Solved

RPC over HTTP Problem.Don't work with Internet users

Posted on 2006-07-14
7
1,062 Views
Last Modified: 2008-02-01
Please help me!

I've implement FE-BE exchange with plan: Exchange Frontend include DMZ lan.

-01 PDC - GlobalCatalog and CA Server (Windows 2003 SP1)
-01 Backend (Exchange 2003)
-01 Frontend.
-01 Firewall Hardware CISCO ASA with 4 Port LAN.
I've config RPC over HTTP , but don't work properly. I test Outlook Internal and work fine. But don't work with Internet user. OWA with SSL work no problem.
I still mx.domain.com forward my public IP and don't use mail.domain.com.
I've request CA from PDC and install them on the frontend server.But i'm not install on backend server.
My
Please Help me.

Thank you.

Regards
0
Comment
Question by:chaulq
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 17113088
Hi,

Take a look at the information on this site and go over all your settings - http://www.amset.info/exchange/rpc-http.asp

0
 
LVL 15

Accepted Solution

by:
harleyjd earned 500 total points
ID: 17113396
"I've request CA from PDC and install them on the frontend server.But i'm not install on backend server. "

make sure the CA issued using the FQDN that internet clients will use, you MUST use the FQDN, as the Outlook client needs to auto-accept the certificate. The client cannot auto-accept the certificate unless the FQDN of the certificate matches the FQDN of the proxy server, The certificate is still valid (ie, not expired) and finally, that the client PC trusts the CA.

Because your clients will not inherently trust the CA (as it's a private domain based ca), you need to install the root CA from the server on EVERY client that wants RPC over HTTP. You need to export the certificate from your CA to do this.

browse to http:\\yourca\certsrv

click "Download a CA Certificate, Certificate Chain, or CRL "

click "install this CA certificate chain"

-or-

 click "Download CA certificate", save to a file and manually install on each machine by double clicking...
 

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx

http://petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm


0
 

Author Comment

by:chaulq
ID: 17119917
Thank harleyjd!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:chaulq
ID: 17119994
After fix . External mail work correctly. But when i send mail. Mail sent by backend server.And i opent NAT for BACKEND. I wan't config mail sent by Frontend in DMZ lan.Please  help me again.

Thanks everyone.
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 17120110
OK, technically you should post another Q, as this is a seperate issue, but...

In System Manager, go to Admin Groups, First Admin Group, Routing Groups, First Routing Group, Connectors.

You need an SMTP connector, called whatever you want, with the Local Bridgehead to be your DMZ server, the Address Space to be just an asterice (*) , and otherwise set the defaults.

If you already have a connector in there, you can change it to suit.

Whatever you do, do not tick "Allow Mesages to be relayed to these domains" on your * connector - that makes you an open relay...

0
 

Author Comment

by:chaulq
ID: 17120185
I config follow your guide. But don't work. I disable NAT BACKEND to External.Please help me
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 17121867
OK, I think you will need to open a more direct Q on this, as it sounds like you're doing the right thing. You don't what the Backend to have NAT access, so that's fine. The one thing to be sure of is that the FE and BE servers can communicate through the DMZ via SMTP. Check your message queues, see if that the issue. They should have a "pinhole" in the firewall to talk to one another.

If you need more help than that, then start another Q, post a reference to this one in it, but post your results of what I have asked as well...

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question