نمایش نتایج: از شماره 1 تا 1 از مجموع 1

موضوع: How to connect mobile employees and Exchange 2003 using Windows Small Business Server 2003 R2

  
  1. #1
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    How to connect mobile employees and Exchange 2003 using Windows Small Business Server 2003 R2

    کد:
    http://articles.techrepublic.com.com/5100-10878_11-6171328.html?tag=content;leftCol
    Takeaway: Traveling employees present special challenges for a network administrator. If you're running SBS 2003 R2 and want to connect mobile employees to Exchange 2003, there are some hoops you have to jump through. Erik Eckel shows you what you'll need to do to make it work.

    This article is also available as a TechRepublic download.


    Smartphones are everywhere: From the Motorola Q, to Palm Treo 700w, to Samsung BlackJack, cellular telephone providers are pushing Windows-powered PDAs at every turn. Increasingly, staff are purchasing these devices and then (often retroactively) approaching IT departments and technical consultants with requests to connect the phones to the organization's Windows Small Business Server.
    The ultimate goal is wireless synchronization of e-mail, calendar items, contacts and tasks. Fortunately, Windows Small Business Server 2003 R2 (SBS 2003 R2) simplifies the process, although it's no simple operation.
    The basic steps

    Essentially, empowering Outlook Mobile Access requires completing nine tasks (once a SBS 2003 domain is actually set up and implemented using a private Web certificate):

    1. Confirming proper firewall configuration.
    2. Saving the current private Web certificate.
    3. Remove the existing private Web certificate.
    4. Prepare a new third-party SSL Web certificate request.
    5. Purchasing the third-party SSL Web certificate.
    6. Loading the third-party SSL Web certificate.
    7. Enabling server use of the new SSL Web certificate.
    8. Confirming users possess appropriate rights.
    9. Configuring individual PDAs.

    Here's what's involved with each stage.
    Confirming proper firewall configuration

    Firewall configuration is fairly straightforward. If your organization already enabled Outlook Web Access (OWA) -- requiring secure SSL connectivity -- no changes are likely required. If OWA use isn’t enabled, you may have to register a DNS address dedicated to servicing mobile staff.
    For example, DNS records are often created for mail.yourorganizationdomain.com or exchange.yourorganizationdomain.com. These DNS entries are required to enable remote employees and mobile phone users to find the organization’s e-mail server on the Internet.
    Once DNS entries that direct e-mail traffic to your SBS 2003 server are in place, firewalls must be configured to pass the required traffic. Depending upon your organization’s network infrastructure, ports 80 (HTTP) and 443 (SSL) must be opened. Port 25, meanwhile, must be opened if Exchange receives e-mail.
    With the proper ports opened and forwarded to the appropriate servers, you’re ready to proceed to the next step.
    Save the current private certificate

    Many SBS 2003 and SBS 2003 R2 boxes rolled out using private Web certificates. Those private Web certificates enable secure OWA communications with mobile employees, but PDAs typically require the use of a third-party SSL Web certificates to ensure proper connectivity and security.
    Before replacing the private certificate with a third-party Web certificate from Thawte, VeriSign, or another trust service, save the private Web certificate that's in use to enable falling back to the current configuration, should the need arise. Follow these steps to back up the current private Web certificate using SBS 2003 R2:

    1. Access the Default Web Site by opening Server Management, expanding Advanced Managed, expanding Internet Information Services, identifying the proper server and expanding its Web Sites entry. When you do, you'll see the screen shown in Figure A.

    Figure A

    Access Web Certificate administration tools within Server Management’s Internet Information Services console.
    1. Right-click Default Web Site and select Properties. The Default Web Site Properties dialog box opens.
    2. Select the Directory Security tab. This will display the screen in Figure B.

    Figure B

    The Web Server Certificate Wizard is accessed by clicking the Server Certificate button.
    1. Press the Server Certificate button (found within the Secure Communications section). The Welcome To The Web Server Certificate Wizard will open, as shown in Figure C.

