Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


RPC over HTTP (ROH) Remote Connections To Internal Exchange Server Fail

Posted on 2006-10-23
Medium Priority
Last Modified: 2008-01-09
Outlook 2003 client on XP (SP2) laptop configured to use RPC over HTTP (ROH) can connect to Exchange Server 2003 only when logged in to LAN network but cannot connect from Internet when off site at remote locations. (I assume Outlook's Exchange mailbox access from LAN is verification the config of ROH is correct on both the Exchange 2003 Server & the Outlook 2003 client?)

The goal here is to make Exchange 2003 mailboxes located on internal LAN available to staff from off site locations connecting through Internet.  (I read another ExEx solution saying this is possible).

I have:
1. Added STATIC command to PIX515e FW to translate a public GLOBAL IP (209.43.X.X) to the internal LOCAL IP of Exchange 2003 Server (
2. Modified ACL on outside interface of PIX to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in STATIC command (209.43.X.X)
3. Modified ACL on outside interface of Cisco 1720 perimeter router to allow WWW & HTTPS traffic from any source to the GLOBAL IP of Exchange Server defined in PIX STATIC command (209.43.X.X)
4. [When off site at remote location] added entry to HOSTS file on laptop mapping Exchange Server to GLOBAL IP (209.43.X.X  #Exchange Server On LAN)

When Outlook 2003 is launched on laptop from off site location a Windows logon dialog box appears to authenticate the connection to Exchange ( but it never connects.  (Doesn't this prove the http traffic is getting through the perimeter router & the PIX firewall and reaching the Exchange 2003 Server?)

Any thoughts on what I should check next or how I can troubleshoot further?  (I thought ROH was pretty straightforward?)

Question by:dealvis
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 39

Expert Comment

ID: 17793236
Hi dealvis,

If it only works on the internal network, that is usually a clear sign that it is not configured properly.

What happens when you close outlook and go: start > run > outlook /rpcdiag

Does it show it connecting as TCP/IP or HTTP?


Accepted Solution

nitadmin earned 2000 total points
ID: 17793507
If it doesn't work from outside the LAN, then most likely it is not really running on https from within your LAN. There is a setting in OUtlook 2003, which will cause the outlook to use MAPI protocol when you are inside the LAN, even when you configure your outlook profile to use RPC over HTTPS.

I have two several questions.
1. Did you install a SSL certificate from a Public CA?
2. Did you configure your GC server?

Read this article very carefully, and pay attaention to what it says about configuring your GC server.
Most people who attempt to configure Exchange 2003 RPC over https feature fail to install a SSL certificate from a public CA and they don't even bother to configure the GC server.

Here are links to two webpages from one great website. It will tell you step by step what you need to do. Read it very carefully.
Campare the steps that it gives you and what you have done already. Follow his instructions very carefully and RPC over https will work.

Another thing, if you have single domain forest. Make all your domain controllers are GC (global catalog) servers. This is done from active directory domains and trusts.

I also want to point out to you why this sentence is in BOLD on the first webpage. Make sure you configure the registry key on your GC servers. And also use the rpccfg tool to confirm the port settings like he shows you. Read this sentence very carefully. You will fail if you do not listen to what he is saying. "Configure all your global catalogs to use specific ports for RPC over HTTP for directory services"  quote by Daniel Petri.


Author Comment

ID: 17797972
Thank You Very Much for responding.  Please allow me some time to attempt resolution using the info & resources you have provided.  Will post again tomorrow with results.
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

LVL 39

Expert Comment

ID: 17799616
Before attempting any of the above, I would simply test it inside the network with the /rpcdiag switch.

Then we can figure out what the problem actually is instead of just posting every possible solution and forcing you to work through them all :)


Author Comment

ID: 17800440
Problem resolved.  RPC over HTTP successfully providing remote access (through perimeter router & PIX515e Firewall) to Exchange 2003 mailboxes located on internal LAN.  (Single Exchange server installation, no Front End Exchange server).

Wow.  I am blessed today to have had this help.  Exchange has been one of the most challenging aspects of this project and to be pointed to the exact information in such an excellent format as Daniel Petri provides on his web site has made my week.  I can't say Thank You enough NIT ADMIN!

Specifically my configuration gap was precisely what NIT ADMIN questioned me about above, that being failing to install a SSL certificate from a Public CA and not configuring our GC server as necessary for RPC over HTTP to work.  Anyone needing information on RPC over HTTP like I did MUST check out

Thanks Experts!

Expert Comment

ID: 17800800
Thank you for complement.

RPC over HTTPS Expert !

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question