Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

RPC over HTTPS in a single standalone exchange server that is not neither a GC/DC.

Posted on 2006-10-31
5
Medium Priority
?
371 Views
Last Modified: 2008-01-09
I'm trying to setup an RPC over HTTPS on our stand alone exchange server.  It's not a GC or DC, its only an exchange server.
Exchange 2003 Enterprise SP2

-installed rpc over http proxy
-in ESM, selected RPC-HTTP back-end server
-configured RPC virtual directory in IIS, cleared anonymous, require SSL, 128 bit encryption. (for the default website, purchased third party CA certificate which is trusted)
-configured the exchange server registry to use the following ports:
 mail:6001-6002;mail.domain.com:6001-6002;mail:6004;mail.domain.com:6004
-outlook configured to use exchange proxy (Use this URL...:mail.domain.com, Connect using SSL only, Mutually authentiate..., Principal name for proxy server:msstd:mail.domain.com) with basic authentication.

Howerver, I'm unable to get this to work.
Does this scenario require any work on a GC (modifying the registry on GC for ncacn_http:6004)?  We don't manage the GC since it's done by another dept so if it does require a change, it'd be a pain.

Thanks.
 

0
Comment
Question by:ucsdprovost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 375 total points
ID: 17846535
Yes it does a change to the global catalog domain controller.
You will probably need some more entries in the registry as well, I usually include the domain controller in there.

http://www.amset.info/exchange/rpc-http.asp

Simon.
0
 

Author Comment

by:ucsdprovost
ID: 17846595
So need to actually modify the registry as below on the GC DC?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Create a new entry of type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17846639
That looks like it.
If you have more than one GC/DC then you can make the change on both and reference both in the registry changes on the Exchange server.

Simon.
0
 
LVL 8

Assisted Solution

by:nitadmin
nitadmin earned 375 total points
ID: 17855154
I have two several questions.
1. Did you install a SSL certificate from a Public CA?
2. Did you configure your GC server?

Read this article very carefully, and pay attaention to what it says about configuring your GC server.
Most people who attempt to configure Exchange 2003 RPC over https feature fail to install a SSL certificate from a public CA and they don't even bother to configure the GC server.

Here are links to two webpages from one great website. It will tell you step by step what you need to do. Read it very carefully.
Campare the steps that it gives you and what you have done already. Follow his instructions very carefully and RPC over https will work.

http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://www.petri.co.il/rpc_over_http_error_4013_after_windows_2003_sp1.htm

Another thing, if you have single domain forest. Make all your domain controllers are GC (global catalog) servers. This is done from active directory domains and trusts.

I also want to point out to you why this sentence is in BOLD on the first webpage. Make sure you configure the registry key on your GC servers. And also use the rpccfg tool to confirm the port settings like he shows you. Read this sentence very carefully. You will fail if you do not listen to what he is saying. "Configure all your global catalogs to use specific ports for RPC over HTTP for directory services"  quote by Daniel Petri.

Cheers,
NITADMIN
0
 

Author Comment

by:ucsdprovost
ID: 17855853
I just got it to work.  I must've missed something when I first did it.
I didn't need to do anything on GC though.
Probably it was setup with the necessary changes already.

Thanks.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question