disabled. If your users need these services to access Exchange messages, you have to enable the services. In Figure 14.1, I'm using the General property page of the Properties dialog box for the Exchange IMAP4 service to enable the service on my Exchange 2003 computer. POP3 and IMAP4 are listed in Services as Microsoft Exchange services. NNTP is simply listed as Network News Transfer Protocol. Figure 14.1: Using the General property page of the Properties dialog box for the Microsoft Exchange IMAP4 service to enable the service Computer and networking managers are constantly worrying about system uptime, and for good reason. Their jobs depend on reliable, available systems. You can do several things to ensure that your Internet virtual servers remain up and running 24 hours a day. You can manually monitor the services using the monitoring tools that I talked about back in Chapter 12, 'Managing the Exchange Server Hierarchy and Core Components,' and then do what you can to expediently restart stopped services. You also can supplement manual monitoring with a server−based self−monitoring system based on features of the Windows Server 2003 operating system. To do this, follow these steps: Find and right−click the service in the Computer Management\Services and Applications\Services container. This opens the Properties dialog box for the service (see Figure 14.2). Figure 14.2: Using the Recovery property page of the Properties dialog box for the Microsoft Exchange IMAP4 service to set actions to be taken if the service is no longer running 1. Tab over to the Recovery property page of the dialog box. You can use the Recovery page to tell the2. Chapter 14: Managing Exchange 2003 Services for Internet Clients 416 computer to do anything from attempt to restart the virtual server service to restart itself. As you can see in Figure 14.2, you can specify a different action for each of three successive recovery events. You can also set other parameters, including a message that is sent to users informing them when a restart is about to occur. Warning Be careful about automatic restarts. They can be traumatic not only for users, but also for you. Unless your Exchange server is isolated and difficult to attend to in person, rely on other alternatives, for example, the Exchange server monitors that I discussed in Chapter 12. If you don't want to offer one of the Exchange services discussed in this chapter, you either need to leave it disabled or disable it. To disable an enabled service, on the General property page of the Properties dialog box for the service (see Figure 14.1, shown earlier), click Stop to stop the service and then select Disabled from the Startup Type drop−down list. You can reset the Startup Type to Automatic anytime if you decide that you want to offer the service to your users. Note You can pause, stop, and start a virtual server that supports POP3, IMAP4, HTTP, NNTP, or SMTP services by right−clicking the virtual server in Exchange System Manager and selecting Stop, Pause, or Start. However, this isn't a good way to turn off a service. The service will remain stopped until you restart it, assuming that you didn't set restart parameters for the service on the Recovery property page of the Properties dialog box for the service (see Figure 14.2, shown earlier). However, the service will start right back up when the computer is rebooted. Front−End/Back−End Exchange Server Configurations In multiserver Exchange 5.5 environments, accessing POP3, IMAP4, and HTTP services could be a royal pain. Generally, users had to point their e−mail and web browser clients to the Exchange server that contained their mailboxes, so there was no way to provide a single fully−qualified e−mail server domain name or web server URL that worked for everyone in an organization. Instead, you had to give each user the specific fully−qualified domain name or URL for the Exchange server where their mailboxes were stored. And, if you added or removed a server or moved a mailbox to a different server, you had to give the user a new e−mail server domain name and web server URL. Additionally, in Exchange 5.5, all communications took place between the client and server. All servers had to be exposed to the Internet. And, if a client wanted Secure Sockets Layer (SSL) encryption and decryption, the Exchange server had to do it. Starting with Exchange 2000, all that changed. You can configure an Exchange 2003 server to act as a front−end server that all users contact for POP3, IMAP4, and HTTP services. The front−end server then acts as a proxy (intermediary) server for requests from the user's client to the back−end Exchange server that contains the user's mailbox. The front−end server also acts as the intermediary for