servers to provide Exchange ActiveSync and Outlook Mobile Access support for browsing and new e-mail notifications.
Module 10: Outlook Mobile Access
Integrating Exchange 2003 with Mobile Information Server 2002
5
Exchange Server 2003 mobile components can only communicate with Exchange Server 2003 mailbox servers to provide Exchange ActiveSync and Outlook Mobile Access.
Mobile Information Server can be installed in an ‘ActiveSync-only’ configuration. When installed in this manner, Mobile Information Server does not require an Active Directory® schema change or any complicated auxiliary forest topologies. The recommended path for customers that want mobility on Exchange 2000 and want to ensure they will have a good migration path to Exchange 2003 is to install Mobile Information Server in the ‘ActiveSync only’ configuration for Exchange 2000. Then the same devices, PPC Phone and Smartphone, will work with Exchange 2003 when they migrate. Then they do not have to be concerned with a complex Active Directory schema change and auxiliary forest scenarios pertinent to Mobile Information Server. Of course, this means they will not get the browse and push features of Mobile Information Server. But past experience shows ActiveSync is usually the feature driving Mobile Information Server deployments. In summary:
Mobile Information Server has not been tested against Exchange 2003 mailboxes. Using Mobile Information Server mobile browse or Mobile Information Server ActiveSync® against Exchange 2003 mailboxes is not a supported scenario.
Coexistence: Mobile Information Server (browse, push, and sync) used against Exchange 2000 mailboxes can co-exist in the same environment as Exchange 2003 Outlook Mobile Access and Exchange ActiveSync used against Exchange 2003 mailboxes. Exchange 2003 does not reuse the Active Directory attributes used by Mobile Information Server, and so they do not conflict. For exact details about what Active Directory attributes are used by Exchange 2003 Mobility, see the documentation that will be available by launch.
If a customer wants to use Mobile Information Server for some users and Exchange 2003 mobility for others, then using separate name spaces for each is best. Mobile Information Server /Exchange 2000 users URL = mis.corp.com Exchange 2003 users URL = oma.corp.com
Exchange 2003 Mobile Browse is the only Exchange component that uses the .NET Framework. The specifics of the other components, sync and Up To Date, which complete the Exchange 2003 Mobile experience, will be covered in detail in the specific component modules.
Note In a mixed Exchange environment where you deploy a front-end and back-end topology, you must use Exchange Server 2003 for both the front-end and back-end servers to gain access to mailboxes through Outlook Mobile Access and Exchange ActiveSync. For more information on Windows Mobile devices, see the Windows Mobile page on the Microsoft Web site at http://www.microsoft.com/windowsmobile.
6
Module 10: Outlook Mobile Access
What Are the Mobile Service Components of Exchange Server 2003? (continued)
*****************************illegal for non-trainer use******************************
Client
Mobile phones using xHTML (Wireless Application Protocol [WAP] 2.0), cHTML (iMode) or standard HTML browsers will be capable of connecting and rendering inbox, calendar, contacts, tasks and (Global Address List) GAL searches. In addition to mobile phones, Pocket PC 2002 using Pocket Internet Explorer Version 3.02 or greater and desktop computers using Internet Explorer 6.0 and greater (supported only with Device Update [DU]3.0 and greater) will both support mobile browse. Outlook Mobile Access Browse does not support devices that are not on this list: http://www.microsoft.com/exchange/techinfo/outlook/OWA_Mobile. asp
However, if the “Enable Unsupported Devices” option is checked, users will be able to use ANY mobile devices, not just WAP1.x devices. This will display the following screen. You need to select OK to access your mailbox. However, they might encounter issues since the devices are not supported and have not been tested. Server
The Outlook Mobile Access Browse component has been written using managed code (C# in this case). Therefore, to install the wireless support in Exchange Server 2003 the following software is required: Microsoft® .NET Framework v1.1
Module 10: Outlook Mobile Access
7
ASP.NET Device Update 2 (DU-2) and beyond The .NET Framework v1.1 is installed automatically on Microsoft® Windows Server™ 2003 servers. For Microsoft® Windows® 2000, this has to be manually installed. The latest version of the .NET Framework is always available from http://www.microsoft.com/windowsupdate. The ASP.NET Device Update 2 (DU-2) must also be installed before Exchange Server 2003 mobile access support can be installed; however, the Exchange SETUP program will automatically install this component if it is not already installed. Limitations
In a mixed Exchange environment, you must use Exchange 2003 for both the front-end and back-end servers to gain access to mailboxes through Outlook Mobile Access. Mailboxes on Microsoft® Exchange 5.5 or Microsoft® Exchange 2000 require Microsoft® Mobile Information Server 2002.
