About this Document
In this document we explain how to configure MAPI over HTTP on the AXS GUARD reverse proxy server. This document was last updated on 28 Jan 2019.
Outlook clients that are not MAPI over HTTP capable can still use Outlook Anywhere (RPC over HTTP) to access Exchange through a MAPI-enabled Client Access server.
Application Server Requirements
The use of MAPI over HTTP requires all Exchange 2013 Client Access Servers to be updated to Exchange Server 2013 SP1 (or later). The feature is disabled by default in SP1 so you can get the servers updated without anyone noticing any changes. If you are an Office 365 Exchange Online customer you won’t have anything to worry about on the service side of deployment.
Outlook clients must be updated to use MAPI over HTTP. Office 2013 SP1 or Office 365 ProPlus February update (SP1 equivalent for ProPlus) are required for MAPI over HTTP. It is recommend you deploy the May Office 2013 public update or the April update for Office 365 ProPlus to eliminate the restart prompt when MAPI/HTTP is enabled for users.
Outlook 2010 was updated to support MAPI over HTTP in the January 2015 Public Update, and additional fixes for it were released in the April 2015 Public Update.
Prior version clients will continue to work as-is using Outlook Anywhere. Outlook Anywhere is the supported connection method for those clients. Microsoft did not backport MAPI over HTTP to Outlook 2007 or earlier versions.
Outlook clients make use of the Autodiscover functionality provided by
Exchange to connect to mailboxes. When the client is started, it
attempts to resolve
_autodiscover._tcp.maildomain.com to locate the Autodiscover Exchange
service for the given mail domain.
Any FQDN returned by the Autodiscover service must also be available as an external DNS record when accessing mail from the Internet (outside the corporate network or domain). If not, the client’s auto-configuration will fail and it will not be able to establish connections with the Exchange server.
Note that basic authentication is required for MAPI and EWS services, as NTLM is suppressed by default by the reverse proxy. See the official Microsoft documentation for additional information about how to configure your Exchange server for basic authentication.
AXS Guard-side Configuration
Go to Reverse Proxy > HTTP(S) > Servers
Create a new server entry with the following settings:
autodiscover.maildomain.com(use the appropriate external name for your domain).