Prepare for a Riva Server Exchange Web Services Connection

This article describes how to prepare for a Riva connection to Exchange on-premises using Exchange Web Services (EWS).

Supported on-premises Exchange systems: Riva uses Exchange Web Services to connect to the following on-premises Exchange systems:

• Exchange 2016
• Exchange 2013
• Exchange 2010
• Exchange 2007 SP1 Rollup 1 or higher

To prepare to connect to on-premises Exchange

1. Prepare an Exchange service account for the Riva connection.
2. Prepare corporate firewalls.
3. Confirm connectivity from the Windows host server to Exchange on-premises.
4. Prepare the user mailboxes that Riva On-Premise will sync.

Step 1: Prepare an Exchange Service Account for the Riva Connection

A connection to Exchange is established by Riva using the configured credentials of an Exchange "service user" that has been assigned permissions to access the mailboxes that will be processed.

For more information, see How does Riva communicate with Exchange?.

The Exchange service user used by Riva is referred to as the Riva connection user.

To prepare the Riva connection user:

1. Create a new Exchange/Active Directory user, for example: svc_rivasync (preferred), or when setting up a test/trial instance of Riva, select an existing Exchange service user account mailbox that may already be available.

   Notes:

   1. If a password change policy forces credentials to expire, ensure that the credentials are updated in Riva at the same time.

   2. Riva can also use "Client Certificate-based" authentication.  This replaces the need to use traditional username/password credentials and overcomes the challenge of managing password expiration related to the service account.

   3. This step is recommended so Riva administrators do not have to repeatedly change the password in the Riva connection.

   4. If the password is changed in Exchange, the password needs to be updated in Riva.

2. Assign permissions in Exchange to enable access to the individual end-user mailboxes that Riva will sync. See Prepare the Exchange service user for the Riva connection.

   If available, Microsoft recommends that service-based applications like Riva should use a process named "Exchange ApplicationImpersonation" Role-based Access Control (RBAC). This is the preferred and recommended access strategy.

   As an alternative, "Delegate Full Access permissions" can also be granted. Delegation can be granted on a per-folder basis, but this option is the least recommended, because it is the most error prone and difficult to configure.

The following steps are recommended if using "Delegate Full Access" permissions:

4. Configure this user as a fully enabled Exchange mailbox user that is visible on the Exchange Global Access List (GAL).

5. Confirm that the Riva connection user is excluded from any Domain Admins group.

6. For Exchange 2010+ on-premises systems, ensure that the EWS throttling policy is adjusted in order to allow Riva to meet the sync requirements by increasing or disabling Exchange mailbox throttling parameters for the Riva connection user.

7. Once configured, test access to the mailboxes to be synced by the Riva connection user.

Step 2: Prepare Corporate Firewalls

In most deployments, the Exchange edge services that are responsible for the Exchange Web Services (EWS) are already available internally on the corporate network. This is typically the same infrastructure used to host the Outlook Web Access and the ActiveSync mobile devices services. Also Mac-based Outlook and Mail apps also leverage the same EWS sub-system to be able to access the end-user's mailbox content.

However, it is always recommended to confirm that both Windows and corporate firewalls are configured to allow the Windows server used to host the Riva processes access to the server that is responsible for Exchange EWS (ports 80 and 443). See Firewall settings for Riva.

Step 3: Confirm Connectivity from the Windows Host Server to Exchange On-Premises

On the Windows system that will host the Riva On-Premise server, confirm that you can log into the Outlook Web Access using the Exchange service user account login credentials. Outlook does not need to be installed on this server.

Step 4: Prepare the User Mailboxes That Riva On-Premise Will Sync

Ensure that each user mailbox that Riva will sync is ready:

• Primary SMTP Email Address: Ensure that the user mailbox primary SMTP reply-to email address value in Exchange matches the primary email address value of the user's CRM account email address. Riva cannot resolve for email aliases. Example: If the user's primary email address is an @example.local email address and has email aliases that allow @example.com, Riva will not be able to resolve email or calendar sync from Exchange to the CRM for @example.com, because the primary email address is not using a publicly acceptable top-level domain.

• Global Access List: Ensure that the user mailbox is visible in the Global Access List (GAL). If Exchange-enabled groups will be used to add mailboxes to the sync policy, the group must also be visible in the GAL.

• Initial logon to Exchange: Ensure that the user has logged into their Exchange mailbox at least once using Outlook or Outlook Web Access to create the mailbox folders, calendar, and address book.