    Figure C

    The Web Server Certificate Wizard appears; it is similar to SBS' other wizards.
    1. Press Next. The Modify The Current Certificate Assignment screen appears, as shown in Figure D.

    Figure D

    The Web Certificate Wizard options change based on the action you've selected.
    Here, we are opting to export the existing private certificate.
    1. Select Export The Current Certificate To A .PFX File and press Next.
    2. Within the Export Certificate window, specify the path and file name where the certificate should be exported and press Next. You’ll see the screen shown in Figure E.

    Figure E

    Specify the path and file name for the certificate being exported.
    1. Enter a password to encrypt the exported .PFX file and press Next.
    2. Review the Export Certificate Summary screen for accuracy and press Next.
    3. Click Finish to complete the Web Server Certificate Wizard.

    Next you need to remove the existing private Web certificate to make way for the third-party Web certificate.
    Remove the existing private Web certificate

    To remove the existing private Web certificate, follow these steps:

    1. From the Default Web Site Directory Security tab, click the Server Certificate button to trigger the Web Server Certificate Wizard.
    2. Click Next to access the Modify The Current Certificate Assignment screen, from which you should choose Remove The Current Certificate radio button -- as shown in Figure F – and press Next.

    Figure F

    Use the Web Server Certificate Wizard to remove the existing private certificate.
    1. Review the Remove A Certificate menu for accuracy, then press Next.
    2. Click Finish to complete the process.

    With the private certificate removed, the next step is to request a third-party Web certificate.
    Prepare a third-party Web certificate request

    The next step involves configuring a new Web server certificate request on the SBS 2003 R2 system (the process is essentially identical on SBS 2003 boxes, too). To prepare a third-party Web certificate request, follow these steps:

    1. From the Default Web Site Directory Security tab (again, reached by opening Server Management and expanding Advanced Managed and Internet Information Services, identifying the proper server and expanding its Web Sites entry, then right-clicking Default Web Site and selecting Properties), press the Server Certificate button to trigger the Web Server Certificate Wizard.
    2. Press Next to access the Server Certificate page.
    3. Select the Create A New Certificate option, as seen in Figure G, and press Next. The Delayed Or Immediate Request page will appear.

    Figure G

    Use the Web Server Certificate Wizard to create a new certificate.
    1. Select Prepare The Request Now, But Send It Later and press Next.
    2. On the Name And Security Settings page, specify a name for the new certificate, specify the bit length (noting that larger bit lengths reduce performance) and press Next.
    3. On the Organization Information page, specify the organization's name (such as the company's name) and unit (such as corporate headquarters). Press Next.
    4. Specify the Web site name within the Common Name field, as seen in Figure H. Note: It’s critical you enter a valid DNS name that can be resolved by client systems and PDAs using the Internet. Then, press Next.

    Figure H

    Be sure to enter a valid DNS address when specifying the Web site common name.
    1. On the Geographical Information page, specify the Country/Region, State/Province (I recommend spelling out the state as opposed to using abbreviations) and entering the City/Locality, then pressing Next.
    2. On the Certificate Request File Name page, specify a file name and location for the certificate request. By default, SBS 2003 R2 creates a file named certreq.txt within the OS’ root directory. Note: You’ll require the location and name of this file when completing the stage that follows. Once you’ve noted the file name and location, press Next.
    3. Review the Request File Summary page for accuracy, then press Next.
    4. Press Finish to complete the Web Server Certificate Wizard.

