Client Access Services Flashcards Preview

Exchange 2016 MCSE 70-345 > Client Access Services > Flashcards

Flashcards in Client Access Services Deck (72)
Loading flashcards...

What is a Bound Namespace?

• One namespace model that can be used with multiple datacenters.

• Each datacenter has its own namespace (Ex.,, and

• Used when there is a preference for users to connect to a specific datacenter

• Used in combination with Active/Passive DAGs.


What is an Unbound Namespace?

• One namespace model that can be used with multiple datacenters.

• All datacenters use the same namespace

• Used when there is no preference for which datacenter users connect to

• Can be used in combination with Geo-DNS or Geo-loadbalancing, to direct users to closest datacenter, or DNS round robin for random distribution

• Doesn't apply to Office Online Server namespace, which always needs a bound namespace since it requires persistence


What are the SSL Certificate requirements?

• Certificate must be issued by a certificate authority that is trusted by both the server and the client

• The certificate name must match the server name (URL/namespace) the client is connecting to

• The certificate must still be within the validity period (has not expired)


What are the recommendations for SSL Certificates?

• Use certificates issued by a trusted 3rd-Party CA, rather than by a private, internal CA.

• Use a SAN certificate

• Use the same, single certificate for all services (HTTPS, SMTP, IMAP, POP)

• Use the same, single certificate for all servers


What is a SAN certificate?

• "Subject Alternative Name"

• A type of SSL cert, which allows for multiple names on a single cert.

• But, unlike a wildcard cert, the names must be specified when issuing the cert.


What is a Unified Communications Certificate?

• Another name for a SAN certificate, a type of SSL certificate.

• Some providers refer to it as a Unified Communications Certificate.


How should firewalls be configured to allow/deny traffic to and from Exchange servers?

• Exchange servers should not be firewalled from other Exchange servers or from domain controllers. If firewalled, use an Any-Any rule.

• Exchange should be firewalled from the public internet. Very few services need to be allowed in; HTTPS (TCP 443) is all that is required, plus ports for POP and IMAP if you are using them.


What protocols and ports are required for all possible Client Access methods?

• HTTPS (TCP 443)

• POP3 (TCP 995/110)

• IMAP4 (TCP 993/143)


What is OWA?

Outlook Web App

An old name for Outlook on the Web.

This acronym is still used in Shell commands to identify the service.


What is Outlook on the Web?

The new name for Outlook Web App (OWA)


What are the Shell commands for configuring Namespaces for HTTPS services?

For Outlook Anywhere:
• Set-OutlookAnywhere

For Autodiscover:
• Set-ClientAccessService

For all other services:
• Set-*VirtualDirectory


What is different about the Autodiscover virtual directory?

Autodiscover has a Virtual Directory, and there is a Set-VirtualDirectory command to configure them.

However, the internal and external URLs configured there are ignored by Exchange.

Instead, the SCP is used, which you configure using Set-ClientAccessService.


What is this:


Service Connection Point


What is this:


Certificate Signing Request

A request for an SSL certificate that has been generated by the server that the certificate will be installed on.


How can you install a single SSL certificate to multiple Exchange servers?

First install the cert on the server that generated the CSR.

Then, export the certificate, and import it to other servers.

(Multiple servers can be selected to import to at once.)

You will then have to go to each server to specify the same services to assign this certificate to.


What Authentication options are available to Outlook on the Web?

• Basic Authentication

• Integrated Windows Authentication

• Forms-based Authentication


How does Basic Authentication work?

• Username/password popup dialog

• Credentials transmitted in clear text, secured by HTTPS

• Not very user friendly


How does Integrated Windows Authentication work?

• Requires the URL for Outlook on the Web to be in the Intranet or Trusted Sites zone in Internet Explorer

• User's Windows login information is automatically used

• Hashed credentials are transmitted, secured by HTTPS

• If the automatic login does not work, there will be a popup asking credentials, which uses NTLM challenge/response or Kerberos


How does Forms-based Authentication work?

• Presents a user-friendly login form

• Credentials are transmitted in clear text, secured by HTTPS

• Multiple login formats can be used:
- Domain\Username
- Username only (with default logon domain pre-defined)


What is this:


User Principle Name


If using Forms-based Authentication and a UPN format, how will the username field be presented to the user?

• It will ask for Email address, even though it is looking for the UPN name.

• For this reason, you would want a user's e-mail address to match their UPN.


What is this, and what does it do?


Exchange Control Panel

Serves the "Options" user interface for Outlook on the Web.

Also serves the Exchange Admin Center for administrators.


Where are authentication settings for Outlook on the Web and Exchange Control Panel configured?

In the corresponding Virtual Directory settings.


How should the authentication options for OWA and ECP be set relative to each other?

They should be set to use the same authentication method.


What is the recommended authentication method, and why?


It is faster than NTLM, and doesn't have the potential for authentication bottlenecking that NTLM has.


What does "frontend services" refer to?

Client Access Services are also known as Frontend Services


What is a Virtual IP?

This is one of the terms for the IP address, or combination of IP address and port, that a load balancer hosts for clients to connect to.


What is a Virtual Service?

This is one of the terms for the IP address, or combination of IP address and port, that a load balancer hosts for clients to connect to.


What is a Virtual Server?

This is one of the terms for the IP address, or combination of IP address and port, that a load balancer hosts for clients to connect to.


What methods can Load Balancers distribute traffic to member servers?

• Round robin

• Weighted round robin

• Least connections

• Various adaptive methods (server load, other metrics)