Solved

RPC over HTTP Problem.Don't work with Internet users

Posted on 2006-07-14
7
1,064 Views
Last Modified: 2008-02-01
Please help me!

I've implement FE-BE exchange with plan: Exchange Frontend include DMZ lan.

-01 PDC - GlobalCatalog and CA Server (Windows 2003 SP1)
-01 Backend (Exchange 2003)
-01 Frontend.
-01 Firewall Hardware CISCO ASA with 4 Port LAN.
I've config RPC over HTTP , but don't work properly. I test Outlook Internal and work fine. But don't work with Internet user. OWA with SSL work no problem.
I still mx.domain.com forward my public IP and don't use mail.domain.com.
I've request CA from PDC and install them on the frontend server.But i'm not install on backend server.
My
Please Help me.

Thank you.

Regards
0
Comment
Question by:chaulq
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:mass2612
ID: 17113088
Hi,

Take a look at the information on this site and go over all your settings - http://www.amset.info/exchange/rpc-http.asp

0
 
LVL 15

Accepted Solution

by:
harleyjd earned 500 total points
ID: 17113396
"I've request CA from PDC and install them on the frontend server.But i'm not install on backend server. "

make sure the CA issued using the FQDN that internet clients will use, you MUST use the FQDN, as the Outlook client needs to auto-accept the certificate. The client cannot auto-accept the certificate unless the FQDN of the certificate matches the FQDN of the proxy server, The certificate is still valid (ie, not expired) and finally, that the client PC trusts the CA.

Because your clients will not inherently trust the CA (as it's a private domain based ca), you need to install the root CA from the server on EVERY client that wants RPC over HTTP. You need to export the certificate from your CA to do this.

browse to http:\\yourca\certsrv

click "Download a CA Certificate, Certificate Chain, or CRL "

click "install this CA certificate chain"

-or-

 click "Download CA certificate", save to a file and manually install on each machine by double clicking...
 

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx

http://petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm


0
 

Author Comment

by:chaulq
ID: 17119917
Thank harleyjd!
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 

Author Comment

by:chaulq
ID: 17119994
After fix . External mail work correctly. But when i send mail. Mail sent by backend server.And i opent NAT for BACKEND. I wan't config mail sent by Frontend in DMZ lan.Please  help me again.

Thanks everyone.
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 17120110
OK, technically you should post another Q, as this is a seperate issue, but...

In System Manager, go to Admin Groups, First Admin Group, Routing Groups, First Routing Group, Connectors.

You need an SMTP connector, called whatever you want, with the Local Bridgehead to be your DMZ server, the Address Space to be just an asterice (*) , and otherwise set the defaults.

If you already have a connector in there, you can change it to suit.

Whatever you do, do not tick "Allow Mesages to be relayed to these domains" on your * connector - that makes you an open relay...

0
 

Author Comment

by:chaulq
ID: 17120185
I config follow your guide. But don't work. I disable NAT BACKEND to External.Please help me
0
 
LVL 15

Expert Comment

by:harleyjd
ID: 17121867
OK, I think you will need to open a more direct Q on this, as it sounds like you're doing the right thing. You don't what the Backend to have NAT access, so that's fine. The one thing to be sure of is that the FE and BE servers can communicate through the DMZ via SMTP. Check your message queues, see if that the issue. They should have a "pinhole" in the firewall to talk to one another.

If you need more help than that, then start another Q, post a reference to this one in it, but post your results of what I have asked as well...

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question