Announcement

Collapse
No announcement yet.

RPC over HTTPS configuration

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC over HTTPS configuration

    Hi,

    I have just finished installing a new SBS 2003 server at a client of mine.
    Thinking back of what I used to do, following the Petri guide, to activate RPC over HTTPS, I re-read the article at :
    http://www.petri.com/configure_rpc_o...gle_server.htm



    It states the following :

    - Click Start, point to Microsoft Exchange, and then click System Manager.

    - Expand your organization, expand Administrative Groups > First Administrative Group > Servers.

    - Right-click on your server name and select Properties.

    - On the General tab, verify that you have SP1 installed.
    Verify that a tab called RPC-HTTP is present.

    - On the RPC-HTTP tab, click on RPC-HTTP Back-End Server.

    - You might get an error:

    Exchange System Manager
    There is no RPC-HTTP front-end in your Exchange organization.
    There must be at least one RPC-HTTP front-end server in the organization
    before the RPC-HTTP back-end server can be accessed.

    Acknowledge the error.



    What I don't understand is that when I set up an SBS 2003 server, that setting is set to "Not part of an Exchange managed RPC-HTTP topology", but RPC over HTTPS simply works.
    How come ?
    Do I still need this setting ?

  • #2
    Re: RPC over HTTPS configuration

    Yes, you still need the setting. This effectively creates the "proxy" port settings in the Exchange server to allow RPC over HTTP connections. If you had a front end server the registry entries would be made there, but in your case they are made on the one and only Exchange server. We have only one Exchange server and use RPC over HTTP on our one and only server by setting this setting. If you didn't set the settings the registry entries would not be created.

    Comment


    • #3
      Re: RPC over HTTPS configuration

      Originally posted by joeqwerty View Post
      Yes, you still need the setting. This effectively creates the "proxy" port settings in the Exchange server to allow RPC over HTTP connections. If you had a front end server the registry entries would be made there, but in your case they are made on the one and only Exchange server. We have only one Exchange server and use RPC over HTTP on our one and only server by setting this setting. If you didn't set the settings the registry entries would not be created.
      Thnx, but, I wonder, how come it still works then ?

      Comment


      • #4
        Re: RPC over HTTPS configuration

        You are trying to compare a UTFW process on an SBS machine to a manual setup on a different setup (a no UTFW non SBS system).
        1 1 was a racehorse.
        2 2 was 1 2.
        1 1 1 1 race 1 day,
        2 2 1 1 2

        Comment


        • #5
          Re: RPC over HTTPS configuration

          Originally posted by biggles77 View Post
          You are trying to compare a UTFW process on an SBS machine to a manual setup on a different setup (a no UTFW non SBS system).
          Both are Exchange Standard.
          Please explain why I should not compare.

          Comment


          • #6
            Re: RPC over HTTPS configuration

            This is SBS. You don't setup the feature manually.
            Run the wizard - Connect to the Internet (or whatever it is called). Ensure that you choose the option to enable Outlook of the Internet or RPC over HTTPS (I can't remember which name it uses). That is it.

            YOU DO NOT CONFIGURE EXCHANGE MANUALLY ON SBS. SBS is designed to be configured using the wizards.

            The only thing you should consider doing outside of the wizard is changing the self generated certificate for a commercial certificate.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: RPC over HTTPS configuration

              Originally posted by Sembee View Post
              This is SBS. You don't setup the feature manually.
              Run the wizard - Connect to the Internet (or whatever it is called). Ensure that you choose the option to enable Outlook of the Internet or RPC over HTTPS (I can't remember which name it uses). That is it.

              YOU DO NOT CONFIGURE EXCHANGE MANUALLY ON SBS. SBS is designed to be configured using the wizards.

              The only thing you should consider doing outside of the wizard is changing the self generated certificate for a commercial certificate.

              Simon.
              I disagree with your line "You do not configure Exchange manually on SBS".
              If what you say is true, then I can't configure mailbox management etc either.
              Since it is simply an automated install of Exchange 2003 Standard, we can still use the System Manager to change things.
              So I would like to know the difference in this setting I was asking about.

              Comment


              • #8
                Re: RPC over HTTPS configuration

                How many SBS Servers have you deployed?
                SBS is so much more than an automated install of Exchange.
                Exchange on SBS may look like Exchange, smell like Exchange and behave like Exchange, but it should not be managed like the full Exchange product.

                SBS is best compared to an appliance. It is designed to be installed and managed in a certain way, and most problems with the product occur when that doesn't happen. You cannot treat it as separate products because Microsoft have designed all the elements to be integrated together. That takes time - why do you think there is still no SBS 2008?

                I deploy more SBS servers than I do full Exchange servers, and I am an Exchange MVP.
                I also clean up a lot of SBS servers that haven't been deployed in the correct way, using the wizards. Not only using the wizards for the initial deployment, but for the management. In many cases certain features and settings will not work until the wizard is completed.

