19
edits
Changes
From SME Server
Jump to navigationJump to searchCreated page with "{{Languages|Small Business Server}} == Description == How to configure SME for an internal Windows Small Business Server (SBS); Exchange and Remote Web Access. This howto is co..."
{{Languages|Small Business Server}}
== Description ==
How to configure SME for an internal Windows Small Business Server (SBS); Exchange and Remote Web Access.
This howto is cobbled together from a variety of sources and was tested on a HP Servers running SBS2003, SBS2008, and SBS2011.
The main sources were:
<br>Forum Post talking about Exchange 2003 [[http://forums.contribs.org/index.php?topic=40075.0]]
<br>Len Goldsteins Blog talking about Exchange 2007/10 [http://www.lengoldenstein.com/2008/10/16/apache-as-a-reverse-proxy-to-exchange-2007-outlook-web-access/]
<br>Tek-Tips post on Activesync [http://www.tek-tips.com/viewthread.cfm?qid=1276155&page=1]
<br>
<br>The infrastructure setup used was:
Internet ~~ Router - SME - Internal Network (inc SBS).
== Assumptions ==
* I have assumed that you already know how to configure the router to provide the appropriate port access for SBS.
* The DNS has been configured with a 'remote.xxx.xxx' record for the domain in use; an 'autodiscover' record is also useful down the track.
* IIS has been configured to publish these sites for external access.
* IIS has been configured to accept external connections using its self signed certificate or a public certificate has been installed.
== Step-by-step HowTo ==
=== 1. Preparation ===
<br>1.0 Log into the SME Server Manager, and
<br>1.1 Get direct shell access and login as root.
=== 2. Modifications ===
2.0 Add hostname for internal server
<br>Using the Server Manager, under Configuration, open Hostnames & Addresses and add a hostname pointing to the internal servers IP address.
2.1 Create new template fragment for ProxyPass directives
<br>Most of the work in accessing the internal server is performed by using proxypass redirects within Apache.
<br>In order to add these directives to Apaches config file (httpd.conf) we need to create a custom template fragment.
Create the folder for the fragment
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
Create the fragment itself, it's empty to start
touch /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91ProxyPassSBS
2.2 Add directives to fragment
<br>At this point you can use whatever editor you prefer, I'll use pico
pico -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91ProxyPassSBS
Now paste in the following, including the comment lines top and bottom
<nowiki>
#------------------------------------------------------------
# ProxyPass Support for Internal SBS Server
#------------------------------------------------------------
ProxyPreserveHost On
SSLProxyEngine On
#Force RequestHeader in order to get IE to work
RequestHeader set Front-End-Https "On"
#OWA % character in email subject fix
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]
#OWA
ProxyPass /owa https://x.x.x.x/owa
ProxyPassReverse /owa https://x.x.x.x/owa
ProxyPass /public https://x.x.x.x/public
ProxyPassReverse /public https://x.x.x.x/public
#RPC
ProxyPass /rpc https://x.x.x.x/rpc
ProxyPassReverse /rpc https://x.x.x.x/rpc
ProxyPass /Rpc https://x.x.x.x/Rpc
ProxyPassReverse /Rpc https://x.x.x.x/Rpc
ProxyPass /RPC https://x.x.x.x/RPC
ProxyPassReverse /RPC https://x.x.x.x/RPC
#OMA
ProxyPass /oma https://x.x.x.x/oma
ProxyPassReverse /oma https://x.x.x.x/oma
#ActiveSync (for WM5+ devices)
ProxyPass /Microsoft-Server-ActiveSync https://x.x.x.x/Microsoft-Server-ActiveSync
ProxyPassReverse /Microsoft-Server-ActiveSync https://x.x.x.x/Microsoft-Server-ActiveSync
#Remote Web Workplace
ProxyPass /Remote https://x.x.x.x/remote
ProxyPassReverse /Remote https://x.x.x.x/remote
ProxyPass /webhelp https://x.x.x.x/webhelp
ProxyPassReverse /webhelp https://x.x.x.x/webhlp
#Autodiscover for Exchange
ProxyPass /autodiscover https://x.x.x.x/autodiscover
ProxyPassReverse /autodiscover https://x.x.x.x/autodiscover
#------------------------------------------------------------
# End of SBS settings
#------------------------------------------------------------
</nowiki>
Change the x.x.x.x to match the IP of the Internal SBS server.
2.3 Finalisation
<br>In order to make sure the hostname is fully recognised & the template fragment fully integrated I prefer to perform a full server update routine
signal-event post-upgrade; signal-event reboot
If you wish to verify that the template fragment is syntatically correct then run
signal-event ibay-update
This will then display any issues the system has with the template fragment (if any) and they can be dealt with prior to the full server update routine.
2.4 Gotchas
<br>Some of the above entries may not be rquired depending on your circumstances & the version of SBS being used, comment out all not in use.
<br>SME/Apache, and to a lessor extent SBS, are very sensitive to case, if the entry is capitalised in any way it is done so for good reason.
<br>If a directive doesn't work check the URL internally to see if the capitalisation matches.
=== 3. Testing ===
<br>Once the server has rebooted the following URL's should work '''from''' the Internet
https://xxx.xxx.xxx/remote
https://xxx.xxx.xxx/owa
Done!
