Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

RPC over HTTPS in a single standalone exchange server that is not neither a GC/DC.

Posted on 2006-10-31
5
Medium Priority
?
376 Views
Last Modified: 2008-01-09
I'm trying to setup an RPC over HTTPS on our stand alone exchange server.  It's not a GC or DC, its only an exchange server.
Exchange 2003 Enterprise SP2

-installed rpc over http proxy
-in ESM, selected RPC-HTTP back-end server
-configured RPC virtual directory in IIS, cleared anonymous, require SSL, 128 bit encryption. (for the default website, purchased third party CA certificate which is trusted)
-configured the exchange server registry to use the following ports:
 mail:6001-6002;mail.domain.com:6001-6002;mail:6004;mail.domain.com:6004
-outlook configured to use exchange proxy (Use this URL...:mail.domain.com, Connect using SSL only, Mutually authentiate..., Principal name for proxy server:msstd:mail.domain.com) with basic authentication.

Howerver, I'm unable to get this to work.
Does this scenario require any work on a GC (modifying the registry on GC for ncacn_http:6004)?  We don't manage the GC since it's done by another dept so if it does require a change, it'd be a pain.

Thanks.
 

0
Comment
Question by:ucsdprovost
  • 2
  • 2
5 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 375 total points
ID: 17846535
Yes it does a change to the global catalog domain controller.
You will probably need some more entries in the registry as well, I usually include the domain controller in there.

http://www.amset.info/exchange/rpc-http.asp

Simon.
0
 

Author Comment

by:ucsdprovost
ID: 17846595
So need to actually modify the registry as below on the GC DC?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Create a new entry of type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004

0
 
LVL 104

Expert Comment

by:Sembee
ID: 17846639
That looks like it.
If you have more than one GC/DC then you can make the change on both and reference both in the registry changes on the Exchange server.

Simon.
0
 
LVL 8

Assisted Solution

by:nitadmin
nitadmin earned 375 total points
ID: 17855154
I have two several questions.
1. Did you install a SSL certificate from a Public CA?
2. Did you configure your GC server?

Read this article very carefully, and pay attaention to what it says about configuring your GC server.
Most people who attempt to configure Exchange 2003 RPC over https feature fail to install a SSL certificate from a public CA and they don't even bother to configure the GC server.

Here are links to two webpages from one great website. It will tell you step by step what you need to do. Read it very carefully.
Campare the steps that it gives you and what you have done already. Follow his instructions very carefully and RPC over https will work.

http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm
http://www.petri.co.il/rpc_over_http_error_4013_after_windows_2003_sp1.htm

Another thing, if you have single domain forest. Make all your domain controllers are GC (global catalog) servers. This is done from active directory domains and trusts.

I also want to point out to you why this sentence is in BOLD on the first webpage. Make sure you configure the registry key on your GC servers. And also use the rpccfg tool to confirm the port settings like he shows you. Read this sentence very carefully. You will fail if you do not listen to what he is saying. "Configure all your global catalogs to use specific ports for RPC over HTTP for directory services"  quote by Daniel Petri.

Cheers,
NITADMIN
0
 

Author Comment

by:ucsdprovost
ID: 17855853
I just got it to work.  I must've missed something when I first did it.
I didn't need to do anything on GC though.
Probably it was setup with the necessary changes already.

Thanks.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question