                For example, I was asked to look at a server a few months ago that would not receive email. I asked the support company who deployed it for the logs from the setup wizards. There were none because the wizards had never been run. I ran the relevant wizards and the server burst in to life. The wizards do more than things you see in front of you. If you look at the logs after the relevant wizard has been run you will get some idea of the changes it makes in the background.

                The most common problem is when client machines don't work correctly. If you don't use the connect computer wizard to add a new machine to the SBS server then you will have problems further down the line. It may appear to work, but you don't have the full functionality.

                I was like you for some time - treated SBS as a cheap way to get Exchange. I then had an SBS deployment blow up in my face. It cost me a lot of money to put right, money I couldn't bill back to the client because I hadn't configured the server as it was designed to work.

                While you can use ESM to manage some aspects of Exchange, you have to be very careful what you change, as it is very easy to break the deployment. Unfortunately it isn't always clear what you can cannot manage with ESM, and it only comes with experience or seeing MSKB articles specifically for SBS that tell you to use ESM that you learn what you and cannot do.

                On this specific question, RPC over HTTPS is not something that you configure in the regular manner. The SBS connect to the internet wizard will configure it for you. If you need to make any changes later then you need to run the wizard again.

                This may seem harsh, but I suggest that you spend some time with the SBS product and on the SBS forums and blogs. The SBS Diva blog is very good. Go back some time with her blog and read about the product. If SBS is deployed correctly, in the way that it was designed, then it works very well, with no problems at all. If deployed incorrectly then it can give you more headaches than the full product.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: RPC over HTTPS configuration

                  Originally posted by Sembee View Post
                  How many SBS Servers have you deployed?
                  About 20 in the last 2 years.
                  Most Windows installs I do are without Exchange.

                  Originally posted by Sembee View Post
                  For example, I was asked to look at a server a few months ago that would not receive email. I asked the support company who deployed it for the logs from the setup wizards. There were none because the wizards had never been run. I ran the relevant wizards and the server burst in to life. The wizards do more than things you see in front of you. If you look at the logs after the relevant wizard has been run you will get some idea of the changes it makes in the background.
                  When you say wizzards, do you mean the ones in the To Do List and Server Management ?

                  Originally posted by Sembee View Post
                  The most common problem is when client machines don't work correctly. If you don't use the connect computer wizard to add a new machine to the SBS server then you will have problems further down the line. It may appear to work, but you don't have the full functionality.
                  I just add them to the domain by going to the System Properties / Computername / Change.
                  What kind of problems ?
                  Can you give me an example ?

                  Originally posted by Sembee View Post
                  On this specific question, RPC over HTTPS is not something that you configure in the regular manner. The SBS connect to the internet wizard will configure it for you. If you need to make any changes later then you need to run the wizard again.
                  Okay.

                  Originally posted by Sembee View Post
                  This may seem harsh, but I suggest that you spend some time with the SBS product and on the SBS forums and blogs. The SBS Diva blog is very good. Go back some time with her blog and read about the product. If SBS is deployed correctly, in the way that it was designed, then it works very well, with no problems at all. If deployed incorrectly then it can give you more headaches than the full product.

                  Simon.
                  Thnx.

                  Comment


                  • #10
                    Re: RPC over HTTPS configuration

                    Originally posted by Sembee View Post
                    This is SBS. You don't setup the feature manually.
                    Run the wizard - Connect to the Internet (or whatever it is called). Ensure that you choose the option to enable Outlook of the Internet or RPC over HTTPS (I can't remember which name it uses). That is it.
                    Trying to do it the proper way, I can't find that option.
                    Where should I look ?

                    Comment


                    • #11
                      Re: RPC over HTTPS configuration

                      Outlook via the Internet is part of the Configure Email and Internet wizard. This is in Server Manager and is labelled Connect to the Internet. You need to complete that wizard successfully.

                      Rather than a list of problems, this blog posting from the SBS Diva explains what it does.
                      http://msmvps.com/blogs/bradley/arch.../23/33632.aspx

                      Do you ALL of that when you connect a machine? I doubt it.
                      If you aren't using the wizard then you are missing out on a lot of functionality, particularly with the email migration.

                      20 servers over the last two years? I have done that this year alone - all of them with Exchange enabled.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment


                      • #12
                        Re: RPC over HTTPS configuration

                        Originally posted by Sembee View Post
                        Outlook via the Internet is part of the Configure Email and Internet wizard. This is in Server Manager and is labelled Connect to the Internet. You need to complete that wizard successfully.
                        I did run that wizzard and I know it works, but I still wonder what that RPC setting does in SBS.
                        Whatever you do, the wizzard doesn't change it.

                        Originally posted by Sembee View Post
                        Rather than a list of problems, this blog posting from the SBS Diva explains what it does.
                        http://msmvps.com/blogs/bradley/arch.../23/33632.aspx
                        Thnx, I will have a look.

                        Originally posted by Sembee View Post
                        Do you ALL of that when you connect a machine? I doubt it.
                        Yes, just like in a normal AD, just hang the PC in the domain, reboot and done.
                        It works, can't say I miss anything.

