RPC over HTTPS configuration

Home Forums Messaging Software Exchange 2000 / 2003 RPC over HTTPS configuration

This topic contains 14 replies, has 4 voices, and was last updated by Avatar ASS-Ware 11 years, 6 months ago.

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • Avatar
    ASS-Ware
    Member
    #132356

    Hi,

    I have just finished installing a new SBS 2003 server at a client of mine.
    Thinking back of what I used to do, following the Petri guide, to activate RPC over HTTPS, I re-read the article at :
    http://www.petri.com/configure_rpc_over_https_on_a_single_server.htm

    It states the following :

    – Click Start, point to Microsoft Exchange, and then click System Manager.

    – Expand your organization, expand Administrative Groups > First Administrative Group > Servers.

    – Right-click on your server name and select Properties.

    – On the General tab, verify that you have SP1 installed.
    Verify that a tab called RPC-HTTP is present.

    – On the RPC-HTTP tab, click on RPC-HTTP Back-End Server.

    – You might get an error:

    Exchange System Manager
    There is no RPC-HTTP front-end in your Exchange organization.
    There must be at least one RPC-HTTP front-end server in the organization
    before the RPC-HTTP back-end server can be accessed.

    Acknowledge the error.

    What I don’t understand is that when I set up an SBS 2003 server, that setting is set to “Not part of an Exchange managed RPC-HTTP topology”, but RPC over HTTPS simply works.
    How come ?
    Do I still need this setting ?

    Avatar
    joeqwerty
    Moderator
    #300539

    Re: RPC over HTTPS configuration

    Yes, you still need the setting. This effectively creates the “proxy” port settings in the Exchange server to allow RPC over HTTP connections. If you had a front end server the registry entries would be made there, but in your case they are made on the one and only Exchange server. We have only one Exchange server and use RPC over HTTP on our one and only server by setting this setting. If you didn’t set the settings the registry entries would not be created.

    Avatar
    ASS-Ware
    Member
    #318718

    Re: RPC over HTTPS configuration

    joeqwerty;104693 wrote:
    Yes, you still need the setting. This effectively creates the “proxy” port settings in the Exchange server to allow RPC over HTTP connections. If you had a front end server the registry entries would be made there, but in your case they are made on the one and only Exchange server. We have only one Exchange server and use RPC over HTTP on our one and only server by setting this setting. If you didn’t set the settings the registry entries would not be created.

    Thnx, but, I wonder, how come it still works then ?

    Avatar
    biggles77
    Spectator
    #208207

    Re: RPC over HTTPS configuration

    You are trying to compare a UTFW process on an SBS machine to a manual setup on a different setup (a no UTFW non SBS system). :confused: :confused:

    Avatar
    ASS-Ware
    Member
    #318719

    Re: RPC over HTTPS configuration

    biggles77;104759 wrote:
    You are trying to compare a UTFW process on an SBS machine to a manual setup on a different setup (a no UTFW non SBS system). :confused: :confused:

    Both are Exchange Standard.
    Please explain why I should not compare.

    Avatar
    Sembee
    Member
    #256773

    Re: RPC over HTTPS configuration

    This is SBS. You don’t setup the feature manually.
    Run the wizard – Connect to the Internet (or whatever it is called). Ensure that you choose the option to enable Outlook of the Internet or RPC over HTTPS (I can’t remember which name it uses). That is it.

    YOU DO NOT CONFIGURE EXCHANGE MANUALLY ON SBS. SBS is designed to be configured using the wizards.

    The only thing you should consider doing outside of the wizard is changing the self generated certificate for a commercial certificate.

    Simon.

    Avatar
    ASS-Ware
    Member
    #318720

    Re: RPC over HTTPS configuration

    Sembee;104789 wrote:
    This is SBS. You don’t setup the feature manually.
    Run the wizard – Connect to the Internet (or whatever it is called). Ensure that you choose the option to enable Outlook of the Internet or RPC over HTTPS (I can’t remember which name it uses). That is it.

    YOU DO NOT CONFIGURE EXCHANGE MANUALLY ON SBS. SBS is designed to be configured using the wizards.

    The only thing you should consider doing outside of the wizard is changing the self generated certificate for a commercial certificate.

    Simon.

    I disagree with your line “You do not configure Exchange manually on SBS”.
    If what you say is true, then I can’t configure mailbox management etc either.
    Since it is simply an automated install of Exchange 2003 Standard, we can still use the System Manager to change things.
    So I would like to know the difference in this setting I was asking about.

    Avatar
    Sembee
    Member
    #256775

    Re: RPC over HTTPS configuration

    How many SBS Servers have you deployed?
    SBS is so much more than an automated install of Exchange.
    Exchange on SBS may look like Exchange, smell like Exchange and behave like Exchange, but it should not be managed like the full Exchange product.

    SBS is best compared to an appliance. It is designed to be installed and managed in a certain way, and most problems with the product occur when that doesn’t happen. You cannot treat it as separate products because Microsoft have designed all the elements to be integrated together. That takes time – why do you think there is still no SBS 2008?

