RPC over HTTPS in a single standalone exchange server that is not neither a GC/DC.

I'm trying to setup an RPC over HTTPS on our stand alone exchange server.  It's not a GC or DC, its only an exchange server.
Exchange 2003 Enterprise SP2

-installed rpc over http proxy
-in ESM, selected RPC-HTTP back-end server
-configured RPC virtual directory in IIS, cleared anonymous, require SSL, 128 bit encryption. (for the default website, purchased third party CA certificate which is trusted)
-configured the exchange server registry to use the following ports:
 mail:6001-6002;mail.domain.com:6001-6002;mail:6004;mail.domain.com:6004
-outlook configured to use exchange proxy (Use this URL...:mail.domain.com, Connect using SSL only, Mutually authentiate..., Principal name for proxy server:msstd:mail.domain.com) with basic authentication.

Howerver, I'm unable to get this to work.
Does this scenario require any work on a GC (modifying the registry on GC for ncacn_http:6004)?  We don't manage the GC since it's done by another dept so if it does require a change, it'd be a pain.

Thanks.
 

ucsdprovostAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
Yes it does a change to the global catalog domain controller.
You will probably need some more entries in the registry as well, I usually include the domain controller in there.

http://www.amset.info/exchange/rpc-http.asp

Simon.
0
 
ucsdprovostAuthor Commented:
So need to actually modify the registry as below on the GC DC?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Create a new entry of type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004

0
 
SembeeCommented:
That looks like it.
If you have more than one GC/DC then you can make the change on both and reference both in the registry changes on the Exchange server.

Simon.
0
 
nitadminConnect With a Mentor Commented:
I have two several questions.
1. Did you install a SSL certificate from a Public CA?
2. Did you configure your GC server?

Read this article very carefully, and pay attaention to what it says about configuring your GC server.
Most people who attempt to configure Exchange 2003 RPC over https feature fail to install a SSL certificate from a public CA and they don't even bother to configure the GC server.

Here are links to two webpages from one great website. It will tell you step by step what you need to do. Read it very carefully.
Campare the steps that it gives you and what you have done already. Follow his instructions very carefully and RPC over https will work.

http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://www.petri.co.il/rpc_over_http_error_4013_after_windows_2003_sp1.htm

Another thing, if you have single domain forest. Make all your domain controllers are GC (global catalog) servers. This is done from active directory domains and trusts.

I also want to point out to you why this sentence is in BOLD on the first webpage. Make sure you configure the registry key on your GC servers. And also use the rpccfg tool to confirm the port settings like he shows you. Read this sentence very carefully. You will fail if you do not listen to what he is saying. "Configure all your global catalogs to use specific ports for RPC over HTTP for directory services"  quote by Daniel Petri.

Cheers,
NITADMIN
0
 
ucsdprovostAuthor Commented:
I just got it to work.  I must've missed something when I first did it.
I didn't need to do anything on GC though.
Probably it was setup with the necessary changes already.

Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.