Standards
HTML (HyperText Markup Language) is a collection of formatting commands that create hypertext documents--Web pages, to be exact. When you point your Web browser to a URL, the browser interprets the HTML commands embedded in the page and uses them to format the page's text and graphic elements. HTML commands cover many types of text formatting (bold and italic text, lists, headline fonts in various sizes, and so on), and also have the ability to include graphics and other nontext elements. XML (Extensible Markup Language) is a system for defining specialized markup languages that are used to transmit formatted data. XML is conceptually related to HTML, but XML is not itself a markup language. Rather it is a meta language, a language used to create other specialized languages. xHTML (Extensible HyperText Markup Language), also known as HTML version 5. XHTML is a new language that bridges the gap between HTML and XML. XHTML documents are well-formed XML, so they are readily viewed, edited, and validated with standard XML processors. This also makes it much easier for lightweight clients. cHTML (Compact HyperText Markup Language), is a cHTML document is like an HTML document but contains only one screen. This make, the cHTML rendering model, is identical to the HTML rendering model: one page at a time. It was designed for low memory footprint applications and so excludes things like tables and frames. cHTML has been adapted to the profiles of particular mobile devices by manufacturers. WML (Wireless Markup Language) is a markup language based on XML, and is intended for use in specifying content and user interface for narrowband devices, including cellular phones and pagers. WML is designed with the constraints of small narrowband devices in mind. These constraints include: 1) Small display and limited user input facilities; 2) Narrowband network connection; 3) Limited memory and computational resources. If a phone or other communications device is said to be Wireless Application Protocol (WAP) capable, this means that it has a piece of software loaded onto it (known as a microbrowser) that fully understands how to handle all entities in the WML 1.1 DTD.
8
Module 10: Outlook Mobile Access
What Are the Requirements for Exchange Server 2003 Mobile Services?
*****************************illegal for non-trainer use******************************
Outlook Mobile Access is designed to take advantage of the Microsoft .NET Framework and Microsoft ASP.NET. The devices that are supported by Exchange Server 2003 for Outlook Mobile Access are determined by the device update package that is installed on the Exchange 2003 server. The three software components that are required for Outlook Mobile Access in Exchange Server 2003 are:
How are the software components installed?
The .NET Framework 1.1
ASP.NET
ASP.NET Device Update 2
The .NET Framework 1.1 installs automatically on Microsoft Windows Server 2003. For Windows 2000 Servers, SP3 or later, Exchange Setup automatically installs and enables both the .NET Framework and ASP.NET. Exchange Setup also installs the ASP.NET Device Update 2 package.
Module 10: Outlook Mobile Access
What devices are supported by Outlook Mobile Access with Device Update 2?
9
The following table lists some of the devices supported by Outlook Mobile Access with Device Update 2. Device
Network
Rendering language
Sony Ericsson T68i
Sony Ericsson T68i
XHTML
NEC N503is
iMode
cHTML
Panasonic P503is
iMode
cHTML
Panasonic P504i
iMode
cHTML
Fujitsu F504i
iMode
cHTML
Pocket PC 2002, Pocket PC 2002 Phone Edition, Smartphone 2002, or Windows Mobile 2003 devices
GSM
HTML
Sony SO503iS
iMode
cHTML
Mitsubishi D503iS
iMode
cHTML
NEC N504i
iMode
cHTML
Note Newer versions of the device update package will be available for download from the Internet that will add support for more devices to your Exchange server. For additional information on available updates, see the Microsoft Web site at http://www.asp.net/. As mentioned before, Outlook Mobile Access Browse only supports devices that are on this list: http://www.microsoft.com/exchange/techinfo/outlook/OWA_Mobile. asp
Extending Outlook Mobile Access
The Microsoft Mobile Internet Toolkit, an extension for ASP.NET, provides the utilities that are needed to write mobile Web applications for a wide variety of mobile browsers. The toolkit isolates developers from the challenge of writing and maintaining numerous Web applications, each targeted to a specific browser. The ASP.NET server controls included with the toolkit render the appropriate markup languages, including HTML, wireless markup language (WML) for Wireless Application Protocol (WAP) mobile phones, xHTML and cHTML, while accommodating different screen sizes, orientations, and device capabilities. Note For more information about the Microsoft Mobile Internet Toolkit, see the Mobile ASP.NET Web Applications page on the Microsoft Web site at http://www.asp.net/mobile/.
