?
Solved

simple setup of rpc http

Posted on 2007-11-23
21
Medium Priority
?
203 Views
Last Modified: 2010-04-21
Hi
We have a very simple setup. One windows 2003 DC and one exchange 2003 server. Both servers are protected from the outside va a firewall.
Currently we have access to OWA via http:\\mail.mydomain.com\exchange and this works well for us. We do not use ssl anyhwere on the mail setup.
However now we would like to begin using RPC over HTTP. I have looked at some docs on the net about to get this going but all of them mention ssl somewhere in the loop. i was wondering if there is a simple set of steps i need to do to start this process of getting RPC over HTTP to work. I now nothing about ssl so real basic advice would be great.

ta
0
Comment
Question by:kingcastle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 9
21 Comments
 
LVL 9

Expert Comment

by:Veerappan Sundaram
ID: 20338876
Hope the below links from Sembee will help you:

http://www.amset.info/exchange/default.asp
http://www.certificatesforexchange.com/

>>>> Veera.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20338884
The feature should be called RPC over HTTPS because HTTPS is mandatory. There are some undocumented hacks around for doing it with HTTP, but I don't recommend them and would not suggest that you even try.

The first thing I would suggest is get an SSL certificate. A 30 day trial certificate will be fine. RapidSSL have those at http://www.rapidssl.com/ They also have full instructions on how to apply for and install their certificate.

Once you have the certificate, then you are in a position to setup RPC over HTTPS. My instructions are at http://www.amset.info/exchange/rpc-http.asp

Take note of the suggestion to get it working inside your firewall first, that can cause problems if you don't.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20339000
thanks folks, im sorry if this sounds silly but once i get my sll cert what do i apply it to . Im thinking of buying this ssl from my isp its about 80 quid or so, so not a great deal but once i get what do i apply it to?

once again sorry if this seems silly
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 104

Expert Comment

by:Sembee
ID: 20339335
The certificates from RapidSSL are billed in US$, currently they cost £23 on the exchange rate (got to love the weak dollar).
Get the trial certificate first - that will get your feet wet on the process. The certificate is applied to the web site.

http://www.rapidssl.com/ssl-certificate-support/ssl-support.htm

Create the CCR as per their instructions. When you set the common name - that is the name you want to use externally - so mail.domain.com - no http or / anything - just the host name.
0
 

Author Comment

by:kingcastle
ID: 20339808
ok so i will buy the ssl we are going to use mail.mydomain.com for rpc. if i apply this an ssl will it affect my mail flow in anyway?

and will this also secure my http:\\mail.mydomain.com\exchange\exchange setup as well?

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20339887
It will have nothing effect on email flow.

The SSL certificate will protect all web services on the server, so OWA, OMA, RPC over HTTPS. I have even used them for WSUS when installed on the same machine.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20346860
cheers simon now the thing is that when i goto buy an ssl for our domain i .e mydoamin.com the ssl cert  seems to want to apply to mydomain.com only but we use mail.mydomain.com for most of our email stuff which is basically just an a record we setup for mail. Im guessing we only need to ssl cert mail.mydomain.com? i dont really think an ssl cert for mydomain.com is needed or can you only ssl the top level domain name? or am i doing this totally wrong?

ta
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20347380
When you create the SSL certificate request set the common name as mail.domain.com, not just domain.com.

However before you request a certificate you will need an A record for that same host name, so if you want to use mail, then you will need a record of mail. If you receive email directly by SMTP then you may already have a host name that you can use.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20349280
currently our domain setup is as follows

Type              Key          value
MX                 @             mail.mydomain.com
A                   mail           server wan ip address
a                   vpn           vpn server wan ip address

we use mail.mydomain.com for all our email stuff ie OWA and smtp mail. what should i be asking y isp to put a ssl cert on?

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20349589
On that basis I would suggest that the common name on the SSL certificate be set as mail.domain.com - you already have the A record in place, so nothing more DNS wise will be required.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20360278
looks like my isp cant do this, they reckon i have to out the certificate on my domain name ie mydomain.com but i dont want to do this, we use our mydomain.com for a shopping type main site, i only want to ssl mail.mydomain.com which is an a record of the main domain.

Is what i am trying to do not possible?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20360662
Your ISP is a muppet. You don't have to get an SSL certificate from them. Just go to another SSL source, generate an SSL certificate with the common name of mail.domain.com and install it yourself. Ignore the ISP.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20360801
cool i use that one you suggested earlier and post back

cheers
0
 

Author Comment

by:kingcastle
ID: 20369345
its me again simon sorry, im trying to register with rapid ssl for the 30 day trial and then buy the cert outright if it works well for us.

I get as far as the generate you CSR and this is were im stumped....."Select the computer and web site (host) that you wish to secure.
Right mouse-click to select Properties"

which site should i be trying to secure my iis on my exchange server looks like this
Exadmin
Exchange
Exchange-Web
Microsoft-Web
OMA
Public
RPC
RPC with Cert

Bearing in mind we access our OWA via mail.mydomain.com

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20373445
You don't secure a directory, you secure a web site. Therefore you will need to right click on the Default Web Site and then choose the Directory Security tab. The wizard to create the CSR is on that tab.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20382355
thanks simon, i followed all the steps and got the cert on the server and then followed your steps, but for some reason when the reps are out of the office and try to use outlook it just keeps saying trying to connect to microsoft exchange server and does not do anything else.

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20383918
Does it work internally?
And that doesn't just mean Outlook starting and appearing to connection, you need to use the connection status screen (hold down CTRL and right click on the Outlook icon) to see if the connection is TCP/IP or HTTPS.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20384716
hi simon i have just tried this from outside the network and it works brilliantly but from inside the network its a no go?

cheers
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20386710
So you have RPC over HTTPS working and connecting with HTTPS shown in the connection status? If so, then it is probably a DNS issue.

If you ping the external name of the certificate, what responds or resolves? Internal or external IP address? If it is the external IP address then that is your problem. You need to setup a split DNS system: http://www.amset.info/netadmin/split-dns.asp

Simon.
0
 

Author Comment

by:kingcastle
ID: 20396857
simon

what can i say you are the man
0
 

Author Closing Comment

by:kingcastle
ID: 31410662
brilliant
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question