6. Testing Messaging Application Programming Interface (MAPI)
Connectivity
MAPI is a messaging architecture and Component Object Model designed by
Microsoft and based on the Application Programming Interface for Microsoft
Windows. It allows client programs to become email messaging enabled or
aware by calling MAPI subsystem routines that interface with messaging
servers. While MAPI is designed to be protocol independent, it is usually
used with the RPC protocol. MAPI/RPC is the proprietary protocol that
Microsoft Outlook uses to communicate with Microsoft Exchange and is usually
termed the MAPI protocol. MAPI uses a negotiated
dynamic port (above 1024). RPC uses port 135.
The MAPI version that ships with Exchange Server 2010 and Microsoft Office
Outlook is sometimes known as Extended MAPI. It allows complete control over
the messaging system on the client computer, creation and management of
messages, management of the client mailbox, and so on. Extended MAPI
includes facilities to access message transports, message stores, and
directories.
You can use commands based on the
Test-MapiConnectivity EMS cmdlet to test MAPI
connectivity and verify server functionality. You use the Identity parameter
to specify a logon mailbox. The SystemMailbox is used if you do not include
the Identity parameter. The cmdlet retrieves a list of items in the Inbox.
Logging on to the mailbox tests two protocols used when a client connects to
a Mailbox server: MAPI and Lightweight Directory Application Protocol.
During authentication, the Test-MapiConnectivity cmdlet
verifies that the MAPI server, Exchange store, and Directory Service Access
(DSAccess) service are working.
Commands based on the Test-MapiConnectivity cmdlet
log on to the specified mailbox using the credentials of the account with
which you are logged on to the local computer. After successful
authentication, the command accesses the mailbox to verify that the database
is working. Note that you do not run the
Test-MapiConnectivity cmdlet against the Client
Access server. This cmdlet must be run against the Mailbox server.
The Test-MapiConnectivity cmdlet supports the
Database parameter. This parameter specifies a mailbox database identity so
that the command can test whether it is possible to log on to the system
mailbox on the specified database. The cmdlet also supports the Identity
parameter, which specifies a mailbox identity so that the command can test
whether it is possible to log on to a specific mailbox. The Server parameter
specifies a server identity and tests whether it is possible to log on to
each system mailbox on the specified server.
For example, the following command tests MAPI connectivity to the system
mailboxes in each mailbox database on the Mailbox server VAN-EX1 and returns
detailed results:
Test-MapiConnectivity -Server VAN-EX1 | FL
Figure 4 shows the output of this
command.
The following command tests MAPI connectivity to the system mailbox in the
mailbox database Research and returns detailed results:
Test-MapiConnectivity -Database Research | FL
The following command tests MAPI connectivity to the Don Hall mailbox in
the Adatum.com domain and returns detailed results:
Test-MapiConnectivity -Identity "adatum\Don Hall" | FL
7. Testing EWS and Outlook Anywhere
The EWS-managed API provides a managed interface for developing client
applications that use EWS. This API communicates with the Exchange Client
Access server by means of EWS Simple Object Access Protocol (SOAP)
messages.
EWS uses standard industry protocols that provide interoperability between
servers and client applications. SOAP XML messages provide the communication
between the computer that is running Exchange Server 2010 and web services
client applications. The following changes and enhancements are included in
Exchange Server 2010 EWS:
Distribution Lists are renamed Contact Groups.
The FindItems interface is redesigned.
The Autodiscover implementation supports DNS SRV record
lookup.
The notifications interface is redesigned.
New methods have been added for getting and setting free or busy
information.
Note:
EWS is a developer tool. As such, it is unlikely to be tested in the
70-662 examination. You should, however, know how to verify EWS
functionality as described in this section.
Outlook Anywhere enables Microsoft Office Outlook
clients to connect to their Exchange servers over the Internet by using the
RPC-over-HTTP networking component. It integrates RPCs with an HTTP layer
and allows email traffic to traverse network firewalls without requiring RPC
ports to be opened. To deploy Outlook Anywhere in your Exchange messaging
environment, you need to enable at least one Client Access server by using
the Enable Outlook Anywhere Wizard.
You can use the Enable Outlook Anywhere Wizard on an Exchange Server 2010
Client Access server to allow a user to connect to his or her Exchange
mailbox from the Internet. Outlook Anywhere eliminates the need for mobile
users or users in remote offices or to use a virtual private network to
connect to Exchange servers.
Outlook Anywhere is enabled on your Client Access server after a
configuration period of approximately 15 minutes. To verify that Outlook
Anywhere has been enabled, you can check the
application event log on the Client Access server. Before you can use
Outlook Anywhere, you need to do the following:
Install a valid SSL certificate from a certification authority
trusted by the client.
Install the Microsoft Windows RPC-over-HTTP Proxy component (if
this not installed by default).
Enable Outlook Anywhere on the Client Access server.
