Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
 >

The users are complaining! You don't have enough RAS connections available to allow all your users access their email remotely! You have to investigate the options, but you don't have any money left in your budget, so installing more RAS connections is out of the question.

Outlook Web Access is an easy solution! The users can use their own ISP connection, and the only product you will be left to support is the browser! But this is not suitable for everyone. What about the users with laptops? They need to work offline! I mean if they don't then why do they have a laptop in the first place!

The only thing stopping you from letting clients connect with their Outlook 32-bit client using their own ISP,...is your firewall. But don't fret, this is easily achievable! Before I tell you how to do this, first I'll explain why this get's stopped at your firewall, so you understand it better.

The Exchange Server listens on Port 135 for client connections. Once a client connects to the server, Exchange re-assigns the client two random ports to continue the communication. One for the Information Store and the other for the Directory Service. Because Exchange re-assigns random ports, it would be impossible to let these through the firewall. Or if you did, you may as well not have a firewall anyway!

The changes you need to make are within the registry!

1) Browse to the following registry key

HKLM\System\CurrentControlSet\Services\MSExchangeDS\Parameters

2) ADD a new DWORD entry, with a Value Name of "TCP/IP Port". The Value Data should be a value something like 1225 or 4567. As long as this value is not directly above the 1023 range or used for something else, then you can use any value.

3) Browse to the following registry key

HKLM\System\CurrentControlSet\Services\MSExchangeIS\Parameters

4) ADD a new DWORD entry, with a Value Name of "TCP/IP Port". The Value Data should be a value something like 1226 or 4568. As long as this value is not directly above the 1023 range or used for something else, then you can use any value.

5) Now you need to allow these two ports, plus port 135 through the firewall to the Exchange Server.

6) Restart the Exchange Server.

Another thing you may need to do, it to add an entry in your DNS records, so your clients can use your server name externally! For example, if your server is called ES001, then you will want to add an entry for this into your external DNS records! This way your clients can move in and out of your network effortlessly.

7) This is not entirely secure as it is, so we now need to visit the clients. Under the Tools | Services |  Properties | Advanced Option you will notice the following options

Encrypt Information
[ ] When using the network
[ ] When using dial-up networking

Select the required checkboxes to enable RPC encryption for client connections. This way all RPC client to server communications are now encrypted.

 

  

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008