Exchange vs. ADFS Single Sign-on Part 4: Publishing Exchange OWA via WAP

With the previous article, we now have our own ADFS platform and WAP, and then we can publish our Exchange OWA via WAP.

First we need to import the Exchange certificate into our WAP server, we recommend to open the computer's certificate snap-in via MMC, and then import our certificate into it by importing the certificate operation.

650) this.width=650; "height=" 442 "title=" clip_image001 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image001 "src=" http://s3.51cto.com/wyfs02/ M00/5b/59/wkiom1ugmguxzc9zaajhscievdq695.jpg "border=" 0 "/>

During the import process, we chose the Exchange Server certificate with the private key, which makes it more convenient to access the shared location directly.

650) this.width=650; "height=" 484 "title=" clip_image002 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/ M01/5b/59/wkiom1ugmgzaltspaad-fcwgny4487.jpg "border=" 0 "/>

Select an individual in the location where the certificate is placed, because the certificate is used by WAP and is not required to be trusted.

650) this.width=650; "height=" 484 "title=" clip_image003 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image003 "src=" http://s3.51cto.com/wyfs02/ M02/5b/59/wkiom1ugmgytpp_paadui2bguru272.jpg "border=" 0 "/>

After the import is complete, verify that the Exchange certificate is installed correctly in the Computer Certificates snap-in-personal-certificate.

650) this.width=650; "height=" 442 "title=" clip_image004 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/ M01/5b/54/wkiol1ugmzowyxnvaaioyrfrrxc926.jpg "border=" 0 "/>

Then we open the Remote Access Management console in Server Manager and then open the Web application Proxy, then click Publish on the right.

650) this.width=650; "height=" 410 "title=" clip_image005 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image005 "src=" http://s3.51cto.com/wyfs02/ M02/5b/54/wkiol1ugmztz8hxdaaefxkiy4rm440.jpg "border=" 0 "/>

Here we launch the WAP Application Publishing Wizard, which allows us to publish our web apps, such as Lync Web App, Lync Meet, Lync Dialin, and more.

650) this.width=650; "height=" 484 "title=" clip_image006 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/ M01/5b/54/wkiol1ugmzsaw7ueaadvrepfkgc914.jpg "border=" 0 "/>

On the Pre-authentication page, we can choose between two different publishing methods, the first one being published through the AD FS service, and the second being delivery. Here we choose to publish the Web application in a way that is equivalent to the traditional way of publishing the firewall, the AD FS will be published in the following way to share with you.

650) this.width=650; "height=" 484 "title=" clip_image007 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image007 "src=" http://s3.51cto.com/wyfs02/ M00/5b/5a/wkiom1ugmg_dp8wfaae9hgpavaq839.jpg "border=" 0 "/>

On the Publish Settings page, we set the name of Exchange OWA and configure the appropriate external URLs, certificates, and back-end server addresses, and if the internal and external addresses are the same, then we will enter the same external URL and the backend server URL directly.

650) this.width=650; "height=" 484 "title=" clip_image008 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image008 "src=" http://s3.51cto.com/wyfs02/ M02/5b/54/wkiol1ugmzbwhs4daafvnamrlfi887.jpg "border=" 0 "/>

On the confirmation page, we can see the cmdlet generated by the WAP Application Publishing Wizard, which we can then use to publish the Web application.

650) this.width=650; "height=" 484 "title=" clip_image009 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image009 "src=" http://s3.51cto.com/wyfs02/ M01/5b/54/wkiol1ugmzbxiuntaafnz00s-hm201.jpg "border=" 0 "/>

Click Publish to complete the publication of the Web application, and our Exchange OWA is ready to publish.

650) this.width=650; "height=" 484 "title=" clip_image010 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image010 "src=" http://s3.51cto.com/wyfs02/ M02/5b/5a/wkiom1ugmhhhycm_aac83z6ptei249.jpg "border=" 0 "/>

Next we do the testing, we build a virtual machine in the network where the external NIC is connected, and we set up the Hosts file to determine that our client can find our Exchange OWA correctly on the external network. Note that our mapping IP here is the external IP address of the WAP server, not the internal Exchange OWA server address.

650) this.width=650; "height=" 472 "title=" clip_image011 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image011 "src=" http://s3.51cto.com/wyfs02/ M00/5b/5a/wkiom1ugmhhhb9rtaajyqaghbqi461.jpg "border=" 0 "/>

Then we access this address via IE, and if no problem, our Exchange OWA will open successfully, displaying a certificate error because our client does not have the root certificate that issued the Exchange certificate installed.

650) this.width=650; "height=" 367 "title=" clip_image012 "style=" margin:0px;border:0px;padding-top:0px; Padding-right:0px;padding-left:0px;background-image:none, "alt=" clip_image012 "src=" http://s3.51cto.com/wyfs02/ M01/5b/5a/wkiom1ugmhkyfa1baad3alqxxks926.jpg "border=" 0 "/>

Here we'll test the exchange ECP again, the address of the input ECP will be found to be unable to open because we are not publishing the Exchange ECP, so we cannot access it.

650) this.width=650; "height=" 366 "title=" clip_image013 "style=" border:0px;padding-top:0px;padding-right:0px; Padding-left:0px;background-image:none, "alt=" clip_image013 "src=" http://s3.51cto.com/wyfs02/M02/5B/5A/ Wkiom1ugmhkgl_ctaadhoxc9isk215.jpg "border=" 0 "/>

One of the biggest features and differences between publishing Web applications using WAP or TMG/UAG is that the traditional firewall publishes the ip+ port, and WAP is the ip+ Port +web application address of the release, which means that we can publish multiple Web applications via the same IP address + port.

Here is a simple example, for example, when we deploy Exchange +lync, we need multiple IP addresses, because the Lync front-end server, such as Meet\dialin, requires a public IP port of 443. Edge If you do not modify the port also requires more than 443 ports, but because the edge can be modified port after the automatic acquisition/use, so we can modify the edge to non-standard ports, such as 442, 444, 5061 and so on. But even so, Exchange OWA still needs a 443 port, and office Web apps also need a 443 port, so we need 3 to different public IP, which is almost very difficult for enterprises now, because there is not so many public IP.

But with WAP, we can save a valuable public IP address by publishing a 443-port Web application on the 443 port of the public IP, such as Exchange OWA, Lync Web app, Meet, Dialin and so on.

This article is from the "Reinember" blog, make sure to keep this source http://reinember.blog.51cto.com/2919431/1621168

Exchange vs. ADFS Single Sign-on Part 4: Publishing Exchange OWA via WAP