    With the third-party certificate request created, you’re ready to proceed to the next stage.
    Purchase a third-party Web certificate

    Several options exist for purchasing third-party Web certificates. Thawte and VeriSign are two leading Internet trust service providers.
    In my personal experience, purchasing SSL Web certificates from Thawte has proven quick and easy (although I suspect the same is true using VeriSign). The basic process consists of creating an account, specifying the type of Web certificate you wish to purchase, entering information about the corporate entity for which the certificate is being purchased and will be deployed, and contact information (both technical and administrative).
    As part of the application process, you must load the contents of the Web certificate request file. This is the file you created in the last stage (and the file name and location you'll need to recall from step nine of preparing the third-party Web certificate request). When loading the file's contents, be sure to include the BEGIN- and -END line text. The location where you paste the certificate request information, when purchasing certificates from Thawte, is labeled the Certificate Signing Request (CSR) box.
    Using Thawte, you’re also required to specify the server platform. Windows SBS 2003 and SBS 2003 R2 administrators should select the MSIIS6 option.
    I’ve found Thawte’s SSL123 Web certificates work fine enabling Windows-based Smartphones and Pocket PC phones to synchronize easily with the SBS 2003 R2’s Exchange 2003 server (and enable OWA access). The price for a one-year SSL123 Web certificate is $149, while a two-year version runs $249.
    When you specify the administrative and technical contacts, know that you’ll have to provide an e-mail address within the same domain in which the certificate will be used. For example, if the valid domain name specified within the Web server certificate request is exchange.acme.com, you’ll need to provide an e-mail address within the acme.com domain (such as techsupport@acme.com). Upon approving your Web certificate request, Thawte forwards a link within a message to that e-mail address; it is imperative, then, that you be able to access that e-mail box. That link is required to access the SSL Web certificate (actually a text file).
    In addition, a confirmation e-mail message is sent to the e-mail address. Unless you can access that confirmation e-mail message and confirm the request by clicking on an included link, Thawte will not generate the actual SSL Web certificate.
    Upon completing the purchase request, a certification request code and payment reference number will be displayed onscreen. Record this information on paper, or print it out, as it is required to track the status of your purchase request.
    Once you’ve confirmed the Web server request and downloaded the actual text file (called fetching the certificate) using Windows Notepad (do not use Word or Wordpad, as these applications add additional information to the file), you’re ready to load the certificate on your SBS 2003 R2 server.
    Load the third-party Web certificate

    Use the Web Server Certificate Wizard to load the new SSL certificate on your SBS 2003 system. To do so, follow these steps:

    1. From the Default Web Site Directory Security tab (accessed using Internet Information Services), press the Server Certificate button to trigger the Web Server Certificate Wizard.
    2. Press Next to access the Pending Certificate Request page. Select Process The Pending Request And Install The Certificate, as seen in Figure I, and press Next.

    Figure I

    Specify Process The Pending Request And Install The Certificate.
    1. The Process A Pending Request page appears. Specify the path and file name for the text file you created consisting of the certificate information provided by the Internet trusted services provider. In other words, specify the name and location of the file you created during the last step of the Purchase A Third-Party Web Certificate stage. The default setting is c:\*.cer. If you wish, you can change the file extension for the certificate text file you created in Notepad from .txt to .cer.
    2. On the Specify SSL Port page, specify the port number your server uses for SSL traffic. The default setting is 443. Then, press Next.
    3. Review the Certificate Summary Screen for accuracy, then press Next.
    4. Press Finish to complete the wizard.

    Although the new SSL certificate is installed, the Windows Small Business Server Internet Connection wizard must be re-run to trigger its use.
    Enable use of the new SSL Web certificate

    Enable use of the new third-party SSL Web certificate by re-running the SBS 2003 R2 Configure E-mail And Internet Connection Wizard. To do so, follow these steps:

    1. Open Server Management, select the Internet And E-mail console, and press the green arrow icon for Connect To The Internet. The Welcome To The Configure E-mail And Internet Connection Wizard will open.
    2. Press Next to continue.
    3. Specify the Connection Type (in most cases you'll likely choose to retain the default settings the wizard presents), then press Next.
    4. Specify the Broadband Connection and press Next.
    5. Specify Router Connection parameters and press Next.
    6. On the Web Services Configuration page, select the Outlook Mobile Access checkbox (and the Outlook Web Access checkbox if you wish to enable OWA) and press Next. Figure J shows what you'll see.

