Exchange 2007 SP 3 RU 3 / ISA 2006 SP1 OWA Customization fileAlong with the significant improvements...

Exchange 2007 SP 3 RU 3 / ISA 2006 SP1 OWA

Customization

Document Version V3-0

Document Set:

Date 27/05/2011

Prepared By Corporate IT

CONFIDENTIAL

Exchange 2007 SP3 RU 3 / ISA 2006 SP1 OWA Customization

© Xstrata 2011 Confidential

of 18

Document Control

Change History

Version Date Name Revision Description

1.0 30-July-2009 Cameron Pike Initial Document Creation

1.1 19-October-2009 Cameron Pike Updates to Package and Documentation

2.0 9-March-2010 Cameron Pike Updates to include production environment validation changes.

2.1 12-April-2010 Cameron Pike Updates to include MSI package information, and CAS Server Forms.

2.2 15-July-2010 Cameron Pike Updates to include changes for RSA Authentication integration.

2.3 23-July-2010 Cameron Pike Repackaged for modified RSA forms order.

3.0 12-May-2011 Cameron Pike Updated ISA Forms and themes with more coherent look and feel to XWP. Repackaged all content for Exchange 2007 SP3 RU3 deployment.

Approbation

Version Date Approved Approver Position

Distribution List

Name Title

Related Documents

Document Title Date Revision Author



of 18

Table of Contents

1 Introduction ...................................................................................................................................... 4

1.1 Document Purpose ......................................................................................................................... 4 1.2 Readership ..................................................................................................................................... 4 1.3 Scope ............................................................................................................................................. 4 1.4 Responsibilities ............................................................................................................................... 4

2 OWA Customization Overview ....................................................................................................... 5

3 ISA Server 2006 Configuration ........................................................................................................ 7

3.1 ISA Server Requirements ................................................................................................................. 7 3.2 ISA FBA modifications overview ...................................................................................................... 7 3.3 ISA FBA Modifications Step by Step ................................................................................................. 9

4 Exchange 2007 Client Access Server Configuration .................................................................... 13

4.1 Exchange 2007 Client Access Server Requirements ........................................................................ 13 4.2 Exchange 2007 Client Access Servers modifications overview ......................................................... 13 4.3 Exchange 2007 CAS Server Modifications Step By Step .................................................................. 14



of 18

1 Introduction

1.1 Document Purpose

This document will explain the procedures for customizing and deploying the ISA FBA forms customisation for outlook web access, as well as the Xstrata outlook web access them package.

The package is applicable for deployment to both internal and external ISA servers providing access to Outlook Web Access.

The contents of this package and documentation are specific to ISA Server 2006 SP1 and

Exchange 2007 SP3 RU3. This package should not be deployed to ANY other versions of these

services unless specifically guided by corporate IT.

1.2 Readership

Implementers of Outlook Web Access services

1.3 Scope

Organizational wide

1.4 Responsibilities

The implementer is expected to have working knowledge of ISA 2006 SP1, Exchange Server 2007 SP3 RU3, and all supporting technologies.



of 18

2 OWA Customization Overview

The Xstrata OWA Customization will require minimal effort to implement, providing a significant Xstrata branding for the Outlook Web Access (OWA) Experience, as well as updating the default ISA forms sets to be provided with the RSA Authentication mechanism.

Along with the significant improvements to Outlook Web Access in Exchange 2007, the OWA customization will provide end users with an Xstrata branded Forms Based Authentication Mechanism and Outlook Web Access theme which will provide a consistent look and feel across the business units for the Outlook Web Access client experience.

As all Exchange 2007 deployments of OWA will be published via an ISA reverse proxy server, the customizations will need to be made in two distinct areas:

1. ISA Forms customization (Handle log-on and log-off events via forms based authentication (FBA)).

2. OWA Theme customization (Outlook Header and default font).

The below displays the significant difference between the default ISA outlook web access logon form and the customized Xstrata logon form:

Default Logon Form Customized Logon Form



of 18

Default Settings Form (Page is displayed only once on initial OWA logon)

Custom Settings Form (Page is displayed only once on initial OWA logon)

Default OWA Theme Custom OWA Theme (Only header customised)

Default Log-off Form Customized Log-off Form



of 18

3 ISA Server 2006 Configuration

The ISA forms customization will need to be deployed to both the externally facing ISA / Reverse Proxy located in the DMZ, as well as the internally facing ISA / Websense server which is publishing OWA internally. Failure to deploy in both locations will result in inconsistent customizations deployed to the environment.

