By following these steps you can use Outlook to connect to an Exchange mailbox while not in the office, even from non-domain PCs, without having to enter a password.

Configure the Exchange server

1. In the IIS Manager console, under Default Web Site, open the properties for the Rpc virtual directory. Under the Directory Security tab, ensure that Integrated Windows Authentication is selected
2. Also check that the correct certificate is installed - in IIS Manager, right click Default Web Site, properties, in the Directory Security tab click on View Certificate. If it shows eg. publishing.mundy.local - this is wrong! Go back a step, click on Server Certificate, remove current certificate (it stores a backup so don't worry), then do the same thing but this time assign an existing certificate and choose eg. mail.mundy.com.au. This often gets reset after running the CEICW (also see next step, same deal)
3. If ISA is installed, check under Web Publishing rules, there should be an RPC over HTTP enty, in the Action tab, make sure it is also set to eg. mail.mundy.com.au.

Configure the PC

Install the SSL Certificate

1. Make sure you have installed the SSL certificate into the Trusted Root Certification Authorities store using Internet Explorer

Configure Outlook

1. Open Outlook and configure your Exchange email account. Type the internal address for your Exchange server, eg. sbs.mundy.local for the Exchange Server, and enter your user name. Make sure you deselect Use Cached Exchange Mode
2. Click on More Settings and cancel any password requests. On the Connection tab, select Connect to my Exchange mailbox using HTTP, then click on the Exchange Proxy Settings button
3. Where it says "Use this URL to connect to my proxy server for Exchange", type the external address for your Exchange server, eg. mail.mundy.com.au
4. Select Connect using SSL only and Mutually authenticate the session when connecting with SSL. Type the principal name for proxy server, eg. msstd:mail.mundy.com.au
5. Select On fast networks, connect using HTTP first and On slow networks, connect using HTTP first
6. Under "Proxy authentication settings" select NTLM Authentication

Configure the Password

1. Go to the Control Panel and open up the User Accounts manager. Click on Manage my Network Passwords
2. Click Add and type the internal name for your Exchange server, eg. sbs.mundy.local
3. Type your internal domain user name, eg. mundy\daniel or daniel@mundy.local
4. Enter your domain password and click OK. If it asks whether you want to update your domain password, say no.

Finished

1. Open up Outlook and make sure it works.
2. You can now enable Cached Exchange Mode if required.

If it still doesn't work

If you are still prompted for a password, and you are logged on as the Windows account that has access to your Exchange mailbox, set the LmCompatibilityLevel on the client computer's registry to a value of 2 or 3 (thanks to Daniel Petri, see link below. I haven't needed to try this yet)

1. Open Regedit and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
2. Set lmcompatibilitylevel to 2
3. Reboot, if it still doesn't work, try level 3?

It's also worth checking that OMA works. We often suggesting using OMA as a test system to confirm certificate acceptance as the browsers are more forgiving than EAS.

More Info

• Get Outlook 2003 RPC over HTTP to remember your password
• Save your Exchange Password in Microsoft Outlook 2003 / 2007
• How to Deploy RPC over HTTP for the First Time in Small Business Server 2003 (Standard or Premium)
• How to Deploy RPC over HTTP for the First Time in Small Business Server 2003 (Standard or Premium)
• More about RPC over HTTP
• More about RPC over HTTP