• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1069
  • Last Modified:

RPC over HTTP Problem.Don't work with Internet users

Please help me!

I've implement FE-BE exchange with plan: Exchange Frontend include DMZ lan.

-01 PDC - GlobalCatalog and CA Server (Windows 2003 SP1)
-01 Backend (Exchange 2003)
-01 Frontend.
-01 Firewall Hardware CISCO ASA with 4 Port LAN.
I've config RPC over HTTP , but don't work properly. I test Outlook Internal and work fine. But don't work with Internet user. OWA with SSL work no problem.
I still mx.domain.com forward my public IP and don't use mail.domain.com.
I've request CA from PDC and install them on the frontend server.But i'm not install on backend server.
My
Please Help me.

Thank you.

Regards
0
chaulq
Asked:
chaulq
  • 3
  • 3
1 Solution
 
mass2612Commented:
Hi,

Take a look at the information on this site and go over all your settings - http://www.amset.info/exchange/rpc-http.asp

0
 
harleyjdCommented:
"I've request CA from PDC and install them on the frontend server.But i'm not install on backend server. "

make sure the CA issued using the FQDN that internet clients will use, you MUST use the FQDN, as the Outlook client needs to auto-accept the certificate. The client cannot auto-accept the certificate unless the FQDN of the certificate matches the FQDN of the proxy server, The certificate is still valid (ie, not expired) and finally, that the client PC trusts the CA.

Because your clients will not inherently trust the CA (as it's a private domain based ca), you need to install the root CA from the server on EVERY client that wants RPC over HTTP. You need to export the certificate from your CA to do this.

browse to http:\\yourca\certsrv

click "Download a CA Certificate, Certificate Chain, or CRL "

click "install this CA certificate chain"

-or-

 click "Download CA certificate", save to a file and manually install on each machine by double clicking...
 

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx

http://petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm


0
 
chaulqAuthor Commented:
Thank harleyjd!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
chaulqAuthor Commented:
After fix . External mail work correctly. But when i send mail. Mail sent by backend server.And i opent NAT for BACKEND. I wan't config mail sent by Frontend in DMZ lan.Please  help me again.

Thanks everyone.
0
 
harleyjdCommented:
OK, technically you should post another Q, as this is a seperate issue, but...

In System Manager, go to Admin Groups, First Admin Group, Routing Groups, First Routing Group, Connectors.

You need an SMTP connector, called whatever you want, with the Local Bridgehead to be your DMZ server, the Address Space to be just an asterice (*) , and otherwise set the defaults.

If you already have a connector in there, you can change it to suit.

Whatever you do, do not tick "Allow Mesages to be relayed to these domains" on your * connector - that makes you an open relay...

0
 
chaulqAuthor Commented:
I config follow your guide. But don't work. I disable NAT BACKEND to External.Please help me
0
 
harleyjdCommented:
OK, I think you will need to open a more direct Q on this, as it sounds like you're doing the right thing. You don't what the Backend to have NAT access, so that's fine. The one thing to be sure of is that the FE and BE servers can communicate through the DMZ via SMTP. Check your message queues, see if that the issue. They should have a "pinhole" in the firewall to talk to one another.

If you need more help than that, then start another Q, post a reference to this one in it, but post your results of what I have asked as well...

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now