RPC over HTTP (ROH) Remote Connections To Internal Exchange Server Fail
Outlook 2003 client on XP (SP2) laptop configured to use RPC over HTTP (ROH) can connect to Exchange Server 2003 only when logged in to LAN network but cannot connect from Internet when off site at remote locations. (I assume Outlook's Exchange mailbox access from LAN is verification the config of ROH is correct on both the Exchange 2003 Server & the Outlook 2003 client?)
The goal here is to make Exchange 2003 mailboxes located on internal LAN available to staff from off site locations connecting through Internet. (I read another ExEx solution saying this is possible).
I have:
1. Added STATIC command to PIX515e FW to translate a public GLOBAL IP (209.43.X.X) to the internal LOCAL IP of Exchange 2003 Server (192.168.0.196)
2. Modified ACL on outside interface of PIX to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in STATIC command (209.43.X.X)
3. Modified ACL on outside interface of Cisco 1720 perimeter router to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in PIX STATIC command (209.43.X.X)
4. [When off site at remote location] added entry to HOSTS file on laptop mapping Exchange Server to GLOBAL IP (209.43.X.X cptexc2003.mydomain.org #Exchange Server On LAN)
When Outlook 2003 is launched on laptop from off site location a Windows logon dialog box appears to authenticate the connection to Exchange (cptexc2003.mydomain.org) but it never connects. (Doesn't this prove the http traffic is getting through the perimeter router & the PIX firewall and reaching the Exchange 2003 Server?)
Any thoughts on what I should check next or how I can troubleshoot further? (I thought ROH was pretty straightforward?)
The goal here is to make Exchange 2003 mailboxes located on internal LAN available to staff from off site locations connecting through Internet. (I read another ExEx solution saying this is possible).
I have:
1. Added STATIC command to PIX515e FW to translate a public GLOBAL IP (209.43.X.X) to the internal LOCAL IP of Exchange 2003 Server (192.168.0.196)
2. Modified ACL on outside interface of PIX to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in STATIC command (209.43.X.X)
3. Modified ACL on outside interface of Cisco 1720 perimeter router to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in PIX STATIC command (209.43.X.X)
4. [When off site at remote location] added entry to HOSTS file on laptop mapping Exchange Server to GLOBAL IP (209.43.X.X cptexc2003.mydomain.org #Exchange Server On LAN)
When Outlook 2003 is launched on laptop from off site location a Windows logon dialog box appears to authenticate the connection to Exchange (cptexc2003.mydomain.org) but it never connects. (Doesn't this prove the http traffic is getting through the perimeter router & the PIX firewall and reaching the Exchange 2003 Server?)
Any thoughts on what I should check next or how I can troubleshoot further? (I thought ROH was pretty straightforward?)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank You Very Much for responding. Please allow me some time to attempt resolution using the info & resources you have provided. Will post again tomorrow with results.
Before attempting any of the above, I would simply test it inside the network with the /rpcdiag switch.
Then we can figure out what the problem actually is instead of just posting every possible solution and forcing you to work through them all :)
-red
Then we can figure out what the problem actually is instead of just posting every possible solution and forcing you to work through them all :)
-red
ASKER
Problem resolved. RPC over HTTP successfully providing remote access (through perimeter router & PIX515e Firewall) to Exchange 2003 mailboxes located on internal LAN. (Single Exchange server installation, no Front End Exchange server).
Wow. I am blessed today to have had this help. Exchange has been one of the most challenging aspects of this project and to be pointed to the exact information in such an excellent format as Daniel Petri provides on his web site has made my week. I can't say Thank You enough NIT ADMIN!
Specifically my configuration gap was precisely what NIT ADMIN questioned me about above, that being failing to install a SSL certificate from a Public CA and not configuring our GC server as necessary for RPC over HTTP to work. Anyone needing information on RPC over HTTP like I did MUST check out http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
Thanks Experts!
Wow. I am blessed today to have had this help. Exchange has been one of the most challenging aspects of this project and to be pointed to the exact information in such an excellent format as Daniel Petri provides on his web site has made my week. I can't say Thank You enough NIT ADMIN!
Specifically my configuration gap was precisely what NIT ADMIN questioned me about above, that being failing to install a SSL certificate from a Public CA and not configuring our GC server as necessary for RPC over HTTP to work. Anyone needing information on RPC over HTTP like I did MUST check out http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
Thanks Experts!
Thank you for complement.
Cheers,
NITADMIN
RPC over HTTPS Expert !
Cheers,
NITADMIN
RPC over HTTPS Expert !
If it only works on the internal network, that is usually a clear sign that it is not configured properly.
What happens when you close outlook and go: start > run > outlook /rpcdiag
Does it show it connecting as TCP/IP or HTTP?
-red