.NET Framework
It is impossible to understand the foundation of Outlook Mobile Access without a cursory understanding of the .NET Framework. Outlook Mobile Access gives you the ability to view your mailbox with a mobile browser. This section provides a basic explanation of the .NET Framework and ASP.NET as they apply to Exchange 2003 Outlook Mobile Access and Mobility as a whole. The .NET Framework is a new development platform that simplifies application development in the highly distributed environment of the Internet. The .NET Framework is designed to fulfill the following objectives:
10
Module 10: Outlook Mobile Access
Provide a consistent object-oriented programming environment whether object code is stored and executed locally, executed locally but Internetdistributed, or executed remotely.
Provide a code-execution environment that minimizes software deployment and versioning conflicts.
Provide a code-execution environment that guarantees safe execution of code, including code created by an unknown or semi-trusted third party.
Provide a code-execution environment that eliminates the performance problems of scripted or interpreted environments.
Make the developer experience consistent across widely varying types of applications, such as Microsoft® Windows®-based applications and Webbased applications.
Build all communication on industry standards to ensure that code based on the .NET Framework can integrate with any other code.
The .NET Framework has two main components: the common language runtime and the .NET Framework class library. The common language runtime is the foundation of the .NET Framework. You can think of the runtime as an agent that manages code at execution time, providing core services such as memory management, thread management while enforcing strict type safety and other forms of code accuracy that ensure security and robustness. In fact, the concept of code management is a fundamental principle of the runtime. Code that targets the runtime is known as managed code, while code that does not target the runtime is known as unmanaged code. The class library, the other main component of the .NET Framework, is a comprehensive, object-oriented collection of reusable types that are used to develop applications ranging from traditional command-line or graphical user interface (GUI) applications to applications based on the latest innovations provided by ASP.NET; Web Forms and Extensible Markup Language (XML) Web services. Microsoft Internet Explorer is an example of an unmanaged application that hosts the runtime; in the form of a MIME type extension. Using Internet Explorer to host the runtime enables you to embed managed components or Windows Forms controls in HTML documents. Hosting the runtime in this way makes managed mobile code, similar to ActiveX® controls possible, but with significant improvements that only managed code can offer, such as semitrusted execution and secure isolated file storage. Common Language Runtime (CLR)
The CLR manages memory, thread execution, code execution, code safety verification, compilation, and other system services. These features are intrinsic to all managed code. With regards to security, managed components are awarded varying degrees of trust, depending on a number of factors that include their origin; the Internet, enterprise network, or local computer. Thus, a managed component might or might not be able to perform file-access operations, registry-access operations, or other sensitive functions, even if it is being used in the same active application.
Module 10: Outlook Mobile Access
11
The runtime enforces code access security. Users can trust that an executable embedded in a Web page can play an animation on screen or sing a song, but cannot access their personal data, file system, or network. The security features of the runtime enable legitimate Internet-deployed software to have exceptionally rich features. In addition, the managed environment runtime eliminates many common software issues. The runtime automatically handles object layout and manages references to objects, releasing them when they are no longer being used. This automatic memory management, garbage collection, resolves the two most common application errors; memory leaks (pointer released before memory free) and invalid memory references (pointer). The runtime is designed to enhance performance. Although the common language runtime provides many standard runtime services, managed code is never interpreted. A feature called just-in-time (JIT) compiling enables all managed code to run in the native machine language of the system on which it is executing. Meanwhile, the memory manager removes the possibilities of fragmented memory and increases memory locality-of-reference to further increase performance. The runtime compiles the code the first time the code is called and reuses the complied version thereafter. .NET Framework Class Library
The .NET Framework class library is a collection of reusable object oriented types that tightly integrate with the common language runtime. Developers use these base types to develop their own types; inheritance. This reduces the time associated with learning new features of the .NET Framework. In addition to these common tasks, the class library includes types that support a variety of specialized development scenarios. The .NET Framework can be used to develop console applications, scripted or hosted applications, Windows graphical user interface (GUI) applications (Windows Forms), XML Web services, Windows services, and last but most important to us, ASP.NET applications.
