Announcement

Collapse
No announcement yet.

SBS2003 HTTP/RPC using ip address

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS2003 HTTP/RPC using ip address

    Hello I am trying to setup HTTP/RPC in a SBS2003/MS Exchange SP2. I have checked the following
    Ports 80 and 443 open (OWA accessible locally and externally)
    Verified and tested HTTP/RPC locally through outlook 2003
    Registry port settings for front and back end server setup
    Checked system manager HTTP-RPC - backend server
    Rebooted
    Used testexconnect.com and it is able to resolve ip
    it sees the open ports
    I do get an error with the certificate (self issued)
    my questions are the following
    -- Can use the IP address to connect to the exchange server from the WAN?
    If so, for example when setting the rpc proxy server settings do I just place the IP address or http? or https?. Do i need to add directory ? (/rpc, /exchange?)

    --- If it is possible and I am just mistyping the server name how can I force outlook 2007 to accept the certificate which is self issued and gives a warning.

    --- If it is not possible then does it only work having a fqdn with external CA issued certificate?

    Thank you in advance for your help

  • #2
    Re: SBS2003 HTTP/RPC using ip address

    If you get a cert error it will fail because outlook doesn't have a mechanism for you to say "please just carry on".
    How did you gen the cert? You may be able to install it into the local computers root cert store on the outlook 2007 machine (so the cert is accepted) but you really should pay for a legit one, they are really cheap now.
    Plus, as has been said before, self gen certs are not supported.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: SBS2003 HTTP/RPC using ip address

      Originally posted by AndyJG247 View Post
      If you get a cert error it will fail because outlook doesn't have a mechanism for you to say "please just carry on".
      How did you gen the cert? You may be able to install it into the local computers root cert store on the outlook 2007 machine (so the cert is accepted) but you really should pay for a legit one, they are really cheap now.
      Plus, as has been said before, self gen certs are not supported.
      ----------------------------------------------------------------------------------------------------


      I generated the certificate in the server. I tried to exported but when creating email profile I cant really go further than trying to connect to the server so i can not get to the point where i could import the certificate into OL 2007.

      CAn i get a certificate without a fqdn. Customer does not want for example their website to be moved from current hosting provider or can i create an a record to redirect to local server?

      Thanks

      Comment


      • #4
        Re: SBS2003 HTTP/RPC using ip address

        I had a similar issue a few weeks ago with the customer not wanting to pay for a cert and required to use self cert.

        You could create a host a record for something like, RPC.domainname.com point it to the external IP address of your SBS Box.

        Then create a self signed cert for RPC.domainname.com on the SBS box and use that for RPC.

        The only issue would be adding that cert to the client computers, i did this by going to https://rpc.domainname.com and importing the cert to the client machine if they are off site. or add the cert manually if they are currently onsite.

        Just my suggestion, someone else may have a better idea..

        Comment


        • #5
          Re: SBS2003 HTTP/RPC using ip address

          Originally posted by RichardBush View Post
          I had a similar issue a few weeks ago with the customer not wanting to pay for a cert and required to use self cert.

          You could create a host a record for something like, RPC.domainname.com point it to the external IP address of your SBS Box.

          Then create a self signed cert for RPC.domainname.com on the SBS box and use that for RPC.

          The only issue would be adding that cert to the client computers, i did this by going to https://rpc.domainname.com and importing the cert to the client machine if they are off site. or add the cert manually if they are currently onsite.

          Just my suggestion, someone else may have a better idea..

          -----

          Thanks I may try that.

          Comment


          • #6
            Re: SBS2003 HTTP/RPC using ip address

            Why dont you just UTFW?

            Run the Internet Connection Wizard (CEICW) and tell it you want to run Outlook over the Internet. It will create the relevant self-signed cert in the ClientApps\SBSCert directory. If you then log in to the Remote Web Workplace (RWW) you will see a link ( which is actually to a document) telling you exactly how to configure Outlook to connect to YOUR SERVER over the Internet.

            KISS

            Keep
            It
            Simple,
            Stupid
            TIA

            Steven Teiger [SBS-MVP(2003-2009)]
            http://www.wintra.co.il/
            sigpic
            Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

            We donít stop playing because we grow old, we grow old because we stop playing.

            Comment


            • #7
              Re: SBS2003 HTTP/RPC using ip address

              Originally posted by teiger View Post
              Why dont you just UTFW?

              Run the Internet Connection Wizard (CEICW) and tell it you want to run Outlook over the Internet. It will create the relevant self-signed cert in the ClientApps\SBSCert directory. If you then log in to the Remote Web Workplace (RWW) you will see a link ( which is actually to a document) telling you exactly how to configure Outlook to connect to YOUR SERVER over the Internet.

              KISS

              Keep
              It
              Simple,
              Stupid
              ---------------------------------------------------------------

              OK. Finally I got it done!. Here is what you need to do if you want to connect via http/rpc using IP address with no FQDN and with no 3rd party certificate

              Follow the instructions in this website

              http://web.archive.org/web/20050114062934/http://support.microsoft.com/kb/833401#9

              By the way by the time I found out about these instructions on SBS2003 I've have already tried to do it like a non SBS exchange server so what I did was to double check on everything regarding the non SBS instructions.

              Since we did not have an FQDN and we have a self assigned certificate the following must be done

              Go into C:\windows\system32\drivers\etc (on client computers)
              Open host file in notepad
              Add the following hosts
              Notice that servernetbiosname IS different from certificate name
              IP Address remote.domain.local (URL the certificate was issued to)
              IP Address servernetbiosname.domain.local
              Note: IP address was the same for both.

              Open internet explorer and browse to: https://remote.domain.local

              You will get a warning saying that certificate has problems click on the certificate error and then click install certificate.

              Then select place certificate in the following store select Personal then next then finish

              Click on the certificate error then click install certificate then select place certificate in the following store select trusted certification root authorities.

              Now we have the certificate installed in our system. You may have to go into mmc then add certificates then select my user then click on certificates then click on personal then click on remote.domainname and in details select properties and select Enable all purposes for this certificate. Do the same thing for trusted root certification authorities.

              Once we have that done.
              (Client Computers)
              Go into control panel then select mail
              Select add a profile and write down a name
              Select Microsoft exchange
              In Microsoft exchange server type: servernetbiosname.domain.local
              Enter your account name: user
              DO NOT CLIC ON CHECK NAME
              Then select more settings
              Then select the tab connection
              Select connect using internet explorer or 3rd party dialer
              Then select connect to Microsoft exchange using http
              Select Exchange proxy settings
              In use my proxy server to connect to Microsoft exchange type: remote.domainname.local
              In Only connect to proxy servers that have this principal name in the certificate type: msstd:remote.domainname.local.
              Put check marks on:
              On fast networks, connect using HTTP first, then connect using TCP/IP
              On slow networks, connect using HTTP first, then connect using TCP/IP

              In proxy authentication settings select
              Basic Authentication
              Click ok then finish.

              Open outlook then your credential domainname\user then password.

              Note: I had an XP workstation where I could not connect no matter what I discovered if you have had your OL 2007 client connected to another exchange server there are some registry settings you need to change. The computer I was able to succesfully connect was a Vista 64 Bit Business edition and that had never been connected to another exchange server. Sorry I do not remember the KB URL at this point.

              Comment


              • #8
                Re: SBS2003 HTTP/RPC using ip address

                You want to tell me that the above is KISS?

                You create another record in DNS - say mail.domain.tld, which you probably have/need to get your mail delivered anyway. You run the wizard, and create a cert for mail.domain.tld and then just follow the bouncing ball.
                WTF do I need to mess with antiquated HOSTS files for?
                TIA

                Steven Teiger [SBS-MVP(2003-2009)]
                http://www.wintra.co.il/
                sigpic
                Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                We donít stop playing because we grow old, we grow old because we stop playing.

                Comment


                • #9
                  Re: SBS2003 HTTP/RPC using ip address

                  Originally posted by teiger View Post
                  You want to tell me that the above is KISS?

                  You create another record in DNS - say mail.domain.tld, which you probably have/need to get your mail delivered anyway. You run the wizard, and create a cert for mail.domain.tld and then just follow the bouncing ball.
                  WTF do I need to mess with antiquated HOSTS files for?
                  -----
                  Certificate was already created and was different I didnt want to mess with it.
                  Works like a charm!

                  Comment


                  • #10
                    Re: SBS2003 HTTP/RPC using ip address

                    Place a PostIt note on the monitor about having used the HOSTS. file because in 6 months time you will have forgotten about it and will spend ages trying to figure out why the blasted thing won't work when you make a minor change.

                    This same thing happened to a friend of a friend of mine and I was so annoyed when I remembered I had modified the HOSTS. file. Never again did my friend's friend use the HOSTS. file (without using a Postit note).
                    1 1 was a racehorse.
                    2 2 was 1 2.
                    1 1 1 1 race 1 day,
                    2 2 1 1 2

                    Comment

                    Working...
                    X