Separate the OWA and Microsoft-server-activesync Mobile Access for Exchange

Source: Internet
Author: User
Tags cas

In many scenarios, Exchange's OWA is published to the Internet, but it also gives hackers an entry point for brute-force user names and passwords. (I personally feel that in the absence of intrusion detection device, you can set the user's login name and SMTP prefix inconsistent, and the user's input password error number limit, this can also initiate a certain protective effect.) The only drawback is that the user needs to record the SMTP address and log a login name. Based on this situation, a lot of people will find a way to solve this problem, some people suggest that I will not publish the company's Exchange OWA and Outlookanywhere, but now is the mobile office era, You still need to turn on mobile mobile to access the Exchange portal. Here's a quick introduction to how Exchange can only publish mobile device access portals on the public network, without publishing OWA and Outlookanywhere.

I. Conditions of preparation

There are two Exchange CAS servers in my environment, CAS01 and CAS02, respectively.

1. First, we need to specify two intranet IP addresses for each CAS server. (one for OWA using 10.1.1.1, one for Microsoft-server-activesync using 10.1.1.2)

2. Disable the Outlookanywhere function on CAS01 and CAS02. (can also not be disabled, as long as the public network does not publish 443 ports, then the Outlookanywhere function can only be used in the intranet.) )

3, in advance to apply for CAS01 and CAS02 the certificate on the server, so that the certificate's alternate name contains the need to publish the mobile phone public domain login.

Note: The idea is that, by default, Exchange's OWA and mobile access are mounted under a default Web site, and we just need to create a new Web site that creates a mobile Access virtual directory under this site. If you want your phone to be able to view information such as your calendar normally, you will also need to create an EWS virtual directory under this site.

Second, the operation process

1. Log on to the server CAS01 and add a Web site named ActiveSync in IIS Manager. Bind the site site using the IP address 10.1.1.2.

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/82/DE/ Wkiom1djuups9nkzaaki2x6bzcg787.png "" 539 "height=" 439 "/>

2. Create a virtual directory with a command. (Note that externalurl for the mobile phone outside the portal, the need to add a DNS DNS resolution record in the public domain.) )

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/82/DE/ Wkiom1djuutznasdaacq8mabrx8655.png "" 808 "height=" 138 "/>

3, the same operation on the server CAS02, add a site site.

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/82/DC/wKioL1djUl3S7hK_ Aamyh8igcie991.png "" 804 "height="/>

4. Use the command to create the virtual directory that the phone is logged in.

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/82/DE/ Wkiom1djuujxtex0aado71mlywg653.png "" 802 "height=" 144 "/>

5. After the command is created, use the command to view the virtual directory settings of the current server's mobile phone.

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/82/DC/ Wkiol1djul-truuuaagfsycjq0o959.png "" 805 "height=" 251 "/>

6, after the creation is complete, launches the website site ActiveSync.

650) this.width=650; "title=" image "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/82/DC/ Wkiol1djumkyqdx3aak7nwilz7e438.png "" 782 "height=" 305 "/>

7. Next is the network engineer to publish the Exchange phone login port, and then use the phone to verify that the public can successfully log on.

Separate the OWA and Microsoft-server-activesync Mobile Access for Exchange

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.