Solved

Need a COMPLETE step by step guide to enabling RPC over HTTP on the SBS2003 server and correctly connecting Outlook clients over the internet.

Posted on 2006-07-02
28
543 Views
Last Modified: 2008-03-10
Hi guys..   I've been working on this for weeks, to no avail.  I've read nearly every white paper, tutorial, and website out there relating to this...   Here is my goal:

Correctly configure RCPoHTTP on the SBS2003 server and correctly connect Outlook clients via the internet.  I need a step by step, detailed tutorial from start to finish.  Here is my setup:

One single server:  SBS2003 premium edition.  2 Network cards.  External connects directly to internet.  Internal connects (obviously) to internal network.  ISA server 2000 running as the firewall (on the same server obviously.)  I can connect via POP3 from the internet, but all of my attempts at getting RPCoHTTP to work over the internet have failed.  Please help!!!  Thanks guys...

Chris Myers
0
Comment
Question by:zagnutttt4
  • 14
  • 11
  • 2
  • +1
28 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 17027245
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17027439
Actually... you will find a SPECIFIC how-to that is customized for YOUR SBS by going to the Remote Web Workplace main menu, (http://localhost/remote on your SBS) and clicking on the "Configure Outlook via the Internet" link.

I suggest you follow only this set of instructions... the one that is linked above is not specific to SBS.

Jeff
TechSoEasy
0
 

Author Comment

by:zagnutttt4
ID: 17027554
Jeff..  You are correct, the previous post is not specific to SBS2003, and I have read it MANY times.  :)  The link that you mention does not exist on my Remote Web workplace...  Where can I find the exact link in IIS?  Or..  why is it not listed there?   Thanks


Chris
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17027718
Rerun the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email), and select "Enable Firewall" on the Firewall Screen, on the following screen click Next, and then on the Web Services Configuration check the Outlook via the Internet box.  Click next until finished.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17027723
P. S.  You can't access it directly via IIS, because it's not created until you run the CEICW to enable it, just FYI... as with all things SBS, if you don't find it where it's supposed to be, you haven't configured it yet.  :-)

Jeff
TechSoEasy
0
 

Author Comment

by:zagnutttt4
ID: 17027738
Jeff, that's the thing..   Every time I run the CEICW, I never get a Web Services Configuration page.  It just goes straight from the page where you check 'enable' or 'disable' firewall, to the email settings... after that, it just runs the end part of the wizard and then finishes.  I never get the chance to pick "Outlook via the Internet".   Strange..         Thoughts??
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17027748
Did you enable the firewall?
0
 

Author Comment

by:zagnutttt4
ID: 17027762
Nevermind.. I kept clicking on "keep the firewall settings the same" or whatever it says..   I'd hate to change any firewall settings until I'm back at the server tomorrow in person.  I may inadvertently cut about 50 users off from using the internet.  :)  So after I enable "Outlook via the Internet" service, what else really remains to get me to connect to the exchange server remotely using RPC over HTTP?  I've basically completed every other step.  (I think.)   Most of the articles that SAY they are geared towards SBS2003 for RPCoHTTP are actually written for multipe exchange-server scenarios, or scenarios where the ISA server is on a different machine that exchange.  Can you even enable RPC over HTTP on a single server running exchange and ISA2000 at the same time?  And if so, what am I missing?  I've created a web certificate.  Now what?  Do I have to do anything with the certificate in ISA?  Since it's on the same machine I assumed not...  What if I don't want to use SSL for my RPCoHTTP connection?   Then do I even need a certificate?  Sorry for all the questions..  Been working on this for a while..  

Chris
0
 

Author Comment

by:zagnutttt4
ID: 17028056
Jeff...
I forgot to mention..  When I go into ISA and run the "Mail Server Security Wizard" to publish my mail server rules, it always tells me..  "Exchange RPC cannot work with local host mail server.  If you continue, Exchange RPC will not work for this mail server."    So..   what can I do?  Is this normal?  

Chris
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17028306
Clicking "Enable Firewall" won't change anything that isn't already done (except for you clicking on the Outlook via the Internet box)... and you can always cancel out of the wizard if you don't like what you see... but honestly, it's already enabled if you're getting a RWW page at all... so you can't really hurt anything if you don't change any other settings other than what's already checked.

Running the CEICW and enabling the Outlook via the Internet in Web Services should configure ISA for you.  The CEICW is a VERY complex script which does a ton of stuff.  If you want to look at what it's done, just go to C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW  and look at the latest IcwdetailsXX.htm.

So, if you want to see what the personalized document says, I've posted a sample of them here:  http:Q_21548398.html

Yours will be customized with your particular server information to be able to configure Outlook properly.

Jeff
TechSoEasy
0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 17028344
I am not familiar with ISA 200 on an SBS box so I can not be a complete answer, but rerunning the Internet connection wizard, selecting the Outlook over the Internet option should set ISa up with the correct settings.

But you asked about not using SSL, one of the options in setting up outlook over http is to select Basic Authentication, if you do not use SSL to encrypt the packets, if someone was snooping they would see your Username password and address of server in the packets, as clear text.

David Houston

With regards the certificate, install it on every machine you want to connect in this way.
One point, as you are running SBS 2003 Premium, you are entitled to get the Service Pack One on Media, which includes an upgrade to ISA 2004, a better product then 2000.

One other thought are you running any service packs on the system? With service pack one there was a greatly improved in reliability and RPC over HTTP was one area that become more reliable.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17028546
Sorry, I missed commenting on the SSL thing... you really don't want to NOT use SSL since this is all configured already for you.  As you'll see in the configuration instructions there are steps to download and install the self-signed certificate, which is pretty easy to do.

