Jaa


How Does Entourage Work?

As my blog is focused on Entourage as an 'Exchange Client', let's start with the most obvious topic which will provide details on how Entourage works with a mailbox on an Exchange Server. This blog will encompass the currently supported versions of Entourage & Exchange Server, i.e. Entourage 2004 & 2008, and Exchange 2000, 2003 & 2007. Let's list all the different features in Entourage for which it needs to talk to Exchange Server or any other server in a Windows Active Directory based environment. (Note: All ports mentioned below are server side ports)

Entourage Setup Assistant (screenshot)
The very first feature which you use in Entourage is the 'Entourage Setup Assistant' (or 'Account Setup Assistant') after you create a new identity. If you try to configure your Exchange account using the setup assistant, it talks to available DNS server configured in Mac OS X 'Network Preferences' to locate a Windows Domain Controller or Global Catalog Server hosting Active Directory and then authenticates & inquires about Exchange mailbox server for user. The whole process is described over here in detail. Server side ports used are 53 (for DNS queries) and 3268 (for authentication & LDAP queries to locate mailbox server).

Mailbox Synchronization (screenshot)
After you have setup your Exchange account (using setup assistant or manually), Entourage goes and talks to the Exchange server (front-end or back-end mailbox server) thru IIS (Internet Information Server) to get connected to your mailbox. This communication is HTTP (WebDAV protocol) in nature, thus can happen over port 80 (without SSL) or 443 (with SSL) as per your server side requirements.

Public Folders (screenshot)
Another server you have to enter in Exchange account settings is your public folders server. Generally in big enterprises public folder servers are maintained separately from mailbox servers on the back-end. Entourage communicates with the public folder server in the same way as with an Exchange mailbox server, i.e. HTTP (WebDAV) over port 80 (without SSL) or 443 (with SSL).

Global Address List (screenshot)
In Entourage you also have to provide a Directory or LDAP server name, which in a Windows Active Directory based environment is your Global Catalog Server so that you can have access to 'Global Address List' (GAL) of your Exchange organization. Entourage uses ports 389 (without SSL) & 636 (with SSL) for authentication and then to access GAL, it sends LDAP queries over ports 3268 (without SSL) or 3269 (with SSL), so a combination of two ports is used for GAL feature, i.e. 389 & 3268 (without SSL) or 636 & 3269 (with SSL).

Out of Office Assistant
This is a new feature only in Entourage 2008. When connecting to Exchange 2000/2003 based mailboxes, Entourage sends a WebDAV query to pull up 'Options' page from OWA (Outlook Web Access) thru which it sets the OOF Assistant. The port usage for this feature is same as described above under 'Mailbox Synchronization' section.

When connecting to an Exchange 2007 CAS, it works thru 'Exchange Web Services' ('OOFURL' in 'autodiscover.xml') to configure 'OOF Assistant' with appropriate settings. Entourage 2008 uses port 80 (without SSL) or 443 (with SSL) for this feature depending on related configuration on Exchange 2007 CAS. Keep in mind that this feature does not work and fails with an error if you connect directly to an Exchange 2007 mailbox server on back-end as 'autodisover' and 'Exchange Web Services' are not present on it, they are only present on an Exchange 2007 CAS.

Free/Busy Info (screenshot)
When Entourage users schedule a meeting with other users in their Exchange organization, they can also view their free/busy information, i.e. whether other users are free or busy on particular day/time slots.

Entourage 2004 retrieves free/busy information for other users by talking to a public folder server hosting consolidated free/busy info for all users. This communication is also HTTP (WebDAV) in nature thus happens over port 80 (without SSL) or 443 (with SSL). Entourage 2004 pulls free/busy information in this way in all cases. It does not matter where Entourage user's mailbox is located, i.e. on Exchange 2000, 2003 or 2007 Server. Therefore, it is necessary to provide a public server name in Exchange account settings (under 'Advanced' tab) in Entourage 2004.

