Exchange 2007 SP 3 RU 3 / ISA 2006 SP1 OWA Customization fileAlong with the significant improvements...
Transcript of Exchange 2007 SP 3 RU 3 / ISA 2006 SP1 OWA Customization fileAlong with the significant improvements...
Exchange 2007 SP 3 RU 3 / ISA 2006 SP1 OWA
Customization
Document Version V3-0
Document Set:
Date 27/05/2011
Prepared By Corporate IT
CONFIDENTIAL
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 2 of 18
Document Control
Change History
Version Date Name Revision Description
1.0 30-July-2009 Cameron Pike Initial Document Creation
1.1 19-October-2009 Cameron Pike Updates to Package and Documentation
2.0 9-March-2010 Cameron Pike Updates to include production environment validation changes.
2.1 12-April-2010 Cameron Pike Updates to include MSI package information, and CAS Server Forms.
2.2 15-July-2010 Cameron Pike Updates to include changes for RSA Authentication integration.
2.3 23-July-2010 Cameron Pike Repackaged for modified RSA forms order.
3.0 12-May-2011 Cameron Pike Updated ISA Forms and themes with more coherent look and feel to XWP. Repackaged all content for Exchange 2007 SP3 RU3 deployment.
Approbation
Version Date Approved Approver Position
Distribution List
Name Title
Related Documents
Document Title Date Revision Author
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 3 of 18
Table of Contents
1 Introduction ...................................................................................................................................... 4
1.1 Document Purpose ......................................................................................................................... 4 1.2 Readership ..................................................................................................................................... 4 1.3 Scope ............................................................................................................................................. 4 1.4 Responsibilities ............................................................................................................................... 4
2 OWA Customization Overview ....................................................................................................... 5
3 ISA Server 2006 Configuration ........................................................................................................ 7
3.1 ISA Server Requirements ................................................................................................................. 7 3.2 ISA FBA modifications overview ...................................................................................................... 7 3.3 ISA FBA Modifications Step by Step ................................................................................................. 9
4 Exchange 2007 Client Access Server Configuration .................................................................... 13
4.1 Exchange 2007 Client Access Server Requirements ........................................................................ 13 4.2 Exchange 2007 Client Access Servers modifications overview ......................................................... 13 4.3 Exchange 2007 CAS Server Modifications Step By Step .................................................................. 14
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 4 of 18
1 Introduction
1.1 Document Purpose
This document will explain the procedures for customizing and deploying the ISA FBA forms customisation for outlook web access, as well as the Xstrata outlook web access them package.
The package is applicable for deployment to both internal and external ISA servers providing access to Outlook Web Access.
The contents of this package and documentation are specific to ISA Server 2006 SP1 and
Exchange 2007 SP3 RU3. This package should not be deployed to ANY other versions of these
services unless specifically guided by corporate IT.
1.2 Readership
Implementers of Outlook Web Access services
1.3 Scope
Organizational wide
1.4 Responsibilities
The implementer is expected to have working knowledge of ISA 2006 SP1, Exchange Server 2007 SP3 RU3, and all supporting technologies.
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 5 of 18
2 OWA Customization Overview
The Xstrata OWA Customization will require minimal effort to implement, providing a significant Xstrata branding for the Outlook Web Access (OWA) Experience, as well as updating the default ISA forms sets to be provided with the RSA Authentication mechanism.
Along with the significant improvements to Outlook Web Access in Exchange 2007, the OWA customization will provide end users with an Xstrata branded Forms Based Authentication Mechanism and Outlook Web Access theme which will provide a consistent look and feel across the business units for the Outlook Web Access client experience.
As all Exchange 2007 deployments of OWA will be published via an ISA reverse proxy server, the customizations will need to be made in two distinct areas:
1. ISA Forms customization (Handle log-on and log-off events via forms based authentication (FBA)).
2. OWA Theme customization (Outlook Header and default font).
The below displays the significant difference between the default ISA outlook web access logon form and the customized Xstrata logon form:
Default Logon Form Customized Logon Form
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 6 of 18
Default Settings Form (Page is displayed only once on initial OWA logon)
Custom Settings Form (Page is displayed only once on initial OWA logon)
Default OWA Theme Custom OWA Theme (Only header customised)
Default Log-off Form Customized Log-off Form
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 7 of 18
3 ISA Server 2006 Configuration
The ISA forms customization will need to be deployed to both the externally facing ISA / Reverse Proxy located in the DMZ, as well as the internally facing ISA / Websense server which is publishing OWA internally. Failure to deploy in both locations will result in inconsistent customizations deployed to the environment.
