RPC over HTTP Problem.Don't work with Internet users

Please help me!

I've implement FE-BE exchange with plan: Exchange Frontend include DMZ lan.

-01 PDC - GlobalCatalog and CA Server (Windows 2003 SP1)
-01 Backend (Exchange 2003)
-01 Frontend.
-01 Firewall Hardware CISCO ASA with 4 Port LAN.
I've config RPC over HTTP , but don't work properly. I test Outlook Internal and work fine. But don't work with Internet user. OWA with SSL work no problem.
I still mx.domain.com forward my public IP and don't use mail.domain.com.
I've request CA from PDC and install them on the frontend server.But i'm not install on backend server.
My
Please Help me.

Thank you.

Regards
chaulqAsked:
Who is Participating?
 
harleyjdCommented:
"I've request CA from PDC and install them on the frontend server.But i'm not install on backend server. "

make sure the CA issued using the FQDN that internet clients will use, you MUST use the FQDN, as the Outlook client needs to auto-accept the certificate. The client cannot auto-accept the certificate unless the FQDN of the certificate matches the FQDN of the proxy server, The certificate is still valid (ie, not expired) and finally, that the client PC trusts the CA.

Because your clients will not inherently trust the CA (as it's a private domain based ca), you need to install the root CA from the server on EVERY client that wants RPC over HTTP. You need to export the certificate from your CA to do this.

browse to http:\\yourca\certsrv

click "Download a CA Certificate, Certificate Chain, or CRL "

click "install this CA certificate chain"

-or-

 click "Download CA certificate", save to a file and manually install on each machine by double clicking...
 

http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx

http://petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm


0
 
mass2612Commented:
Hi,

Take a look at the information on this site and go over all your settings - http://www.amset.info/exchange/rpc-http.asp

0
 
chaulqAuthor Commented:
Thank harleyjd!
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
chaulqAuthor Commented:
After fix . External mail work correctly. But when i send mail. Mail sent by backend server.And i opent NAT for BACKEND. I wan't config mail sent by Frontend in DMZ lan.Please  help me again.

Thanks everyone.
0
 
harleyjdCommented:
OK, technically you should post another Q, as this is a seperate issue, but...

In System Manager, go to Admin Groups, First Admin Group, Routing Groups, First Routing Group, Connectors.

You need an SMTP connector, called whatever you want, with the Local Bridgehead to be your DMZ server, the Address Space to be just an asterice (*) , and otherwise set the defaults.

If you already have a connector in there, you can change it to suit.

Whatever you do, do not tick "Allow Mesages to be relayed to these domains" on your * connector - that makes you an open relay...

0
 
chaulqAuthor Commented:
I config follow your guide. But don't work. I disable NAT BACKEND to External.Please help me
0
 
harleyjdCommented:
OK, I think you will need to open a more direct Q on this, as it sounds like you're doing the right thing. You don't what the Backend to have NAT access, so that's fine. The one thing to be sure of is that the FE and BE servers can communicate through the DMZ via SMTP. Check your message queues, see if that the issue. They should have a "pinhole" in the firewall to talk to one another.

If you need more help than that, then start another Q, post a reference to this one in it, but post your results of what I have asked as well...

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.