Announcement

Collapse
No announcement yet.

RPC/HTTPS configuration questions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC/HTTPS configuration questions

    I have been trying to set up Outlook to use RPC/HTTPS. I have followed the how to by Daniel and also a lot of other guides on the web. I am still unable to get it to work. I will explain my setup first then some configuration questions which i need advice on.

    We run exchange 2K3 Enterprise (SP1) on a Win2k3 server (sp1). we have 3 DC's , one of which is a W2K3 server. All are setup as GC's. We Run the Exchange server as a single server behind a firewall with a port forward on port 443 on one of our IP numbers to the exchange server. The firewall is a Gnat Box Professional 200e.

    OWA work fine both internally and externally. We dont (as of yet) have a isp URL to access the exchange OWA externally but use one of the IP numbers of the firewall to access. I have made the W2K3 DC an Enterprise CA and the Exchange server a subordinate. I have created a certificate on the exchange server with the IP number that we use externally. I have added a redirection on the default website to go to Exchange so i dont add the /exchange at the end of the ip number.

    Any company laptop that is outside of the network, but logged on locally to the domain using cached credentials, can access OWA using the IP number and does not get the certificate pop up as the certificate is issued to the ip number that is used. (took me a while to sus that one out).

    I have setup a Outlook 2K3 client on a laptop and configured it to use https/rpc as per the instructions found on this website.

    Questions:

    In the client under "which url to use" i have put in the ip number we use for OWA, is this okay or do i need a URL ie mail.contso.com

    In the mailbox setup, what do i put in the exchange server name, the internal netbios name or the external ip number/url

    do i need any other ports opened up on the firewall

    will the fact that 2 of the DC's are w2K and not W2K3 make a difference.

    Is it possible to run RPC/HTTPS in the way i have the exchange server setup ie single server.

    Regards and Thanks in advance.

    Richard

  • #2
    Re: RPC/HTTPS configuration questions

    Originally posted by Richie
    Is it possible to run RPC/HTTPS in the way i have the exchange server setup ie single server.
    I know you said you've read Daniel's article about rpc/https but have you read this article? http://www.petri.com/configure_rpc_o...gle_server.htm
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: RPC/HTTPS configuration questions

      thanks Jeremy, Been there but no joy.

      Regards

      Comment


      • #4
        Re: RPC/HTTPS configuration questions

        I'm pretty sure you'll need to open port 80 for things to work.
        Check out this article about testing rpc over http/s http://www.petri.com/testing_rpc_ove...connection.htm
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: RPC/HTTPS configuration questions

          Jeremy

          Read the article, when i test from the lan i get tcp/ip connections, cant do the tcp/ip filtering trick untill i can reboot server at the weekend but will give it a try.

          I have now got an A record with my ISP pointing to the External IP number so thats one thing i can cross off the list, Have you any comments on my other queries specifically whether my setup will work with RPC?HTTPS

          Regards

          Richard

          Comment


          • #6
            Re: RPC/HTTPS configuration questions

            OK, here's my two cents on your questions. Anyone feel free to correct me.
            In the client under "which url to use" i have put in the ip number we use for OWA, is this okay or do i need a URL ie mail.contso.com
            AFAIK an IP addr. should be fine.

            In the mailbox setup, what do i put in the exchange server name, the internal netbios name or the external ip number/url
            netbios

            do i need any other ports opened up on the firewall
            Yes, from reading the article you need to open port 80

            will the fact that 2 of the DC's are w2K and not W2K3 make a difference.
            I don't think it will affect anything

            Is it possible to run RPC/HTTPS in the way i have the exchange server setup ie single server.
            Yes per article
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: RPC/HTTPS configuration questions

              Thanks Jeremy, been through all the articles and set up as all suggestions, had some dialogue with a guy called mark arnold, who says pretty much the same, i still get no joy, i will try the IP filtering setup at the weekend when i can down the server to see if i am getting https traffic from the internal Lan.

              Will be in touch.

              Regards

              Richard

              Comment


              • #8
                Re: RPC/HTTPS configuration questions

                Jeremy/Daniel

                would the TCP/IP filtering test work by modifying the ports on the CLIENT PC rather than the Server?

                Regards

                Comment


                • #9
                  Re: RPC/HTTPS configuration questions

                  Sorry to bump my own thread, but i have connected to the exchange server from the lan by filtering the ports on the client to 80 and 443. when i run outlook /rcpdiag i get a mixture of connections - see image -

                  Does this tell me anything??

                  Its getting to a point where i'm starting to give up hope of getting it working.

                  Regards
                  Attached Files

                  Comment


                  • #10
                    Re: RPC/HTTPS configuration questions

                    It might be that you'll have to configure the server with the filtering (not sure why though). Or if you have a router/firewall lying around you could setup a client on that and test it that way. (it would take configuring a static route on your gateway). Have you opened port 80 on your firewall yet?
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: RPC/HTTPS configuration questions

                      I'll try the server at the weekend, i've had opened up ports 443 and 80 on the firewall as recomended.

                      ps well done on MVM award.

                      Comment


                      • #12
                        Re: RPC/HTTPS configuration questions

                        RPC over HTTP should really be called RPC over HTTPS. It was designed to work with HTTPS and that is the only way that it should be deployed.
                        While it has been reported that you can get it to work on HTTP, I personally don't see the point in jumping through the hoops if you want it to work properly.

                        Therefore...

                        You only need port 443 open. Nothing else.
                        You cannot use an IP address, you must use a host name - as SSL certificates cannot be issued to IP addresses.

                        The most common issues with RPC over HTTPS not working are the SSL certificates, authentication settings and the registry settings.

                        SSL Certificates - make sure that you do NOT get a certificate prompt when you browse to the web site that has the RPC over HTTPS configuration. If you do, then it will fail. Outlook cannot handle the prompt.
                        For this reason I recommend that a commercial certificate is used, not a home grown certificate.
                        A US$20 certificate from GoDaddy will be fine, you could also get the trial certificate from RapidSSL which would work as well.

                        As an aside, you should configure the network so that the name on the certificate works both internally and externally. This is done using a technique called split DNS. I also recommend that you do NOT use the server's real name for the SSL certificate, instead use a generic name like mail.domain.com

                        Authentication settings - make sure that integrated and basic authentication are enabled on the /rpc virtual directory in IIS Manager.

                        Registry Settings - these are all over the internet. Both Daniel and I have our versions of the required settings, as does Microsoft. The thing to remember is that a single semi-colon out of place will break the feature.

                        Simon.
                        --
                        Simon Butler
                        Exchange MVP

                        Blog: http://blog.sembee.co.uk/
                        More Exchange Content: http://exchange.sembee.info/
                        Exchange Resources List: http://exbpa.com/
                        In the UK? Hire me: http://www.sembee.co.uk/

                        Sembee is a registered trademark, used here with permission.

                        Comment

                        Working...
                        X