How Does Entourage Work?

As my blog is focused on Entourage as an 'Exchange Client', let's start with the most obvious topic which will provide details on how Entourage works with a mailbox on an Exchange Server. This blog will encompass the currently supported versions of Entourage & Exchange Server, i.e. Entourage 2004 & 2008, and Exchange 2000, 2003 & 2007. Let's list all the different features in Entourage for which it needs to talk to Exchange Server or any other server in a Windows Active Directory based environment. (Note: All ports mentioned below are server side ports)

Entourage Setup Assistant (screenshot)
The very first feature which you use in Entourage is the 'Entourage Setup Assistant' (or 'Account Setup Assistant') after you create a new identity. If you try to configure your Exchange account using the setup assistant, it talks to available DNS server configured in Mac OS X 'Network Preferences' to locate a Windows Domain Controller or Global Catalog Server hosting Active Directory and then authenticates & inquires about Exchange mailbox server for user. The whole process is described over here in detail. Server side ports used are 53 (for DNS queries) and 3268 (for authentication & LDAP queries to locate mailbox server).

Mailbox Synchronization (screenshot)
After you have setup your Exchange account (using setup assistant or manually), Entourage goes and talks to the Exchange server (front-end or back-end mailbox server) thru IIS (Internet Information Server) to get connected to your mailbox. This communication is HTTP (WebDAV protocol) in nature, thus can happen over port 80 (without SSL) or 443 (with SSL) as per your server side requirements.

Public Folders (screenshot)
Another server you have to enter in Exchange account settings is your public folders server. Generally in big enterprises public folder servers are maintained separately from mailbox servers on the back-end. Entourage communicates with the public folder server in the same way as with an Exchange mailbox server, i.e. HTTP (WebDAV) over port 80 (without SSL) or 443 (with SSL).

Global Address List (screenshot)
In Entourage you also have to provide a Directory or LDAP server name, which in a Windows Active Directory based environment is your Global Catalog Server so that you can have access to 'Global Address List' (GAL) of your Exchange organization. Entourage uses ports 389 (without SSL) & 636 (with SSL) for authentication and then to access GAL, it sends LDAP queries over ports 3268 (without SSL) or 3269 (with SSL), so a combination of two ports is used for GAL feature, i.e. 389 & 3268 (without SSL) or 636 & 3269 (with SSL).

Out of Office Assistant
This is a new feature only in Entourage 2008. When connecting to Exchange 2000/2003 based mailboxes, Entourage sends a WebDAV query to pull up 'Options' page from OWA (Outlook Web Access) thru which it sets the OOF Assistant. The port usage for this feature is same as described above under 'Mailbox Synchronization' section.

When connecting to an Exchange 2007 CAS, it works thru 'Exchange Web Services' ('OOFURL' in 'autodiscover.xml') to configure 'OOF Assistant' with appropriate settings. Entourage 2008 uses port 80 (without SSL) or 443 (with SSL) for this feature depending on related configuration on Exchange 2007 CAS. Keep in mind that this feature does not work and fails with an error if you connect directly to an Exchange 2007 mailbox server on back-end as 'autodisover' and 'Exchange Web Services' are not present on it, they are only present on an Exchange 2007 CAS.

Free/Busy Info (screenshot)
When Entourage users schedule a meeting with other users in their Exchange organization, they can also view their free/busy information, i.e. whether other users are free or busy on particular day/time slots.

Entourage 2004 retrieves free/busy information for other users by talking to a public folder server hosting consolidated free/busy info for all users. This communication is also HTTP (WebDAV) in nature thus happens over port 80 (without SSL) or 443 (with SSL). Entourage 2004 pulls free/busy information in this way in all cases. It does not matter where Entourage user's mailbox is located, i.e. on Exchange 2000, 2003 or 2007 Server. Therefore, it is necessary to provide a public server name in Exchange account settings (under 'Advanced' tab) in Entourage 2004.