----
== Description ==
How to configure SME for an internal Windows Small Business Server (SBS); Exchange and Remote Web Access.
This howto is cobbled together from a variety of sources and was tested on a HP Servers running SBS2003, SBS2008, and SBS2011.
The main sources were:
<br>Forum Post talking about Exchange 2003 [[http://forums.contribs.org/index.php?topic=40075.0]]
<br>Len Goldsteins Blog talking about Exchange 2007/10 [http://www.lengoldenstein.com/2008/10/16/apache-as-a-reverse-proxy-to-exchange-2007-outlook-web-access/]
<br>Tek-Tips post on Activesync [http://www.tek-tips.com/viewthread.cfm?qid=1276155&page=1]
<br>
<br>The infrastructure setup used was:
Internet ~~ Router - SME - Internal Network (inc SBS).
== Assumptions ==
* I have assumed that you already know how to configure the router to provide the appropriate port access for SBS.
* The DNS has been configured with a 'remote.xxx.xxx' record for the domain in use; an 'autodiscover' record is also useful down the track.
* IIS has been configured to publish these sites for external access.
* IIS has been configured to accept external connections using its self signed certificate or a public certificate has been installed.
== Step-by-step HowTo ==
=== 1. Preparation ===
<br>1.0 Log into the SME Server Manager, and
<br>1.1 Get direct shell access and login as root.
=== 2. Modifications ===
2.0 Add hostname for internal server
<br>Using the Server Manager, under Configuration, open Hostnames & Addresses and add a hostname pointing to the internal servers IP address.
2.1 Create new template fragment for ProxyPass directives
<br>Most of the work in accessing the internal server is performed by using proxypass redirects within Apache.
<br>In order to add these directives to Apaches config file (httpd.conf) we need to create a custom template fragment.
Create the folder for the fragment
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
Create the fragment itself, it's empty to start
touch /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91ProxyPassSBS
2.2 Add directives to fragment
<br>At this point you can use whatever editor you prefer, I'll use pico
pico -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/91ProxyPassSBS
Now paste in the following, including the comment lines top and bottom
<nowiki>
#------------------------------------------------------------
# ProxyPass Support for Internal SBS Server
#------------------------------------------------------------
ProxyPreserveHost On
SSLProxyEngine On
#Force RequestHeader in order to get IE to work
RequestHeader set Front-End-Https "On"
#OWA % character in email subject fix
RewriteEngine On
RewriteMap percentsubject int:escape
RewriteCond $1 ^/exchange/.*\%.*$
RewriteRule (/exchange/.*) ${percentsubject:$1} [P]
#OWA
ProxyPass /owa https://x.x.x.x/owa
ProxyPassReverse /owa https://x.x.x.x/owa
ProxyPass /public https://x.x.x.x/public
ProxyPassReverse /public https://x.x.x.x/public
#RPC
ProxyPass /rpc https://x.x.x.x/rpc
ProxyPassReverse /rpc https://x.x.x.x/rpc
ProxyPass /Rpc https://x.x.x.x/Rpc
ProxyPassReverse /Rpc https://x.x.x.x/Rpc
ProxyPass /RPC https://x.x.x.x/RPC
ProxyPassReverse /RPC https://x.x.x.x/RPC
#OMA
ProxyPass /oma https://x.x.x.x/oma
ProxyPassReverse /oma https://x.x.x.x/oma
#ActiveSync (for WM5+ devices)
ProxyPass /Microsoft-Server-ActiveSync https://x.x.x.x/Microsoft-Server-ActiveSync
ProxyPassReverse /Microsoft-Server-ActiveSync https://x.x.x.x/Microsoft-Server-ActiveSync
#Remote Web Workplace
ProxyPass /Remote https://x.x.x.x/remote
ProxyPassReverse /Remote https://x.x.x.x/remote
ProxyPass /webhelp https://x.x.x.x/webhelp
ProxyPassReverse /webhelp https://x.x.x.x/webhlp
#Autodiscover for Exchange
ProxyPass /autodiscover https://x.x.x.x/autodiscover
ProxyPassReverse /autodiscover https://x.x.x.x/autodiscover
#------------------------------------------------------------
# End of SBS settings
#------------------------------------------------------------
</nowiki>
Change the x.x.x.x to match the IP of the Internal SBS server.
2.3 Finalisation
<br>In order to make sure the hostname is fully recognised & the template fragment fully integrated I prefer to perform a full server update routine
signal-event post-upgrade; signal-event reboot
If you wish to verify that the template fragment is syntatically correct then run
signal-event ibay-update
This will then display any issues the system has with the template fragment (if any) and they can be dealt with prior to the full server update routine.
2.4 Gotchas
<br>Some of the above entries may not be rquired depending on your circumstances & the version of SBS being used, comment out all not in use.
<br>SME/Apache, and to a lessor extent SBS, are very sensitive to case, if the entry is capitalised in any way it is done so for good reason.
<br>If a directive doesn't work check the URL internally to see if the capitalisation matches.
=== 3. Testing ===
<br>Once the server has rebooted the following URL's should work '''from''' the Internet
https://xxx.xxx.xxx/remote
https://xxx.xxx.xxx/owa
Done!
----