ASP.NET
ASP.NET is the component that enables developers to use the .NET Framework to target Web-based applications. ASP.NET is more than a runtime host; it is a complete architecture for developing Web sites and Internet-distributed objects using managed code. Both Web Forms and XML Web services use Microsoft® Internet Information Services (IIS) and ASP.NET as the publishing mechanism for applications. Both have a collection of supporting classes in the .NET Framework. XML Web services, an important evolution in Web-based technology, are distributed, server-side application components similar to common Web sites. Unlike Web-based applications, XML Web service components have no user interface (UI) and are not targeted for browsers such as Internet Explorer. XML Web services consist of reusable software components designed to be consumed by other applications; Web-based applications or other XML Web services. XML Web services technology is rapidly moving application development and deployment into the highly distributed environment of the Internet. If you have used earlier versions of ASP technology, you will immediately notice the improvements that ASP.NET and Web Forms offers. A developer can produce Web Forms pages in any language that supports the .NET Framework. The code no longer needs to share the same file with your HTTP text; code behind (although it can continue to do so if you prefer). Web Forms
12
Module 10: Outlook Mobile Access
pages execute in native machine language like any other managed application. ASP.NET pages are faster, more functional, and easier to develop than unmanaged ASP pages because they interact with the runtime unlike ASP pages which are interpreted. The .NET Framework also provides a collection of classes and tools to aid in development of Mobile Controls. Mobile controls are used to develop applications for handheld devices and are device specific. This reduces development time and ensures that the correct markup is returned to the client device. ASP.NET Framework 1.1 Mobile Controls
ASP.NET Framework 1.1 provides an abstraction of a user interface with objects representing the fundamental components of a visual display; text labels, input boxes, etc. It is the runtime's responsibility to take this abstract representation and turn it into device-specific markup. ASP.NET provides mobile Web Form controls that represent individual components of the user interface. These components are used to define a user interface within a Web page. ASP.NET will deliver the content in the markup language appropriate for the requesting device. There are three major markup languages used by mobile browsers to date; cHTML, xHTML and HTML. ASP.NET automatically renders the correct elements for the given supported wireless device.
.NET Framework Device Updates
Mobile Device Updates are incorporated into the .NET Framework Device Updates. After all, Outlook Mobile Access derives from these base classes. The Device Updates are tentatively scheduled for updates twice a year. Any modifications required to provide proper rendering on a specific device is included in the web.config in the root of the Browse directory. The web.config is updated as part of the device updates; any customization will be overwritten. Administrators and developers are discouraged from modifying web.config settings for a device the Microsoft has not tested. In many cases there will be no interoperability problems between the mobile device and Exchange. However, there is no support for such modifications and the end result may remove our ability to debug Outlook Mobile Access.
Module 10: Outlook Mobile Access
13
Utilities That You Can Use to Administer Mobile Components
*****************************illegal for non-trainer use******************************
You use utilities such as Exchange System Manager, Internet Information Services (IIS) Manager, and Active Directory Users and Computers to configure Exchange mobile components. Exchange System Manager
Exchange System Manager is used when configuring Mobile Services objects. These objects are a part of the global settings for the Exchange organization. These objects allow you to define how Exchange ActiveSync and Outlook Mobile Access are enabled for all users in your organization. You can also define the domain name for mobile carriers that are used by up-to-date notifications. Exchange System Manager is also used to configure an SMTP connector that is used for up-to-date notifications. You define the SMTP connector to connect your corporate SMTP bridgehead server to your mobile carrier, such as Microsoft® MSN® Mobile or your mobile operator.
IIS Manager
IIS Manager is used to configure settings such as the security of Outlook Mobile Access and the Exchange ActiveSync virtual directories. Configuring Outlook Mobile Access and Exchange ActiveSync is similar to how you configure options for Microsoft Office Outlook Web Access by using the IIS Manager.
Active Directory Users and Computers
Active Directory Users and Computers allows you to control mobile access on a user-by-user basis. By default, Exchange ActiveSync and Outlook Mobile Access are enabled on all user accounts, but Outlook Mobile Access is disabled globally by default for Exchange Server 2003.
14
Module 10: Outlook Mobile Access
How to Configure Mobile Services Object Properties Using Exchange System Manager
*****************************illegal for non-trainer use******************************
By default, Exchange Server 2003 global settings for Exchange ActiveSync allow all users to initiate synchronization and receive up-to-date notifications. Outlook Mobile Access Browse can be configured on a Global and Per user basis with the on/off switch in Exchange System Manager and Active Directory Users and Computers. By default, Outlook Mobile Access Browse is enabled for all users but is disabled globally by default through the Mobile Services object settings. To modify your global settings for Exchange ActiveSync and Outlook Mobile Access, use the Mobile Services object in Exchange System Manager. To configure Exchange ActiveSync
The following table lists the object properties available for Exchange ActiveSync. Object property
Description
Enable user-initiated synchronization
Users can use their mobile carrier connection to synchronize their Exchange information to their ActiveSync-enabled device and then access this information while offline.
Enable up-to-date notifications
Mobile devices will be able to receive notifications sent to the device that will initiate synchronization between a user’s device and their Exchange mailbox. (Note: Currently only Windows Mobile 2003 devices support the up-to-date notifications.)
Enable notifications to user-specified SMTP addresses
Users can use any mobile carrier with the wireless synchronization feature of Exchange. Enable this feature if you have users who are using mobile devices to synchronize their Exchange information, and you do not want to specify the mobile carrier in Exchange.
