Microsoft Exchange Client computers can connect to mailboxes on Microsoft Exchange Server computers remotely using TCP/IP over the Internet. By connecting over the Internet, users can read and send mail just as if they were on the same local area network (LAN) as the server. For example, if users from CompanyA need to access mail while visiting CompanyB, they can use CompanyB's Internet connection. Microsoft Exchange Client doesn't need to use a modem or Remote Access Service (RAS) to establish a remote connection with Microsoft Exchange Server. However, both the client and the server must support TCP/IP.
You can enable communication over the Internet with the least amount of security risk to your organization by performing these tasks.
To connect to a Microsoft Exchange Server computer remotely over the Internet, the client must use the server's fully qualified domain name. This is because the server name must be in a format that can be resolved over the Internet. Instead of connecting to a server using its computer name (also called a NetBIOS name) as the client on a LAN does, you must specify a name such as server1.acme.com. If the server name is not registered in DNS, you can specify the IP address instead.
1. In Control Panel, choose Mail, select Microsoft Exchange Server, and then choose Properties.
2. Under Microsoft Exchange server, type the name of the server that contains the mailbox you want to use.
3. Choose OK.
When users connect to a server using the Internet, they will probably be in a different organization that uses a different domain from their home server. To ensure that the client is authenticated by the server's domain during a remote Internet connection, the user must connect to the home server using a user account that is valid in the home server's domain. To make connecting to the home server easier, the Microsoft Exchange Client can be configured to prompt the user for the name and password of the user account in the home server's domain.
1. In Control Panel, choose Mail, select Microsoft Exchange Server, and then choose Properties.
2. Select the Advanced tab.
3. Clear Use network security during logon.
4. Choose OK.
In order for Microsoft Exchange Client computers to access Microsoft Exchange Server computers remotely over the Internet, the clients and servers must be able to communicate using RPCs. If you are not using an Internet firewall, RPC communication is enabled by default. This configuration is risky because an attacker can gain access to the server and potentially compromise the security of Microsoft Exchange Server resources such as mailboxes and public folders.
If you are using a firewall to increase your system's security, you may need to configure the firewall to allow RPC communication. Some Internet firewalls do not accept TCP/IP port numbers that Microsoft Exchange Server uses for RPC communication. To solve this problem, you should add port 135 to your firewall and configure Microsoft Exchange Server to use the same ports as your firewall.
To configure Microsoft Exchange Server, you should set two unique port numbers, one for the information store and one for the directory. The registry value TCP/IP Port controls this setting. This DWORD value is a 16-bit number that you set for the port that the firewall will accept.
For the directory, you can modify the port numbers in the following registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeDS\Parameters\TCP/IP Port
For the information store, you can modify the port number in the following registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem\TCP/IP Port
If you are using a packet filter, you must configure it to allow TCP connections to these ports in addition to port 135 (for the RPC End-Point Mapper service) on the Microsoft Exchange Server computer.
1. In the Windows NT registry, select one of the following keys:
2. From the Edit menu, select Add Key.
3. In Key Name, type TCP/IP Port, and choose OK.
4. Select the new TCP/IP Port key, and select Add Value from the Edit menu.
5. In Value Name, type TCP/IP Port. In Data Type, select REG_DWORD, and choose OK.
6. In Data, type the number of the port that the firewall will accept.