Posted on 2004-11-30
Medium Priority
Last Modified: 2008-01-09
I need help with setting up HTTP over RPC for outlook so our remote users in the field can contact with all there outlook info on the server intact.   We are using a single server(server 2003 ) with exchange 2003 loaded on it being used in a global catalog situation.

I have been looking at this link:

right now I have RPC over HTTP enabled on the server.

we are behind a firewall.

My first question is I need to use a certificated.  I have one right now do I need to get it where it is just at the root - https://domain.com  or the actually web URL to look at web mail.    email.domain.com.  

and what ports need to be open.. I reading link but its confusing me a little:

If anyone can help me complete this I will add more points.. thanks clint
Question by:clintsjones

Expert Comment

ID: 12706697
The only port you need to open in this scenario is 443/TCP and it should be mapped to your Exchange server.

The certificate must use the email.domain.com name. Otherwise a security-warning will appear and Outlook can handle that in the way Internet Explorer can.

LVL 104

Expert Comment

ID: 12708767
The certificate needs to match the name that is entered in to Outlook for the server. Furthermore the certificate needs to be trusted. If you get any propts during the testing of the RPC virtual server then RPC/HTTP will not work.

I'll point you to my web site where I have documented the full setup required, including best practises and the registry changes that you need to make on the server: http://www.amset.info/exchange/ 


Author Comment

ID: 12708972
Simon the link you gave me doesnt work.. with just root and /exchange
 --  WHAT DO YOU MEAN PROMPTS like credital prompts

MAGNUS  yes I have done the port making sure no additional

Here is where I am getting confused.. I am about to go to freessl to get a trial real ceritifcate to test.

my url for checking mail externally is    owa.domain.net/exchange     I know how to get the SSL but how to I do this with IIS... I mean I know how to setup a secure.domain.com for excommerce but the info keeps talking about the default folder in IIS and RPC folder to get the info for the SSL....  since I have OWA.domain.net do I need to setup a website in IIS and do a virtual directoru for owa and apply the ceritifcate there...

IS MAKE THE HTTPS and URL to use with outlook that is confusing me.. Thanks Clint
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

LVL 104

Expert Comment

ID: 12709402
That link I gave you is to my web site, not an Exchange OWA implementation.
Here is the link to the first page (of three).

By prompts, I mean Security warnings. If you go to http://servername/rpc you should get a credential prompt. If you get anything else - indicating a problem with the certificate then RPC/HTTP will not work.

RPC/HTTPS must work on the default web site. This is the site called "Default" in IIS Manager. If you haven't created any other web site then you are using the default.


Author Comment

ID: 12709767
i am checking out your site now - THANKS

Yes I i did get the just secure error without prompt but I fixed the secuirty to create the prompt now... so thats good..

I think I understand I dont want to make the certificate using the domain.com but using the default site security to make SSL certificate RIGHT..

I reading you web site now - just want to confirm real fast the default SSL web site step..

THANKS clint

Author Comment

ID: 12710438
I read your instrustions:  This part trying to understand since I am single server:

I only have a choice for make a front end server not a back-end.. since more or less I am a backend...

"Single Server: Set the GUI to Back-end Server. You will get one, maybe two error messages. Both of these should be acknowledged.
Front-end / Back-end scenario: Adjust the GUI as required.
Front-end / Back-end scenario or other troubleshooting: Set the GUI to "Not part of an Exchange Managed RPC-HTTP topology"

now I can login to email using the OUTSIDE SSL   https://owa.domain.net/exchange and it works

I tried to login from OUTSIDE  https://owa.domain.net/rpc just goes right to a LOCK on browser and white screen says done...  

I try to go into a already up profile with outlook 2003  doesnt work....

LVL 104

Expert Comment

ID: 12710880
Have you carried out the test that I indicate later in the same page? You may have to disable "Show Friendly HTTP Error Messages" in Internet Explorer to see the messages.


Author Comment

ID: 12711456
yes always have that to trouble shoot..

if I do http://servername/rpc internally   I get you have to use SSL..

Please try the following:

Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)

if I use SSL  https://servername/rpc  I get

THE CERTIFICATE - click yes it shows nothing but lock and done at the bottom of IE

IMPORTANT:  I setup outlook 2003 to use http over rpc...   I try to open outlook i get a login box but it just pops back  - I CANT GET PASSED this part....


Step 1: Configure the RPC proxy server to use the default ports for RPC over HTTP that are specified inside the corporate network
To do this, follow these steps: 1. On the RPC proxy server, start Registry Editor.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
3. In the right pane, right-click ValidPorts, and then click Modify.
4. Remove all the information from the Value data box, and then type the following information:
Notes• Replace ServerNetBIOSName with the NetBIOS name of your server. Replace ServerFQDN with the fully qualified domain name (FQDN) of your server.
• To determine the NetBIOS name and the fully qualified domain name of your server, start a command prompt, type ipconfig /all, and then press ENTER.

Under Windows IP Configuration, information that is similar to the following appears:
Host Name .................: mycomputer
Primary DNS Suffix ........: contoso.com
The host name is the NetBIOS name of your computer. The host name together with the primary DNS suffix is the fully qualified domain name of your computer. In this example, the fully qualified domain name is mycomputer.contoso.com.
5. Click OK, and then quit Registry Editor.
Note You can also use the Rpccfg tool to set and to troubleshoot port assignments. The Rpccfg tool is included in the Windows Server 2003 Resource Kit tools. To obtain the Windows Server 2003 Resource Kit tools, visit the following Microsoft Web site:
Step 2: Configure all your global catalogs to use specific ports for RPC over HTTP for directory services
To do this, follow these steps: 1. Start Registry Editor.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
3. On the Edit menu, point to New, and then click Multi-String Value.

Note Make sure that you select the correct value type for the registry subkey. If the registry subkey type is set to anything other than Multi-String Value, you may experience problems.
4. Name the new registry value NSPI interface protocol sequences.
5. Right-click NSPI interface protocol sequences, and then click Modify.
6. In the Value data box, type ncacn_http:6004, and then click OK.
7. Quit Registry Editor, and then restart the computer.

here is where I am.... got SSL in and checked over the registry settings on the server ...  I change the ports in the
LVL 104

Accepted Solution

Sembee earned 700 total points
ID: 12718793
If you aren't getting the error message when you try the /rpc virtual server then the server isn't operating correctly. It doens't take much to break it, a semi-colon in the wrong place or missing is enough. As you are on a single server installation you must make the registry changes - there are a lot and different combinations are required - which is why I list them on my web site.

I would seriously consider pulling the registry settings out in to notepad and going through each combination to ensure that you have them all.


Author Comment

ID: 12721090
I got it to work thanks for all your help.....

Expert Comment

ID: 14339059
Hey i know that this has been closed awhile but i am having almost the same issue and would like some assistance.  I did everything on the article that Simon provided and I am amble to connect internally but when I try it outside the fire wall outlook just hangs searching and searching for the server.  Any ideas how i can fix this?
LVL 104

Expert Comment

ID: 14339202
oldskool75 - This is a closed question.
I would suggest that you post your query as a new question where it will be picked up and answered.


Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question