RPC over HTTP (ROH) Remote Connections To Internal Exchange Server Fail

Posted on 2006-10-23
Last Modified: 2008-01-09
Outlook 2003 client on XP (SP2) laptop configured to use RPC over HTTP (ROH) can connect to Exchange Server 2003 only when logged in to LAN network but cannot connect from Internet when off site at remote locations. (I assume Outlook's Exchange mailbox access from LAN is verification the config of ROH is correct on both the Exchange 2003 Server & the Outlook 2003 client?)

The goal here is to make Exchange 2003 mailboxes located on internal LAN available to staff from off site locations connecting through Internet.  (I read another ExEx solution saying this is possible).

I have:
1. Added STATIC command to PIX515e FW to translate a public GLOBAL IP (209.43.X.X) to the internal LOCAL IP of Exchange 2003 Server (
2. Modified ACL on outside interface of PIX to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in STATIC command (209.43.X.X)
3. Modified ACL on outside interface of Cisco 1720 perimeter router to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in PIX STATIC command (209.43.X.X)
4. [When off site at remote location] added entry to HOSTS file on laptop mapping Exchange Server to GLOBAL IP (209.43.X.X  #Exchange Server On LAN)

When Outlook 2003 is launched on laptop from off site location a Windows logon dialog box appears to authenticate the connection to Exchange ( but it never connects.  (Doesn't this prove the http traffic is getting through the perimeter router & the PIX firewall and reaching the Exchange 2003 Server?)

Any thoughts on what I should check next or how I can troubleshoot further?  (I thought ROH was pretty straightforward?)

Question by:dealvis
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 39

Expert Comment

ID: 17793236
Hi dealvis,

If it only works on the internal network, that is usually a clear sign that it is not configured properly.

What happens when you close outlook and go: start > run > outlook /rpcdiag

Does it show it connecting as TCP/IP or HTTP?


Accepted Solution

nitadmin earned 500 total points
ID: 17793507
If it doesn't work from outside the LAN, then most likely it is not really running on https from within your LAN. There is a setting in OUtlook 2003, which will cause the outlook to use MAPI protocol when you are inside the LAN, even when you configure your outlook profile to use RPC over HTTPS.

I have two several questions.
1. Did you install a SSL certificate from a Public CA?
2. Did you configure your GC server?

Read this article very carefully, and pay attaention to what it says about configuring your GC server.
Most people who attempt to configure Exchange 2003 RPC over https feature fail to install a SSL certificate from a public CA and they don't even bother to configure the GC server.

Here are links to two webpages from one great website. It will tell you step by step what you need to do. Read it very carefully.
Campare the steps that it gives you and what you have done already. Follow his instructions very carefully and RPC over https will work.

Another thing, if you have single domain forest. Make all your domain controllers are GC (global catalog) servers. This is done from active directory domains and trusts.

I also want to point out to you why this sentence is in BOLD on the first webpage. Make sure you configure the registry key on your GC servers. And also use the rpccfg tool to confirm the port settings like he shows you. Read this sentence very carefully. You will fail if you do not listen to what he is saying. "Configure all your global catalogs to use specific ports for RPC over HTTP for directory services"  quote by Daniel Petri.


Author Comment

ID: 17797972
Thank You Very Much for responding.  Please allow me some time to attempt resolution using the info & resources you have provided.  Will post again tomorrow with results.
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

LVL 39

Expert Comment

ID: 17799616
Before attempting any of the above, I would simply test it inside the network with the /rpcdiag switch.

Then we can figure out what the problem actually is instead of just posting every possible solution and forcing you to work through them all :)


Author Comment

ID: 17800440
Problem resolved.  RPC over HTTP successfully providing remote access (through perimeter router & PIX515e Firewall) to Exchange 2003 mailboxes located on internal LAN.  (Single Exchange server installation, no Front End Exchange server).

Wow.  I am blessed today to have had this help.  Exchange has been one of the most challenging aspects of this project and to be pointed to the exact information in such an excellent format as Daniel Petri provides on his web site has made my week.  I can't say Thank You enough NIT ADMIN!

Specifically my configuration gap was precisely what NIT ADMIN questioned me about above, that being failing to install a SSL certificate from a Public CA and not configuring our GC server as necessary for RPC over HTTP to work.  Anyone needing information on RPC over HTTP like I did MUST check out

Thanks Experts!

Expert Comment

ID: 17800800
Thank you for complement.

RPC over HTTPS Expert !

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question