    I deploy more SBS servers than I do full Exchange servers, and I am an Exchange MVP.
    I also clean up a lot of SBS servers that haven’t been deployed in the correct way, using the wizards. Not only using the wizards for the initial deployment, but for the management. In many cases certain features and settings will not work until the wizard is completed.

    For example, I was asked to look at a server a few months ago that would not receive email. I asked the support company who deployed it for the logs from the setup wizards. There were none because the wizards had never been run. I ran the relevant wizards and the server burst in to life. The wizards do more than things you see in front of you. If you look at the logs after the relevant wizard has been run you will get some idea of the changes it makes in the background.

    The most common problem is when client machines don’t work correctly. If you don’t use the connect computer wizard to add a new machine to the SBS server then you will have problems further down the line. It may appear to work, but you don’t have the full functionality.

    I was like you for some time – treated SBS as a cheap way to get Exchange. I then had an SBS deployment blow up in my face. It cost me a lot of money to put right, money I couldn’t bill back to the client because I hadn’t configured the server as it was designed to work.

    While you can use ESM to manage some aspects of Exchange, you have to be very careful what you change, as it is very easy to break the deployment. Unfortunately it isn’t always clear what you can cannot manage with ESM, and it only comes with experience or seeing MSKB articles specifically for SBS that tell you to use ESM that you learn what you and cannot do.

    On this specific question, RPC over HTTPS is not something that you configure in the regular manner. The SBS connect to the internet wizard will configure it for you. If you need to make any changes later then you need to run the wizard again.

    This may seem harsh, but I suggest that you spend some time with the SBS product and on the SBS forums and blogs. The SBS Diva blog is very good. Go back some time with her blog and read about the product. If SBS is deployed correctly, in the way that it was designed, then it works very well, with no problems at all. If deployed incorrectly then it can give you more headaches than the full product.

    Simon.

    Avatar
    ASS-Ware
    Member
    #318721

    Re: RPC over HTTPS configuration

    Sembee;104832 wrote:
    How many SBS Servers have you deployed?

    About 20 in the last 2 years.
    Most Windows installs I do are without Exchange.

    Sembee;104832 wrote:
    For example, I was asked to look at a server a few months ago that would not receive email. I asked the support company who deployed it for the logs from the setup wizards. There were none because the wizards had never been run. I ran the relevant wizards and the server burst in to life. The wizards do more than things you see in front of you. If you look at the logs after the relevant wizard has been run you will get some idea of the changes it makes in the background.

    When you say wizzards, do you mean the ones in the To Do List and Server Management ?

    Sembee;104832 wrote:
    The most common problem is when client machines don’t work correctly. If you don’t use the connect computer wizard to add a new machine to the SBS server then you will have problems further down the line. It may appear to work, but you don’t have the full functionality.

    I just add them to the domain by going to the System Properties / Computername / Change.
    What kind of problems ?
    Can you give me an example ?

    Sembee;104832 wrote:
    On this specific question, RPC over HTTPS is not something that you configure in the regular manner. The SBS connect to the internet wizard will configure it for you. If you need to make any changes later then you need to run the wizard again.

    Okay.

    Sembee;104832 wrote:
    This may seem harsh, but I suggest that you spend some time with the SBS product and on the SBS forums and blogs. The SBS Diva blog is very good. Go back some time with her blog and read about the product. If SBS is deployed correctly, in the way that it was designed, then it works very well, with no problems at all. If deployed incorrectly then it can give you more headaches than the full product.

    Simon.

    Thnx.

    Avatar
    ASS-Ware
    Member
    #318722

    Re: RPC over HTTPS configuration

    Sembee;104789 wrote:
    This is SBS. You don’t setup the feature manually.
    Run the wizard – Connect to the Internet (or whatever it is called). Ensure that you choose the option to enable Outlook of the Internet or RPC over HTTPS (I can’t remember which name it uses). That is it.

    Trying to do it the proper way, I can’t find that option.
    Where should I look ?

    Avatar
    Sembee
    Member
    #256777

    Re: RPC over HTTPS configuration

    Outlook via the Internet is part of the Configure Email and Internet wizard. This is in Server Manager and is labelled Connect to the Internet. You need to complete that wizard successfully.

    Rather than a list of problems, this blog posting from the SBS Diva explains what it does.
    http://msmvps.com/blogs/bradley/archive/2005/01/23/33632.aspx

    Do you ALL of that when you connect a machine? I doubt it.
    If you aren’t using the wizard then you are missing out on a lot of functionality, particularly with the email migration.

    20 servers over the last two years? I have done that this year alone – all of them with Exchange enabled.

    Simon.

    Avatar
    ASS-Ware
    Member
    #318727

    Re: RPC over HTTPS configuration

    Sembee;105101 wrote:
    Outlook via the Internet is part of the Configure Email and Internet wizard. This is in Server Manager and is labelled Connect to the Internet. You need to complete that wizard successfully.

