Announcement

Collapse
No announcement yet.

RPC over HTTP WAN Install

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC over HTTP WAN Install

    OK, I know his will have been asked so many times before.

    I have Windows 2003 Server R2 SP2 with Exchange 2003 Sp2, 2 DC's and 2 GC's.

    I have setup RPC over HTTP for exchange and entered the Valid Ports (as per the instructions from this site). Everything works well and the setup is easy when a user is connected to the Lan and then goes external.

    Now the problem, we have over 50 external clients who will never visit the office and need to setup RPC over HTTP, using the same install does not work. I have read many posts all of which seem to say RPC over HTTP will only work if the client initially install over the LAN.

    Any comments on this would be greatly appreciated.

    P.S.
    This was working when we created MST install files locally and sent to the external clients, but our exchange server went belly up and the rebuild does not appear to work.

  • #2
    Re: RPC over HTTP WAN Install

    RPC/HTTPS does not require you to be on the LAN for it to work.

    Make sure your Exchange is up to date as is your version of office just to make sure.

    From what you have stated I assume that you already have clients working with RPC/HTTPS therefore it is just the config of your Outlook.
    Are you using a locally created certificate or a public one? Are the machines that need setting up different than the others (off the domain for example)?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: RPC over HTTP WAN Install

      RPC over HTTP works fine IF we setup/Configure the client whilst on the local network and then let the client roam. Our problem is, we cannot setup the clients externally.

      Just for Info. What Happened.
      Our Exchange server went POP, we rebuilt on new hardware using the same settings (IP and NAME) as shown above the server is now BDC and GC on the domain. Information Store was restored from Veritas Backup, Cert has been recreated and external clients can download from FQDN\certsrv. Because of the crash this has left our external client (who were connected and setup using pre-configured MST files) with orphaned OST files and no connection to the server. (Loads fine to let them work offline, but the folders will not synchronise and client cannot connect)

      Comment


      • #4
        Re: RPC over HTTP WAN Install

        Have you tried setting up a new profile to test rather than using the old one.
        If you have resetup the CA then do your other clients have the root cert for this as well as the server cert?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: RPC over HTTP WAN Install

          Tried creating a new profile, no joy. Even Exmerged the users files from Exchange, removed the Mailbox (NOT the AD user). Reconfigured mailbox, imported PST from Exmerge. Tried NEW profile from external client still will not connect. We have even tried to connect a completely new mail box to RPC over HTTP exernally and this will not setup, unless you put the PC/Laptop on the network to do the initial setup.

          What exactly do you mean by reset CA, if you mean create a new Cert and RE-download, yep we've done this aswell.

          I have read many threads that specifically state to make RPC over HTTP work you must make a n initial conenction to the LAN for setup and then everything will work fine after this. This is the experience we have, setup works if connected and then the client can roam wherever, but the 50+ clients we have do not have luxuary of LAN connection (not unless we create a VPN tunnel for each of them)

          Comment


          • #6
            Re: RPC over HTTP WAN Install

            It should work fine without so the problem is elsewhere.

            If you created a new CA and then assigned the new cert to the exchange then you will need to export the cert chain to a file to install in the trusted root store on the machines as well. It is available on the same /certsrv site at the bottom.
            If these clients try and connect to webmail do they get a cert issue?
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: RPC over HTTP WAN Install

              RPC over HTTPS was created for hosted Exchange providers. Their clients never connect to their networks, so it can be configured off the network. You simply need to ensure that you put the information in the right order, and ignore the odd error message.

              http://www.amset.info/exchange/rpc-http-client2.asp

              However - if you have used a self generated certificate I would suggest that you change it to a commercial certificate. Self generated certificates for this feature aren't really practical and I have a zero success rate with them. When you can get commercial SSL certificates for US$30 a year, it doesn't really make sense to spend time talking users through the certificate install.

              RapidSSSL (http://www.rapidssl.com/) have a 30 day trial certificate that is trusted, which you can use as a proof of concept. The cheapest SSL certificates that I know of are GoDaddy (http://www.DomainsForExchange.net/) .

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: RPC over HTTP WAN Install

                OWA works fine, this has been our work around for the past 3 days. So installing the normal cert is not enough I need to import another CERT aswell.

                I have tried to download both the normal cert and the cert shown at the bottom of the FQDN\certsrv screen, this asks to save the CER file, saved to desktop, open then click install certificate and let it install automatically. Still no joy.

                When I setup a account enter all the correct detials (as per the client which can connect. albeit setup whilst on the LAN) it asks for a network logon I enter Domain\username then password, it then waits around 30seconds (maybe a minute) and then comes back with the error "The connection to the exchange server is uavailable. Outlook must be online Or conencted to complete this action"

                Outlook is setup for Cached Mode and Offline folders.

