In front of the article that we talked about Outlook Anywhere, I mentioned the new additions to the MAPI over HTTP Exchange Server SP1, this time we'll talk about what this new transport protocol is and how to configure it.
What is mapi/http and what are the benefits?
In previous versions (Exchange 2010), RPC over HTTP (external network Outlook Anywhere) and RPC Direct (internal network) connections, all connections were made through Outlook Anywhere, which is RPC over HTTP, to the incoming Exchange 2016, at least I now see the wind is to replace all RPC over HTTP with MAPI over HTTP. So in Ex2013 SP1, Microsoft first introduced this feature to try water and see how it worked. Then we should not go against the opposite, according to Microsoft's strategy also to learn the configuration look.
Let's take a look at these two graphs and make a preliminary analysis. The above one is the old rpc/http transmission process, you can find that the traffic package level is actually the mapi/rpc/http such a three-tier package, each time the Outlook client connection will need to rpc_data_in and Rpc_data_ This process, which is 2 times back and forth, plus HTTPS-to-MAPI connections. A 2 TCP long connection and 4 active connections are generated between the server and the client.
650) this.width=650; "height=" 321 "title=" clip_image002[4] "style=" border:0px; "alt=" clip_image002[4] "src=" http:// S3.51cto.com/wyfs02/m01/6f/91/wkiom1wf6ruw0iu-aae1qt4j5lw068.jpg "border=" 0 "/>
The following figure is MAPI over HTTP, and you can see that the entire MAPI connection is moved to the standard HTTP request/response model. This reduces the connection between the client and the server, with a maximum of 2 active connections, 1 long connections, and an on-demand short connection (this on-demand is mentioned below).
650) this.width=650; "height=" 311 "title=" clip_image004[4] "style=" border:0px; "alt=" clip_image004[4] "src=" http:// S3.51cto.com/wyfs02/m02/6f/91/wkiom1wf6rvqzg70aaecui_6jvq534.jpg "border=" 0 "/>
As you can see from the above two graphs, one is mapi/rpc/http and the other is mapi/http, which cancels the entire RPC package. Canceling this layer of encapsulation also means canceling the request and response to this layer. This is why the number of connections is reduced.
650) this.width=650; "height=" 219 "title=" clip_image006[4] "style=" border:0px; "alt=" clip_image006[4] "src=" http:// S3.51cto.com/wyfs02/m02/6f/8d/wkiol1wf6u6dexhoaad5kxpswdg626.jpg "border=" 0 "/>
The immediate benefit of reducing the number of connections and reducing the number of layers in the package is to reduce the interaction time between the client and the server, or, more closely, the design of a modern scenario (wireless network and Remote office network). According to Microsoft's own blow, when the user first configured the account to open Outlook, the time to stay in the logo box decreased by 70% ...
Another feature is that the above mentioned on-demand connection, it can actually be understood as a 15-minute valid connection window, when the client first set up a connection with the server, MBX will leave a connection window for on-demand connection, according to what needs? The need to reconnect, that is, after the client's network has been briefly disconnected, and then re-connected, it will go directly to the window to connect in, do not need to repeat the previous verification process. Microsoft also blew the wind to say: The same sleep up laptop, with mapi/http than with rpc/http of the re-connect time short 10 seconds ...
This time window will be raised in a later version of the larger.
There is another feature, the previous RPC connection and its non-maintainability (only through some specialized Microsoft internal tools to debug), now is our old friend HTTP encapsulation, not only provides the log, and even the Debug information window. To know that the RPC process hangs dead this type of failure can only be resolved by restarting ...
Microsoft's route is to slowly RPC. However, these characteristics are learned from O365, in the previous 2016 architecture forward-looking articles, I also mentioned that many of Microsoft's new concepts are applied to the O365, and then feel mature and then made functional features to on-premises users.
OK, let's talk about how the client uses Mapi/http to connect to the server:
1, the Outlook client, found itself is mapi/http compatible client, in the Autodiscover request with a parameter X-mapihttpcapability=1
2, the server received the Autodiscover request, found that there are mapi/http parameters, and then respond to mapi/http configuration information to the client. The configuration information includes the connection URL authentication method and so on, of course, if your server has already opened this function.
3. When Outlook receives this information, it discovers that it can establish a mapi/http connection with the server, telling the user to restart Outlook and continuing to use RPC over HTTP if the user does not restart Outlook
Configuration requirements:
Having told so many theories, let's start by actually configuring this stuff, first of all, some of the prerequisites for MAPI over HTTP.
For servers: Exchange server SP1 required, plus a. Net Framework 4.5.2, you may see some documents that need to kb2908387/kb2908385/kb2908383 these patches, These few hotfix can now only contact MCS to download ... So make a. Net Framework4.5.2 bar
Client requirements: Outlook Sp1,outlook SP2 as well as updates KB2956191 and KB2965295
Configuration steps:
Add system variables to all CAS servers: variable names and values see:
650) this.width=650; "height=" 666 "title=" clip_image007[4] "style=" border:0px; "alt=" clip_image007[4] "src=" http:// S3.51cto.com/wyfs02/m02/6f/91/wkiom1wf6rvdfw6jaakdrnwxjw8480.jpg "border=" 0 "/>
Next, you configure the MAPI virtual directory, which itself is already deployed with the MAPI virtual directory when the Exchange SP1 is installed. However, by default, only the InternalUrl is configured, so if you want to access it, you have to configure the authentication method used for Externalurl and external access. Command for
Set-mapivirtualdirectory–identity "Ex01\mapi (Default Web site)"-externalurl-iisauthenticationmethods Negotiate
650) this.width=650; "height=" 280 "title=" clip_image009[4] "style=" border:0px; "alt=" clip_image009[4] "src=" http:// S3.51cto.com/wyfs02/m00/6f/8d/wkiol1wf6u6tx0dgaagbjqn3uo0604.jpg "border=" 0 "/>
650) this.width=650; "height=" 277 "title=" clip_image011[4] "style=" border:0px; "alt=" clip_image011[4] "src=" http:// S3.51cto.com/wyfs02/m00/6f/8d/wkiol1wf6u-aflz7aafq6yyxonw268.jpg "border=" 0 "/>
Note Here Why IIS authentication is configured to negotiate? Because Mapi/http is validated in the same way as HTTP, that is, the client sends a anonymous HTTP request, and Exchange tells him the authentication method at the HTTP level without Autodiscover the authentication method. So according to the criteria of a negotiation method can be.
