Solved

RPC over HTTP (ROH) Remote Connections To Internal Exchange Server Fail

Posted on 2006-10-23
6
925 Views
Last Modified: 2008-01-09
Outlook 2003 client on XP (SP2) laptop configured to use RPC over HTTP (ROH) can connect to Exchange Server 2003 only when logged in to LAN network but cannot connect from Internet when off site at remote locations. (I assume Outlook's Exchange mailbox access from LAN is verification the config of ROH is correct on both the Exchange 2003 Server & the Outlook 2003 client?)

The goal here is to make Exchange 2003 mailboxes located on internal LAN available to staff from off site locations connecting through Internet.  (I read another ExEx solution saying this is possible).

I have:
1. Added STATIC command to PIX515e FW to translate a public GLOBAL IP (209.43.X.X) to the internal LOCAL IP of Exchange 2003 Server (192.168.0.196)
2. Modified ACL on outside interface of PIX to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in STATIC command (209.43.X.X)
3. Modified ACL on outside interface of Cisco 1720 perimeter router to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in PIX STATIC command (209.43.X.X)
4. [When off site at remote location] added entry to HOSTS file on laptop mapping Exchange Server to GLOBAL IP (209.43.X.X  cptexc2003.mydomain.org  #Exchange Server On LAN)

When Outlook 2003 is launched on laptop from off site location a Windows logon dialog box appears to authenticate the connection to Exchange (cptexc2003.mydomain.org) but it never connects.  (Doesn't this prove the http traffic is getting through the perimeter router & the PIX firewall and reaching the Exchange 2003 Server?)

Any thoughts on what I should check next or how I can troubleshoot further?  (I thought ROH was pretty straightforward?)








0
Comment
Question by:dealvis
  • 2
  • 2
  • 2
6 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Hi dealvis,

If it only works on the internal network, that is usually a clear sign that it is not configured properly.

What happens when you close outlook and go: start > run > outlook /rpcdiag

Does it show it connecting as TCP/IP or HTTP?

-red
0
 
LVL 8

Accepted Solution

by:
nitadmin earned 500 total points
Comment Utility
If it doesn't work from outside the LAN, then most likely it is not really running on https from within your LAN. There is a setting in OUtlook 2003, which will cause the outlook to use MAPI protocol when you are inside the LAN, even when you configure your outlook profile to use RPC over HTTPS.

I have two several questions.
1. Did you install a SSL certificate from a Public CA?
2. Did you configure your GC server?

Read this article very carefully, and pay attaention to what it says about configuring your GC server.
Most people who attempt to configure Exchange 2003 RPC over https feature fail to install a SSL certificate from a public CA and they don't even bother to configure the GC server.

Here are links to two webpages from one great website. It will tell you step by step what you need to do. Read it very carefully.
Campare the steps that it gives you and what you have done already. Follow his instructions very carefully and RPC over https will work.

http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://www.petri.co.il/rpc_over_http_error_4013_after_windows_2003_sp1.htm

Another thing, if you have single domain forest. Make all your domain controllers are GC (global catalog) servers. This is done from active directory domains and trusts.

I also want to point out to you why this sentence is in BOLD on the first webpage. Make sure you configure the registry key on your GC servers. And also use the rpccfg tool to confirm the port settings like he shows you. Read this sentence very carefully. You will fail if you do not listen to what he is saying. "Configure all your global catalogs to use specific ports for RPC over HTTP for directory services"  quote by Daniel Petri.

Cheers,
NITADMIN
0
 

Author Comment

by:dealvis
Comment Utility
Thank You Very Much for responding.  Please allow me some time to attempt resolution using the info & resources you have provided.  Will post again tomorrow with results.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Before attempting any of the above, I would simply test it inside the network with the /rpcdiag switch.

Then we can figure out what the problem actually is instead of just posting every possible solution and forcing you to work through them all :)

-red
0
 

Author Comment

by:dealvis
Comment Utility
Problem resolved.  RPC over HTTP successfully providing remote access (through perimeter router & PIX515e Firewall) to Exchange 2003 mailboxes located on internal LAN.  (Single Exchange server installation, no Front End Exchange server).

Wow.  I am blessed today to have had this help.  Exchange has been one of the most challenging aspects of this project and to be pointed to the exact information in such an excellent format as Daniel Petri provides on his web site has made my week.  I can't say Thank You enough NIT ADMIN!

Specifically my configuration gap was precisely what NIT ADMIN questioned me about above, that being failing to install a SSL certificate from a Public CA and not configuring our GC server as necessary for RPC over HTTP to work.  Anyone needing information on RPC over HTTP like I did MUST check out  http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm

Thanks Experts!
0
 
LVL 8

Expert Comment

by:nitadmin
Comment Utility
Thank you for complement.

Cheers,
NITADMIN
RPC over HTTPS Expert !
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now