In Microsoft Exchange Server 2013, the Outlook Anywhere feature, formerly known as RPC over HTTP, lets clients who use Microsoft Outlook 2013, Outlook 2010, or Outlook 2007 connect to their Exchange servers from outside the corporate network or over the Internet using the RPC over HTTP Windows networking component. This topic describes the Outlook Anywhere feature and lists the benefits of using Outlook Anywhere.
Outlook Anywhere and Exchange 2013
The Windows RPC over HTTP Proxy component, which Outlook Anywhere clients use to connect, wraps remote procedure calls (RPCs) with an HTTP layer. This allows traffic to traverse network firewalls without requiring RPC ports to be opened. In Exchange 2013, this feature is enabled by default, because Exchange 2013 doesn't allow direct RPC connectivity.
Benefits of using Outlook Anywhere
Outlook Anywhere offers the following benefits to clients that use Outlook 2013, Outlook 2010, or Outlook 2007 to access your Exchange messaging infrastructure:
Users have remote access to Exchange servers from the Internet.
You can use the same URL and namespace that you use for Outlook Web App and Microsoft Exchange ActiveSync.
You can use the same Secure Sockets Layer (SSL) server certificate that you use for both Outlook Web App and Exchange ActiveSync.
Unauthenticated requests from Outlook can't access Exchange servers.
You don't have to use a virtual private network (VPN) to access Exchange servers across the Internet.
If you already use Outlook Web App with SSL or Exchange ActiveSync with SSL, you don't have to open any additional ports from the Internet.
You can test end-to-end client connectivity for Outlook Anywhere and TCP-based connections by using the Test-OutlookConnectivity cmdlet.
Deploying Outlook Anywhere
In Exchange 2013, Outlook Anywhere is enabled by default, because all Outlook connectivity takes place via Outlook Anywhere. The only post-deployment task you must perform to successfully use Outlook Anywhere is to install a valid SSL certificate on your Client Access server. Mailbox servers in your organization only require the default self-signed SSL certificate.
Managing Outlook Anywhere
You can manage Outlook Anywhere by using the Exchange admin center or the Exchange Management Shell.
Outlook Anywhere coexistence
If you are planning to install Exchange 2013 in a coexistence scenario with previous versions of Exchange Server, you might still have Outlook 2003 clients in your organization. Outlook 2003 is not a supported client for Exchange 2013.
Before you move your namespace to Exchange 2013, you need to ensure that all Outlook clients have been upgraded to the minimum supported version. Outlook 2007 or higher is required for an Outlook Anywhere connection to Exchange 2013, even if the target mailbox is still on Exchange 2007 or Exchange 2010.
If you are currently using Outlook Anywhere in your Exchange 2007 or 2010 environments, in order to allow your Exchange 2013 Client Access Server to proxy connections to your Exchange 2007/2010 servers, you must enable and configure Outlook Anywhere on all of the Exchange 2007/2010 CAS in your organization. However, if you are not currently using Outlook Anywhere in your Exchange 2007/2010 environment and you don't want to start using it, then you don't need to enable Outlook Anywhere in the legacy environment.
Make sure that when you enable Outlook Anywhere on the Client Access Server, choose NTLM for IIS authentication.
Finally, configure the Outlook Anywhere external host name to point to the Exchange 2013 Outlook Anywhere host name.
Testing Outlook Anywhere connectivity
You can test for end-to-end client Outlook connectivity by doing either of the following:
Running the Test-OutlookConnectivity cmdlet. The cmdlet tests for Outlook Anywhere (RPC over HTTP) connections. If the cmdlet test fails, the output notes the step that failed.
Running the Outlook Anywhere connectivity test using the Exchange Remote Connectivity Analyzer (ExRCA). When you run this test, you get a detailed summary showing where the test failed and what steps you can take to fix issues.
Both tests try to sign in through Outlook Anywhere after obtaining server settings from the Autodiscover service. End-to-end verification includes the following:
Testing for Autodiscover connectivity
Validating certificates (whether the certificate name matches the website, whether the certificate has expired, and whether it's trusted)
Checking that the firewall is set up correctly (ExRCA checks overall firewall setup. The cmdlet tests for Windows firewall configuration.)
Confirming client connectivity by signing in to the user's mailbox
Exchange Hybrid and Office 365 Monitoring and Reporting
On-premises components, such as AD FS, PTA, and Exchange Hybrid are critical for Office 365 end user experience. In addition, something as trivial as expiring Exchange or AD FS certificates can certainly lead to unexpected outages. By proactively monitoring hybrid components, ENow gives you early warnings where hybrid components are reaching a critical state, or even for an upcoming expiring certificate. Knowing immediately when a problem happens, where the fault lies, and why the issue has occurred, ensures that any outages are detected and solved as quickly as possible.
AmyKelly Petruzzella is a marketing executive who focuses on Microsoft Exchange, Office 365, and Active Directory trends, challenges, and business outcomes for enterprises. Over the years, AmyKelly regularly engages with Gartner industry analysts, and she has been recognized several times for Top 50 Microsoft Marketing Excellence. She is a frequent speaker and blogger and an industry veteran who advocates for women in technology.