The final step is to turn on the Mapioverhttp function for the entire organization. Command:
Set-organizationconfig–mapihttpenabled $True
650) this.width=650; "height=" 281 "title=" clip_image013[4] "style=" border:0px; "alt=" clip_image013[4] "src=" http:// S3.51cto.com/wyfs02/m00/6f/91/wkiom1wf6ryxyltdaafe8v6izoc187.jpg "border=" 0 "/>
OK, to here Mapi/http function is formally configured, in order to ensure that the effective, it is best to restart all the ex servers in the organization, some people say I only restart CAs or only restart MBX to take effect, anyway, I was in the configuration of the scene is more than a full role, I will be restarted ~
How to determine mapi/http effective, after restarting the server, let the client once again automatic discovery, the client will jump an error:
650) this.width=650; "height=" 345 "title=" clip_image015[5] "style=" border:0px; "alt=" clip_image015[5] "src=" http:// S3.51cto.com/wyfs02/m01/6f/8d/wkiol1wf6u-qvm_maafw8xn5rji272.jpg "border=" 0 "/>
Then we follow the prompts, restart Outlook, and then look at the connection status, we will find that there is no proxy server and the following protocol only HTTP, authentication method for negotiation, SSL encryption. The server name is also an endpoint on a virtual directory that is connected to MAPI.
650) this.width=650; "height=" 322 "title=" clip_image017[4] "style=" border:0px; "alt=" clip_image017[4] "src=" http:// S3.51cto.com/wyfs02/m01/6f/91/wkiom1wf6r3jyqa1aadivaluj44166.jpg "border=" 0 "/>
650) this.width=650; "height=" 201 "title=" clip_image019[4] "style=" border:0px; "alt=" clip_image019[4] "src=" http:// S3.51cto.com/wyfs02/m02/6f/8d/wkiol1wf6u_yspxsaachoykulkk827.jpg "border=" 0 "/>
Here is a rpc/http connection state diagram, you can do reference
650) this.width=650; "height=" 169 "title=" clip_image021[4] "style=" border:0px; "alt=" clip_image021[4] "src=" http:// S3.51cto.com/wyfs02/m00/6f/91/wkiom1wf6r2afuy_aaeapjjngta824.jpg "border=" 0 "/>
Another change on the client is that, for example, the configuration of Outlook Anywhere is gone ~
650) this.width=650; "height=" 495 "title=" clip_image023[4] "style=" border:0px; "alt=" clip_image023[4] "src=" http:// S3.51cto.com/wyfs02/m02/6f/91/wkiom1wf6r3gknokaaeavmbp_te133.jpg "border=" 0 "/>
So we are configured to succeed, and then say a little more about the Mapi/http Debug. The first is the storage path of the Mapi/http log:
CAS server:%exchangeinstallpath%\logging\httpproxy\mapi\
Mailbox server:%exchangeinstallpath%\logging\mapi Client access\
Mailbox server:%exchangeinstallpath%\logging\mapi Address book service\
You can then perform a connection detection through Https://CAS's fqdn/mapi/emsmdb/, and you need to enter credentials
650) this.width=650; "height=" 432 "title=" clip_image025[4] "style=" border:0px; "alt=" clip_image025[4] "src=" http:// S3.51cto.com/wyfs02/m00/6f/8d/wkiol1wf6vdzsgvqaafjwgafjci992.jpg "border=" 0 "/>
For more details, then one of the above URLs is followed by another? Showdebug=yes, Https://cas's fqdn/mapi/emsmdb/?showdebug=yes.
The information in this case is more detailed and detailed to each step of the request interaction. The students who do the basic HTTP must not be unfamiliar.
650) this.width=650; "height=" 423 "title=" clip_image027[4] "style=" border:0px; "alt=" clip_image027[4] "src=" http:// S3.51cto.com/wyfs02/m00/6f/91/wkiom1wf6r6zdudjaafyywugnns375.jpg "border=" 0 "/>
If the client wants to temporarily turn off the Mapi/http function, use the Rpc/http function, OK, change the registration form:
Hkey\current User\software\microsoftexchange = Create a DWORD value of "mapihttpdisabled" value of 1
Then reopen Outlook to perform a re-autodiscover. Change back to use Mapi/http to change this value to 0.
Finally, here are a few things to note:
1. After MAPI over HTTP is turned on, Outlook SP1 cannot access earlier versions of public folders through EX2013SP1.
2. CPU usage on CAS server increases, but memory usage drops, about 50%-60% per user
3. When you cannot use MAPI over HTTP, Outlook automatically rolls back to RPC over HTTP
4. UAG SP4 currently does not support the release of MAPI over HTTP
5. The MAPI over HTTP may be used by default in Exchange 2016
This article also has the corresponding teaching video
This article is from the "Castamere Rainy season" blog, be sure to keep this source http://sodaxu.blog.51cto.com/8850288/1673091
"Deep Exchange 2013"mapi over HTTP combat configuration