Announcement

Collapse
No announcement yet.

Exchange 2003 SP3 w/ RPC over HTTP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 SP3 w/ RPC over HTTP

    Hi All,

    Thanks for your post at this web, most of them are really helpful. I currenlty working with rpc over http issue but I can't make my home computer connect to Exchange 2003, hope you may able to provide some hints:

    Active Directory
    -------------------

    2 x Windows 2000 Domain Controller (1GC)
    1 x Windows 2003 Domain Controller and GC

    Exchange 2003 SP2
    -------------------

    2 x Exchange 2003 SP2 Standard Edition (EX-A and EX-B)

    Configure Procedure
    --------------------
    1. At system manager, change EX-B use Windows 2003 as GC server. User's mailbox required to use rpc over http located at EX-B onlyl.

    2. Install RPC over HTTP

    3. Install CA

    4. Configure CA and RPC root security

    5. Verify all the registry that for port 6001, 6002, 6004. I used that provided at other step-by-step guide (THANKS) to do it.

    6. Add NDSI Interface Protocol Sequences at EX-B

    7. Configure Outlook to use RPC connect to Exchange. It works but show TCP/IP

    8. Configure EX-B OWA directory required SSL, test from WAN, sucessful logon and send/receive e-mail

    9. Logon with VPN, connect Outlook at WAN, sucessful logon to Exchange

    10. Followed the verify step that provided by Microsoft, all of them sucessful.

    At the end, Outlook at WAN still not able to connect to Exchange via RPC over HTTP. Is that any idea or hints can help?

    Thanks in Advanced.


    Cheers,
    OldGhost

  • #2
    Re: Exchange 2003 SP3 w/ RPC over HTTP

    Can you connect from internal to the Exchange box using https (hold ctrl key whilst right click outlook icon in task manager and select connection status)

    If it isn't working from internal using https, theres no way it will connect from outside.

    Did you reboot the servers you made the registry edits to, mine wouldn't show https untill i did.

    Regards

    Comment


    • #3
      Re: Exchange 2003 SP3 w/ RPC over HTTP

      Is the client computer a part of that domain? Check to see that it has the root CA's root certificate in the "Trusted Publishers" list via IE > Tools > Internet Options > Content > Certificates.
      Cheers,

      Daniel Petri
      Microsoft Most Valuable Professional - Active Directory Directory Services
      MCSA/E, MCTS, MCITP, MCT

      Comment


      • #4
        Re: Exchange 2003 SP3 w/ RPC over HTTP

        Thanks for your prompted reply, please see followings my answer:

        1. ) Is the client computer a part of that domain? Check to see that it has the root CA's root certificate in the "Trusted Publishers" list via IE > Tools > Internet Options > Content > Certificates.

        No, the computer is workgroup only computer at home, it don't join our AD.
        Trusted Publicshers found the certificates which from my server. At begin, it appear at "Personal" tab. I export it and import to "Trusted Publisher"
        ================================================== ===

        2.) Can you connect from internal to the Exchange box using https (hold ctrl key whilst right click outlook icon in task manager and select connection status)

        I can, but outlook /rpcdiag shows TCP/IP.
        ================================================== ===

        3.) Did you reboot the servers you made the registry edits to, mine wouldn't show https untill i did.

        Yes, I did. I read the document. I don't need create NDSI Par....... registry. Am I correct. My Exchange server is member of domain running Exchange 2003.


        Thanks,
        OldGhost

        Comment


        • #5
          Re: Exchange 2003 SP3 w/ RPC over HTTP

          Oldghost

          1 Did you modify the DC that the EX server queries in ESM to the W2K3 DC ( it is normally set to use any DC)

          2 On the Outlook Connection Tab where you specify the https entry, can you place this FQDN in IE and get OWA up with NO certificate issues. ie is the Certification set up satisfactorily, in my experience, any problems with certificates will stop rpc/https from working.

          3 as the GC DC is a separate server, did you add the registry entry for that server, i also seem to remember an entry for port 593

          4 this article helped me click here

          5 As i said before, get it working internally first, then we'll worry about external access.

          Regards

          Richard

          Comment


          • #6
            Re: Exchange 2003 SP3 w/ RPC over HTTP

            I always recommend that a commercial certificate is used for this feature - not a self generated certificate. Something like the cheap certificates from GoDaddy or RapidSSL will be fine. They make the deployment of the feature much easier. You haven't got to baby sit users through the certificate installation.

            Furthermore, the same certificate can be used for OWA, OMA, EAS etc. If you use the GoDaddy certificates then those are trusted by the Windows Mobile 5.0 devices, making the deployment of them even easier.

            RPC over HTTPS errors usually fall in to one of three...

            1. Certificates
            2. Registry Entries
            3. Authentication settings.

            As others have said, get it working inside, using a machine that is a member of your domain.
            Obviously for it to work inside you need to ensure that the name on the certificate resolves internally, so you may have to look at setting up a split DNS system. (Daniel can probably provide a link on his site for an article on that - failing that I have one on mine).

            Also ensure that you can browse to the site without any certificate errors.

            Finally, ensure that you haven't got anonymous authentication enabled on the /rpc virtual directory - that can cause problems.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Exchange 2003 SP3 w/ RPC over HTTP

              Great tips by Sambee, I second the Godaddy certificates, and for 32$ for 2 years they ARE probably the cheapest.
              Cheers,

              Daniel Petri
              Microsoft Most Valuable Professional - Active Directory Directory Services
              MCSA/E, MCTS, MCITP, MCT

              Comment


              • #8
                Re: Exchange 2003 SP3 w/ RPC over HTTP

                "Sambee"? Tut tut Daniel...



                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Exchange 2003 SP3 w/ RPC over HTTP

                  Oopppsss, sorry, it should have been "Sam the working bee"... LOL

                  Cheers,

                  Daniel Petri
                  Microsoft Most Valuable Professional - Active Directory Directory Services
                  MCSA/E, MCTS, MCITP, MCT

                  Comment


                  • #10
                    Re: Exchange 2003 SP3 w/ RPC over HTTP

                    Thanks All,

                    I found the problem at yesterday. It caused by Certificate.
                    I forgot where I read that document from, it mentioned I should use FQDN as COMMAN NAME if I use Microsoft CA server. I un-install the CA, re-install CA, Remove pervious cert from IIS, request again for cert.

                    At client, I logon to http:\\[[FQDN]]\certsrv ask for download a cert, install a cert, then my rpc over https work very good.

                    Thanks a lots for you guys help, it provided a lots of idea for me.

                    I got 1 outstanding question, let's re-quote my environment:

                    TWO Exchange 2003 Server - EX1 and EX2 (EX2 with CA install)
                    TWO Windows 2003 Server - both is GC and DC

                    EX2 I already completed the RPC over HTTP configuration, if any mailbox located at there, it will works.

                    I want EX1 also able to provide RPC over HTTP funcation now, should I install CA again at EX1? or I can use EX2 CA service to provide cert?

                    That will be great if you can let me know what's correct step for I enable this service at EX1. Since it's production mail server, I don't want to change anything before I feel confident on enable this service.


                    Thanks in advanced.

                    Cheers,
                    OldGhost

                    Comment

                    Working...
                    X