General (Exchange)The following subtabs are available when setting up an Exchange connector.
[ Expand All | Collapse All ]
In this subtab of the E-mail and PIM section of the currently edited Exchange connector, you can set up general Exchange-related options.
If you need to overwrite the mail server information retrieved from the Active Directory as specified in the Domain setup panel, specify the mail server here. All users of this connector will use this mail server unless otherwise configured on the individual user pages.
For Exchange 2003, you must enter the name or IP address of the frontend (OWA) server, if you have both frontend and backend servers.
For Exchange 2007/2010/2013, you must enter the name or IP address of the server or cluster with CAS role.
This field can only be left blank if you have an "all-in-one" Exchange server, where both frontend and backend are on the same machine.
DME uses a regular expression to extract the name of the mail server from the users' entry in Active Directory. If the default regular expression should fail, you can enter another expression here. The expression is interpreted by Java. For more information about Java regular expressions, see http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html.
If you need to overwrite the mail file path information retrieved from the Active Directory, specify the mail file here. To insert the user name into the path, use {0}. In the example below, the DME user name is jd, and {0} therefore equals jd:
{0}_mail results in the WebDAV folder .../exchange/jd_mail/...
WebDAV (Web-based Distributed Authoring and Versioning) is a set of extensions to the HTTP protocol, which allows users to collaboratively edit and manage files on remote Web servers. This protocol is used by the OWA (Outlook Web App - Outlook webmail) in Microsoft Exchange 2003, and for extracting the size of attachments in Exchange 2007.
Link:
This field should usually be left blank.
Users are authenticated through the AD domain specified in the Authentication panel section. After they have been authorized access, the User for domain info queries (a.k.a. the server user) looks up domain information on behalf of the user. The Exchange domain as well as the Distinguished Name (DN) of the user is part of that lookup, and therefore you should usually not enter anything in this field. If you do enter an Exchange domain in this field, it will overwrite the domain from the domain info lookup.
If you are required to enter an Exchange domain here, you must do so in UPN suffix format. This is usually the same as your DNS domain, for instance your.domain.com or something similar to ad.domain.local. Do not use the old Windows 2000 format such as DOMAIN\.
The Connection group of functions contains the following fields:
In this field you can specify the protocol type of the version of Exchange you are using: Exchange 2003 (WebDAV), Exchange 2007 (Web service) or Exchange 2010 (Web service). If you do not choose the correct version in this field, the integration to your Exchange system will not work. The default value in this field is Auto detection. However, it is recommended to switch the value to the protocol type you actually use, as the DME server at regular intervals will use some resources on testing which system you are running.
In this field you can choose how the connector should authenticate against Microsoft Internet Information Server (IIS). Exchange exposes the collaboration system to DME through the IIS (in the form of Outlook Web Access (Exchange 2003) or Web Services (Exchange 2007 and above)), so DME needs access to the IIS web server.
On the Authentication Methods page of the IIS Manager you define how users (such as the DME connector) can access IIS. In this field you must choose a corresponding value. Note that DME only supports NTLM (which corresponds to Integrated Windows authentication) and Basic authentication. The DME connector does not support NTLMv2 SSP. If the Exchange CAS server's local policy security setting Network security: Minimum session security for NTLM SSP based (including RPC) servers is set to Require NTLMv2, then the DME connector is unable to authenticate with CAS.
If you run Exchange 2003 and have enabled Forms Based Authentication (FBA) in your OWA setup, you must choose Basic in this field. If you run Exchange 2007 and above, DME communicates with IIS directly through web services (EWS), and the OWA interface is not used (and thus FBA does not apply at all).
Please note that IIS must have anonymous access to the EWS when you are running Exchange 2010. See the Exchange 2007/2010 integration documentation. Also see the integration documentation for information about using native Java NTLM support and and Oakland NTLM. The documentation can be found at the DME Resource Center.
(This field was called OWA mailbox in previous versions of DME). In this field you can specify how your Outlook Web Access mailboxes are set up on Exchange 2003. DME supports the use of the following naming schemes to point to the users' OWA mailboxes. In the examples, the John Smith uses his Windows login ID JS as an e-mail alias for his regular e-mail address john.smith@domain.com:
Mailbox alias. Example: http://exchangeserver/exchange/js/
Name part of e-mail address. Example: http://exchangeserver/exchange/john.smith/
E-mail address where the full e-mail address is used in the path to the inbox. Example: http://exchangeserver/exchange/john.smith@domain.com/
Note that on Exchange 2007 systems, this value in this field is used for getting the size of e-mail attachments through the WebDAV protocol. If you use Exchange 2007, you should set this field to E-mail address. Exchange 2010 does not require the WebDAV protocol.
