Solved

simple setup of rpc http

Posted on 2007-11-23
21
191 Views
Last Modified: 2010-04-21
Hi
We have a very simple setup. One windows 2003 DC and one exchange 2003 server. Both servers are protected from the outside va a firewall.
Currently we have access to OWA via http:\\mail.mydomain.com\exchange and this works well for us. We do not use ssl anyhwere on the mail setup.
However now we would like to begin using RPC over HTTP. I have looked at some docs on the net about to get this going but all of them mention ssl somewhere in the loop. i was wondering if there is a simple set of steps i need to do to start this process of getting RPC over HTTP to work. I now nothing about ssl so real basic advice would be great.

ta
0
Comment
Question by:kingcastle
  • 11
  • 9
21 Comments
 
LVL 9

Expert Comment

by:Veerappan Sundaram
Comment Utility
Hope the below links from Sembee will help you:

http://www.amset.info/exchange/default.asp
http://www.certificatesforexchange.com/

>>>> Veera.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
The feature should be called RPC over HTTPS because HTTPS is mandatory. There are some undocumented hacks around for doing it with HTTP, but I don't recommend them and would not suggest that you even try.

The first thing I would suggest is get an SSL certificate. A 30 day trial certificate will be fine. RapidSSL have those at http://www.rapidssl.com/ They also have full instructions on how to apply for and install their certificate.

Once you have the certificate, then you are in a position to setup RPC over HTTPS. My instructions are at http://www.amset.info/exchange/rpc-http.asp

Take note of the suggestion to get it working inside your firewall first, that can cause problems if you don't.

Simon.
0
 

Author Comment

by:kingcastle
Comment Utility
thanks folks, im sorry if this sounds silly but once i get my sll cert what do i apply it to . Im thinking of buying this ssl from my isp its about 80 quid or so, so not a great deal but once i get what do i apply it to?

once again sorry if this seems silly
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
The certificates from RapidSSL are billed in US$, currently they cost £23 on the exchange rate (got to love the weak dollar).
Get the trial certificate first - that will get your feet wet on the process. The certificate is applied to the web site.

http://www.rapidssl.com/ssl-certificate-support/ssl-support.htm

Create the CCR as per their instructions. When you set the common name - that is the name you want to use externally - so mail.domain.com - no http or / anything - just the host name.
0
 

Author Comment

by:kingcastle
Comment Utility
ok so i will buy the ssl we are going to use mail.mydomain.com for rpc. if i apply this an ssl will it affect my mail flow in anyway?

and will this also secure my http:\\mail.mydomain.com\exchange\exchange setup as well?

cheers
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
It will have nothing effect on email flow.

The SSL certificate will protect all web services on the server, so OWA, OMA, RPC over HTTPS. I have even used them for WSUS when installed on the same machine.

Simon.
0
 

Author Comment

by:kingcastle
Comment Utility
cheers simon now the thing is that when i goto buy an ssl for our domain i .e mydoamin.com the ssl cert  seems to want to apply to mydomain.com only but we use mail.mydomain.com for most of our email stuff which is basically just an a record we setup for mail. Im guessing we only need to ssl cert mail.mydomain.com? i dont really think an ssl cert for mydomain.com is needed or can you only ssl the top level domain name? or am i doing this totally wrong?

ta
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
When you create the SSL certificate request set the common name as mail.domain.com, not just domain.com.

However before you request a certificate you will need an A record for that same host name, so if you want to use mail, then you will need a record of mail. If you receive email directly by SMTP then you may already have a host name that you can use.

Simon.
0
 

Author Comment

by:kingcastle
Comment Utility
currently our domain setup is as follows

Type              Key          value
MX                 @             mail.mydomain.com
A                   mail           server wan ip address
a                   vpn           vpn server wan ip address

we use mail.mydomain.com for all our email stuff ie OWA and smtp mail. what should i be asking y isp to put a ssl cert on?

cheers
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
On that basis I would suggest that the common name on the SSL certificate be set as mail.domain.com - you already have the A record in place, so nothing more DNS wise will be required.

Simon.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:kingcastle
Comment Utility
looks like my isp cant do this, they reckon i have to out the certificate on my domain name ie mydomain.com but i dont want to do this, we use our mydomain.com for a shopping type main site, i only want to ssl mail.mydomain.com which is an a record of the main domain.

Is what i am trying to do not possible?
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Your ISP is a muppet. You don't have to get an SSL certificate from them. Just go to another SSL source, generate an SSL certificate with the common name of mail.domain.com and install it yourself. Ignore the ISP.

Simon.
0
 

Author Comment

by:kingcastle
Comment Utility
cool i use that one you suggested earlier and post back

cheers
0
 

Author Comment

by:kingcastle
Comment Utility
its me again simon sorry, im trying to register with rapid ssl for the 30 day trial and then buy the cert outright if it works well for us.

I get as far as the generate you CSR and this is were im stumped....."Select the computer and web site (host) that you wish to secure.
Right mouse-click to select Properties"

which site should i be trying to secure my iis on my exchange server looks like this
Exadmin
Exchange
Exchange-Web
Microsoft-Web
OMA
Public
RPC
RPC with Cert

Bearing in mind we access our OWA via mail.mydomain.com

cheers
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
You don't secure a directory, you secure a web site. Therefore you will need to right click on the Default Web Site and then choose the Directory Security tab. The wizard to create the CSR is on that tab.

Simon.
0
 

Author Comment

by:kingcastle
Comment Utility
thanks simon, i followed all the steps and got the cert on the server and then followed your steps, but for some reason when the reps are out of the office and try to use outlook it just keeps saying trying to connect to microsoft exchange server and does not do anything else.

cheers
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Does it work internally?
And that doesn't just mean Outlook starting and appearing to connection, you need to use the connection status screen (hold down CTRL and right click on the Outlook icon) to see if the connection is TCP/IP or HTTPS.

Simon.
0
 

Author Comment

by:kingcastle
Comment Utility
hi simon i have just tried this from outside the network and it works brilliantly but from inside the network its a no go?

cheers
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
Comment Utility
So you have RPC over HTTPS working and connecting with HTTPS shown in the connection status? If so, then it is probably a DNS issue.

If you ping the external name of the certificate, what responds or resolves? Internal or external IP address? If it is the external IP address then that is your problem. You need to setup a split DNS system: http://www.amset.info/netadmin/split-dns.asp

Simon.
0
 

Author Comment

by:kingcastle
Comment Utility
simon

what can i say you are the man
0
 

Author Closing Comment

by:kingcastle
Comment Utility
brilliant
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now