As the Microsoft Firewall service requires to be restarted to implement the customizations, it

should be scheduled at a time of least impact as this will affect external client access to

messaging services, as well as client web browsing when the service is restarted on the

externally and internally facing ISA servers respectively.

3.1 ISA Server Requirements

For the purposes of this document, the following requirements must be met to proceed with the ISA FBA forms customization:

1. ISA 2006 SP1 and applicable hot-fixes installed and configured.

2. OWA published on the ISA server and confirmed to be functioning (including all appropriate certificates, web-listeners, and exchange configuration to support being published via ISA).

3. A full backup of the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates directory has been completed.

3.2 ISA FBA modifications overview

The customization of the ISA forms based authentication mechanism is relatively straightforward, and involves the following steps (refer to section 3.3 for Step by Step Implementation details):

1. Browsing to the folder ‘<ISA Installation Directory>\CookieAuthTemplates’ and creating a folder named ‘Xstrata’ to use for the customized forms modification. Copying the contents of ‘<ISA Installation

Directory>\CookieAuthTemplates\Exchange’ to ‘<ISA Installation Directory>\CookieAuthTemplates\Xstrata’.

2. Replacing a number of files in the Xstrata\Html directory:

Logon_styles.css – the style sheet which defines the fonts, colors, and tables for the form.

Strings.txt – the fallback collection of strings for form population.

lgn<xxx>.gif – various sections of the ISA forms page graphics.

lgnexlogo.gif – the exchange logo presented in the bottom portion of the form.

user_pwd_pcode.html – the html page responsible for rendering the RSA forms.

NOTE: The sizes listed above are the default sizes of the original graphics for the form – it is suggested to attempt to stay as close as possible with these sizes should any additional customization be required to the graphics.

Replacing the Strings.txt files in the below directories:

C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\Xstrata\HTML\nls\en

C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\es

C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\sp

3. Point the Web-publishing rule for owa to the new directory (Simply type the name of the Xstrata directory)



of 18

4. Apply the changes to the ISA server Firewall Policy Rule.

5. Restart the ‘Microsoft Firewall’ Service.

6. Confirm the new form set is active for the rule.

The Logon_Styles.css included in the package has been commented with the relevant sections and their default settings as well for reference.

The below screenshot displays the default OWA forms logon prior to any modification.

The below screenshot displays the OWA forms post modification.



of 18

3.3 ISA FBA Modifications Step by Step

Logon to the ISA Server with an Administrative account.

Create a new directory (C:\ISA Forms Backup):

Copy the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates directory and contents into the ISA

Forms Backup directory

Create a folder named ‘Xstrata’ in the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates



of 18

Copy the contents of the ‘Exchange’ folder into the previously created ‘Xstrata’ folder.

Extract the contents of the Xstrata_ISA_Forms-v3.0.zip package into the HTML directory of the previously created ‘Xstrata’ Folder, overwriting the existing files which are present in the zip package.

Confirm the following files in the C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\Xstrata\HTML directory have been updated:

Logon_styles.

Strings.txt

lgntop.gif

lgnright.gif

lgnleft.gif

lgnbottom.gif

lgnexlogo.gif

user_pwd_pcode.html

TopBanner1.gif

Additionally confirm the strings.txt file has been updated in the following directories:

C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\Xstrata\HTML\nls\en

C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\es

C:\Program Files\Microsoft ISA Server\CookieAuthTemplates\ Xstrata\HTML\nls\sp

Open the ISA Server Management Console. Select the properties of the Firewall Policy Rule which is publishing Outlook Web Access.



of 18

Select the Application Settings tab | Update the ‘Type the custom HTML form set directory….’ Option to use the Xstrata folder as shown below.

Select the properties of the Web-listener, and change the Form set configured on the forms tab to the xstrata folder as shown below. Click OK twice to commit the changes to the web listener, and the publishing rule:

Ensure to apply the changes to the ISA Server configuration, and restart the Microsoft Firewall

service on the ISA Server.

NOTE: THE MICROSOFT FIREWALL SERVICE WILL ALSO REQUIRE TO BE RESTARTED AFTER

APPLYING THE CONFIGURATION CHANGE TO THE ISA SERVER. WHILE THE SERVICE IS BEING

RESTARTED ALL SERVICES HOSTED THROUGH THE ISA SERVER WILL BE UNAVAILABLE



of 18

Once the changes are applied, confirm the custom form set has been deployed correctly by connecting to OWA. The new form set should be as seen below:

Confirm you are able to logon to OWA, and then logoff to confirm you receive the below log off form:



of 18

4 Exchange 2007 Client Access Server Configuration

The Xstrata OWA theme must be deployed to the exchange 2007 SP3 RU3 client access servers. The theme and configuration should be deployed to all client access servers.

