simple setup of rpc http

Hi
We have a very simple setup. One windows 2003 DC and one exchange 2003 server. Both servers are protected from the outside va a firewall.
Currently we have access to OWA via http:\\mail.mydomain.com\exchange and this works well for us. We do not use ssl anyhwere on the mail setup.
However now we would like to begin using RPC over HTTP. I have looked at some docs on the net about to get this going but all of them mention ssl somewhere in the loop. i was wondering if there is a simple set of steps i need to do to start this process of getting RPC over HTTP to work. I now nothing about ssl so real basic advice would be great.

ta
kingcastleAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
So you have RPC over HTTPS working and connecting with HTTPS shown in the connection status? If so, then it is probably a DNS issue.

If you ping the external name of the certificate, what responds or resolves? Internal or external IP address? If it is the external IP address then that is your problem. You need to setup a split DNS system: http://www.amset.info/netadmin/split-dns.asp

Simon.
0
 
Veerappan SundaramSenior Technical ConsultantCommented:
Hope the below links from Sembee will help you:

http://www.amset.info/exchange/default.asp
http://www.certificatesforexchange.com/

>>>> Veera.
0
 
SembeeCommented:
The feature should be called RPC over HTTPS because HTTPS is mandatory. There are some undocumented hacks around for doing it with HTTP, but I don't recommend them and would not suggest that you even try.

The first thing I would suggest is get an SSL certificate. A 30 day trial certificate will be fine. RapidSSL have those at http://www.rapidssl.com/ They also have full instructions on how to apply for and install their certificate.

Once you have the certificate, then you are in a position to setup RPC over HTTPS. My instructions are at http://www.amset.info/exchange/rpc-http.asp

Take note of the suggestion to get it working inside your firewall first, that can cause problems if you don't.

Simon.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
kingcastleAuthor Commented:
thanks folks, im sorry if this sounds silly but once i get my sll cert what do i apply it to . Im thinking of buying this ssl from my isp its about 80 quid or so, so not a great deal but once i get what do i apply it to?

once again sorry if this seems silly
0
 
SembeeCommented:
The certificates from RapidSSL are billed in US$, currently they cost £23 on the exchange rate (got to love the weak dollar).
Get the trial certificate first - that will get your feet wet on the process. The certificate is applied to the web site.

http://www.rapidssl.com/ssl-certificate-support/ssl-support.htm

Create the CCR as per their instructions. When you set the common name - that is the name you want to use externally - so mail.domain.com - no http or / anything - just the host name.
0
 
kingcastleAuthor Commented:
ok so i will buy the ssl we are going to use mail.mydomain.com for rpc. if i apply this an ssl will it affect my mail flow in anyway?

and will this also secure my http:\\mail.mydomain.com\exchange\exchange setup as well?

cheers
0
 
SembeeCommented:
It will have nothing effect on email flow.

The SSL certificate will protect all web services on the server, so OWA, OMA, RPC over HTTPS. I have even used them for WSUS when installed on the same machine.

Simon.
0
 
kingcastleAuthor Commented:
cheers simon now the thing is that when i goto buy an ssl for our domain i .e mydoamin.com the ssl cert  seems to want to apply to mydomain.com only but we use mail.mydomain.com for most of our email stuff which is basically just an a record we setup for mail. Im guessing we only need to ssl cert mail.mydomain.com? i dont really think an ssl cert for mydomain.com is needed or can you only ssl the top level domain name? or am i doing this totally wrong?

ta
0
 
SembeeCommented:
When you create the SSL certificate request set the common name as mail.domain.com, not just domain.com.

However before you request a certificate you will need an A record for that same host name, so if you want to use mail, then you will need a record of mail. If you receive email directly by SMTP then you may already have a host name that you can use.

Simon.
0
 
kingcastleAuthor Commented:
currently our domain setup is as follows

Type              Key          value
MX                 @             mail.mydomain.com
A                   mail           server wan ip address
a                   vpn           vpn server wan ip address

we use mail.mydomain.com for all our email stuff ie OWA and smtp mail. what should i be asking y isp to put a ssl cert on?

cheers
0
 
SembeeCommented:
On that basis I would suggest that the common name on the SSL certificate be set as mail.domain.com - you already have the A record in place, so nothing more DNS wise will be required.

Simon.
0
 
kingcastleAuthor Commented:
looks like my isp cant do this, they reckon i have to out the certificate on my domain name ie mydomain.com but i dont want to do this, we use our mydomain.com for a shopping type main site, i only want to ssl mail.mydomain.com which is an a record of the main domain.

Is what i am trying to do not possible?
0
 
SembeeCommented:
Your ISP is a muppet. You don't have to get an SSL certificate from them. Just go to another SSL source, generate an SSL certificate with the common name of mail.domain.com and install it yourself. Ignore the ISP.

Simon.
0
 
kingcastleAuthor Commented:
cool i use that one you suggested earlier and post back

cheers
0
 
kingcastleAuthor Commented:
its me again simon sorry, im trying to register with rapid ssl for the 30 day trial and then buy the cert outright if it works well for us.

I get as far as the generate you CSR and this is were im stumped....."Select the computer and web site (host) that you wish to secure.
Right mouse-click to select Properties"

which site should i be trying to secure my iis on my exchange server looks like this
Exadmin
Exchange
Exchange-Web
Microsoft-Web
OMA
Public
RPC
RPC with Cert

Bearing in mind we access our OWA via mail.mydomain.com

cheers
0
 
SembeeCommented:
You don't secure a directory, you secure a web site. Therefore you will need to right click on the Default Web Site and then choose the Directory Security tab. The wizard to create the CSR is on that tab.

Simon.
0
 
kingcastleAuthor Commented:
thanks simon, i followed all the steps and got the cert on the server and then followed your steps, but for some reason when the reps are out of the office and try to use outlook it just keeps saying trying to connect to microsoft exchange server and does not do anything else.

cheers
0
 
SembeeCommented:
Does it work internally?
And that doesn't just mean Outlook starting and appearing to connection, you need to use the connection status screen (hold down CTRL and right click on the Outlook icon) to see if the connection is TCP/IP or HTTPS.

Simon.
0
 
kingcastleAuthor Commented:
hi simon i have just tried this from outside the network and it works brilliantly but from inside the network its a no go?

cheers
0
 
kingcastleAuthor Commented:
simon

what can i say you are the man
0
 
kingcastleAuthor Commented:
brilliant
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.