clintsjones
asked on
HTTP OVER RPC for OUTLOOK
I need help with setting up HTTP over RPC for outlook so our remote users in the field can contact with all there outlook info on the server intact. We are using a single server(server 2003 ) with exchange 2003 loaded on it being used in a global catalog situation.
I have been looking at this link:
right now I have RPC over HTTP enabled on the server.
we are behind a firewall.
My first question is I need to use a certificated. I have one right now do I need to get it where it is just at the root - https://domain.com or the actually web URL to look at web mail. email.domain.com.
and what ports need to be open.. I reading link but its confusing me a little:
http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;833401
If anyone can help me complete this I will add more points.. thanks clint
I have been looking at this link:
right now I have RPC over HTTP enabled on the server.
we are behind a firewall.
My first question is I need to use a certificated. I have one right now do I need to get it where it is just at the root - https://domain.com or the actually web URL to look at web mail. email.domain.com.
and what ports need to be open.. I reading link but its confusing me a little:
http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;833401
If anyone can help me complete this I will add more points.. thanks clint
The certificate needs to match the name that is entered in to Outlook for the server. Furthermore the certificate needs to be trusted. If you get any propts during the testing of the RPC virtual server then RPC/HTTP will not work.
I'll point you to my web site where I have documented the full setup required, including best practises and the registry changes that you need to make on the server: http://www.amset.info/exchange/
Simon.
I'll point you to my web site where I have documented the full setup required, including best practises and the registry changes that you need to make on the server: http://www.amset.info/exchange/
Simon.
ASKER
Simon the link you gave me doesnt work.. with just root and /exchange
-- WHAT DO YOU MEAN PROMPTS like credital prompts
MAGNUS yes I have done the port making sure no additional
Here is where I am getting confused.. I am about to go to freessl to get a trial real ceritifcate to test.
my url for checking mail externally is owa.domain.net/exchange I know how to get the SSL but how to I do this with IIS... I mean I know how to setup a secure.domain.com for excommerce but the info keeps talking about the default folder in IIS and RPC folder to get the info for the SSL.... since I have OWA.domain.net do I need to setup a website in IIS and do a virtual directoru for owa and apply the ceritifcate there...
IS MAKE THE HTTPS and URL to use with outlook that is confusing me.. Thanks Clint
-- WHAT DO YOU MEAN PROMPTS like credital prompts
MAGNUS yes I have done the port making sure no additional
Here is where I am getting confused.. I am about to go to freessl to get a trial real ceritifcate to test.
my url for checking mail externally is owa.domain.net/exchange I know how to get the SSL but how to I do this with IIS... I mean I know how to setup a secure.domain.com for excommerce but the info keeps talking about the default folder in IIS and RPC folder to get the info for the SSL.... since I have OWA.domain.net do I need to setup a website in IIS and do a virtual directoru for owa and apply the ceritifcate there...
IS MAKE THE HTTPS and URL to use with outlook that is confusing me.. Thanks Clint
That link I gave you is to my web site, not an Exchange OWA implementation.
Here is the link to the first page (of three).
http://www.amset.info/exchange/rpc-http-server.asp
By prompts, I mean Security warnings. If you go to http://servername/rpc you should get a credential prompt. If you get anything else - indicating a problem with the certificate then RPC/HTTP will not work.
RPC/HTTPS must work on the default web site. This is the site called "Default" in IIS Manager. If you haven't created any other web site then you are using the default.
Simon.
Here is the link to the first page (of three).
http://www.amset.info/exchange/rpc-http-server.asp
By prompts, I mean Security warnings. If you go to http://servername/rpc you should get a credential prompt. If you get anything else - indicating a problem with the certificate then RPC/HTTP will not work.
RPC/HTTPS must work on the default web site. This is the site called "Default" in IIS Manager. If you haven't created any other web site then you are using the default.
Simon.
ASKER
i am checking out your site now - THANKS
Yes I i did get the just secure error without prompt but I fixed the secuirty to create the prompt now... so thats good..
I think I understand I dont want to make the certificate using the domain.com but using the default site security to make SSL certificate RIGHT..
I reading you web site now - just want to confirm real fast the default SSL web site step..
THANKS clint
Yes I i did get the just secure error without prompt but I fixed the secuirty to create the prompt now... so thats good..
I think I understand I dont want to make the certificate using the domain.com but using the default site security to make SSL certificate RIGHT..
I reading you web site now - just want to confirm real fast the default SSL web site step..
THANKS clint
ASKER
I read your instrustions: This part trying to understand since I am single server:
I only have a choice for make a front end server not a back-end.. since more or less I am a backend...
"Single Server: Set the GUI to Back-end Server. You will get one, maybe two error messages. Both of these should be acknowledged.
Front-end / Back-end scenario: Adjust the GUI as required.
Front-end / Back-end scenario or other troubleshooting: Set the GUI to "Not part of an Exchange Managed RPC-HTTP topology"
now I can login to email using the OUTSIDE SSL https://owa.domain.net/exchange and it works
I tried to login from OUTSIDE https://owa.domain.net/rpc just goes right to a LOCK on browser and white screen says done...
I try to go into a already up profile with outlook 2003 doesnt work....
I only have a choice for make a front end server not a back-end.. since more or less I am a backend...
"Single Server: Set the GUI to Back-end Server. You will get one, maybe two error messages. Both of these should be acknowledged.
Front-end / Back-end scenario: Adjust the GUI as required.
Front-end / Back-end scenario or other troubleshooting: Set the GUI to "Not part of an Exchange Managed RPC-HTTP topology"
now I can login to email using the OUTSIDE SSL https://owa.domain.net/exchange and it works
I tried to login from OUTSIDE https://owa.domain.net/rpc just goes right to a LOCK on browser and white screen says done...