Module 10: Outlook Mobile Access
To configure Outlook Mobile Access
15
The following table lists object properties available to access Exchange through Outlook Mobile Access. Object property
Description
Enable Outlook Mobile Access
This feature allows users to use a supported mobile device to access Outlook Mobile Access.
Enable unsupported devices
This feature provides mobile access to Exchange Server from devices that are not supported. These unsupported devices may have unexpected results when using Outlook Mobile Access.
16
Module 10: Outlook Mobile Access
Lesson 2: Outlook Mobile Access Browse
*****************************illegal for non-trainer use******************************
Introduction
This lesson explains how to enable user accounts for mobile access to Exchange Server 2003. Enabling user accounts for mobile access to Exchange will require that the user be enabled for Outlook Mobile Access or Exchange ActiveSync and that their mobile device be configured to access Exchange.
Lesson objectives
After completing this lesson, you will be able to:
Have a basic understanding of Outlook Mobile Access browse and be familiar with known issues.
Module 10: Outlook Mobile Access
General Overview
*****************************illegal for non-trainer use******************************
Outlook Mobile Access Browse is accessed by going to the Outlook Mobile Access virtual directory on the Exchange 2003 server. e.g. http://<exchange2003>/oma
Features
Here are some of the features that Outlook Mobile Access Browse enables you to do: E-mail: Read, Reply, Forward, Delete, Flag, Compose. Navigate multiple folders. Look up sender or other recipients. Calendar: Accept, Decline, Tentative meeting requests. Navigate via calendar control. Compose/Edit appointments with attendees support. Contacts: View, Create, Edit personal contacts. Search personal and GAL contacts. Save GAL contacts to personal contacts. E-mail / Call contacts. Tasks: View, Create, Edit tasks.
17
18
Module 10: Outlook Mobile Access
Known Issues
*****************************illegal for non-trainer use******************************
Below is a list of popular known issues. Single Server and Outlook Web Access Forms Based Authentication and SSL
817379 Cannot Access Exchange Server 2003 by Using Outlook Mobile Access When
Symptoms
When you attempt to access Outlook Mobile Access, you receive one of the following error messages:
Outlook Mobile Access does not work when Exchange virtual directory requires SSL or has Forms Based Authentication Enabled
1. Unable to connect to your mailbox on server <servername>. Please try again later. If the problem persists contact your administrator. In the Application Event Log you will see : Event Type: Error Event Source: MSExchangeOMA Event Category: (1000) Event ID: 1805 Date: 2/20/2003 Time: 6:25:35 PM User: N/A Computer: <ServerName> Description: Request from user
[email protected] resulted in the Microsoft(R) Exchange back-end server <servername> returning an HTTP error with status code 403:Forbidden
or 2. A System error has occurred while processing your request. Please try again. If the problem persists, contact your administrator. In the Application Event Log you will see :
Module 10: Outlook Mobile Access
19
Event Type: Error Event Source: MSExchangeOMA Event Category: (1000) Event ID: 1507 Date: 2/20/2003 Time: 6:38:28 PM User: N/A Computer: <SERVERNAME> Description: An unknown error occurred while processing the current request: Exception of type Microsoft.Exchange.OMA.DataProviderInterface.ProviderExcept ion was thrown. Stack trace: at Microsoft.Exchange.OMA.UserInterface.Global.Session_Start(O bject sender, EventArgs e) at System.Web.SessionState.SessionStateModule.CompleteAcquireS tate() at System.Web.SessionState.SessionStateModule.BeginAcquireStat e(Object source, EventArgs e, AsyncCallback cb, Object extraData) At system.Web.AsyncEventExecutionStep.System.Web.HttpApplicati on+ IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner Error: Exception has been thrown by the target of an invocation. Stack trace: at System.Reflection.RuntimeConstructorInfo.InternalInvoke(Bin dingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean isBinderDefault) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlag s invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
20
Module 10: Outlook Mobile Access at Microsoft.Exchange.OMA.UserInterface.Global.Session_Start(O bject sender, EventArgs e) Inner Error: The remote server returned an error: (440) Login Timeout. Stack trace: at Microsoft.Exchange.OMA.ExchangeDataProvider.OMAWebRequest.G etRequestStream() at Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeService s.GetSpecialFolders() at Microsoft.Exchange.OMA.ExchangeDataProvider.ExchangeService s..ctor(UserInfo user)
Cause
Exchange Outlook Mobile Access uses the Exchange virtual directory to access Outlook Web Access templates and DAV on Exchange back-end servers where the user’s mailbox is located. When the /Exchange virtual directory on an Exchange back-end server is configured to require SSL and/or Forms Based Authentication is enabled, Exchange ActiveSync and Outlook Mobile Access cannot access this virtual directory. This issue does not occur when you enable these settings on the /Exchange virtual directory on a front-end server.