As the Microsoft Firewall service requires to be restarted to implement the customizations, it
should be scheduled at a time of least impact as this will affect external client access to
messaging services, as well as client web browsing when the service is restarted on the
externally and internally facing ISA servers respectively.
3.1 ISA Server Requirements
For the purposes of this document, the following requirements must be met to proceed with the ISA FBA forms customization:
1. ISA 2006 SP1 and applicable hot-fixes installed and configured.
2. OWA published on the ISA server and confirmed to be functioning (including all appropriate certificates, web-listeners, and exchange configuration to support being published via ISA).
3. A full backup of the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates directory has been completed.
3.2 ISA FBA modifications overview
The customization of the ISA forms based authentication mechanism is relatively straightforward, and involves the following steps (refer to section 3.3 for Step by Step Implementation details):
1. Browsing to the folder ‘<ISA Installation Directory>\CookieAuthTemplates’ and creating a folder named ‘Xstrata’ to use for the customized forms modification. Copying the contents of ‘<ISA Installation
Directory>\CookieAuthTemplates\Exchange’ to ‘<ISA Installation Directory>\CookieAuthTemplates\Xstrata’.
2. Replacing a number of files in the Xstrata\Html directory:
Logon_styles.css – the style sheet which defines the fonts, colors, and tables for the form.
Strings.txt – the fallback collection of strings for form population.
lgn<xxx>.gif – various sections of the ISA forms page graphics.
lgnexlogo.gif – the exchange logo presented in the bottom portion of the form.
user_pwd_pcode.html – the html page responsible for rendering the RSA forms.
NOTE: The sizes listed above are the default sizes of the original graphics for the form – it is suggested to attempt to stay as close as possible with these sizes should any additional customization be required to the graphics.
Replacing the Strings.txt files in the below directories:
C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\Xstrata\HTML\nls\en
C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\es
C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\sp
3. Point the Web-publishing rule for owa to the new directory (Simply type the name of the Xstrata directory)
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 8 of 18
4. Apply the changes to the ISA server Firewall Policy Rule.
5. Restart the ‘Microsoft Firewall’ Service.
6. Confirm the new form set is active for the rule.
The Logon_Styles.css included in the package has been commented with the relevant sections and their default settings as well for reference.
The below screenshot displays the default OWA forms logon prior to any modification.
The below screenshot displays the OWA forms post modification.
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 9 of 18
3.3 ISA FBA Modifications Step by Step
Logon to the ISA Server with an Administrative account.
Create a new directory (C:\ISA Forms Backup):
Copy the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates directory and contents into the ISA
Forms Backup directory
Create a folder named ‘Xstrata’ in the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 10 of 18
Copy the contents of the ‘Exchange’ folder into the previously created ‘Xstrata’ folder.
Extract the contents of the Xstrata_ISA_Forms-v3.0.zip package into the HTML directory of the previously created ‘Xstrata’ Folder, overwriting the existing files which are present in the zip package.
Confirm the following files in the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\Xstrata\HTML directory have been updated:
Logon_styles.
Strings.txt
lgntop.gif
lgnright.gif
lgnleft.gif
lgnbottom.gif
lgnexlogo.gif
user_pwd_pcode.html
TopBanner1.gif
Additionally confirm the strings.txt file has been updated in the following directories:
C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\Xstrata\HTML\nls\en
C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\es
C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\sp
Open the ISA Server Management Console. Select the properties of the Firewall Policy Rule which is publishing Outlook Web Access.
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 11 of 18
Select the Application Settings tab | Update the ‘Type the custom HTML form set directory….’ Option to use the Xstrata folder as shown below.
Select the properties of the Web-listener, and change the Form set configured on the forms tab to the xstrata folder as shown below. Click OK twice to commit the changes to the web listener, and the publishing rule:
Ensure to apply the changes to the ISA Server configuration, and restart the Microsoft Firewall
service on the ISA Server.