I try to go into a already up profile with outlook 2003 doesnt work....
Have you carried out the test that I indicate later in the same page? You may have to disable "Show Friendly HTTP Error Messages" in Internet Explorer to see the messages.
Simon.
Simon.
ASKER
yes always have that to trouble shoot..
if I do http://servername/rpc internally I get you have to use SSL..
Please try the following:
Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
if I use SSL https://servername/rpc I get
THE CERTIFICATE - click yes it shows nothing but lock and done at the bottom of IE
IMPORTANT: I setup outlook 2003 to use http over rpc... I try to open outlook i get a login box but it just pops back - I CANT GET PASSED this part....
DO I NEED THIS TWO PARTS - I HAVENT DONE THEM:
Step 1: Configure the RPC proxy server to use the default ports for RPC over HTTP that are specified inside the corporate network
To do this, follow these steps: 1. On the RPC proxy server, start Registry Editor.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWAR
3. In the right pane, right-click ValidPorts, and then click Modify.
4. Remove all the information from the Value data box, and then type the following information:
ServerNETBIOSName:6001-600
Notes• Replace ServerNetBIOSName with the NetBIOS name of your server. Replace ServerFQDN with the fully qualified domain name (FQDN) of your server.
• To determine the NetBIOS name and the fully qualified domain name of your server, start a command prompt, type ipconfig /all, and then press ENTER.
Under Windows IP Configuration, information that is similar to the following appears:
Host Name .................: mycomputer
Primary DNS Suffix ........: contoso.com
The host name is the NetBIOS name of your computer. The host name together with the primary DNS suffix is the fully qualified domain name of your computer. In this example, the fully qualified domain name is mycomputer.contoso.com.
5. Click OK, and then quit Registry Editor.
Note You can also use the Rpccfg tool to set and to troubleshoot port assignments. The Rpccfg tool is included in the Windows Server 2003 Resource Kit tools. To obtain the Windows Server 2003 Resource Kit tools, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Step 2: Configure all your global catalogs to use specific ports for RPC over HTTP for directory services
To do this, follow these steps: 1. Start Registry Editor.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
3. On the Edit menu, point to New, and then click Multi-String Value.
Note Make sure that you select the correct value type for the registry subkey. If the registry subkey type is set to anything other than Multi-String Value, you may experience problems.
4. Name the new registry value NSPI interface protocol sequences.
5. Right-click NSPI interface protocol sequences, and then click Modify.
6. In the Value data box, type ncacn_http:6004, and then click OK.
7. Quit Registry Editor, and then restart the computer.
here is where I am.... got SSL in and checked over the registry settings on the server ... I change the ports in the
if I do http://servername/rpc internally I get you have to use SSL..
Please try the following:
Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
if I use SSL https://servername/rpc I get
THE CERTIFICATE - click yes it shows nothing but lock and done at the bottom of IE
IMPORTANT: I setup outlook 2003 to use http over rpc... I try to open outlook i get a login box but it just pops back - I CANT GET PASSED this part....
DO I NEED THIS TWO PARTS - I HAVENT DONE THEM:
Step 1: Configure the RPC proxy server to use the default ports for RPC over HTTP that are specified inside the corporate network
To do this, follow these steps: 1. On the RPC proxy server, start Registry Editor.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWAR
3. In the right pane, right-click ValidPorts, and then click Modify.
4. Remove all the information from the Value data box, and then type the following information:
ServerNETBIOSName:6001-600
Notes• Replace ServerNetBIOSName with the NetBIOS name of your server. Replace ServerFQDN with the fully qualified domain name (FQDN) of your server.
• To determine the NetBIOS name and the fully qualified domain name of your server, start a command prompt, type ipconfig /all, and then press ENTER.
Under Windows IP Configuration, information that is similar to the following appears:
Host Name .................: mycomputer
Primary DNS Suffix ........: contoso.com
The host name is the NetBIOS name of your computer. The host name together with the primary DNS suffix is the fully qualified domain name of your computer. In this example, the fully qualified domain name is mycomputer.contoso.com.
5. Click OK, and then quit Registry Editor.
Note You can also use the Rpccfg tool to set and to troubleshoot port assignments. The Rpccfg tool is included in the Windows Server 2003 Resource Kit tools. To obtain the Windows Server 2003 Resource Kit tools, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
Step 2: Configure all your global catalogs to use specific ports for RPC over HTTP for directory services
To do this, follow these steps: 1. Start Registry Editor.
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
3. On the Edit menu, point to New, and then click Multi-String Value.
Note Make sure that you select the correct value type for the registry subkey. If the registry subkey type is set to anything other than Multi-String Value, you may experience problems.
4. Name the new registry value NSPI interface protocol sequences.
5. Right-click NSPI interface protocol sequences, and then click Modify.
6. In the Value data box, type ncacn_http:6004, and then click OK.
7. Quit Registry Editor, and then restart the computer.
here is where I am.... got SSL in and checked over the registry settings on the server ... I change the ports in the
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got it to work thanks for all your help.....
Hey i know that this has been closed awhile but i am having almost the same issue and would like some assistance. I did everything on the article that Simon provided and I am amble to connect internally but when I try it outside the fire wall outlook just hangs searching and searching for the server. Any ideas how i can fix this?
oldskool75 - This is a closed question.
I would suggest that you post your query as a new question where it will be picked up and answered.
Simon.
I would suggest that you post your query as a new question where it will be picked up and answered.
Simon.
The certificate must use the email.domain.com name. Otherwise a security-warning will appear and Outlook can handle that in the way Internet Explorer can.
/Magnus