In regards to all of the other questions about being on the same server, etc... ignore all of that... RPC over HTTP is already configured on your SBS... there's no need to do ANYTHING other than run the CEICW, and then follow the instructions from the link in RWW.

Those enterprise guys always make things so complicated!

Jeff
TechSoEasy
0
 
LVL 8

Expert Comment

by:dhoustonie
ID: 17028579
Agreed Jeff

SBS is the best practice for Small Businesses, but reversing it to the enterprise it is a worst case, and trying to get that across can be arduous.

Follow what Jeff has said and you can not go wrong.

David
0
 

Author Comment

by:zagnutttt4
ID: 17028627
Thanks guys.. I got everything working properly following your suggestions.  However, I did lost the capability to use POP3 to retrieve my email for some reason..  :)  RPCoHTTP is working well from the internet, and my certificate as well as SSL are now working properly.  Any tips on troubleshooting the POP3 service besides the obvious ones?  Thanks guys...

Chris
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17028921
Did you have POP3 configured in Outlook or using the POP3 connector in Exchange?

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17028939
Oh, do you mean that you were using POP3 retreival from the SBS?  Why would you want to continue using that?  It's really not a good idea to use it, especially since RPCoverHTTP is preconfigured and you have OWA as well.

POP3 uses a lot of resources and is a security issue as well.  Additionally, messages downloaded from the server and not retained at the server cannot be accessed elsewhere, nor are they available for access by the company should that be necessary.

Jeff
TechSoEasy
0
 

Author Comment

by:zagnutttt4
ID: 17030179
Jeff..   Yes, I meant that retrieving mail via POP3 from the SBS server was no longer functioning correctly.  I'm aware that as long as my RPCoHTTP is working correctly, there's really no need for the inferior POP3 methods, but it's still strange that it quit working correctly.  I'd like to have a backup method of retrieval, and there are several clients that really need to use the POP3 method for various reasons.  Seems strange that it quit working now..   SMTP still works fine, I can send out over SMTP find..   but upon trying to recieve using POP3, the Outlook client always reports  "the connection to the server has been interrupted".  Any ideas?  

Chris
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17032741
Sure... you've now added an Exchange Account to that Outlook and it's created a proxied connection to the SBS which would not be compatible with your POP3 settings to the same server.  I would suspect that POP3 still works from Outlook that is not configured with the RPCoverHTTP settings.

Jeff
TechSoEasy
0
 

Author Comment

by:zagnutttt4
ID: 17033984
Nope, actually my POP3 quit working from any client outside of the firewall.  Works fine on the internal network.  Made no changes at all in the firewall regarding POP3.  Also, my OWA quit working too for no reason all of the sudden.  (outside of the firewall.)  Prompted to install certificate, then I do so, then nothing..  
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17035091
Rerun your CEICW... make sure that you have the certificate name correct, and that OWA and POP3 are enabled.

http://blogs.msdn.com/sbsdocsteam/archive/2006/02/24/538808.aspx  <<<==== see why the CEICW is your friend!

Jeff
TechSoEasy
0
 

Author Comment

by:zagnutttt4
ID: 17036995
You were right..  reran the CEICW several times again and now everything is working fine again.  It seems like the certificates do get messed up sometimes however.  Sometimes the server tries to issue a different cert. to the client than the one I've created for the webserver.  Sometimes it tries to offer a cert. in the "publishing" name, even though I never created one with that name.  After that happens, it seems like I have to delete all of my created cert's on the server and on the clients, then create a new cert. on the server in the proper name again, and then re-install the correct cert. on the clients again to get everything to sync properly again.  Any thoughts on this?  

Chris
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17038002
Yeah, you have it analyzed exactly as it is... that's a documented problem, which is noted in Harry Brelsford's SBS Best Practices Book (http://sbsurl.com/best).  The publishing certificate is what IIS uses internally.  You corrected it properly... the other way to do it would be to just manually assign the correct certificate in IIS.

Jeff
TechSoEasy
0
 

Author Comment

by:zagnutttt4
ID: 17039390
Now another problem has arrisen.. without changing anything (once again), connection to http://server.domain.com/exchange and http://server.domain.com/remote is not working correctly again from the internet..   ISA SERVER REPORTS:

"The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot be displayed.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

Open the Web site home page, and then look for links to the information you want.
If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the Web site home page.
500 Internal Server Error - The target principal name is incorrect. (-2146893022)
Internet Security and Acceleration Server "

this is without changing ANY settings on the server since the point where everything was working flawlessly...

Chris
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17039446
Okay... you need to realize that you had made a number of changes before we got you on the right track... or even if you didn't make them... things like this can always pop up... it's time to teach you to GOOGLE your ERRORS.

http://www.google.com/search?q=500+Internal+Server+Error+-+The+target+principal+name+is+incorrect.+%28-2146893022%29

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17039454
0
 

Author Comment

by:zagnutttt4
ID: 17039478
Hi Jeff..  I'm actually reading up on it right now..   I'll keep you updated on my progress..   I did at least get POP3 working again, also my RPCoHTTP is still working very well..   stay tuned  :)

Chris
0
 

Author Comment

by:zagnutttt4
ID: 17039512
Update..  I changed a setting in ISA to get OWA working again.  I went into my web publishing rule for OWA and disabled "Send original host header to the published server instead of the original one ".  Then I changed the "Redirect the request to this internal Web server" so that it matched the common name on the Web Server Certificate.  Seems to be working okay so far.  Can I do this for only one publishing rule, or any of them that pertain to directories in the Default Web Site?  

Chris
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17039632
you shouldn't have to... take a look at C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\IcwdetailsXX.htm (where XX is the latest incremental number assigned when you ran the last CEICW).

This will show you exactly what was configured by it... and if something isn't getting set right you may need to now set it properly (such as /remote ).

Jeff
TechSoEasy
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now