                Comment


                • #9
                  Re: RPC over HTTP WAN Install

                  If OWA shows fine on the problem clients then they trust the cert already (ignore th rest of the paragraph!). If they show an error then you need to import the certificate into the root container (you can do this with group policy hence the domain question earlier). If not then if you open an MMC, certificates and local computer, you should be able to see the trusted root folder in there.


                  From run type "outlook /rpcdiag" to see a bit more info.

                  I agree with Sembee as well, you can save trouble by getting a cheap public cert as well in the long run.
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment


                  • #10
                    Re: RPC over HTTP WAN Install

                    It would appear the certificates are ok (I do take your point about pubic certs, but I need to get this work first.)
                    I know I keep referring to clients working when initial setup is on the LAN, but coud this be a Proxy logon issue.

                    I have followed info from this forum <http://forums.isaserver.org/m_50231500/mpage_2/key_/tm.htm> and after doing some of things on this forum still have no joy.

                    Ideally I would like to reconnect the old RPC connections, but I think the exchange store as written some security on the mail box to stop this.
                    Outlook setup which I thought would work.
                    MicroSft Exchange server - netbios name of server <mailserver.domain.co.uk> Local connection (eg - server1.england.hq.co.uk)
                    UserName - speaks for itself

                    On the Proxy settings
                    Https:// FQDN - (same name used to connect via OWA)
                    Basic Authentication.


                    This worked fine before the exchange crash when we sent out a MST file. Any idea on this. It appears the OST is orphaned and security prevents the connection

                    Comment


                    • #11
                      Re: RPC over HTTP WAN Install

                      Are you using an ISA server?
                      When you are testing clients on the LAN - are you sure that hey are connecting over HTTPS?

                      On the certificate issue - I always always say to use a commercial certificate from the start. The argument about getting it to work with a home grown certificate isn't valid. I have tried that myself and failed. Then spent a few minutes getting a trial certificate and it works. I am now in the position where I can get RPC over HTTPS working from scratch in less than 30 minutes.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment


                      • #12
                        Re: RPC over HTTP WAN Install

                        I have managed to correct the issue on one of our LAB servers. From the Defaul Web site change some security priveleges and then ensured I pressed the "Select All" button when if populated all the sub services. This worked fine for my test server, but my "LIVE" server will not allow external access. If you have managed to work this in 30minutes, do you ave a very quick walk through. (I'm sure this will be much the same as all the others, but please could you pass on)

                        Many thanks

                        Comment


                        • #13
                          Re: RPC over HTTP WAN Install

                          If you have changed the security settings on the virtual directories then you should correct it.
                          The quickest way to do that is to remove the RPC Proxy from Add/Remove programs, then remove the RPC virtual directories in IIS manager and run IIS Reset. Then reinstall RPC Proxy component again.

                          As for setup in 30 minutes - I simply use the instructions on my own web site: http://www.amset.info/exchange/rpc-http.asp

                          Simon.
                          --
                          Simon Butler
                          Exchange MVP

                          Blog: http://blog.sembee.co.uk/
                          More Exchange Content: http://exchange.sembee.info/
                          Exchange Resources List: http://exbpa.com/
                          In the UK? Hire me: http://www.sembee.co.uk/

                          Sembee is a registered trademark, used here with permission.

                          Comment


                          • #14
                            Re: RPC over HTTP WAN Install

                            All sorted.
                            It appeared to be a rogue value in the Valid Ports registry entry. Rather than edit deleted and re-entered, rebooted the server and Hey Presto RPC over HTTP works all over again.

                            All I need to do now is reset all the external clients email boxes in order to re-attached their orphaned OST files, oh joy. (This one is a really long story, basically a crashed exchange server as left all the external clients with orpaned OST files, the only way we an recover them is to Exmerge out, delete the mailbox, re-create the mailbox, exmerge in and then Export a PST file from there OST file and re-import, 50 external users, yep busy ay ahead)

                            Thanks for all your help, much appreciated....

                            Comment


                            • #15
                              Re: RPC over HTTP WAN Install

                              Just incase it helps....

                              I have had some fun and games trying to get this to work...

                              The first port of call I found was to make sure it works locally on your lan as this confirm all you registry setting are correct and working.

                              The main issue I was seeing was running outlook.exe /rpcdiag.

                              The diag screen just showed "--" connecting, I could use OWA fine with https etc.

                              I started looking at the Certificate as I read somewhere on my travels if outlook has any connection issues it most likely the certificate related.

                              I finally resolved this by exporting the certificate from IIS as a .pfx

                              making sure I "included all certificates in the certification path if possible"

                              I then imported on the client end and job done all worked...

                              Hope this helps

                              Comment

                              Working...
                              X