No announcement yet.

RPC over HTTP without SSL

  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC over HTTP without SSL

    Hello Everybody,

    I am relatively new to RPC over HTTP, I searched the net for a solution for the same and came across this excellent article by Daniel Petri "".

    I have a single Windows 2003 Ent SP2 DC with Exchange 2003 SP2 installed on the same server, Everything is perfectly fine from a very long time, but I always wanted to implement rpc over http for my mobile users to access their mails without using a vpn connection, I have dynamic dns address for my server through which i can access OWA, OMA and host of other features, I configured my server for rpc service as given in the above article but without the SSL cert, I have forwarded the required 80 and 443 port in my firewall to point to my internal server. I have given my dynamic dns address as the external FQDN in the registry tool by Harry Bates, my outlook client just isn't connecting to the server through the dynamic dns address when i use "outlook /rpcdiag", it keeps asking for the password repeatedly, I am using "domain\username".

    So I want to know the following.

    1.Does RPC over HTTP require a mandatory SSL certificate to work or can it be configured without SSL, I know about the security implications.

    2. Can we use a dynamic dns address or static IP address as a external FQDN.

    Any comments on the above issue will be highly appreciated, pls do excuse for the lengthy message.

  • #2
    Re: RPC over HTTP without SSL

    There is no reason not to use SSL especially as you already have OWA setup.
    I believe the common reason for password prompts is a mismatch between the Exchange and Outlook settings. What do you have setup on the client and server authentication settings basic/NTLM etc?

    Your outlook needs to connect to the certificate name. A FQDN is a fully qualified domain name so not an IP address.

    Please read this before you post:

    Quis custodiet ipsos custodes?


    • #3
      Re: RPC over HTTP without SSL

      Hi AndyJG247,

      Thank u for your reply,

      I have configured the rpc for basic authentication and the outlook exchange over internet i am using basic authentication.

      i also have a proper fdqn name configured now, but no luck, still unable to connect


      • #4
        Re: RPC over HTTP without SSL

        Don't even try and configure this feature without an SSL certificate. It is a waste of time. How much is your time worth? You can get SSL certificate for US$30/year, trying to do it without an SSL certificate, or using a self generated certificate isn't worth the hassle. It is designed to work on SSL.

        As for running it on a dynamic IP address, that is fine. I did it for two years. You have to use a dynamic DNS service and then map your own domain on top of the host name using a CNAME so that you can get a certificate issued to your own domain.

        Simon Butler
        Exchange MVP

        More Exchange Content:
        Exchange Resources List:
        In the UK? Hire me:

        Sembee is a registered trademark, used here with permission.


        • #5
          Re: RPC over HTTP without SSL

          I used the post on Petri for mine with a SSL and it works great. I also have OWA, OMA and IMAP setup for the 1 person with an Iphone. All work great.