Entourage 2008 utilizes 'Availability Service' (AS, part of 'Exchange Web Services') on Exchange 2007 to retrieve free/busy information for other users (having mailboxes located on any version of Exchange Server) if it is connecting directly to an Exchange 2007 Client Access Server (CAS). For mailboxes located on Exchange 2007 server, AS pulls free/busy info directly from users' mailboxes while for mailboxes located on Exchange 2003 server (or earlier versions), AS sends the WebDAV query (HTTP, this query always goes over port 80 from CAS to an internal Public Folder server) to respective public folder server hosting those users' free/busy information. Entourage 2008 uses port 80 (without SSL) or 443 (with SSL) for this feature depending on related configuration on Exchange 2007 CAS. You also don't need to enter a public folder server name in Exchange account settings (under 'Advanced' tab) in Entourage for this feature to work, just the name of Exchange 2007 CAS (in 'Exchange server' field under 'Account Settings' tab) is enough.

If Entourage 2008 is connecting directly to a backend mailbox server (Exchange 2007 or earlier versions) or a front-end server (Exchange 2003 or earlier versions) then it utilizes the same WebDAV (HTTP) procedure to pull up the free/busy info as Entourage 2004 does (discussed above). It cannot use AS in this scenario as its only available on an Exchange 2007 CAS.

Folder Sharing
When an Entourage user (User1) accesses a shared folder of another user (User2) in his Exchange organization, it uses the same WebDAV (HTTP) based communication which it uses to access the mailbox of Entourage user (User1). The port usage is also the same as described above under 'Mailbox Synchronization' section. Same applies when you use Entourage to assign folder sharing permissions (Folder : <right click> : Sharing : Permissions tab).

Delegate Management (screenshot)
Using Entourage you can also assign access permissions to your delegates so that they can access your folders such as Inbox, Calendar & Contacts. Entourage 2004 establishes a direct connection to your mailbox server for this purpose, which utilizes MAPI (RPC over TCP). Why? Please read the 'CAUSE' section in KB 909269. Entourage 2004 first connects to port 135 ('End-point Mapper' or 'epmap') on Exchange mailbox server, which refers it to 'Exchange System Attendant Service' ('MAD.exe', there is no fixed port for 'MAD', its assigned dynamically). Exchange server then authenticates Entourage client by talking to a 'Domain Controller' or 'Global Catalog Server'. After successful authentication Entourage finally connects to mailbox store on Exchange server (there is no fixed port for 'store' either) and sets two parameters as mentioned in KB 909269. Entourage 2004 uses this procedure irrespective of the version of Exchange server (2007 or earlier versions) to which its connecting for mailbox access. Entourage 2008 works in the same way except when its connecting to an Exchange 2007 CAS with SP1 installed.

Entourage 2008 utilizes the new delegate management web service if its connecting to an Exchange 2007 CAS with Service Pack 1 installed. This communication happens over port 80 (without SSL) or 443 (with SSL) as per the server side configuration. The major advantage of this feature is that Entourage users can now assign delegation rights to other users independent of their location, i.e. they can do it while connected from internal or external locations.

Mailbox Quota Management (screenshot)
Entourage users can also find how much space their mailbox is utilizing on server at different levels, like at the top mailbox level, at each folder level, etc. They can do that by going to any folder, right click on it, choose 'Folder Properties' and then go to 'Storage' tab. The port usage for this feature is same as described above under 'Mailbox Synchronization' section.

Password Expiration Notice (screenshot)
Entourage also checks for Windows domain (where your Exchange server resides) password expiration on every launch or every 24 hours afterwards to see if user's password is going to expire in the next 10 days or not. It does that thru an LDAP query to your Windows 'Domain Controller' or 'Global Catalog Server' configured in Exchange account settings (under 'Advanced' tab). This communication happens over port 389 (without SSL) or 636 (with SSL).

Comments

  • Anonymous
    February 09, 2008
    Recommended reading: Amir Haque's blog post: How Does Entourage Work? The article explains how Entourage works with a mailbox on an Exchange Server. This blog will encompass the currently supported versions of Entourage & Exchange Server, i.e. Entourage

  • Anonymous
    February 09, 2008
    If you are running Microsoft Entourage in an Exchange environment, then this excellent post by Amir Haque is now officially required reading for you. Technorati Tags: Microsoft Entourage, Documentation...