Resolution
SSL can be required and forms based authentication can be turned on for frontend servers without applying the workaround below. To resolve this issue, complete the following steps: 1. Start the Exchange System Manager 2. Locate the Servers/<server name>/Protocols/HTTP/Exchange Virtual Server folder. For each of the back-end servers where SSL is required or forms based authentication is enabled for the /Exchange virtual directory. 3. Right-click Exchange Virtual Server, click New, and then click Virtual Directory. 4. Type the name of the new virtual directory that the Exchange ActiveSync and Outlook Mobile Access processes will use (this is not the name of the virtual directory that Outlook Web Access clients will connect to). For example, type Exchange-oma. 5. In the Exchange Path section, verify “Mailboxes for SMTP domain” is selected and that the correct SMTP domain is listed in the text box. 6. Add the following registry entry: HKLM\System\CurrentControlSet\Services\MasSync\Parameters Entry: ExchangeVDir Type: String Value (REG_SZ) Data:
Example: / Exchange-oma
7. Open Internet Services Manager.
Module 10: Outlook Mobile Access
21
8. Locate the virtual directory created in Step 4. 9. Right-click on this folder and choose Properties. 10. Select the Directory Security tab. 11. Within the “IP address and domain name restrictions” section, click the Edit button. 12. Enable the option “Denied access”. 13. Click the Add button. 14. Select Single computer and in the IP address field, type the IP address of the server being configured and click OK. 15. Click OK on the remaining dialog boxes. 16. Restart the World Wide Web Publishing Service. Exchange 2000 Exchange System Manager in new environments
You should avoid using Exchange 2000 Exchange System Manager in environments where Exchange 2000 is installed. Not only will you not be able to access new Exchange 2003 features, but there is also the risk of damage to new objects that Exchange 2000 does not understand. If you must continue to use Exchange 2000 Exchange System Manager, apply the latest Exchange 2000 SP3 roll-up to your Admin workstation(s) http://microsoft.com/downloads/details.aspx?FamilyId=E247C80E-8AFA4C2A-96B3-F46D1808C790&displaylang=en The roll-up includes support for the msExchMinAdminVersion attribute (also known as Exchange System Manager versioning). Essentially, each Exchange object in the Active Directory is stamped with a minimum admin version. If Exchange System Manager detects that the data value is greater than the version of Exchange System Manager running, it will not allow edits to that object. The following objects may become damaged if an unpatched version of Exchange 2000 Exchange System Manager is used in an Exchange 2003 environment:
A Recovery Storage Group (RSG) created by Exchange 2003.
Permissions on Outlook Mobile Access and ActiveSync virtual directories.
These objects will only be damaged if older versions of Exchange System Manager are used to manipulate (i.e. write data) directly on these objects. Additionally, there may be some options in both Exchange 2000 and Exchange 2003 that fail to work properly if the Exchange System Manager from Exchange 2000 is run against Exchange 2003 servers: Directory Access tab on the server object returns an error. Cross Forest Topologies
Problem:
Outlook Mobile Access user attributes are stored on the disabled user account in the Exchange resource forest in a cross forest topology. When a user authenticates to Outlook Mobile Access, the corporate user account in the corporate forest is used. So Outlook Mobile Access needs a way of finding the disabled user based on the corporate user account in order to access user attributes in the active directory. Outlook Mobile Access does this by matching the two accounts using SID; “user ID” of the accounts are not necessarily the same. Outlook Mobile Access looks for a disabled account with a MasterAccountSID property set to the SID of the corporate user account. This method is not perfect.
22
Module 10: Outlook Mobile Access
Corporate user account is moved between domains in the corporate forest, deleted and recreated in some other domain, then the SID mapping between the user accounts is broken and invalid. Outlook Mobile Access and other Exchange components will be broken for this user. Solution:
Use Active Directory Users and Computers to set the corporate user account as the ‘associated external account’ associated with the mailbox. To do this, navigate to the user in Active Directory Users and Computers and select the properties of the user. Select the Exchange Advanced Tab, and then click on the Mailbox Rights button. Add the corporate user account and check the “Associated external account” checkbox in the Permissions pane. Another method could have been taken to look up a disabled account; SIDHistory property of the corporate account. This would help the ‘moved accounts’ issue above, however, corporations (OTG) do not like this property for security purposes and frequently clear it when they move accounts; net result: Outlook Mobile Access does not use SIDHistory.
