• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 816
  • Last Modified:

RPC over HTTP with SBS 2003

Hi,

I have setup RPC over HTTP on 3 servers now.  All of them were stand alone servers as in NON small business servers.    I am working with a SBS 2003 server.  It's a brand new install, everything has been patched up to current levels.   SBS 2003 Service Pack 1, Exchange 2003 Service pack 2.

I have configured the server in System Manager for Exchange to be a back end RPC server.   The problem that I am running into is when I try to check the http://mail.mydomain.com/rpc  I am getting a prompt for creating a .NET Passport account.   If I test the same link inside of the network http://server/rpc  I am prompted for a user name/pass.   I checked the RPC virtual directory in IIS just to see what it's set at.   Under directory security the only option checked is .NET Passport authentication.   I know that server setup vary from stand alone server to small business server, but this is driving me crazy.    If I look on another server I have setup RPC over HTTP and it's working correctly.  The directory security shows something totally different.   The only 2 options checked are "allow anonymous" and "intergrated".  

Anyone out there have some ideas?


Thanks,
Monty
0
montyjenkins
Asked:
montyjenkins
  • 6
  • 5
1 Solution
 
xqsCommented:
.NET passport authentication should not be checked for RPC over HTTP, change it to allow intergrated and basic authentication.

Here's a link from MS on how to configure RPC over HTTP: http://support.microsoft.com/kb/833401/en-us
0
 
montyjenkinsAuthor Commented:
I agree as I have never seen that on the other servers that I have configured for RPC.   Under the RPC director in IIS there is an ASP.NET tab which I have never seen before.
0
 
montyjenkinsAuthor Commented:
I have also changed the permissions to what you suggested... same result.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
SembeeCommented:
The authentication should be integrated and anonymous only.
After changing those settings, drop in to a command prompt and type

iisreset

and press enter. This will reset IIS so the new settings stick.

Simon.
0
 
montyjenkinsAuthor Commented:
Simon,

Thanks for the info.  The problem ended up being my workstation for whatever reason.  I had just loaded the beta of IE 7.  I cannot prove that it was IE 7 that was causing the crazy .net passport login prompt instead of the normal looking user name/password pop up.

The only problem that I am having now is that after the setup of the Outlook client  I am not being asked for a user name/password anymore.   I also have RPC running on another client's server.  I setup another Outlook profile to connect to their server and everytime I am prompted for a user name/password.   I am not quite sure why I am able to get into the first server without a user name/password.

I did check the RPC directory again, and the permissions are set to allow "intergrated and anonymous only"   It's hard to to complain about the problem since it's working, but for securtiy reasons I would like users to have to input their user name/password when using a computer outside of the domain.


Monty
0
 
SembeeCommented:
Are the machines members of the domain?

If so, then RPC over HTTPS doesn't prompt by default, and this is the way that I prefer to configure the feature. If the domain account password expires, then Outlook access is blocked as well.

If the machines are not members of the domain, then pass through authentication will not work and you should get a prompt.

Simon.
0
 
montyjenkinsAuthor Commented:
My workstation is not a member of the domain.  The other workstations that will connect to the server will not be part of the domain either.   I just want to make sure that any user will be prompted to enter a user name/password.

I am not sure why I am not getting promted for a password when I test out my account.    It just seems that something is set wrong, because when I test another server that is running RPC I am prompted everytime I open Outlook for that server with a user name/password.


Monty
0
 
SembeeCommented:
Is the username and password on the domain the same as what you are using locally?

Simon.
0
 
montyjenkinsAuthor Commented:
Simon,

The user/pass is not the same as local.  I did think of that, but made sure that the password wasn't even close.      

So even if you check remember password when logging on, it should always prompt for a password correct?   If I am understanding it correctly?   Only the user name should be remembered?

I just need to make sure that if another user in the company was to use this laptop, they would be prompted for a user name/pass 100% of the time.

Thanks for your help though...  I do appreciate it.


Monty
0
 
SembeeCommented:
If it was me, I would expect a non-domain machine to always prompt. I would not allow a user any mechanism to save their password as that is a security breach - similar to wanting the machine to automatically login when it boots up.

Do you get a prompt to remember the password? I can't recall whether you do or not, as I setup all of my domains to disable that feature.

Simon.
0
 
montyjenkinsAuthor Commented:
I cannot agree with you more on not allowing "remember password" being allowed.   May I ask where you configure that option in respects to your domain?


To answer your question, Yes users are getting being prompted to click save password when asked for their user name/pass.

Monty
0
 
SembeeCommented:
You can only stop the users from saving passwords if the machine is a member of the domain. For that, a quick change to group policy stops those tricks.

If the machine is not a member of the domain, then it is down to the authentication type. If you set things to basic authentication, then it always prompts.

Simon.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now