NOTE: THE MICROSOFT FIREWALL SERVICE WILL ALSO REQUIRE TO BE RESTARTED AFTER
APPLYING THE CONFIGURATION CHANGE TO THE ISA SERVER. WHILE THE SERVICE IS BEING
RESTARTED ALL SERVICES HOSTED THROUGH THE ISA SERVER WILL BE UNAVAILABLE
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 12 of 18
Once the changes are applied, confirm the custom form set has been deployed correctly by connecting to OWA. The new form set should be as seen below:
Confirm you are able to logon to OWA, and then logoff to confirm you receive the below log off form:
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 13 of 18
4 Exchange 2007 Client Access Server Configuration
The Xstrata OWA theme must be deployed to the exchange 2007 SP3 RU3 client access servers. The theme and configuration should be deployed to all client access servers.
4.1 Exchange 2007 Client Access Server Requirements
For the purposes of this document, the following requirements must be met on the client access servers
1. Exchange 2007 SP3 RU3 installed on the CAS server(s).
2. A full backup of the <Exchange Install Dir>\ClientAccess\Owa\8.3.159.2\themes directory.
4.2 Exchange 2007 Client Access Servers modifications overview
This document will cover only the deployment of the Xstrata OWA theme package to the client access servers, which is a very straightforward process, consisting of the below steps:
1. Creating an ‘Xstrata’ themes directory.
2. Unpacking the CAS server OWA theme package to the newly created directory.
3. Set the Xstrata theme as the default them for the OWA installation on the client access server (Optional)
The screenshots below display the modified Xstrata theme compared to the default OWA theme:
Default Theme
(Seattle Sky)
Modified Theme
(Xstrata)
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 14 of 18
Default Exchange 2007
CAS Logon Forms
Modified Exchange 2007
CAS Logon Forms
4.3 Exchange 2007 CAS Server Modifications Step By Step
NOTE: This process will need to be performed on all Client Access Servers.
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 15 of 18
It is also suggested when testing different phases of the deployment with an internet explorer session to
OWA to close out of internet explorer and empty the temporary internet files between phases.
Logon to the CAS Server with an administrative account.
Create a new directory in the root of the disk hosting the exchange installation named OWA Themes
Backup
Navigate to the <Exchange Install Directory>\ClientAccess\Owa\8.3.159.2\themes directory. Copy all content from this directory into the <Exchange Install Disk>\OWA Themes Backup directory.
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 16 of 18
Extract the contents of the Xstrata_OWA_Themes-v3.0.zip package to the <Exchange Install
Directory>\ClientAccess\Owa\8.3.159.2\themes directory.
Confirm that there is now a <Exchange Install Directory>\ClientAccess\Owa\8.3.159.2\themes\Xstrata directory which contains the following files:
Logopb.gif
Logopt.gif
Nbbkg.gif
Owafont.css
Premium.css
Confirm that the following files have been updated in <Exchange Install
Directory>\ClientAccess\Owa\8.3.159.2\themes \base directory:
Logon.css
Lgntopl.gif
Lgntopm.gif
Lgntopr.gif
Lgnright.gif
Lgnleft.gif
Lgnexlogo.gif
Lgnbotr.gif
Lgnbotm.gif
Lgnbotl.gif
To verify the theme has been installed correctly, logon to Outlook Web Access
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 17 of 18
Select ‘Options | General Settings’ and select the ‘Xstrata’ option in the dropdown box under the ‘Appearance’ section of the page.
NOTE: Ensure to click the ‘Save’ button to commit the changes.
If the ‘Xstrata’ theme is not available, perform an IISReset /noforce from a command line on
the CAS server and reconnect to OWA.
Refresh your browser (hit F5 or the refresh button) – if the theme was applied correctly it will look similar to the below.
Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization
© Xstrata 2011 Confidential
Page 18 of 18
OPTIONAL: To change the default theme for the OWA virtual directory, the following PS command should be run from the Exchange Management Shell
>Get-OwaVirtualDirectory <XXX>*\owa* | Set-OwaVirtualDirectory -DefaultTheme "Xstrata"
Where <XXX> is the domain GNS Code.
NOTE: This will change default OWA theme for all users accessing this OWA instance to the
newly deployed Xstrata theme.
OPTIONAL: To confirm the above command has set the default theme, the following PS command may be run from the Exchange Management shell:
>Get-owavirtualdirectory | where {$_.name -ilike "owa*"} | fl
View the OWA Virtual directory properties – confirm that the ‘Default Theme’ is set.
OPTIONAL: Confirm that the default theme has been applied by connecting to Outlook web access with a user who has not previously connected or previously selected a theme. It should be confirmed that the regional settings page has been updated and reflected as below