?
Solved

RPC over https for clustered exchange 2003

Posted on 2006-04-01
8
Medium Priority
?
295 Views
Last Modified: 2013-11-15
HI,
I have an clustered exchanger server with PDC and BDC in the same domain. Now I've followed this
http://www.amset.info/exchange/rpc-http-server.asp (dual server mode)
to setup RPC over https which worked great inside of the local network. However, when I move the computer out of the network, outlook wouldn't connect to the exchange.

1) when using outlook within the network, outlook /rpcdiag shows that it connects to exchange and pdc (for directory service), but the pdc is strictly internal, so does that mean I need to open the pdc to public ? or can I use exchange for authentication?

2) I also have BDC as a backup (it's also a GC),  but in the rpc over http guide, there mentioned only one dc, could I just put BDC in the registry as well?

Thanks.
0
Comment
Question by:efurban
  • 4
  • 4
8 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 16354961
You shouldn't see a domain controller listed in the /rpcdiag status. It should be just the Exchange server listed.
Is this site fully up to date with service packs for Exchange?

Does it show ALL the connections as going over https?
You don't need to expose the domain controllers to the internet - the entire point of the feature is that all traffic can go through a single port.
As you are using a cluster - are you using a frontend / backend scenario?

Finally, you can add additional domain controllers to the list - before careful with the order though, I have had mixed success with additional DCs. Remember to make the registry change on the domain controllers as well.

No such thing as PDC and BDC in an AD domain...

Simon.
0
 

Author Comment

by:efurban
ID: 16355790
Thanks for the input Simon.

I can see all the connections as going over https which is good but I don't understand why I still see outlook contacting pdc.domain.local.
Activity:
pdc.xxxx.com                                  Directory   .... HTTPS ...
Exchange.xxxxxx.com                     Mail           .... HTTPS ...
pdc.xxxx.com                                  Directory   .... HTTPS ...
Exchange.xxxxxx.com                     Mail           .... HTTPS ...


PDC is the primary and BDC is the backup.  I know there is no difference between the two.
anyway, I am not using frontend/backend, the RPC proxy is install on exchange server itself.

I just double checked the setting in registry on exchange and dc, they look right.

0
 
LVL 104

Expert Comment

by:Sembee
ID: 16355908
What is the service pack status on the machines?
The behaviour changed at one point in the cycle, and I cannot remember when.
What I do know is that in a correctly working environment that is patched with the latest service packs of everything, the same single server is listed for all four components  -not split.

Simon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:efurban
ID: 16360184
ok, this is resolved after I reboot both PDC and BDC.  However, what do you mean by "you can add additional domain controllers to the list - before careful with the order though"?
I am going to put something like this:
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.local:6001-6002;
pdc:6001-6002;
pdc.domain.local:6001-6002;
bdc:6001-6002;
bdc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.local:6004;
pdc:6004;
pdc.domain.local:6004;
bdc:6004;
bdc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
pdc:593;
pdc.domain.local:593;
bdc:593;
bdc.domain.local:593;
exchange-server:593;
exchange-server.domain.local:593;
mail.external.com:593;

Does it look alright?
Thank you for the help.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 16360237
I have seen some funny results with the order of the registry entries. I cannot see any reason for it myself, but during testing, if I knocked over one of the domain controllers, it wasn't using the second one correctly. Played around with the order of the domain controllers listed and it was fine.
A quick check on the site where I did that configuration shows it is identical to the configuration that you have posted above, so it should be fine.
You may want to knock over a domain controller as a test one evening after the users have gone home to see whether it does actually use the second domain controller (or not).

Simon.
0
 

Author Comment

by:efurban
ID: 16383470
Thank u very much. I definitely need to test it out later when we have a break in the company.  :)

Can I ask one more question?  
I have a ISA server in front of the exchange.  If I assign nothing (no authentication) on the listener and configure the exchange to use basic authentication, everything work great. However, if the ISA is configured to use basic authentication, then outlook would just keep asking for password.

I know I may have to open a new question here.. oh well.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16383513
I would ask a new question on that one, as my knowledge with ISA isn't very good.

Simon.
0
 

Author Comment

by:efurban
ID: 16385605
problem was resolved.  There is a setting in ISA to forward the Basic authentication credential.

Thanks anyway.
:)
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
Here is a method which can be used to help resolve a "Content Index Failed" error on a Microsoft Exchange Server.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question