Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RPC over HTTP Problem.Don't work with Internet users

Posted on 2006-07-14
7
Medium Priority
?
1,068 Views
Last Modified: 2008-02-01
Please help me!

I've implement FE-BE exchange with plan: Exchange Frontend include DMZ lan.

-01 PDC - GlobalCatalog and CA Server (Windows 2003 SP1)
-01 Backend (Exchange 2003)
-01 Frontend.
-01 Firewall Hardware CISCO ASA with 4 Port LAN.
I've config RPC over HTTP , but don't work properly. I test Outlook Internal and work fine. But don't work with Internet user. OWA with SSL work no problem.
I still mx.domain.com forward my public IP and don't use mail.domain.com.
I've request CA from PDC and install them on the frontend server.But i'm not install on backend server.
My
Please Help me.

Thank you.

Regards
0
Comment
Question by:chaulq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 17113088
Hi,

Take a look at the information on this site and go over all your settings - http://www.amset.info/exchange/rpc-http.asp

0
 
LVL 15

Accepted Solution

by:
harleyjd earned 2000 total points
ID: 17113396
"I've request CA from PDC and install them on the frontend server.But i'm not install on backend server. "

make sure the CA issued using the FQDN that internet clients will use, you MUST use the FQDN, as the Outlook client needs to auto-accept the certificate. The client cannot auto-accept the certificate unless the FQDN of the certificate matches the FQDN of the proxy server, The certificate is still valid (ie, not expired) and finally, that the client PC trusts the CA.

Because your clients will not inherently trust the CA (as it's a private domain based ca), you need to install the root CA from the server on EVERY client that wants RPC over HTTP. You need to export the certificate from your CA to do this.

browse to http:\\yourca\certsrv

click "Download a CA Certificate, Certificate Chain, or CRL "

click "install this CA certificate chain"

-or-

 click "Download CA certificate", save to a file and manually install on each machine by double clicking...
 

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx

http://petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm


0
 

Author Comment

by:chaulq
ID: 17119917
Thank harleyjd!
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:chaulq
ID: 17119994
After fix . External mail work correctly. But when i send mail. Mail sent by backend server.And i opent NAT for BACKEND. I wan't config mail sent by Frontend in DMZ lan.Please  help me again.

Thanks everyone.
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 17120110
OK, technically you should post another Q, as this is a seperate issue, but...

In System Manager, go to Admin Groups, First Admin Group, Routing Groups, First Routing Group, Connectors.

You need an SMTP connector, called whatever you want, with the Local Bridgehead to be your DMZ server, the Address Space to be just an asterice (*) , and otherwise set the defaults.

If you already have a connector in there, you can change it to suit.

Whatever you do, do not tick "Allow Mesages to be relayed to these domains" on your * connector - that makes you an open relay...

0
 

Author Comment

by:chaulq
ID: 17120185
I config follow your guide. But don't work. I disable NAT BACKEND to External.Please help me
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 17121867
OK, I think you will need to open a more direct Q on this, as it sounds like you're doing the right thing. You don't what the Backend to have NAT access, so that's fine. The one thing to be sure of is that the FE and BE servers can communicate through the DMZ via SMTP. Check your message queues, see if that the issue. They should have a "pinhole" in the firewall to talk to one another.

If you need more help than that, then start another Q, post a reference to this one in it, but post your results of what I have asked as well...

0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question