Announcement

Collapse
No announcement yet.

Going blind trying to set up RPC over HTTP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Going blind trying to set up RPC over HTTP

    Front end: Windows Server 2003 R2 + SP2, Exchange 2003 SP2 - fully patched
    Back end: Windows Server 2003 + SP2, Exchange 2003 SP2 - fully patched

    Went through and installed RPC over HTTP under network settings on the FE, set up RPC front end in ESM. Accepted the message about creating the registry entries, etc. Set up BE server as RPC back end in ESM and accepted the registry changes as well. Did not install RPC over HTTP on the BE.

    The FE is in our DMZ and has 80 and 443 open, BE is totally behind the firewall and FE has unrestricted access to BE server.

    Self signed certs and installed on client machines. OWA works just fine and able to get to http://FQDN/rpc without cert prompt and cannot log in as user.

    Trying to connect Outlook 2007 on Vista Ultimate. Configured Exhange server name as FQDN of FE server in the DMZ, proxy server is not set up and using basic authentication. I try to "check name" and I get a password prompt. I type in user name and password and it just reprompts me.

    I have read a lot of stuff with simple instructions about how to set this up on a single server, but nothing simple for a FE/BE setup! Did I miss any steps or missing something obvious? As a last resort, I have both servers set for reboot tonight.

  • #2
    Re: Going blind trying to set up RPC over HTTP

    So many things wrong...

    Frontend in a DMZ? Why did you do that? For security? If so then you are deluded if you think it has improved your security.
    To put it simply, a domain member does not belong in the DMZ.
    The frontend needs direct access to the global catalog domain controllers. The number of holes you have to punch in the firewall for that to work basically makes the firewall useless.

    Self Signed SSL certificates. Never recommend those to be used outside of a lab. I have spent hours trying to get it to work with self signed certificates. Put in a commercial SSL certificate and I can have the feature working in less than 30 minutes.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Going blind trying to set up RPC over HTTP

      I can get a commercial cert....that's fine. But the rest of the stuff I have done, is that all I need to do? Or am I missing anything?

      Comment


      • #4
        Re: Going blind trying to set up RPC over HTTP

        So you have moved the frontend back inside where it belongs?

        While you have a firewall between the devices I would doubt whether the feature will work.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Going blind trying to set up RPC over HTTP

          Have you tried domain\username or [email protected] for login?
          I agree, you shouldn't have the FE in a DMZ.
          Is it a checkpoint FW? Even if the FW is disabled it still uses Smart rules (or something like that) like the PIX's fixups. DNS greater than 512 dropped etc (depending on version). We found issues where it drops certain RPC packets for example.
          cheers
          Andy

          Please read this before you post:


          Quis custodiet ipsos custodes?

          Comment

          Working...
          X