    I did run that wizzard and I know it works, but I still wonder what that RPC setting does in SBS.
    Whatever you do, the wizzard doesn’t change it.

    Sembee;105101 wrote:
    Rather than a list of problems, this blog posting from the SBS Diva explains what it does.
    http://msmvps.com/blogs/bradley/archive/2005/01/23/33632.aspx

    Thnx, I will have a look.

    Sembee;105101 wrote:
    Do you ALL of that when you connect a machine? I doubt it.

    Yes, just like in a normal AD, just hang the PC in the domain, reboot and done.
    It works, can’t say I miss anything.

    Sembee;105101 wrote:
    If you aren’t using the wizard then you are missing out on a lot of functionality, particularly with the email migration.

    What exactly do I miss then ?
    I don’t see it.
    Users can log on, have access to shares, mail and internet.
    What more can they want ?

    Sembee;105101 wrote:
    20 servers over the last two years? I have done that this year alone – all of them with Exchange enabled.

    And what is your point ?
    In other words, you are very busy installing SBS/Exchange ?
    I manage about 700 servers in The Netherlands, not many have Exchange, and I have a lot of other things to do in my job.

    Avatar
    ASS-Ware
    Member
    #318728

    Re: RPC over HTTPS configuration

    > Checks Client OS and takes appropriate path (ATAP)

    I know what I just installed on the desktop PC …

    > Causes an activex control to become available.

    Not clear which control …

    > Determines whether the computer is or is not a member of the domain, and
    > is or is not a DC or SBS server, (ATAP)

    I know what I just installed on the desktop PC …

    > Tests resolution to the SBS server (ATAP)

    I will find out soon enough if resolving works or not

    > Checks for multiple non VPN network connections (ATAP)

    I know what is in the PC when I install it

    > Checks account permissions, allowed to join computer to domain?

    Erh, I do that and I am always admin

    > Assigns users, and migrates local profile(s), if they exist, to domain
    > profile (SID mapping)

    Not necessary where I work, all new members are new installs

    > Assigns requered local permissions to domain user account.

    Making a PC member of AD does the same

    > Provides selection of computer name from list, automatically if there is
    > one-to-one mapping of user/computer on the SBS.

    Hmm, exciting.

    > Joins the domain (creating a temp user account for autologon to ease the
    > process) – including getting the client computer in the correct AD OU so the
    > GP applies correctly.

    This is what I do manually

    > Sets some runonce reg keys to clean up after the above process.

    This is what I don’t need

    > After required input is provided, steps through the above process,
    > including automatic restarts as required.

    This is what I don’t need either

    > Now we are into Application Deployment (Susan shows some on her blog).
    > This is seen on the workstation as the Client Setup Wizard, which is
    > automatic on login after the above 12 main steps are complete.

    I would like to determine what is installed on the PC myself

    > The list of configurations made after Application deployment:
    > My network places
    > TAPI information
    > Connection Manager
    > Fax Printer
    > SSL Certificate
    > ActiveSync (special, just for SBS and mobility devices)
    > IE
    > Outlook
    > Additional global settings:
    > DNS Timeout Value
    > Deleted Item Recovey
    > Remote Desktop permissions
    > Network Printer(s)
    > Disable getting started screen (annoying XP thing)
    > Disable ICS
    > (used to turn off ICF, but now handled by GP (xp firewall settings))
    > Disables network bridging

    These are all things I never need
    SSL Certificate is trusted already is most (of my) cases, IE is installed by default
    Outlook is part of Office
    Printers are added through logon script (KIX)

    Nope, I still do not see why simply “add PC to domain” is not enough.
    Just my opinion.

    Avatar
    Sembee
    Member
    #256788

    Re: RPC over HTTPS configuration

    The fact that you have been doing x for so long doesn’t mean that it was right or will continue to work. There is an awful lot of fud about SBS, but the simple thing is that it is designed to work in one way. While you can get away with doing it the regular way – it is just that – getting away with it. To use a comparison with Exchange, there are many people who think that it is ok to DCPROMO and Exchange server, but that is not supported and should cause problems – but people continue to get away with it.

    If you are migrating across from another email solution, for example POP3, then the connect computer will import all of the content for you, change all the permissions, migrate the profiles from the workgroup to the domain and change the permissions. It also setups the client correctly, so that you do not have configure Outlook manually. The connect computer wizard does all of the leg work for you.

    What you are doing instead connect computer wizard is not done by most deployments of SBS. KIX? I haven’t used KIX for years and most SBS users will look at you lost if you mentioned the term. Remember the target market for SBS is for a non technical person to deploy and manage it. They may not be technical, and if they do get it deployed for them by a technical person there is a good chance that they will not be in the future.

    Anyway – you have your way of doing things, I have mine.
    I have stated my case – that you shouldn’t be treating SBS as the full product, which is the best practise for the SBS product to be deployed.

    Simon.

    Avatar
    ASS-Ware
    Member
    #318729

    Re: RPC over HTTPS configuration

    Kay, thnx.

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.