I need help with setting up HTTP over RPC for outlook so our remote users in the field can contact with all there outlook info on the server intact.   We are using a single server(server 2003 ) with exchange 2003 loaded on it being used in a global catalog situation.

I have been looking at this link:

right now I have RPC over HTTP enabled on the server.

we are behind a firewall.

My first question is I need to use a certificated.  I have one right now do I need to get it where it is just at the root -  or the actually web URL to look at web mail.  

and what ports need to be open.. I reading link but its confusing me a little:;%5Bln%5D;833401

If anyone can help me complete this I will add more points.. thanks clint
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The only port you need to open in this scenario is 443/TCP and it should be mapped to your Exchange server.

The certificate must use the name. Otherwise a security-warning will appear and Outlook can handle that in the way Internet Explorer can.

The certificate needs to match the name that is entered in to Outlook for the server. Furthermore the certificate needs to be trusted. If you get any propts during the testing of the RPC virtual server then RPC/HTTP will not work.

I'll point you to my web site where I have documented the full setup required, including best practises and the registry changes that you need to make on the server: 

clintsjonesAuthor Commented:
Simon the link you gave me doesnt work.. with just root and /exchange
 --  WHAT DO YOU MEAN PROMPTS like credital prompts

MAGNUS  yes I have done the port making sure no additional

Here is where I am getting confused.. I am about to go to freessl to get a trial real ceritifcate to test.

my url for checking mail externally is     I know how to get the SSL but how to I do this with IIS... I mean I know how to setup a for excommerce but the info keeps talking about the default folder in IIS and RPC folder to get the info for the SSL....  since I have do I need to setup a website in IIS and do a virtual directoru for owa and apply the ceritifcate there...

IS MAKE THE HTTPS and URL to use with outlook that is confusing me.. Thanks Clint
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

That link I gave you is to my web site, not an Exchange OWA implementation.
Here is the link to the first page (of three).

By prompts, I mean Security warnings. If you go to http://servername/rpc you should get a credential prompt. If you get anything else - indicating a problem with the certificate then RPC/HTTP will not work.

RPC/HTTPS must work on the default web site. This is the site called "Default" in IIS Manager. If you haven't created any other web site then you are using the default.

clintsjonesAuthor Commented:
i am checking out your site now - THANKS

Yes I i did get the just secure error without prompt but I fixed the secuirty to create the prompt now... so thats good..

I think I understand I dont want to make the certificate using the but using the default site security to make SSL certificate RIGHT..

I reading you web site now - just want to confirm real fast the default SSL web site step..

THANKS clint
clintsjonesAuthor Commented:
I read your instrustions:  This part trying to understand since I am single server:

I only have a choice for make a front end server not a back-end.. since more or less I am a backend...

"Single Server: Set the GUI to Back-end Server. You will get one, maybe two error messages. Both of these should be acknowledged.
Front-end / Back-end scenario: Adjust the GUI as required.
Front-end / Back-end scenario or other troubleshooting: Set the GUI to "Not part of an Exchange Managed RPC-HTTP topology"

now I can login to email using the OUTSIDE SSL and it works

I tried to login from OUTSIDE just goes right to a LOCK on browser and white screen says done...  

I try to go into a already up profile with outlook 2003  doesnt work....

Have you carried out the test that I indicate later in the same page? You may have to disable "Show Friendly HTTP Error Messages" in Internet Explorer to see the messages.

clintsjonesAuthor Commented:
yes always have that to trouble shoot..

if I do http://servername/rpc internally   I get you have to use SSL..

Please try the following:

Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)

if I use SSL  https://servername/rpc  I get

THE CERTIFICATE - click yes it shows nothing but lock and done at the bottom of IE

IMPORTANT:  I setup outlook 2003 to use http over rpc...   I try to open outlook i get a login box but it just pops back  - I CANT GET PASSED this part....


Step 1: Configure the RPC proxy server to use the default ports for RPC over HTTP that are specified inside the corporate network
To do this, follow these steps: 1. On the RPC proxy server, start Registry Editor.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
3. In the right pane, right-click ValidPorts, and then click Modify.
4. Remove all the information from the Value data box, and then type the following information:
Notes• Replace ServerNetBIOSName with the NetBIOS name of your server. Replace ServerFQDN with the fully qualified domain name (FQDN) of your server.
• To determine the NetBIOS name and the fully qualified domain name of your server, start a command prompt, type ipconfig /all, and then press ENTER.

Under Windows IP Configuration, information that is similar to the following appears:
Host Name .................: mycomputer
Primary DNS Suffix ........:
The host name is the NetBIOS name of your computer. The host name together with the primary DNS suffix is the fully qualified domain name of your computer. In this example, the fully qualified domain name is
5. Click OK, and then quit Registry Editor.
Note You can also use the Rpccfg tool to set and to troubleshoot port assignments. The Rpccfg tool is included in the Windows Server 2003 Resource Kit tools. To obtain the Windows Server 2003 Resource Kit tools, visit the following Microsoft Web site:
Step 2: Configure all your global catalogs to use specific ports for RPC over HTTP for directory services
To do this, follow these steps: 1. Start Registry Editor.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
2. Locate and then click the following registry subkey:
3. On the Edit menu, point to New, and then click Multi-String Value.

Note Make sure that you select the correct value type for the registry subkey. If the registry subkey type is set to anything other than Multi-String Value, you may experience problems.
4. Name the new registry value NSPI interface protocol sequences.
5. Right-click NSPI interface protocol sequences, and then click Modify.
6. In the Value data box, type ncacn_http:6004, and then click OK.
7. Quit Registry Editor, and then restart the computer.

here is where I am.... got SSL in and checked over the registry settings on the server ...  I change the ports in the
If you aren't getting the error message when you try the /rpc virtual server then the server isn't operating correctly. It doens't take much to break it, a semi-colon in the wrong place or missing is enough. As you are on a single server installation you must make the registry changes - there are a lot and different combinations are required - which is why I list them on my web site.

I would seriously consider pulling the registry settings out in to notepad and going through each combination to ensure that you have them all.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
clintsjonesAuthor Commented:
I got it to work thanks for all your help.....
Hey i know that this has been closed awhile but i am having almost the same issue and would like some assistance.  I did everything on the article that Simon provided and I am amble to connect internally but when I try it outside the fire wall outlook just hangs searching and searching for the server.  Any ideas how i can fix this?
oldskool75 - This is a closed question.
I would suggest that you post your query as a new question where it will be picked up and answered.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.