4.1 Exchange 2007 Client Access Server Requirements

For the purposes of this document, the following requirements must be met on the client access servers

1. Exchange 2007 SP3 RU3 installed on the CAS server(s).

2. A full backup of the <Exchange Install Dir>\ClientAccess\Owa\8.3.159.2\themes directory.

4.2 Exchange 2007 Client Access Servers modifications overview

This document will cover only the deployment of the Xstrata OWA theme package to the client access servers, which is a very straightforward process, consisting of the below steps:

1. Creating an ‘Xstrata’ themes directory.

2. Unpacking the CAS server OWA theme package to the newly created directory.

3. Set the Xstrata theme as the default them for the OWA installation on the client access server (Optional)

The screenshots below display the modified Xstrata theme compared to the default OWA theme:

Default Theme

(Seattle Sky)

Modified Theme

(Xstrata)



of 18

Default Exchange 2007

CAS Logon Forms

Modified Exchange 2007

CAS Logon Forms

4.3 Exchange 2007 CAS Server Modifications Step By Step

NOTE: This process will need to be performed on all Client Access Servers.



of 18

It is also suggested when testing different phases of the deployment with an internet explorer session to

OWA to close out of internet explorer and empty the temporary internet files between phases.

Logon to the CAS Server with an administrative account.

Create a new directory in the root of the disk hosting the exchange installation named OWA Themes

Backup

Navigate to the <Exchange Install Directory>\ClientAccess\Owa\8.3.159.2\themes directory. Copy all content from this directory into the <Exchange Install Disk>\OWA Themes Backup directory.



of 18

Extract the contents of the Xstrata_OWA_Themes-v3.0.zip package to the <Exchange Install

Directory>\ClientAccess\Owa\8.3.159.2\themes directory.

Confirm that there is now a <Exchange Install Directory>\ClientAccess\Owa\8.3.159.2\themes\Xstrata directory which contains the following files:

Logopb.gif

Logopt.gif

Nbbkg.gif

Owafont.css

Premium.css

Confirm that the following files have been updated in <Exchange Install

Directory>\ClientAccess\Owa\8.3.159.2\themes \base directory:

Logon.css

Lgntopl.gif

Lgntopm.gif

Lgntopr.gif

Lgnright.gif

Lgnleft.gif

Lgnexlogo.gif

Lgnbotr.gif

Lgnbotm.gif

Lgnbotl.gif

To verify the theme has been installed correctly, logon to Outlook Web Access



of 18

Select ‘Options | General Settings’ and select the ‘Xstrata’ option in the dropdown box under the ‘Appearance’ section of the page.

NOTE: Ensure to click the ‘Save’ button to commit the changes.

If the ‘Xstrata’ theme is not available, perform an IISReset /noforce from a command line on

the CAS server and reconnect to OWA.

Refresh your browser (hit F5 or the refresh button) – if the theme was applied correctly it will look similar to the below.



of 18

OPTIONAL: To change the default theme for the OWA virtual directory, the following PS command should be run from the Exchange Management Shell

>Get-OwaVirtualDirectory <XXX>*\owa* | Set-OwaVirtualDirectory -DefaultTheme "Xstrata"

Where <XXX> is the domain GNS Code.

NOTE: This will change default OWA theme for all users accessing this OWA instance to the

newly deployed Xstrata theme.

OPTIONAL: To confirm the above command has set the default theme, the following PS command may be run from the Exchange Management shell:

>Get-owavirtualdirectory | where {$_.name -ilike "owa*"} | fl

View the OWA Virtual directory properties – confirm that the ‘Default Theme’ is set.

OPTIONAL: Confirm that the default theme has been applied by connecting to Outlook web access with a user who has not previously connected or previously selected a theme. It should be confirmed that the regional settings page has been updated and reflected as below

Exchange 2007 SP 3 RU 3 / ISA 2006 SP1 OWA Customization fileAlong with the significant improvements...

Documents

Transcript of Exchange 2007 SP 3 RU 3 / ISA 2006 SP1 OWA Customization fileAlong with the significant improvements...