information returned from the back−end server to the user's client. There is no direct interaction between the user's client and the back−end server. Users are authenticated on the front−end server using Basic (clear text) Authentication. This is the default, and you can't change it. That way, any POP3 or IMAP4 clients and web browsers will work. For front−end−to−back−end communications, you can use Basic Authentication or Integrated Windows Authentication. I talked quite a bit about these authentication alternatives in Chapter 13, 'Managing Exchange 2003 Internet Services.' Exchange Server 2003 front−end/back−end topologies have two other advantages. A back−end server placed behind a firewall offers another level of security for Exchange servers. Additionally, front−end servers can offload SSL encryption and decryption from back−end servers. You can optionally use SSL Front−End/Back−End Exchange Server Configurations 417 encryption/decryption with all of the Exchange Internet services that I discuss in this chapter. When a client requests SSL encryption/decryption, your front−end server performs these tasks for back−end servers, letting back−end servers focus their energies on Information Store access. I will discuss SSL security and its implementation in Chapter 18, 'Exchange Server System Security.' The front−end server's Information Store can remain, but Internet clients do not access it. For better performance, Microsoft recommends eliminating unnecessary components such as storage groups and routing groups, and disabling unnecessary services on front−end servers such as the Information Store service. Of course, front−end servers make sense only in multiserver Exchange environments with sufficient resources to dedicate a computer to front−end services. If you have but one Exchange server, you don't need to worry about front−end services, unless you want to reduce SSL message encryption/decryption loads on the server. Enabling a front−end server is easy. Find and right−click the server in Exchange System Manager, and select This Is a Front−End Server from the pop−up menu. (This option is available only when there are at least two Exchange servers in your Exchange organization.) Next restart the server. After it is up and running, remove all private and public stores. At this point, we've installed only one Exchange server in our organization, so we can't implement a front−end/back−end server system right now. Just keep this very nice and most user/administrator− friendly Exchange 2003 enhancement in mind as you read through this section. In the next chapter, 'Installing and Managing Additional Exchange Servers,' we'll get into implementing a front−end/ back−end system. Managing Post Office Protocol Version 3 (POP3) Messaging Exchange Server includes full support for POP3. POP3 is a simple but effective way for a client to pull mail from an e−mail server. There's no fancy support for access to folders other than your Inbox or all the fine bells and whistles that you find in the Outlook 200x clients. However, if you're looking for a simple lightweight client that can function readily over the Internet, POP3 isn't a bad choice. Note IMAP4 is implemented in Exchange Server 2003 in much the same way as POP3. I'll cover IMAP4 in the next section. I strongly suggest that you read this section even if you're not planning to implement POP3, though, because in the section on IMAP4, I'm going to discuss only the areas where POP3 and IMAP4 differ. POP3 Setup: The Exchange Server Side When you install Exchange Server, a default POP3 virtual server is installed. After installation (and assuming that you want to support POP3 e−mail client access to your Exchange information store), your job is to decide whether you need to change a set of default parameters to customize your POP3 environment to the needs of your organization and users. You customize POP3 default parameters at the server level. You can override some POP3 defaults at the individual mailbox level. Setting Up POP3 at the Server Level The first step in setting up POP3 for your server is to find the Protocols container for your server (see Figure 14.3). The Protocols container includes six protocol containers. Five of these are Internet protocols. We worked with SMTP in the last chapter. Exchange Server uses the X.400 protocol for some internal Managing Post Office Protocol Version 3 (POP3) Messaging 418 communications and it can be used to connect to external X.400−oriented e−mail systems. We'll cover the other protocols in this chapter. In addition, we'll talk about the Lightweight Directory Access Protocol, which is no longer an Exchange server component−it's part of Windows Server 2003, but it is such a key piece of the electronic messaging puzzle that it deserves coverage in a book on Exchange server. Figure 14.3: The server Protocols container and its six protocol subcontainers with the HTTP, IMAP4, NNTP, POP3, and SMTP default virtual servers shown Note I'm not going to extensively discuss the Default POP3 Virtual Server Properties dialog box, and I'm going to include screen shots of dialog box property pages only when required for clarity. Why? Well, as I noted previously, Microsoft used the SMTP virtual server model to implement POP3 services. I already discussed SMTP virtual servers in Chapter 13. So, I just want to talk here about what's unique in relation to POP3 virtual servers. I'll discuss the POP3 virtual server property pages and call your attention to the appropriate explanatory text and figures in the section 'Setting Up and Managing SMTP' in Chapter 13. Right−click Default POP3 Virtual Server, and select Properties to open the Properties dialog box for the default POP3 virtual server (see Figure 14.4). Except for the absence of the Message and Delivery property pages and the presence of the Message Format and Calendaring property pages, the Properties dialog box for POP3 virtual servers looks a lot like the Properties dialog box for SMTP virtual servers (see Figure 13.4, back in Chapter 13). Let's look at each property page in turn. General This page looks much like the General page for an SMTPVS, as shown in Figure 13.4 in Chapter 13. You can link the POP3 virtual server to all unassigned IP addresses or to a specific IP address. You can also set advanced properties for your connection using the Advanced dialog box (see Figure 13.5 and related text in Chapter 13). On the POP3 Advanced dialog box, the SSL Port field replaces the Filter Enabled field. The SSL port supports the encrypted transfer of logon information and messages between your Exchange server's POP3 virtual server and its clients. The SSL port is set automatically. SSL requires the use of security certificates on your Exchange. I discussed certificates in Chapter 13 and will discuss them further in Chapter 18. As with SMTP virtual servers, you can also limit the number of connections to your POP3 virtual server and set the number of minutes after which an inactive POP3 client connection times out and is disconnected. I suggest that you leave the default number of connections, which is no limit. Monitor POP3 activity with Windows Server 2003's performance tool (Start > All Programs > Administrative Tools > Performance). If you see heavy POP3 activity, start by limiting the number of connections to some number less than that shown by the Performance tool. The default timeout setting of 10 minutes is really about as low as you should go. Idle clients really don't require much of your server's resources. Don't depend on timeouts to help you much with load problems. POP3 Setup: The Exchange Server Side 419 Tip You can manage connections to POP3 virtual servers using the Current Sessions subcontainer of the POP3 virtual server container. Within this subcontainer, you can view and terminate connections. As you know from Chapter 13, this feature is also available for SMTP services. It is also available for IMAP4 and NNTP services. Access The Access property page is the spitting image of the SMTP virtual server Access property page, shown in Figure 13.7 in Chapter 13, except that it doesn't include the Relay button because message relaying is a unique feature of SMTP hosts. The Authentication dialog box, also shown back in Figure 13.7, doesn't include the anonymous authentication option because we're talking here about somebody's private mailbox, not a public SMTP host. What is called 'Integrated Windows Authentication' for SMTPVSs (see Figure 13.8 in Chapter 13) is called 'Simple Authentication and Security Layer' for POP3. It's pretty much the same thing. The Authentication dialog box also lacks the TLS (advanced SSL) encryption option. You set up SSL for POP3 on the server side by installing a key certificate using the Certificate button in the Secure Communication area of the Access property page. You don't have to mark any of the check boxes. You manage SSL in exactly the same way for IMAP4 and NNTP clients as you do for POP3 clients. Message Format You use the Message Format property page to set default message−encoding parameters and the type of character set to be used in messages, and to tell Exchange Server whether to send messages in Exchange's rich−text format. Except for two differences, the POP3 Message Format property page looks just like the one for SMTP virtual servers shown in Figure 13.17 in Chapter 13. The Apply Content Settings to Non−MAPI Clients field and the MIME and non−MIME character−set fields, neither of which makes sense for a