Note:
THE DEFAULT SSL CERTIFICATE IS NOT SUFFICIENT
FOR OUTLOOK ANYWHERE
When you install Exchange Server 2010, you can install a default SSL
certificate created by Exchange Setup. However, this certificate is not
trusted by the client. To use Outlook Anywhere, you must install an SSL
certificate that is trusted by the client.
If you use Outlook Anywhere, you must allow port 443 through your firewall
because Outlook Anywhere requests use HTTP-over-SSL. If you already use
Outlook Web App (OWA) with SSL or Exchange ActiveSync with SSL, you do not
need to open any additional ports from the Internet. By default, when you
enable Outlook Anywhere on a Client Access server, all users who have
mailboxes on Mailbox servers are enabled for Outlook Anywhere.
You can test the connectivity needed for EWS and Outlook Anywhere to work
by entering commands based on the
Test-WebServicesConnectivity EMS cmdlet. You can
use such commands to verify the functionality of EWS on an Exchange Server
2010 Client Access server. The
Test-WebServicesConnectivity cmdlet tests the
functionality of EWS and performs basic operations to verify the
functionality of Outlook Anywhere. By default, the following operations are
tested:
GetFolder
CreateItem
DeleteItem
SyncFolderItems
However,
if you specify the LightMode parameter in the command, only the GetFolder
operation is tested.
By default, the test runs on the Client Access server on which the command
is entered. However, you can use the ClientAccessServer parameter to specify
a remote Client Access server in the same Exchange organization. As with
other test cmdlets described earlier in this lesson, you can use the
MailboxServer and MailboxCredential parameters to test connectivity to a
specific Mailbox server or to a specific user mailbox. The MonitoringContext
parameter specifies whether the test result is passed to System Center
Operations Manager 2007. If this parameter is set to a value of $false, the
test result appears only on the command line.
The Timeout parameter specifies the amount of time, in seconds, allowed
for the test operation to finish. The default value for the Timeout
parameter is 300 seconds. The time-out value you specify must be greater
than 0 seconds. Microsoft recommends configuring this parameter with a value
of 5 seconds or greater.
The ResetTestAccountCredentials parameter resets the password for the test
account used to run Test-WebServicesConnectivity
commands. This is typically reset every seven days. When the
ResetTestAccountCredential parameter is used, a password reset is forced any
time it is required for security reasons. You can specify whether a secure
SSL channel is required or whether the test can run over an unsecured
channel by using the AllowUnsecureAccess switch parameter. If the test runs
over a secure channel, the TrustAnySSLCertificate parameter allows it to use
any SSL certificate available.
The UseAutodiscoverForClientAccessServer parameter specifies whether the
test uses the Autodiscover service to locate the Client
Access server. The Autodiscover service configures client computers that are
running Outlook 2007 or Outlook 2010. The service can also configure
supported mobile devices. It provides access to Exchange Server 2010
features for Outlook clients that are connected to the Exchange Server 2010
messaging environment. The service enables clients to automatically connect
to features, such as the Outlook Address Book (OAB), the Availability
service, and Unified Messaging (UM). The service uses the user’s email
address and password to provide profile settings to Outlook clients and
supported mobile devices. If the Outlook client is joined to the domain, the
user’s domain account credentials are used.
The following command tests Web services continuity for the Getfolder
operation between the Client Access server on which it is entered and all
mailboxes in the same Exchange organization. The test operates over a secure
channel authenticated by any available SSL certificate; if a secure channel
cannot be established, the command attempts to test connectivity over an
insecure channel:
Test-WebServicesConnectivity -LightMode:$true -TrustAnySSLCertificate:$true
-AllowUnsecureAccess:$true | FL
Figure 5 shows the output from
this command.
Figure 5. Testing web services connectivity
You
can use commands based on the Test-OutlookWebServices
EMS cmdlet to verify that the Autodiscover settings for Microsoft Outlook
are configured correctly. This cmdlet supports an Identity parameter that
can specify any valid email address in the forest, and this address is used
to test the Outlook provider. It is typically an SMTP address, but you can
specify the domain and user name or an Active Directory GUID, and the
command resolves this information to an SMTP address. The TargetAddress
parameter specifies the recipient used to test whether Availability service
data can be retrieved.
Typically, commands based on this cmdlet run against the Client Access
server on which they are entered, but, as with previously described cmdlets,
you can use the ClientAccessServer parameter to specify the Client Access
server that the client accesses. The MonitoringContext parameter specifies
whether the results of the command include monitoring events and performance
counters. If you specify this parameter with the value $true, the test
results include monitoring events and performance counters in addition to
information about the MAPI transaction.
The following command verifies the service information returned to the
Outlook client from the Autodiscover service for the user
[email protected]:
Test-OutlookWebServices -Identity:[email protected] -MonitoringContext:$true | FL
The above command tests the following:
The Availability service
Outlook Anywhere
The OAB
UM
Figure 6 shows the output from
this command.
Figure 6. Verifying Autodiscover settings