Managing Server Connections

Document created by user.oxriBaJeN4 Employee on Jan 16, 2017Last modified by user.oxriBaJeN4 Employee on Jul 10, 2019
Version 19Show Document
  • View in full screen mode

This guide covers how to configure a server connection. These connections are required by certain Mimecast services including:




  • Exchange 2010 SP1 or later.
  • A Mimecast Trusted SSL Certificate installed on your Exchange Client Access server(s).
  • The Exchange Web Services must be accessible inbound using HTTPS on port 443 from the Mimecast IP Range.


Network Considerations

Proxy Server Considerations

If you use a reverse proxy server (e.g. Microsoft's Threat Management Gateway) to publish your Exchange Client Access Server(s) to the internet, a direct connection from the Mimecast IP Range is required to the Exchange Web Services (EWS) URL, bypassing the standard forms based authentication page that is typically presented.


If a forms based authentication page is presented when a client connects to the EWS URL, Server Connections will fail as this configuration is not supported.


Load Balancing Considerations


If you use load balancing, all connections to the Exchange Web Services (EWS) from the Mimecast IP range must be routed to the same Client Access Server. This is due to the challenge response nature of the authentication process. For example, if the first request from the client is directed to one Client Access Server, and the second is directed to another, the second server receiving the challenge response token will not be aware of the first connection, resulting in the connection attempt failing.


Using Exchange Server On Premises and Exchange Web Services


If you're using an On-Premises Exchange server and Exchange Web Services (EWS), you must enable basic authentication. If you're using Exchange Online with Office 365, this is enabled by default.

If using UPN's with the account you're authorizing for the server connection or the "Master Mailbox" accessing the other mailboxes through EWS, we recommend not using a local UPN. For example if using user@domain.local, ensure you're allowing the @emaildomain.user UPN. This may be already configured for Office 365 access, but may need configuration with On-Premises environments.

To enable basic authentication on your Client Access Server: 

  1. Open the Internet Information Services (IIS) Manager administrative tool on the Exchange Server hosting the Exchange Web Services. 
  2. Navigate through to Server > Sites > Default Web Site > EWS.
  3. Select the Authentication icon from the feature view.
  4. Ensure that Basic Authentication is enabled. If not, enable it here.
  5. Repeat this for all Exchange Servers in the organization.


Configuring a Server Connection




To configure a Server Connection:

  1. Log in to the Administration Console.
  2. Click on the Administrator menu item. A menu drop down is displayed.
  3. Click on the Services | Server Connections menu item.
  4. Either click on the
    • New Server Connection button to create a new server connection.
    • Edit Connection button to the right of the server connection to be changed.
  5. Enter a Name for the Server Connection.
  6. Select a Connection Type from the drop down list:

    Connection TypeComments
    Office 365You must create an association between Mimecast and Office 365. See the Creating an Office 365 Association for Server Connections page for full details.
    Exchange Web Services URLYou must configure application impersonation to enable us to access your mailboxes. See the Configuring Application Impersonation page for full details.
  7. Complete the fields applicable to your chosen connection type:
    1. For Office 365:

      Field / OptionDescription
      Client IdEnter the client id of the connection. See the Creating an Office 365 Association for Server Connections page for full details of how to obtain this.
      Tenant DomainEnter your domain (e.g.
      Mailbox CheckSpecify a known email address on your domain (e.g. to verify authentication to your server connection. When you are ready, click on the Test Connection button.
    2. For Exchange Web Services URL:

      Field / OptionDescription
      Exchange Web Services URLSpecify the URL that Exchange uses to communicate with Exchange Web Services.
      Security ModeSelect a security mode for the connection from the drop down list. "Strict" is the default value.
      Master Mailbox Address

      Specify the email address and password of the master mailbox.

      If you've a password policy in place to age passwords, either exempt the "master mailbox" from this policy, or add a reminder to change the password configured in Mimecast.          
      Master Mailbox Password
      Mailbox CheckSpecify a known email address on your domain (e.g. to verify authentication to your server connection. When you are ready, click on the Test Connection button.
      For Exchange Web Services you must configure Application Impersonation to enable us to access your mailboxes. See Configuring Application Impersonation for further details.
  8. Either click Click on the:
    • Create Connection button to create the new server connection 
    • Save Changes button to save the changes to the server connection.


Deleting a Server Connection


A server connection can only be deleted if it is not being used by any other Mimecast service. If you attempt to delete a server connection that is used by a Mimecast service, a notification is displayed informing you that you can't. The Mimecast services that use a server connection include:


To delete a server connection:

  1. Click on the Delete icon icon to the right of the server connection to be deleted. A confirmation message is displayed.
  2. Click on the Delete Connection button.
1 person found this helpful