POP3 server, are absent on the POP3 Message Format property page. As you'll see in the next section, 'Customizing POP3 Support for a Mailbox,' you can change the defaults that you set here on a mailbox−by−mailbox basis. Calendaring The Calendaring property page, shown in Figure 14.4, is new to Exchange Server 2003. It allows you to set up parameters for dealing with Outlook meeting request messages. Outlook users can invite others to meetings. Meeting requests are special e−mail messages. When users view them in Outlook, they can accept or decline meetings. Appointments for accepted meetings can be automatically scheduled in a user's Outlook calendar. Standard POP3 clients don't have the features required to make all of this work. POP3 Setup: The Exchange Server Side 420 Figure 14.4: The Calendaring property page of the Default POP3 Virtual Server Properties dialog box You use the Calendaring page to set up parameters that enable POP3 user meeting−request functionality. Basically, this functionality is enabled using Outlook Web Access (web access to Exchange mailboxes). When a meeting notice is viewed in a POP3 client, the message includes an attachment. When you open the attachment, you see a form that looks like an Outlook meeting−acceptance message. Users can perform most meeting request response functions with this interface, including clicking an Accept or Decline button. As you can see in Figure 14.4, you can specify whether users should be directed to the URL for their own Exchange server or to the URL for a front−end server that directs them to their own Exchange server. If you choose to set a front−end server, you enter its URL in the Front−End Server Name field. You can choose to use Secure Sockets Layer security for the OWA connection. The URL field contains the URL that will be used. It is formed based on the choices that you made earlier in the Calendaring page. Note For POP3−based meeting setup to work, users must set their POP3 clients to leave a copy of messages on the server. This is necessary so that the messages can be accessed later when an OWA client is used to respond to a meeting notice. I'll show you how to leave a copy of a message on a server in a bit. Note POP3 clients (and IMAP4 clients, for that matter) pull incoming messages from POP3 (IMAP4) servers. However, POP3 and IMAP4 servers do not provide outgoing messaging services for their clients. SMTP hosts provide this service. In the last chapter, I talked about how Exchange 2003 SMTP virtual servers can provide outgoing SMTP host services (relay services) to Internet e−mail clients such as POP3 and IMAP4. Customizing POP3 Support for a Mailbox To customize POP3 support for a specific mailbox, follow these steps: Find and right−click the user in Active Directory Users and Computers\Users, and then select Properties from the pop−up menu. This opens the Properties dialog box for the user. 1. Tab over to the Exchange Features property page (see the left side of Figure 14.5). You can enable or disable POP3 for the mailbox by clicking the Enable and Disable buttons. The protocol is enabled by default. 2. POP3 Setup: The Exchange Server Side 421 To set different parameters for this mailbox, click POP3 and then click Properties to open the Exchange Features dialog box, shown on the right side of Figure 14.5. In this figure, I changed the default Provide Message Body as HTML to Both. Now messages sent from the mailbox will be in both plain text and HTML format. Figure 14.5: Using the POP3 Exchange Features dialog box to manage POP3 properties for a mailbox 3. You've seen all the options on the POP3 Exchange Features dialog box, and you should be clear on what they are and when you might want to change them. So, that's all for managing POP3 at the mailbox level. POP3 Setup: The Client Side I've always thought of POP3 clients as one of life's little miracles. You set some basic parameters and tell the client to check for mail on your POP3 server, and your mail shows up. I'm sure that building sophisticated POP3 servers and clients is quite a task, but using them is a snap. Let's get a client configured so that you can experience the miracle. Start with Microsoft's Outlook Express Client Although you can use any POP3−compliant Internet mail client to access your Exchange Server's POP3 server, you'll find that Microsoft's Outlook Express client is not only one of the best, but it's also enabled to support all the Internet protocols that I cover in this chapter. I strongly suggest that you use the Outlook Express client for the exercises in this book, even if you plan to use another one later. The Outlook Express client comes with Microsoft Internet Explorer version 4 and above. You install IE with Windows. You can download