If your Exchange 2003 server is using virtual directories in OWA, the virtual domain must be specified in this field. For instance, a hosting company may use virtual directories to host the Exchange mail for many customers, on the form mail.hosting.com/customer-name. In this case, you would enter customer-name in this field to substitute the default /exchange path. The connector can now access the user mailboxes on mail.hosting.com/customer-name/<username>.
Note that on Exchange 2007 systems, the value in this field is used for getting the size of e-mail attachments through the WebDAV protocol. Exchange 2010 does not require the WebDAV protocol.
This field should be left blank in most installations.
This field is most likely only used if you have a hosted environment and a virtual directory pointing to the Exchange standard /EWS web service. This field should be left blank in most installations.
Whatever you enter in this field will replace the /EWS part of the standard Exchange server URL. A standard URL could look like this:
http://exch.domain.com:80/EWS/exchange.aspx
(derived from Active Directory or from the fields in the E-mail and PIM group of fields above). You can for instance enter the name of a company whose Exchange you are hosting in this field: /Excitor/exchange.aspx
DME will then change the URL to the following:
http://exch.domain.com:80/Excitor/exchange.aspx
This applies to Exchange 2007 and 2010.
If you want to subscribe to Exchange push mail events (see Setting the scheme in the section about notification), you must enter the URL and port number to which Exchange should send push mail events. These events generate notifications for DME users. When a subscription schedule is created, the URL entered here is sent to the on-premise Exchange EWS server or O365 Exchange server, asking to send push events when new items (such as e-mails) are received. The reason that the complete URL is sent is that this way it will not be converted to another URL if a NAT table is set up between the DME system and the Exchange system.
Integration with on-premise Exchange
Enter the URL and port number of the current Connector (which acts as a small web server) and Exchange will know to send push mail events for the users serviced by this Connector . Note that any firewall between the connector and Exchange must have an open port from the Exchange CAS server to the connector.
Example: http://<IP or DNS name of the connector machine>:<port number>, for instance http://172.16.10.10:5006. Make sure the port number on the connector machine is not already in use. You may choose a port different from the recommended port 5006.
Note that for on-premise Exchange integration DME does not support the use of the HTTPS protocol for the subscription URL since HTTPS is not needed as the data exchanged between Exchange and the Connector only contains push information and token values.
Integration with MicroSoft Office 365 Exchange
To receive O365 push mail events requires changes to the DME Nginx proxy server configuration file (see nginx default locations). Copy the section below for either Windows or Linux and insert it at the end of Nginx configuration file. A comment in the configuration file clearly shows where to insert the new configuration. As mentioned in the comments, update the 'server_name' and 'server' to the appropriate settings. To use different ports, make sure to change them accordingly. Stop and start the DME Nginx service.
## This section controls subscription notifications from Office 365. Recommended## public/external port is 5005 and must be forwarded to the DME Connector.## IMPORTANT; change the 'server_name' to the public DNS host name of the## DME Nginx proxy server! For example dme.company.com.server { listen 5005 ssl; server_name dme.company.com ssl_session_timeout 10m; ssl_certificate ../../certs/server-ca-cert-bundle.pem; ssl_certificate_key ../../certs/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4; ssl_dhparam ../../certs/dh4096.pem; location / { add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backendPush; add_header Front-End-Https on; }} ## This is the setting for the Exchange subscription service on the DME Connector. Recommended## port to use is 5006. IMPORTANT; change the 'server' address to the DME Connector's## internal IP address or internal DNS host name!## For example dmecon.company.com:5006 or 172.16.10.10:5006.upstream backendPush { ip_hash; server dmeconnector.company.com:5006;}
## This section controls subscription notifications from Office 365. Recommended ## public/external port is 5005 and must be forwarded to the DME Connector. ## IMPORTANT; change the 'server_name' to the public DNS host name of the ## DME Nginx proxy server! For example dme.company.com.server { listen 5005 ssl; server_name dme.company.com; ssl_session_timeout 10m; ssl_certificate /var/dme/instances/base/etc/server-ca-cert-bundle.pem; ssl_certificate_key /var/dme/instances/base/etc/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4:!3DES; ssl_dhparam /var/dme/instances/base/etc/dh4096.pem; location / { add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://backendPush; add_header Front-End-Https on; }} ## This is the setting for the Exchange subscription service on the DME Connector. Recommended ## port to use is 5006. IMPORTANT; change the 'server' address to the DME Connector's ## internal IP address or internal DNS host name! ## For example dmecon.company.com:5006 or 172.16.10.10:5006.upstream backendPush { ip_hash; server dmeconnector.company.com:5006;}
Enter the URL and port number of the DME Nginx proxy public DNS name, and O365 will know to send push mail events. Note that any firewall will need to have the assigned port opened for outside access.
