Link to home
Start Free TrialLog in
Avatar of efurban
efurban

asked on

RPC over https for clustered exchange 2003

HI,
I have an clustered exchanger server with PDC and BDC in the same domain. Now I've followed this
http://www.amset.info/exchange/rpc-http-server.asp (dual server mode)
to setup RPC over https which worked great inside of the local network. However, when I move the computer out of the network, outlook wouldn't connect to the exchange.

1) when using outlook within the network, outlook /rpcdiag shows that it connects to exchange and pdc (for directory service), but the pdc is strictly internal, so does that mean I need to open the pdc to public ? or can I use exchange for authentication?

2) I also have BDC as a backup (it's also a GC),  but in the rpc over http guide, there mentioned only one dc, could I just put BDC in the registry as well?

Thanks.
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

You shouldn't see a domain controller listed in the /rpcdiag status. It should be just the Exchange server listed.
Is this site fully up to date with service packs for Exchange?

Does it show ALL the connections as going over https?
You don't need to expose the domain controllers to the internet - the entire point of the feature is that all traffic can go through a single port.
As you are using a cluster - are you using a frontend / backend scenario?

Finally, you can add additional domain controllers to the list - before careful with the order though, I have had mixed success with additional DCs. Remember to make the registry change on the domain controllers as well.

No such thing as PDC and BDC in an AD domain...

Simon.
Avatar of efurban
efurban

ASKER

Thanks for the input Simon.

I can see all the connections as going over https which is good but I don't understand why I still see outlook contacting pdc.domain.local.
Activity:
pdc.xxxx.com                                  Directory   .... HTTPS ...
Exchange.xxxxxx.com                     Mail           .... HTTPS ...
pdc.xxxx.com                                  Directory   .... HTTPS ...
Exchange.xxxxxx.com                     Mail           .... HTTPS ...


PDC is the primary and BDC is the backup.  I know there is no difference between the two.
anyway, I am not using frontend/backend, the RPC proxy is install on exchange server itself.

I just double checked the setting in registry on exchange and dc, they look right.

What is the service pack status on the machines?
The behaviour changed at one point in the cycle, and I cannot remember when.
What I do know is that in a correctly working environment that is patched with the latest service packs of everything, the same single server is listed for all four components  -not split.

Simon.
Avatar of efurban

ASKER

ok, this is resolved after I reboot both PDC and BDC.  However, what do you mean by "you can add additional domain controllers to the list - before careful with the order though"?
I am going to put something like this:
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.local:6001-6002;
pdc:6001-6002;
pdc.domain.local:6001-6002;
bdc:6001-6002;
bdc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.local:6004;
pdc:6004;
pdc.domain.local:6004;
bdc:6004;
bdc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
pdc:593;
pdc.domain.local:593;
bdc:593;
bdc.domain.local:593;
exchange-server:593;
exchange-server.domain.local:593;
mail.external.com:593;

Does it look alright?
Thank you for the help.
ASKER CERTIFIED SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of efurban

ASKER

Thank u very much. I definitely need to test it out later when we have a break in the company.  :)

Can I ask one more question?  
I have a ISA server in front of the exchange.  If I assign nothing (no authentication) on the listener and configure the exchange to use basic authentication, everything work great. However, if the ISA is configured to use basic authentication, then outlook would just keep asking for password.

I know I may have to open a new question here.. oh well.
I would ask a new question on that one, as my knowledge with ISA isn't very good.

Simon.
Avatar of efurban

ASKER

problem was resolved.  There is a setting in ISA to forward the Basic authentication credential.

Thanks anyway.
:)