Entourage 2008 utilizes 'Availability Service' (AS, part of 'Exchange Web Services') on Exchange 2007 to retrieve free/busy information for other users (having mailboxes located on any version of Exchange Server) if it is connecting directly to an Exchange 2007 Client Access Server (CAS). For mailboxes located on Exchange 2007 server, AS pulls free/busy info directly from users' mailboxes while for mailboxes located on Exchange 2003 server (or earlier versions), AS sends the WebDAV query (HTTP, this query always goes over port 80 from CAS to an internal Public Folder server) to respective public folder server hosting those users' free/busy information. Entourage 2008 uses port 80 (without SSL) or 443 (with SSL) for this feature depending on related configuration on Exchange 2007 CAS. You also don't need to enter a public folder server name in Exchange account settings (under 'Advanced' tab) in Entourage for this feature to work, just the name of Exchange 2007 CAS (in 'Exchange server' field under 'Account Settings' tab) is enough.

If Entourage 2008 is connecting directly to a backend mailbox server (Exchange 2007 or earlier versions) or a front-end server (Exchange 2003 or earlier versions) then it utilizes the same WebDAV (HTTP) procedure to pull up the free/busy info as Entourage 2004 does (discussed above). It cannot use AS in this scenario as its only available on an Exchange 2007 CAS.

Folder Sharing
When an Entourage user (User1) accesses a shared folder of another user (User2) in his Exchange organization, it uses the same WebDAV (HTTP) based communication which it uses to access the mailbox of Entourage user (User1). The port usage is also the same as described above under 'Mailbox Synchronization' section. Same applies when you use Entourage to assign folder sharing permissions (Folder : <right click> : Sharing : Permissions tab).

Delegate Management (screenshot)
Using Entourage you can also assign access permissions to your delegates so that they can access your folders such as Inbox, Calendar & Contacts. Entourage 2004 establishes a direct connection to your mailbox server for this purpose, which utilizes MAPI (RPC over TCP). Why? Please read the 'CAUSE' section in KB 909269. Entourage 2004 first connects to port 135 ('End-point Mapper' or 'epmap') on Exchange mailbox server, which refers it to 'Exchange System Attendant Service' ('MAD.exe', there is no fixed port for 'MAD', its assigned dynamically). Exchange server then authenticates Entourage client by talking to a 'Domain Controller' or 'Global Catalog Server'. After successful authentication Entourage finally connects to mailbox store on Exchange server (there is no fixed port for 'store' either) and sets two parameters as mentioned in KB 909269. Entourage 2004 uses this procedure irrespective of the version of Exchange server (2007 or earlier versions) to which its connecting for mailbox access. Entourage 2008 works in the same way except when its connecting to an Exchange 2007 CAS with SP1 installed.

Entourage 2008 utilizes the new delegate management web service if its connecting to an Exchange 2007 CAS with Service Pack 1 installed. This communication happens over port 80 (without SSL) or 443 (with SSL) as per the server side configuration. The major advantage of this feature is that Entourage users can now assign delegation rights to other users independent of their location, i.e. they can do it while connected from internal or external locations.

Mailbox Quota Management (screenshot)
Entourage users can also find how much space their mailbox is utilizing on server at different levels, like at the top mailbox level, at each folder level, etc. They can do that by going to any folder, right click on it, choose 'Folder Properties' and then go to 'Storage' tab. The port usage for this feature is same as described above under 'Mailbox Synchronization' section.

Password Expiration Notice (screenshot)
Entourage also checks for Windows domain (where your Exchange server resides) password expiration on every launch or every 24 hours afterwards to see if user's password is going to expire in the next 10 days or not. It does that thru an LDAP query to your Windows 'Domain Controller' or 'Global Catalog Server' configured in Exchange account settings (under 'Advanced' tab). This communication happens over port 389 (without SSL) or 636 (with SSL).