Example: https://<public DNS name of DME Nginx proxy>:<port number>, for instance https://dme.company.com:5005. Make sure the port number on the DME Nginx server machine is not already in use. You may choose a port different from the recommended port 5005.
Note that for O365 Exchange integration DME supports the use of the HTTPS protocol for the subscription URL as traffic from O365 is terminated in the DME Nginx proxy server. O365 Exchange push mail event data sent from O365 Exchange to the DME system only contains push information and token values.
If you are connecting to an on-premise Exchange leave this field blank. If you are configuring the Connector for O365 push event integration you must enter the URL and port number of the current Connector (which acts as a small web server).
Example: http://<IP or DNS name of the connector machine>:<port number>, for instance http://172.16.10.10:5006. Make sure the port number on the connector machine is not already in use. You may choose a port different from the recommended port 5006.
If the Exchange 2003 and 2007 WebDAV service or the Exchange 2007 and 2010 CAS server require a secure SSL (HTTPS) connection, this field must be Enabled. Exchange 2007 and 2010 use SSL by default. For more information, see the Exchange 2007/2010 Integration documentation.
If you select this field, DME will trust all servers and certificates - always trusting connections from the servers you have set up for this connector. This is the recommended setting in order to prevent errors if for instance the issuer name of the SSL certificate is unknown. If the certificate is expired, a warning will be written to the log, but the connection will be accepted.
This subtab contains the required settings for enabling the current Exchange connector to service e-mail users.
If you set this switch to ON, the current connector will be used for synchronizing e-mail and e-mail folders for users that are routed to the connector, meaning that it will accept e-mail and e-mail folder synchronization requests from the DME server for those users.
Microsoft Exchange permits e-mail addresses such as lastname, firstname <name@domain.com>. According to e-mail standards, e-mail addresses containing a comma should be enclosed in double quotes (or similar). Since Exchange does not enforce this standard, addresses such as the above would be misinterpreted by DME. In order to circumvent this, you can use this field to define permitted separators between e-mail recipients. You can choose to allow comma only, semicolon only, or both comma and semicolon.
The connector will use this directory for storing the cache if pre-caching is enabled on the server. See Pre-caching sync. data in Collaboration. If nothing is entered here, DME uses the standard TEMP directory for the connector OS. To avoid that the connector server is filled up by temporary files, DME cleans out temporary attachment files once a day.
The Exchange 2007 Web Service (EWS) API offers no way to read out the size of attachments. Therefore DME uses WebDAV to read out attachment sizes - the way it is done in Exchange 2003 - in order for users to be able to see the size of attachments on the DME client. However, if you do not want to do this, or WebDAV is not available, you can disable this feature to save some processing time.
In this field you can write a standard disclaimer message which is appended to every e-mail message sent from the device through DME. The disclaimer is appended after any signature that may be automatically appended in the client (either the DME client or a regular e-mail client), and after any other text such as e-mail history.
This subtab contains the required settings for enabling the current Exchange connector to service users of Contacts synchronization.
If you set this switch to ON, the current connector will be used for synchronizing contacts for users that are routed to the connector, meaning that it will accept contact synchronization requests from the DME server for those users.
If this field is set to True, the connector will look for contact and search mapping files that have been customized for specific device models or device platforms. The connector looks for files with special file names. For more information, see the document "Custom mapping of fields in DME", which is available from the Resources website.
This subtab contains the required settings for enabling the current Exchange connector to service users of calendar synchronization.
If you set this switch to ON, the current connector will be used for synchronizing the calendar for users that are routed to the connector, meaning that it will accept calendar synchronization requests from the DME server for those users.
This subtab contains the required settings for enabling the current connector to service users who synchronize tasks (Windows Mobile clients) or to-dos (other clients).
If you set this switch to ON, the current connector will be used for synchronizing the tasks/to-dos for users that are routed to the connector, meaning that it will accept task/to-do synchronization requests from the DME server for those users.
|
Next topic |