Exchange 2019: Presenting Outlook Anywhere With WAP

KB ID 0001548

Problem

Note: Applies to Exchange 2019, 2016, and 2013.

This is pretty much PART TWO, of presenting ‘Exchange Web Services’ using Web Application Proxy. Back in PART ONE we looked at publishing OWA and ECP, and that required having an ADFS server. To present the other web services, e.g Outlook Anywhere, Exchange Active Sync, Offline address book etc. You don’t need ADFS, you simply use ‘pass through‘ authentication with your WAP Server, directly to Exchange.

Solution

Before you start, you need to make sure in addition to the DNS records we used for OWA and ECP, you also need to be able to publicly resolve your Autodiscover record. I prefer doing this with public SRV records, see the following article for clarification;

Creating an AutoDiscover SRV Record

You now need, to make sure that the URLs that Exchange uses for it’s web services are set correctly, to do that use the following PowerShell commands;

Get-OutlookAnywhere |select InternalHostname,ExternalHostname
Get-OABVirtualDirectory |select InternalUrl,ExternalUrl
Get-ActiveSyncVirtualDirectory |select InternalUrl,ExternalUrl
Get-WebServicesVirtualDirectory |select InternalUrl,ExternalUrl
Get-MapiVirtualDirectory |select InternalUrl,ExternalUrl
Get-ClientAccessService |select AutoDiscoverServiceInternalUri

 

Outlook Anywhere URL's

Exchange Public URL's

Make sure your internal URLS are resolvable inside and your external/public URL’s are resolvable outside, (To the public IP address of your WAP Server).

Exchange URLS To Publish with WAP

As with the URLs we published previously remember to publish them with a trailing ‘slash’. You need to publish and ‘Reverse Proxy‘ the following URLs;

Outlook Anywhere: https://mail.ubique.com/rpc/  
Offline Address Book: https://mail.ubique.com/oab/
Active-Sync: https://mail.ubique.com/Microsoft-Server-ActiveSync/
Exchange Web Services: https://mail.ubique.com/EWS/  
MAPI: https://mail.ubique.com/MAPI/
Autodiscover: https://mail.ubique.com/Autodiscover/

Note: Obviously your domain will have a different name!

Publish Outlook Anywhere with WAP

From the ‘Remote Access Management Console’ > Publish > Next.

Publish Outlook AnyWhere

Select ‘Pass-Through’ > Next.Publish Outlook AnyWhere Pass Through Authentication

Give the Published rule a sensible name like “Outlook Anywhere” > Enter the URL’s, and select your public certificate > Next.

Exchange 2019 Outlook Anywhere

Publish.

Exchange 2019 Outlook Anywhere Setup

Close

Outlook Anywhere Public

Publish Active Sync with WAP

Active Sync is required for phones and mobile devices that cannot use Outlook Anywhere. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

WAP Active Sync Exchange 2019

Publish Offline Address Book with WAP

Offline Address Book is required by devices to download a cached copy of the global address list. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

WAP Offlie Address Book

Publish Exchange Web Services with WAP

Exchange Web Services allow clients to access calendars, contacts and scheduling information remotely. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

WAP Exchange EWS Publishing

Publish Exchange MAPI with WAP

Mail Application Programming Interface (over HTTPS) if the default connection protocol in modern Exchange deployments. To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

WAP Exchange 2019 MAPI

Publish Exchange Web Services with WAP

If you’ve used Exchange since version 2007, you will know how important Autodiscover is, (probably because of the headaches caused when it’s not setup correctly!) To publish this rule repeat the procedure above, but at the Publishing Setting page use the following settings.

WAP Exchange 2019 Autodiscover

Final Sanity Check

When complete, your WAP settings should look like this, (this is for all the pass-through, AND ADFS published settings).

Exchange 2019 External URLs published

Once setup correctly, Outlook should work fine externally, like so;

Exchange 2019 Outlook anywhere Outlook

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

11 Comments

  1. it seems that WAP for services like active synch, owa doesn’t work without configuring adfs… so it will not replace reveser proxy for exchange with arr, right?

    Post a Reply
    • OWA will work without ADFS. Outlook Anywhere will work at the moment, but it will probably stop working with an upcoming update.

      Post a Reply
      • Great article 🙂

        You have a question mark in “OWA will work without ADFS?” so what do you mean by that?

        At the beginning you wrote: “Back in PART ONE we looked at publishing OWA and ECP, and that required having an ADFS server.”

        So I guess the final result is, that OWA and ECP require ADFS?

        Also, do you mean that Outlook Anywhere works without ADFS at the moment, but in the future might require ADFS?

        Post a Reply
        • OWA will work without ADFS
          ECP will work without ADFS
          Outlook anywhere will ‘currently’ work without ADFS but when Microsoft enforce modern authentication on you it will ‘stop working’ without warning, when the update is applied. (No I don’t know when that will be).

          P

          Post a Reply
  2. Where’s the part one i used search box but i only found part two only

    Post a Reply
    • Click the words PART ONE? 🙂

      Post a Reply
  3. Hi, Thanks for the great demonstration i finished the publishing with exchange 2019 and wap 2019, i can access the owa from outside and the login page appears without any issues but once i logging it took about 10 min and showing message (still working on it) is very slow

    Post a Reply
    • I’ve faced the same problem. Moreover Outlook was not able to connect to exchange at all.

      Solved with ms support by setting on WAP servers HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp\

      Entry name: EnableDefaultHttp2
      Type: DWord
      Value: 0

      This applies to win2019 and win2022

      Post a Reply
  4. Exchange Active Sync (EAS) can be published with (pre-authentication) “ADFS for Rich Clients” while using ADFS 4.0
    No need to publish it in “Passtrough” anymore.

    Post a Reply
  5. Can MAPIHTTP be published with (pre-Authenticaiton) with ADFS through ADFS?

    Post a Reply
  6. Thanks for this very comprehensive article. It helped a lot setting this up here.

    Once done, I did a couple of tests to find out how the URLs are processed in WAP. Now I am convinced that there is actually no need to publish each folder (/rpc, /mapi, …) individually. Instead, just having https://mail.ubique.com/ as Pass-through plus /ecp and /owa with ADFS works well. WAP seems to use the most specific URL.

    https://mail.ubique.com/ – Pass-through
    https://mail.ubique.com/ecp – ADFS
    https://mail.ubique.com/owa – ADFS

    Post a Reply

Leave a Reply to PeteLong Cancel reply

Your email address will not be published. Required fields are marked *