For more information related to common Outlook Mobile Access Errors see Module 10 Appendix B.
ASP.NET ACLs become corrupt after dcpromo or upgrading operating system
ASP.NET is an integral part of the .NET Framework. Version 1.1 of ASP.NET or later is required for certain Exchange 2003 features; Outlook Mobile Access Browse is one of them. Under certain circumstances the Access Control Lists (ACLs) set by ASP.NET may be overwritten and need to be restored. There are two common scenarios that cause this to happen. 1. Promoting a server to a domain controller (affects both Windows 2000 and Windows Server 2003). 2. Upgrading a server from Windows 2000 Server to Windows Server 2003. The ASP.NET component of the .NET Framework is treated differently depending on whether the .NET Framework is installed on a Windows 2000 server or Windows Server 2003. ASP.NET is installed as part of the .NET Framework on a Windows 2000 server. ASP.NET component is installed via Add/Remove Windows Components in Windows Server 2003. The Web Service Extension for ASP.NET should be allowed by default. You can double-check that it is enabled using the Web Service Extensions node in Internet Services Manager. The ASP.NET v1.1.xxxx Web Service Extension must be set to Allow. Promoting a server to a domain controller or upgrading a Windows 2000 to Windows Server 2003 resets the ACLs set by ASP.NET. This breaks any applications requiring ASP.NET. So if you install Exchange 2003 under the following two circumstances, certain Exchange 2003 features will not work. 1. On a server that was promoted to a domain controller after ASP.NET was installed. 2. On a Windows Server 2003 server that was upgraded from a Windows 2000 server with the .NET Framework installed.
Module 10: Outlook Mobile Access
23
This problem can be avoided by installing ASP.NET after promoting a domain controller or upgrading from Windows 2000 to Windows Server 2003. If the ACLs become corrupt, running the aspnet_regiis.exe script with the -i switch will restore the necessary ASP.NET ACLs.
Open a command prompt in the %windir%\Microsoft.NET\Framework\" [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322].
Type aspnet_regiis.exe -i and press ENTER.
24
Module 10: Outlook Mobile Access
Lesson 3: Beneath the GUI
*****************************illegal for non-trainer use******************************
Introduction
This lesson explains what happens under GUI, and covers a number of subjects in-depth. These include:
An overview of Outlook Mobile Access Browse
Session State
Outlook Mobile Access and the Metabase
Forest and User settings
User preferences
In addition, some of the topics may not be covered by the instructor, but are there for your reference.
Module 10: Outlook Mobile Access
25
Beneath the GUI: Overview
*****************************illegal for non-trainer use******************************
Basically Outlook Mobile Access browse does the following:
Phone initiates signal to carrier via microwave link.
Carrier converts signal to TCP/IP HTTP(S) request; if required: some phones support TCP/IP stack – DNS option is indicative of these devices
HTTP(S) request routed to http(s)/fqdn/oma
Global.asax Gets Services and caches http(s) request ID in a session object
Mobile Browser request checked against web.config for compatibility
User credentials checked by IIS; Basic Authentication
OMA.aspx calls Services.GetInbox to initialize the data provider
OMA.aspx queries inbox, and retrieves messages
Mobile controls send properly formatted response to mobile device
On a Windows Server 2003 server, Outlook Mobile Access Browse runs in its own process and sits in its own application pool: ExchangeMobileBrowseApplicationPool. This application pool name is legacy. On Windows 2000 servers, Outlook Mobile Access runs in a process together with other ASP.NET applications on the same machine. The user account Outlook Mobile Access runs under is the standard ASP.NET application user, it has very restrictive access rights overall. On Windows Server 2003, OMA runs under the ‘Network Service’ account in a w3wp.exe process, and on Windows 2000 Outlook Mobile Access runs under the ‘aspnet’ account in an aspnet_wp.exe process. CDOEX, ASP.Net session state management and ADSI are used inside the Outlook Mobile Access process to reach external sources. Web.config, the Windows registry and the IIS metabase are used to read configuration.