  • Anonymous
    February 10, 2008
    Hi Amir -- Thanks for writing this. The clarity and matrix comparison (Entourage 2004/2008 vs. Exchange 2000, 2003 & 2007) is exactly what we need in our environment to help inform some upgrade choices. Quick questions about the July post. re Entourage performance implications when moving mailboxes: a) Would the .stm to .edb migration also be triggered on a mail database restore, or only when moving mailboxes from store to store? b) If a user has been moved and is experiencing performance issues, would it be possible to alleviate them by moving all the user mail to the local Entourage folders, and then BACK to Exchange (rewriting it into the .stm file)? The transfer would take a while but then I would expect all the mail to be accessible at full speed afterward. Or would you have to delete the user account on the Exchange side and recreate it to force the .stm rebuild? c) For sites which have a predominance of Entourage users, either sitewide or on particular databases or Exchange servers, do you have any best practices or recommendations for database maintenance? I am leery of running ESEUTIL on a frequent basis as there have been suggestions that it will rewrite the .edb files as above, causing performance problems. Thanks again for a great post, looking forward to reading more! --Mike

  • Anonymous
    February 11, 2008
    Have there been any reports of Exchange 2007 mangling AppleDouble enclosures from Entourage clients? We have this problem but I haven't found confirmation that it is a known problem or whether it might be fixed in service pack 1. I posted details to microsoft.public.mac.office.entourage a few weeks ago: http://groups.google.com/group/microsoft.public.mac.office.entourage/browse_thread/thread/8a55c71192d507b8/511eca2da677f826?lnk=st&q=email+attachment+size+coming+through#511eca2da677f826 David.

  • Anonymous
    February 11, 2008
    The comment has been removed

  • Anonymous
    February 12, 2008
    Mike T. Rose, a) No, .stm to .edb migration will not be triggered on a mail database restore. It happens only when moving mailboxes using 'Move Mailbox' wizard on server side. b) Yes, you can do that, but keep in mind the content conversion issue gives you real pain only when it happens for large messages and when it happens often, like in the case of users having lots of large msgs (like msgs with large attachments) in their Inbox or other folder which they access frequently. Over time you get new msgs which will be in stm file, so the issue subsides as I mentioned in my blog. Personally, I won't recommend this round-tripping to make it better. c)Nope, we don't have any special recommendations for that scenario, and yes, you should use ESEUTIL with care, as discussed in this blog by ninob. http://msexchangeteam.com/archive/2004/07/08/177574.aspx David Buxton, Yep, that's a known issue, the fix is in SP1 for Exchange 2007. Sorry, I can't find a separate KB for that and the issue is also not listed in KB 946138 (List of fixes in Exchange 2007 SP1). Nick Wade, Entourage adds incoming meeting invites as tentative to your calendar only when you are connecting to a POP, etc. type of mail account. It does not do that if you are connecting to an Exchange mailbox. The setting in Entourage Preferences mentioned in your post has a blurb beside it which says "non-Exchange calendars only". Now if you connect to an Exchange 2007 based mailbox, your server will do that for you and Entourage has nothing to do with that. Calendar Attendant does that on Exchange 2007 server. Read more about it over here: http://www.microsoft.com/exchange/evaluation/features/default.mspx http://www.microsoft.com/exchange/evaluation/features/calendarconcierge.mspx Hopefully, after reading this the 'Note' you mentioned above will make more sense now. -Amir

  • Anonymous
    February 12, 2008
    Amir, I am having an issue after migrating from 2004 to 2008 where the exact same user credentials that worked on 04 now return a logon error in 08. Checked with the server admin no changes on the back end. When using OWA directly on any web browser (mac/win) other than IE on Windows logging in takes two passes. If you log in using IE on Windows you get in the first time. I'm wondering if you know about this 'double authentication' and if it somehow was handled quietly in Entourage 04 but no longer works in 08? Using SSL on WebDAV with Exchange Server 2003. Thanks, Camille.

  • Anonymous
    February 13, 2008
    The comment has been removed

  • Anonymous
    February 14, 2008
    Thank you so much for answering my question about encoding corruption. I see an SP1 install in my near future... David.

  • Anonymous
    February 19, 2008
    Microsoft Entourage:mac News Microsoft Office 2004 for Mac 114 update released Tuesday, February 12,

  • Anonymous
    April 24, 2009
    This method can only be used with self assigned certs (To request certificate from an Internal MS CA)