the latest version of IE from Microsoft's website, www.microsoft.com. Getting Connected to an Exchange Server−Based POP3 Server First you need to set up your POP3 client to connect to an Exchange Server−based POP3 server. Before you start, you need to gather the following information: Name of the sender to be displayed in the From field of POP3 messages• POP3 Setup: The Client Side 422 Your Windows 2003 account logon user name• The password for your Windows 2003 account• Your Exchange mailbox alias name• Your Windows 2003 or pre−Windows 2000 domain name• Your POP3 e−mail address, which is your Exchange Server Internet mail (SMTP) address• The IP address or name of your POP3 server (for incoming messages)• The IP address or name of your SMTP server (for outgoing messages)• Let's take a look at how each of these is used to set up a POP3 client. As we move along, note the other options on the various wizard pages you see. Your users might need an alternative to the ones we use here, for example, a dial−up modem connection. Open Outlook Express 6, which comes with Windows 2003. The New Connection Wizard opens.1. On the second wizard page, select Connect to the Internet. The next page, shown in Figure 14.6, offers a number of options for connecting. Figure 14.6: Selecting the manner in which the Outlook Express POP3 client will connect to the Internet 2. For this chapter, we'll connect directly over our LAN. So, select Connect Using a Broadband Connection That Is Always On. The next wizard page warns you that your broadband connection should be configured and ready to use. 3. Click Finish to bring up the Internet Connection Wizard.4. As you can see in Figure 14.7, the first thing you need to do on the Internet Connection Wizard is to enter the name of the sender that will be displayed in the From field of each message that you send. I've cleverly chosen Barry Gerber. Click Next, and you're asked to enter your Internet e−mail address (see Figure 14.8). This is the Internet address for your Exchange server mailbox. Mine is bgerber@bgerber.com. POP3 Setup: The Client Side 423 Figure 14.7: Entering a name to be displayed in each sent message as the message's sender Figure 14.8: Entering the SMTP e−mail address for an Exchange mailbox Click Next to select the kind of incoming mail server that you're setting up an account for (POP3 or IMAP4) and to enter the names of the servers that will handle incoming and outgoing mail for your client (see Figure 14.9). Your incoming mail server name is the IP address or Internet domain name of the Exchange server where your mailbox resides. POP3 server services must be running on this server. Your outgoing mail server name is the IP address or Internet domain name of a server running SMTP mail services, a server that can and will relay (send) your mail out to the Internet for you. Although you could use any SMTP mail server that allows you to relay outgoing messages through it, your best bet for this chapter is your Exchange server. POP3 Setup: The Client Side 424 Figure 14.9: Selecting an e−mail server type (POP3 or IMAP4) and entering e−mail server names Note in Figure 14.9 that I've entered the fully−qualified domain name for the Exchange server exchange01.bgerber.com that runs both POP3 services and Windows 2003 SMTP virtual services. You can use a different name for the SMTP server side of things, for example, I could have used mail.bgerber.com. Just be sure to register the name with whoever provides your public DNS services. In Figure 14.10, I've moved on to the next Internet Connection Wizard page, where I entered my POP account name and password, which are my Windows 2003 logon username and password. It's this simple if you've accepted the default when mailbox−enabling your Windows 2003 account and allowed your mailbox alias to be set to the same value as your logon username. If your Windows 2003 logon username is different from your mailbox alias, you need to enter your POP3 username in the following format: Windows_2003_user_account_name\mailbox_alias_name. You can find your logon account name on the Account property page of the Properties dialog box for your Windows account, which is in the Active Directory Users and Computers\Users container. Your mailbox alias is on the Exchange General property page of the same dialog box. Figure 14.10: Entering information to log on to a POP3 mailbox How Exchange Server 2003 POP3 Authentication Works You're authenticated to access your Exchange mailbox with a POP3 client in a number of ways. First, Exchange Server attempts to authenticate your use of your mailbox just as it would if you were using a standard Messaging Application Programming Interface (MAPI) Outlook client. That is, it attempts to POP3 Setup: The Client Side 425 [...]