This guide covers how to configure a server connection. These connections are required by certain Mimecast services including:
- Targeted Threat Protection: Internal Email Protect
- Continuity Event Management
- Sync & Recover Overview
- Exchange 2007 SP1 or later, except Sync & Recover which requires Exchange 2010 SP1 or later.
- A Mimecast Trusted SSL Certificate installed on your Exchange Client Access server(s).
- The Exchange Web Services must be accessible inbound using HTTPS on port 443 from the Mimecast IP Range.
Proxy Server Considerations
If you use a reverse proxy server (e.g. Microsoft's Threat Management Gateway) to publish your Exchange Client Access Server(s) to the internet, a direct connection from the Mimecast IP Range is required to the Exchange Web Services (EWS) URL, bypassing the standard forms based authentication page that is typically presented.
If a forms based authentication page is presented when a client connects to the EWS URL, Server Connections will fail as this configuration is not supported.
Load Balancing Considerations
If you use load balancing, all connections to the Exchange Web Services (EWS) from the Mimecast IP range must be routed to the same Client Access Server. This is due to the challenge response nature of the authentication process. For example, if the first request from the client is directed to one Client Access Server, and the second is directed to another, the second server receiving the challenge response token will not be aware of the first connection, resulting in the connection attempt failing.
Using Exchange Server On Premises and Exchange Web Services
If you're using an On-Premises Exchange server and Exchange Web Services (EWS), you must enable basic authentication. If you're using Exchange Online with Office 365, this is enabled by default.
If using UPN's with the account you're authorizing for the server connection or the "Master Mailbox" accessing the other mailboxes through EWS, we recommend not using a local UPN. For example if using firstname.lastname@example.org, ensure you're allowing the @emaildomain.user UPN. This may be already configured for Office 365 access, but may need configuration with On-Premises environments.
Configuring a Server Connection
To configure a Server Connection:
- Log in to the Administration Console.
- Click on the Administrator menu item. A menu drop down is displayed.
- Click on the Services | Server Connections menu item.
- Either click on the
- New Server Connection button to create a new server connection.
- Edit Connection button to the right of the server connection to be changed.
- Enter a Name for the Server Connection.
- Select a Connection Type from the drop down list:
Connection Type Comments Office 365 You must create an association between Mimecast and Office 365. See the Creating an Office 365 Association for Server Connections page for full details. Exchange Web Services URL You must configure application impersonation to enable us to access your mailboxes. See the Configuring Application Impersonation page for full details.
- Complete the fields applicable to your chosen connection type:
- For Office 365:
Field / Option Description Client Id Enter the client id of the connection. See the Creating an Office 365 Association for Server Connections page for full details of how to obtain this. Tenant Domain Enter your domain (e.g. yourdomain.onmicrosoft.com). Mailbox Check Specify a known email address on your domain (e.g. email@example.com) to verify authentication to your server connection. When you are ready, click on the Test Connection button.
- For Exchange Web Services URL:
Field / Option Description Exchange Web Services URL Specify the URL that Exchange uses to communicate with Exchange Web Services. Security Mode Select a security mode for the connection from the drop down list. "Strict" is the default value. Master Mailbox Address
Specify the email address and password of the master mailbox.If you've a password policy in place to age passwords, either exempt the "master mailbox" from this policy, or add a reminder to change the password configured in Mimecast.
Master Mailbox Password Mailbox Check Specify a known email address on your domain (e.g. firstname.lastname@example.org) to verify authentication to your server connection. When you are ready, click on the Test Connection button.For Exchange Web Services you must configure Application Impersonation to enable us to access your mailboxes. See Configuring Application Impersonation for further details.
- For Office 365:
- Either click Click on the:
- Create Connection button to create the new server connection
- Save Changes button to save the changes to the server connection.
Deleting a Server Connection
A server connection can only be deleted if it is not being used by any other Mimecast service. If you attempt to delete a server connection that is used by a Mimecast service, a notification is displayed informing you that you can't. The Mimecast services that use a server connection include:
To delete a server connection: