Solved

simple setup of rpc http

Posted on 2007-11-23
21
199 Views
Last Modified: 2010-04-21
Hi
We have a very simple setup. One windows 2003 DC and one exchange 2003 server. Both servers are protected from the outside va a firewall.
Currently we have access to OWA via http:\\mail.mydomain.com\exchange and this works well for us. We do not use ssl anyhwere on the mail setup.
However now we would like to begin using RPC over HTTP. I have looked at some docs on the net about to get this going but all of them mention ssl somewhere in the loop. i was wondering if there is a simple set of steps i need to do to start this process of getting RPC over HTTP to work. I now nothing about ssl so real basic advice would be great.

ta
0
Comment
Question by:kingcastle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 9
21 Comments
 
LVL 9

Expert Comment

by:Veerappan Sundaram
ID: 20338876
Hope the below links from Sembee will help you:

http://www.amset.info/exchange/default.asp
http://www.certificatesforexchange.com/

>>>> Veera.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20338884
The feature should be called RPC over HTTPS because HTTPS is mandatory. There are some undocumented hacks around for doing it with HTTP, but I don't recommend them and would not suggest that you even try.

The first thing I would suggest is get an SSL certificate. A 30 day trial certificate will be fine. RapidSSL have those at http://www.rapidssl.com/ They also have full instructions on how to apply for and install their certificate.

Once you have the certificate, then you are in a position to setup RPC over HTTPS. My instructions are at http://www.amset.info/exchange/rpc-http.asp

Take note of the suggestion to get it working inside your firewall first, that can cause problems if you don't.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20339000
thanks folks, im sorry if this sounds silly but once i get my sll cert what do i apply it to . Im thinking of buying this ssl from my isp its about 80 quid or so, so not a great deal but once i get what do i apply it to?

once again sorry if this seems silly
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 104

Expert Comment

by:Sembee
ID: 20339335
The certificates from RapidSSL are billed in US$, currently they cost £23 on the exchange rate (got to love the weak dollar).
Get the trial certificate first - that will get your feet wet on the process. The certificate is applied to the web site.

http://www.rapidssl.com/ssl-certificate-support/ssl-support.htm

Create the CCR as per their instructions. When you set the common name - that is the name you want to use externally - so mail.domain.com - no http or / anything - just the host name.
0
 

Author Comment

by:kingcastle
ID: 20339808
ok so i will buy the ssl we are going to use mail.mydomain.com for rpc. if i apply this an ssl will it affect my mail flow in anyway?

and will this also secure my http:\\mail.mydomain.com\exchange\exchange setup as well?

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20339887
It will have nothing effect on email flow.

The SSL certificate will protect all web services on the server, so OWA, OMA, RPC over HTTPS. I have even used them for WSUS when installed on the same machine.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20346860
cheers simon now the thing is that when i goto buy an ssl for our domain i .e mydoamin.com the ssl cert  seems to want to apply to mydomain.com only but we use mail.mydomain.com for most of our email stuff which is basically just an a record we setup for mail. Im guessing we only need to ssl cert mail.mydomain.com? i dont really think an ssl cert for mydomain.com is needed or can you only ssl the top level domain name? or am i doing this totally wrong?

ta
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20347380
When you create the SSL certificate request set the common name as mail.domain.com, not just domain.com.

However before you request a certificate you will need an A record for that same host name, so if you want to use mail, then you will need a record of mail. If you receive email directly by SMTP then you may already have a host name that you can use.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20349280
currently our domain setup is as follows

Type              Key          value
MX                 @             mail.mydomain.com
A                   mail           server wan ip address
a                   vpn           vpn server wan ip address

we use mail.mydomain.com for all our email stuff ie OWA and smtp mail. what should i be asking y isp to put a ssl cert on?

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20349589
On that basis I would suggest that the common name on the SSL certificate be set as mail.domain.com - you already have the A record in place, so nothing more DNS wise will be required.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20360278
looks like my isp cant do this, they reckon i have to out the certificate on my domain name ie mydomain.com but i dont want to do this, we use our mydomain.com for a shopping type main site, i only want to ssl mail.mydomain.com which is an a record of the main domain.

Is what i am trying to do not possible?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20360662
Your ISP is a muppet. You don't have to get an SSL certificate from them. Just go to another SSL source, generate an SSL certificate with the common name of mail.domain.com and install it yourself. Ignore the ISP.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20360801
cool i use that one you suggested earlier and post back

cheers
0
 

Author Comment

by:kingcastle
ID: 20369345
its me again simon sorry, im trying to register with rapid ssl for the 30 day trial and then buy the cert outright if it works well for us.

I get as far as the generate you CSR and this is were im stumped....."Select the computer and web site (host) that you wish to secure.
Right mouse-click to select Properties"

which site should i be trying to secure my iis on my exchange server looks like this
Exadmin
Exchange
Exchange-Web
Microsoft-Web
OMA
Public
RPC
RPC with Cert

Bearing in mind we access our OWA via mail.mydomain.com

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20373445
You don't secure a directory, you secure a web site. Therefore you will need to right click on the Default Web Site and then choose the Directory Security tab. The wizard to create the CSR is on that tab.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20382355
thanks simon, i followed all the steps and got the cert on the server and then followed your steps, but for some reason when the reps are out of the office and try to use outlook it just keeps saying trying to connect to microsoft exchange server and does not do anything else.

cheers
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20383918
Does it work internally?
And that doesn't just mean Outlook starting and appearing to connection, you need to use the connection status screen (hold down CTRL and right click on the Outlook icon) to see if the connection is TCP/IP or HTTPS.

Simon.
0
 

Author Comment

by:kingcastle
ID: 20384716
hi simon i have just tried this from outside the network and it works brilliantly but from inside the network its a no go?

cheers
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20386710
So you have RPC over HTTPS working and connecting with HTTPS shown in the connection status? If so, then it is probably a DNS issue.

If you ping the external name of the certificate, what responds or resolves? Internal or external IP address? If it is the external IP address then that is your problem. You need to setup a split DNS system: http://www.amset.info/netadmin/split-dns.asp

Simon.
0
 

Author Comment

by:kingcastle
ID: 20396857
simon

what can i say you are the man
0
 

Author Closing Comment

by:kingcastle
ID: 31410662
brilliant
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question