ucsdprovost
asked on
RPC over HTTPS in a single standalone exchange server that is not neither a GC/DC.
I'm trying to setup an RPC over HTTPS on our stand alone exchange server. It's not a GC or DC, its only an exchange server.
Exchange 2003 Enterprise SP2
-installed rpc over http proxy
-in ESM, selected RPC-HTTP back-end server
-configured RPC virtual directory in IIS, cleared anonymous, require SSL, 128 bit encryption. (for the default website, purchased third party CA certificate which is trusted)
-configured the exchange server registry to use the following ports:
mail:6001-6002;mail.domain .com:6001- 6002;mail: 6004;mail. domain.com :6004
-outlook configured to use exchange proxy (Use this URL...:mail.domain.com, Connect using SSL only, Mutually authentiate..., Principal name for proxy server:msstd:mail.domain.c om) with basic authentication.
Howerver, I'm unable to get this to work.
Does this scenario require any work on a GC (modifying the registry on GC for ncacn_http:6004)? We don't manage the GC since it's done by another dept so if it does require a change, it'd be a pain.
Thanks.
Exchange 2003 Enterprise SP2
-installed rpc over http proxy
-in ESM, selected RPC-HTTP back-end server
-configured RPC virtual directory in IIS, cleared anonymous, require SSL, 128 bit encryption. (for the default website, purchased third party CA certificate which is trusted)
-configured the exchange server registry to use the following ports:
mail:6001-6002;mail.domain
-outlook configured to use exchange proxy (Use this URL...:mail.domain.com, Connect using SSL only, Mutually authentiate..., Principal name for proxy server:msstd:mail.domain.c
Howerver, I'm unable to get this to work.
Does this scenario require any work on a GC (modifying the registry on GC for ncacn_http:6004)? We don't manage the GC since it's done by another dept so if it does require a change, it'd be a pain.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That looks like it.
If you have more than one GC/DC then you can make the change on both and reference both in the registry changes on the Exchange server.
Simon.
If you have more than one GC/DC then you can make the change on both and reference both in the registry changes on the Exchange server.
Simon.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just got it to work. I must've missed something when I first did it.
I didn't need to do anything on GC though.
Probably it was setup with the necessary changes already.
Thanks.
I didn't need to do anything on GC though.
Probably it was setup with the necessary changes already.
Thanks.
ASKER
HKEY_LOCAL_MACHINE\SYSTEM\
Create a new entry of type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004