Solved

RPC over HTTPS in a single standalone exchange server that is not neither a GC/DC.

Posted on 2006-10-31
5
348 Views
Last Modified: 2008-01-09
I'm trying to setup an RPC over HTTPS on our stand alone exchange server.  It's not a GC or DC, its only an exchange server.
Exchange 2003 Enterprise SP2

-installed rpc over http proxy
-in ESM, selected RPC-HTTP back-end server
-configured RPC virtual directory in IIS, cleared anonymous, require SSL, 128 bit encryption. (for the default website, purchased third party CA certificate which is trusted)
-configured the exchange server registry to use the following ports:
 mail:6001-6002;mail.domain.com:6001-6002;mail:6004;mail.domain.com:6004
-outlook configured to use exchange proxy (Use this URL...:mail.domain.com, Connect using SSL only, Mutually authentiate..., Principal name for proxy server:msstd:mail.domain.com) with basic authentication.

Howerver, I'm unable to get this to work.
Does this scenario require any work on a GC (modifying the registry on GC for ncacn_http:6004)?  We don't manage the GC since it's done by another dept so if it does require a change, it'd be a pain.

Thanks.
 

0
Comment
Question by:ucsdprovost
  • 2
  • 2
5 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 125 total points
ID: 17846535
Yes it does a change to the global catalog domain controller.
You will probably need some more entries in the registry as well, I usually include the domain controller in there.

http://www.amset.info/exchange/rpc-http.asp

Simon.
0
 

Author Comment

by:ucsdprovost
ID: 17846595
So need to actually modify the registry as below on the GC DC?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Create a new entry of type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17846639
That looks like it.
If you have more than one GC/DC then you can make the change on both and reference both in the registry changes on the Exchange server.

Simon.
0
 
LVL 8

Assisted Solution

by:nitadmin
nitadmin earned 125 total points
ID: 17855154
I have two several questions.
1. Did you install a SSL certificate from a Public CA?
2. Did you configure your GC server?

Read this article very carefully, and pay attaention to what it says about configuring your GC server.
Most people who attempt to configure Exchange 2003 RPC over https feature fail to install a SSL certificate from a public CA and they don't even bother to configure the GC server.

Here are links to two webpages from one great website. It will tell you step by step what you need to do. Read it very carefully.
Campare the steps that it gives you and what you have done already. Follow his instructions very carefully and RPC over https will work.

http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://www.petri.co.il/rpc_over_http_error_4013_after_windows_2003_sp1.htm

Another thing, if you have single domain forest. Make all your domain controllers are GC (global catalog) servers. This is done from active directory domains and trusts.

I also want to point out to you why this sentence is in BOLD on the first webpage. Make sure you configure the registry key on your GC servers. And also use the rpccfg tool to confirm the port settings like he shows you. Read this sentence very carefully. You will fail if you do not listen to what he is saying. "Configure all your global catalogs to use specific ports for RPC over HTTP for directory services"  quote by Daniel Petri.

Cheers,
NITADMIN
0
 

Author Comment

by:ucsdprovost
ID: 17855853
I just got it to work.  I must've missed something when I first did it.
I didn't need to do anything on GC though.
Probably it was setup with the necessary changes already.

Thanks.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question