Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 667
  • Last Modified:

Static IP instead of FQDN during RPC-HTTP setup?

Hey experts,

I am trying to setup RPC through HTTP so remote users can access the full features of Exchange through Outlook.  I am running Windows Server 2003 with Exchange Server 2003 and AD on a single server.  My clients are running XP home with Outlook 2003.  I followed the steps in the microsoft document http://support.microsoft.com/?Kbid=833401  and am having some troubles.  I do not have a FQDN that points to my server.... all I have is my "internal domain name" that my network users use to logon, and a static external IP...is there anyway around this?  I would like to use a static IP instead of a FQDN.  Wouldn't this accomplish the same thing?  In the RpcProxy registry values, could I replace the FQDN with my ip?  I've tried using just my ip address in the proxy setting for the client and it pops up a login box but won't connect. Any help is appreciated.
0
MFredin
Asked:
MFredin
  • 3
  • 3
1 Solution
 
SembeeCommented:
As you need to use an SSL certificate, you can't use an IP address. It has to be a hostname.
Any reason why you haven't configured a hostname for the static IP address?

Simon.
0
 
MFredinAuthor Commented:
I have a few domain names that I own.... I was just using them to host a couple websites via a hosting company, and recently added the exchange server to our office.  So I really didn't have much need to have a hostname point to my static address.  I have configured the mail.domainname mx record for 1 of my domain names to point to my static ip and my email and Outlook Web Access works just great.  So I need to use an SSL cerificate?  Could you point me in the right direction to get this working?  So say I get a certificate... so the hostname comes with this?  I'm slightly confused.
0
 
SembeeCommented:
If you already have a hostname configured for the server to allow email to be delivered to the Exchange server by SMTP on MX records, then you can use the same host name.
You don't have to create a special hostname for RPC over HTTPS. All a hostname on the Internet does is resolve the name to an IP address.
Unfortunately you cannot have an SSL certificate on an IP address, only on a host.

The feature should really be called RPC over HTTPS, as that is the only way it works in a secure manner out of the box. It can be configured to work over http, but I wouldn't advise doing so, as it means your username and password information is going across in the clear.

For maximum compatibility the SSL certificate needs to be purchased. You can only have one SSL certificate per virtual server, so you will need to make sure that you use a name that you are happy with. I use RapidSSL for my deployments - $70/year and they offer a 30 day trial certificate so that you can get used to the process and test it works. http://www.rapidssl.com/ 
They also have instructions on how to apply for and then install the certificate. Takes about 30 minutes to get one.

Someone is bound to post to the thread about using a home grown certificate. I don't like using home grown certificates for production installations as you have to install the certificate on to every machine individually and it makes the entire process an admin nightmare. Plus when the certificate expires you then have to visit every machine again to install the new certificate.
Use a purchased certificate, using your mail.domain.com host that you have already setup.
The SSL certificate will work for OWA, OMA, EAS, RPC over HTTPS and anything else on that virtual server.

Simon.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
MFredinAuthor Commented:
Great....I will get a SSL Certificate then!   One other question.... does my mail.domainname hostname need to be pointing to a certain directory on my server or just the IP?
0
 
SembeeCommented:
Hostname is just the server. You can't point a host name at a directory.

Once you have the certificate, in the RPC over HTTPS proxy configuration, you simply enter the host name that need to use - no directory is required - Outlook does everything else.

Simon.
0
 
MFredinAuthor Commented:
Sembee.... thanks so much for your help... I got the certificate installed and working and my RPC over HTTP is working great! A+++

Thanks again!
Matt
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now