26
Module 10: Outlook Mobile Access
For Outlook Mobile Access to work, the application has to receive the user credentials in clear text through Basic authentication. Outlook Mobile Access does not work with Windows Integrated Authentication even if the device/browser supports it. Retrieving Data
Retrieving data for a user through DAV and Outlook Web Access templates requires Outlook Mobile Access to construct the DAV/OWA URL ‘http://<servername>//<mailbox>’. Outlook Mobile Access cannot use the URL format without the <mailbox> at the end as this is the only way the Outlook Web Access HTML logon form can be reached. The <servername> is retrieved from the User object of the logged on user; in cross forest topologies, this information is read from the disabled user account in the resource forest. The is retrieved from the registry ‘ExchangeVDir’ setting: HKLM\System\CurrentControlSet\Services\MasSync\Parameters\ExchangeVD ir If this does not exist then it will connect to the Exchange Virtual Server Note You will get a HTTP_403 if SSL is required on the Exchange Virtual Directory – See Q822177. You will need to create a new Exchange V-dir and point Outlook Mobile Access requests to that one in the registry. Documentation says that turning on Forms Based Authentication will cause Outlook Mobile Access to fail, which is not true. Only applies to Sync.
Determining Correct Mailbox
Extract from: 324306 XADM: How Exchange 2000 Web Storage System and Exchange 2000 Installable. To be able to retrieve data for a user through DAV and Outlook Web Access templates, Outlook Mobile Access needs to be able to construct the DAV/Outlook Web Access URL on the format ‘http://<servername>//<mailboxname>’. Outlook Mobile Access cannot use the URL format without the <mailboxname> at the end because only the Outlook Web Access HTML logon form can be reached that way. <servername> is retrieved from the Active Directory User object of the logged on user (attribute [X]) (in cross forest topologies, this information is read from the disabled user account in the Exchange resource forest). is retrieved from the registry ‘ExchangeVDir’ setting described above (the same back-end DAV/Outlook Web Access vdir is used for all users and all Outlook Mobile Access front-end vdirs on the same front-end server) Determining the correct <mailbox> is more complex. The only way to determine a user mailbox name is to find the user’s SMTP address for the mailbox. You can find this value from the User object. There is a problem with this method however; the attribute may contain more than one SMTP address for the user. The correct SMTP address is determined by the SMTP Domain of the mailbox in question. The SMTP Domain is configured via Exchange System Manager per virtual directory for Outlook Web Access, Outlook Mobile Access and Exchange ActiveSync. This facilitates hosting as the same front-end server can have multiple Outlook Mobile Access virtual directories and each virtual
Module 10: Outlook Mobile Access
27
directory represents a unique SMTP Domain. This setting is stored in the directory with one SMTP Domain per virtual directory per Exchange server. Unfortunately, Outlook Mobile Access, as well as Exchange ActiveSync and Outlook Web Access, does not have read access for this attribute. Since it is an administrator setting, the access rights are very restrictive. However, the Microsoft Exchange Directory Service to Metabase Replication (DS2MB) process does have read access. 1. Exchange System Manager writes an SMTP Domain value to Active Directory for a certain virtual directory on a certain server (e.g. ‘microsoft.com’ for the ‘microsoft/oma’ virtual directory and ‘corp2.com’ for the ‘corp2/oma’ virtual directory). 2. DS2MB on that server picks the setting up and replicates it to the IIS Metabase on the machine. 3. Outlook Mobile Access (as well as Exchange ActiveSync and Outlook Web Access) reads the SMTP Domain for the virtual directory in which they are running. 4. Outlook Mobile Access (etc.) looks up the SMTP addresses on the Active Directory User object (in cross forest topologies, this information is read from the disabled user account in the Exchange resource forest). 5. Outlook Mobile Access (etc.) picks out the SMTP address using the SMTP Domain in the list. 6. The SMTP address is on the format <mailboxname>@<SMTP Domain>; Outlook Mobile Access (etc.) extracts the <mailboxname>. 7. The <servername>, and <mailbox> values are concatenated to provide the DAV/Outlook Web Access URL required by the back-end server.
28
Module 10: Outlook Mobile Access
Beneath the GUI: Session State
*****************************illegal for non-trainer use******************************
Session management
The HTTP protocol is effectively stateless as it provides no mechanism for identifying or maintaining sessions between a Web server and a client. Microsoft addressed this problem in ASP by providing a Session object that allowed you to uniquely identify a user and store information specific to his or her interactions with a Web server. ASP.NET offers an updated and improved version of the Session object. This object allows you to perform the following tasks:
Identify a user through a unique session ID.
Store information specific to a user's session.
Manage a session lifetime through event handler methods.
Release session data after a specified timeout.
Outlook Mobile Access utilizes the ASP.NET default; in-process session state handling. This mirrors ASP and results in server affinity; a client session will be directed to a particular server. In-process session state cannot be used in a Web farm scenario. Outlook Mobile Access was not tested with Session Server or Microsoft® SQL Server™ session storage models and as such IS NOT SUPPORTED. Outlook Mobile Access uses the modified URL method of session management and DOES NOT support cookies. You can confirm this by examining the web.config in the Outlook Mobile Access directory; you will find a section like the following.