B
Bret Fisher
After a week of working to get Entourage X working with Small Business
Server 2003 (Which has Exchange 2003), I have everything working and
syncing, so here are some points to consider.
I found the MVP FAQ insightfull, but it doesn't differentate the differences
between Exchange 2000 and 2003. If someone would update it with the
following new items, it will probably save some people a lot of time.
1. (show stopper) The biggest gotcha is that forms authentication must be
turned off for any of the WebDAV features to work (calendaring, contacts,
and free/busy). I hope MS comes out with an update that will work with
forms auth, but until then you need to use basic authentication, (which
means you should enable and use https for all Entourage's URLs in the
account setup so passwords are not sent in the clear.) SBS 2003 sets up
forms authentication by default, which is why I think this snafu hasn't
caught the attention of many, because forums authentication is new to OWA
for Exchange 2003 and is not enabled on a standard Exchange 2003 server.
2. (possible show stopper) Many places say that WebDAV needs to be enabled,
and that if OWA is working, then it 'IS' enabled. I'm not sure how true
this is on IIS 6 with Ex2003. I found that a week after OWA was working
fine (and before I got Entourage working), that WebDAV under IIS Managers
'Web Service Extensions' was still prohibited. Note that I can't confirm
IF this has to be allowed for Entourage to work, as I enabled it before
figuring out forms auth, and didn't disable it again after to see if it
broke Entourage... but use this as your next step I suppose. Can someone
reply to confirm/deny that this needs to be 'allowed' for Entourage to
work?
3. (purely cosmetic) Hiding the Contacts and Calendar folders in your mail
folder list. If Entourage is working correctly, the calendar and contacts
folders should not be seen in your mail folder list (you get to them from
the graphical buttons). The only way I was able to get these two folders
to hide from the mail folder list in Entourage was to delete the Exchange
connector, exit Entourage, then recreate it correctly. I had to make sure
all connector settings were correct BEFORE clicking OK and having Entourage
pull down mail folders the first time. It seems once Entourage pulls down
your mail folders the first time (if your settings are incorrect), it won't
hide these folders later on if you actually get the settings correct.
3. (mostly cosmetic) SBS w/ Exchange 2003 automatically creates a
self-signing certificate, enables HTTPS for OWA, then enables forums
authentication (non-SBS Exchange doesn't do this). This is great, and a
much needed step for 'secure by default' ideals. But, a self-signing
certificate is not something that should be used in production because
users will get warnings when trying to connect via browser or Entourage.
You should use certificates that are trusted by your clients. I use
instantssl.com, where you can get a one year cert for $50 that is trusted
by all clients. Note that either using HTTPS enabled, disabled, or using
self-signed certs is not a show stopper. It just affects your settings in
the exchange connector for entourage.
4. (show stopper) Entourage settings. All 'server name' blocks need to be
the same name as what is in the certificates, if your using https. I use
split DNS so both internal and external clients can use the same server
name of mail.xxxx.com where ever they are. Also, on SBS, the LDAP server
port is 3268 and correctly pulls this in during the initial wizard.
Hope these tips help.
Server 2003 (Which has Exchange 2003), I have everything working and
syncing, so here are some points to consider.
I found the MVP FAQ insightfull, but it doesn't differentate the differences
between Exchange 2000 and 2003. If someone would update it with the
following new items, it will probably save some people a lot of time.
1. (show stopper) The biggest gotcha is that forms authentication must be
turned off for any of the WebDAV features to work (calendaring, contacts,
and free/busy). I hope MS comes out with an update that will work with
forms auth, but until then you need to use basic authentication, (which
means you should enable and use https for all Entourage's URLs in the
account setup so passwords are not sent in the clear.) SBS 2003 sets up
forms authentication by default, which is why I think this snafu hasn't
caught the attention of many, because forums authentication is new to OWA
for Exchange 2003 and is not enabled on a standard Exchange 2003 server.
2. (possible show stopper) Many places say that WebDAV needs to be enabled,
and that if OWA is working, then it 'IS' enabled. I'm not sure how true
this is on IIS 6 with Ex2003. I found that a week after OWA was working
fine (and before I got Entourage working), that WebDAV under IIS Managers
'Web Service Extensions' was still prohibited. Note that I can't confirm
IF this has to be allowed for Entourage to work, as I enabled it before
figuring out forms auth, and didn't disable it again after to see if it
broke Entourage... but use this as your next step I suppose. Can someone
reply to confirm/deny that this needs to be 'allowed' for Entourage to
work?
3. (purely cosmetic) Hiding the Contacts and Calendar folders in your mail
folder list. If Entourage is working correctly, the calendar and contacts
folders should not be seen in your mail folder list (you get to them from
the graphical buttons). The only way I was able to get these two folders
to hide from the mail folder list in Entourage was to delete the Exchange
connector, exit Entourage, then recreate it correctly. I had to make sure
all connector settings were correct BEFORE clicking OK and having Entourage
pull down mail folders the first time. It seems once Entourage pulls down
your mail folders the first time (if your settings are incorrect), it won't
hide these folders later on if you actually get the settings correct.
3. (mostly cosmetic) SBS w/ Exchange 2003 automatically creates a
self-signing certificate, enables HTTPS for OWA, then enables forums
authentication (non-SBS Exchange doesn't do this). This is great, and a
much needed step for 'secure by default' ideals. But, a self-signing
certificate is not something that should be used in production because
users will get warnings when trying to connect via browser or Entourage.
You should use certificates that are trusted by your clients. I use
instantssl.com, where you can get a one year cert for $50 that is trusted
by all clients. Note that either using HTTPS enabled, disabled, or using
self-signed certs is not a show stopper. It just affects your settings in
the exchange connector for entourage.
4. (show stopper) Entourage settings. All 'server name' blocks need to be
the same name as what is in the certificates, if your using https. I use
split DNS so both internal and external clients can use the same server
name of mail.xxxx.com where ever they are. Also, on SBS, the LDAP server
port is 3268 and correctly pulls this in during the initial wizard.
Hope these tips help.