    Figure J

    Specify the features you wish to enable and press Next.
    1. On the Web Server Certificate page, select Do Not Change The Current Web Server Certificate and press Next.
    2. On the Internet E-mail page, ensure Enable Internet E-mail is selected and press Next. The E-mail Delivery Method page will appear.
    3. Select Use DNS To Route E-mail and click Next. The E-mail Retrieval Method page will appear.
    4. Check the appropriate boxes for your organization (options provided are Use The Microsoft Connector For POP3 Mailboxes and Use Exchange) and press Next.
    5. On the E-mail Domain Name page, specify your organization’s registered e-mail Internet domain name (such as acme.com). Press Next. The Remove E-mail Attachments page will appear.
    6. Specify whether Exchange should remove attachments, and if so, which extensions should be filtered (and whether removed attachments should be directed to a specific folder) and press Next.
    7. Review the accuracy of the Configure E-mail And Internet Configuration Wizard and press Finish to complete the wizard.
    8. The wizard will make the specified changes. When the wizard completes, press Close to finish the process.

    Now you’re ready to perform a quick check verifying users possess the appropriate rights to leverage Outlook Mobile Access features.
    Confirm users possess appropriate rights

    Ensure users possess the necessary rights to use Outlook Mobile Access features, and synchronize their Outlook e-mail, Contacts, Calendar and Tasks information, by following these steps:

    1. Open Server Management on the Windows Small Business Server 2003/R2 system.
    2. Navigate to Users.
    3. Right-click the User in question and select Properties.
    4. Press the Exchange Features tab. You'll see the screen shown in Figure K.

    Figure K

    Configure Outlook Mobile Access permissions using the Exchange Features tab accessed from a User's Properties sheet.
    1. Review the Outlook Mobile Access settings. If the user’s Outlook Mobile Access, User Initiated Synchronization or Up-To-Date Notifications Mobile Services features are set to disabled, highlight the respective services and press Enable.

    With user permissions set, you’re ready to configure the user’s Windows-powered Smartphone or Pocket PC to synchronize with the Exchange 2003 server.
    Configure individual PDAs

    The easiest steps are saved for last. Once a nightmare configuration, configuring Windows Mobile 5.0-powered phones to connect and synchronize with a SBS 2003 R2 Exchange server is relatively easy. Just follow these steps:

    1. Press Start on the user's Windows-based Smartphone or Pocket PC.
    2. Select Programs.
    3. Select ActiveSync.
    4. Press Menu.
    5. Press Add Server Source.
    6. Enter the server address within the Edit Server Settings window. The server address you enter here should match the valid DNS entry you specified in step seven of the Prepare A Third-Party Web Certificate Request stage.
    7. Select the box for the This Server Requires An Encrypted (SSL) Connection and press Next.
    8. Specify the user's username (the same username they use to log on to the domain) within the Username field.
    9. Specify the user’s domain password (the same password the user enters when logging on to the domain) within the Password field.
    10. Enter the server’s domain name (the same domain name displayed within the Log On To field when the user logs on to a Windows domain) within the Domain field.
    11. Select the Save Password checkbox and press Next.
    12. Choose the data you wish to synchronize. The available options are typically Contacts, Calendar, E-mail and Tasks (although I’ve seen some PDA models that also enable synchronizing Favorites), and press Finish.

    That’s it

    Configuring a SBS 2003 R2-powered network to wirelessly synchronize Exchange data with Windows-powered cell phones isn’t a simple process, but it can be completed quickly (within a couple hours, typically) when an SBS domain is already up and running. The benefits can prove immense. In addition to reducing costs (by eliminating the need of having a third-party communications server), leveraging SBS 2003 and SBS 2003 R2’s inherent capabilities helps speed the flow of critical business information




    موضوعات مشابه:
    ویرایش توسط patris1 : 2010-02-20 در ساعت 01:53 AM

کلمات کلیدی در جستجوها:

valid DNS name exchange activesync

small business

powered by vBulletin move outlook 2003 pop mailbox to exchange mailbox

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •