Announcement

Collapse
No announcement yet.

RPC over HTTP -Changing of default SSL port, RPC not working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • RPC over HTTP -Changing of default SSL port, RPC not working

    Hi Everyone - I am having an issue with SBS 2003 SP2 RPC setup. My current infrastructure is 2 SBS Servers (1 is 2008 with RPC working well and the other is SBS 2003 and RPC not working - of course they are on seperate domains but share 1 ADSL line and proxy through a Linux server).

    I dont have a fixed IP so i use dynamic aliases on the Linux server to get my RPC, OWA and RDP access.

    Port 443 is forwarded onto the 2008 SBS server so I cant use 443 on my 2003 SBS server.

    In short i would like to get both running... I have created another dynamic alias on the Linux server and have changed the Default Website SSL port to 7734 in IIS (forwarded it onto the IP of the 2003 SBS) and in Outlook 2007 changed the registry to force outlook to use 7734 as the SSL port for RPC (it seems to work as i used outlook.exe /rpcdiag to check)
    OWA works on the 2003 SBS over HTTPS, i can get into the server via dynamicdns.org/remote so it must be allowing the SSL connection.

    I have created a self signed certificate that has the same name as my external address and installed it in my trusted root folder on the pc. It works for OWA... it however does not work for RPC - it comes back with an error saying the certificate is not valid (error code 18 ). The certificate is valid.

    Any ideas... i am going mad here!!

    Thanks in advance

    Graeme
    Last edited by biggles77; 30th October 2010, 02:32. Reason: more info - /Me fix 8) smilie issue

  • #2
    Re: RPC over HTTP -Changing of default SSL port, RPC not working

    Buy 2 fixed IP's they are probably much cheaper than any other solution and will let you run SSL to both addresses.
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We donít stop playing because we grow old, we grow old because we stop playing.

    Comment


    • #3
      Re: RPC over HTTP -Changing of default SSL port, RPC not working

      You will NOT be able to configure Outlook to use Outlook Anywhere over any port other than 443.

      I've tried this, and failed.
      Outlook will ONLY allow you to configure it using port 443. Adding :4443 at the end or anything, won't work.

      I'd suggest:

      Creating two A Name recorsd for your public ip, rpc.domain1.com and rpc.domain2.com
      point both to the same IP

      ?use your linux box, or ISA, whatfever, to accept traffic for both domains on port 443, then have a rule configured to forward it appropriately.
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: RPC over HTTP -Changing of default SSL port, RPC not working

        Originally posted by tehcamel View Post
        You will NOT be able to configure Outlook to use Outlook Anywhere over any port other than 443.

        I've tried this, and failed.
        Outlook will ONLY allow you to configure it using port 443. Adding :4443 at the end or anything, won't work.

        I'd suggest:

        Creating two A Name recorsd for your public ip, rpc.domain1.com and rpc.domain2.com
        point both to the same IP

        ?use your linux box, or ISA, whatfever, to accept traffic for both domains on port 443, then have a rule configured to forward it appropriately.
        Totally agree on the first part. This is what I was alluding to without saying it.
        However for SSL you can only effectively have one tunnel endpoint which will be ONE of the servers. AFAIK (and I have checked everywhere to try and do this myself) you cannot have ONE IP serving TWO SSL tunnels.
        TIA

        Steven Teiger [SBS-MVP(2003-2009)]
        http://www.wintra.co.il/
        sigpic
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.

        Comment


        • #5
          Re: RPC over HTTP -Changing of default SSL port, RPC not working

          Indeed you cannot, if you are using ISA (for example) you cannot have 2 web listeners listening for the same protocol and port on the same IP address. If publish 2 SSL websites you must use 2 IP addresses.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment

          Working...
          X