... to connect to the IIS or front−end server that supports your Exchange server plus /exchange I use the URL http:/ /exchange0 1.bgerber.com /exchange to connect When you run IE 6 on Windows 2003 and you're logged in to the Windows 2003 domain/ account that has access to your Exchange mailbox, you're automatically authenticated for access to your Exchange Server 2003 The Exchange user interface opens right... installed when you install Exchange Server 2003 As with support for other Internet services, OWA is one of the basic Exchange Server 2003 messaging services Unlike with Exchange 5.5 Server, OWA is installed automatically, and you can't choose not to install it or to install it later OWA 2003 User Connectivity Is a Dream If everything I've said so far about Exchange Server 2003' s OWA has failed to excite... number of items on an Exchange server using a set of special URLs Here are just three of them: To access the calendar in a user's mailbox /EXCHANGE_ SERVER_ NAME /exchange/ MAILBOX_ NAME/calendar Example: /exchange0 1.bgerber.com /exchange/ bgerber/calendar To start composing a new message in a user's mailbox /EXCHANGE_ SERVER_ NAME /exchange/ MAILBOX_NAME/?Cmd=new Example: /exchange0 1.bgerber.com /exchange/ bgerber/?Cmd=new... preinstalled software that comes with Exchange Setting Up OWA at the Exchange Server 2003 Level The default HTTP or OWA virtual server is different from other Exchange virtual servers Look at Figure 14.20 for a graphic indicator of this difference First, notice that the default HTTP virtual server is labeled Exchange Virtual Server and sports a different icon from the other virtual servers That's just the cosmetics... are not Exchange Server 2003 virtual directories; they are web server virtual directories that are part of the IIS environment Web server virtual directories map physical directories, shares on other computers, or URLs on a server in such a way that web browser users can include virtual directory names in URLs For example, to get to an Exchange server mailbox, you use the URL http:/ /SERVER_ NAME /Exchange/ MAILBOX_NAME,... your MMC for your Exchange server Figure 14.22 shows a basic view of my IIS administrator Notice the five virtual directories Public, Exchange, Exadmin, OMA, and Microsoft Server ActiveSync These are the same virtual directories that you saw in Exchange System Manager under the default HTTP server 438 Outlook Web Access Management: The Server Side Figure 14.22: An Exchange HTTP virtual server' s virtual... 'Wireless Access to Exchange Server 2003, ' I'll dig much deeper into the joys and sorrows of wireless links to Exchange server 433 Managing Hypertext Transport Protocol (HTTP) Messaging Managing Hypertext Transport Protocol (HTTP) Messaging Exchange Server 2003' s web browser−based technology for accessing mailboxes and other folders is very different from the technology used in Exchange 5.x server This is... mobile access on your Exchange server Take a look at the virtual server' s virtual directories in Figure 14.20 They're labeled Exadmin, Exchange, 435 Outlook Web Access Management: The Server Side Microsoft Server ActiveSync, OMA, and Public The Exadmin, Exchange, and Public virtual directories represent the three basic types of web browser access that you have to your Exchange server The other two directories... pages) Figure 14.20: The HTTP virtual server (Exchange Virtual Server) with the General property page of the server' s Exchange virtual directory open 'Huh?' I can hear you saying, 'Why can't I manage much of the HTTP virtual server at the server itself?' There is a method to Microsoft' s apparent madness, but it will take a while to explain The default HTTP virtual server supports web browser access to... Active Server Pages (ASP) for communications between a client and an Exchange server' s Internet Information Server (IIS) Exchange 5.5's OWA used MAPI and Collaboration Data Objects (CDO) to communicate with the Exchange server' s information store In essence, OWA was a part of IIS MAPI−based access was slow, and it limited the number of users who could use the service at the same time Exchange 2003' s . when you install Exchange Server 2003. As with support for other Internet services, OWA is one of the basic Exchange Server 2003 messaging services. Unlike with Exchange 5.5 Server, OWA is installed. their own Exchange server or to the URL for a front−end server that directs them to their own Exchange server. If you choose to set a front−end server, you enter its URL in the Front−End Server. encryption and decryption, the Exchange server had to do it. Starting with Exchange 2000, all that changed. You can configure an Exchange 2003 server to act as a front−end server that all users contact