                        Originally posted by Sembee View Post
                        If you aren't using the wizard then you are missing out on a lot of functionality, particularly with the email migration.
                        What exactly do I miss then ?
                        I don't see it.
                        Users can log on, have access to shares, mail and internet.
                        What more can they want ?

                        Originally posted by Sembee View Post
                        20 servers over the last two years? I have done that this year alone - all of them with Exchange enabled.
                        And what is your point ?
                        In other words, you are very busy installing SBS/Exchange ?
                        I manage about 700 servers in The Netherlands, not many have Exchange, and I have a lot of other things to do in my job.

                        Comment


                        • #13
                          Re: RPC over HTTPS configuration

                          > Checks Client OS and takes appropriate path (ATAP)

                          I know what I just installed on the desktop PC ...

                          > Causes an activex control to become available.

                          Not clear which control ...

                          > Determines whether the computer is or is not a member of the domain, and
                          > is or is not a DC or SBS server, (ATAP)

                          I know what I just installed on the desktop PC ...

                          > Tests resolution to the SBS server (ATAP)

                          I will find out soon enough if resolving works or not

                          > Checks for multiple non VPN network connections (ATAP)

                          I know what is in the PC when I install it

                          > Checks account permissions, allowed to join computer to domain?

                          Erh, I do that and I am always admin

                          > Assigns users, and migrates local profile(s), if they exist, to domain
                          > profile (SID mapping)

                          Not necessary where I work, all new members are new installs

                          > Assigns requered local permissions to domain user account.

                          Making a PC member of AD does the same

                          > Provides selection of computer name from list, automatically if there is
                          > one-to-one mapping of user/computer on the SBS.

                          Hmm, exciting.

                          > Joins the domain (creating a temp user account for autologon to ease the
                          > process) - including getting the client computer in the correct AD OU so the
                          > GP applies correctly.

                          This is what I do manually

                          > Sets some runonce reg keys to clean up after the above process.

                          This is what I don't need

                          > After required input is provided, steps through the above process,
                          > including automatic restarts as required.

                          This is what I don't need either

                          > Now we are into Application Deployment (Susan shows some on her blog).
                          > This is seen on the workstation as the Client Setup Wizard, which is
                          > automatic on login after the above 12 main steps are complete.

                          I would like to determine what is installed on the PC myself

                          > The list of configurations made after Application deployment:
                          > My network places
                          > TAPI information
                          > Connection Manager
                          > Fax Printer
                          > SSL Certificate
                          > ActiveSync (special, just for SBS and mobility devices)
                          > IE
                          > Outlook
                          > Additional global settings:
                          > DNS Timeout Value
                          > Deleted Item Recovey
                          > Remote Desktop permissions
                          > Network Printer(s)
                          > Disable getting started screen (annoying XP thing)
                          > Disable ICS
                          > (used to turn off ICF, but now handled by GP (xp firewall settings))
                          > Disables network bridging

                          These are all things I never need
                          SSL Certificate is trusted already is most (of my) cases, IE is installed by default
                          Outlook is part of Office
                          Printers are added through logon script (KIX)

                          Nope, I still do not see why simply "add PC to domain" is not enough.
                          Just my opinion.

                          Comment


                          • #14
                            Re: RPC over HTTPS configuration

                            The fact that you have been doing x for so long doesn't mean that it was right or will continue to work. There is an awful lot of fud about SBS, but the simple thing is that it is designed to work in one way. While you can get away with doing it the regular way - it is just that - getting away with it. To use a comparison with Exchange, there are many people who think that it is ok to DCPROMO and Exchange server, but that is not supported and should cause problems - but people continue to get away with it.

                            If you are migrating across from another email solution, for example POP3, then the connect computer will import all of the content for you, change all the permissions, migrate the profiles from the workgroup to the domain and change the permissions. It also setups the client correctly, so that you do not have configure Outlook manually. The connect computer wizard does all of the leg work for you.

                            What you are doing instead connect computer wizard is not done by most deployments of SBS. KIX? I haven't used KIX for years and most SBS users will look at you lost if you mentioned the term. Remember the target market for SBS is for a non technical person to deploy and manage it. They may not be technical, and if they do get it deployed for them by a technical person there is a good chance that they will not be in the future.

                            Anyway - you have your way of doing things, I have mine.
                            I have stated my case - that you shouldn't be treating SBS as the full product, which is the best practise for the SBS product to be deployed.

                            Simon.
                            --
                            Simon Butler
                            Exchange MVP

                            Blog: http://blog.sembee.co.uk/
                            More Exchange Content: http://exchange.sembee.info/
                            Exchange Resources List: http://exbpa.com/
                            In the UK? Hire me: http://www.sembee.co.uk/

                            Sembee is a registered trademark, used here with permission.

                            Comment


                            • #15
                              Re: RPC over HTTPS configuration

                              Kay, thnx.

                              Comment

                              Working...
                              X