Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

RPC over HTTP

Posted on 2007-11-29
15
Medium Priority
?
994 Views
Last Modified: 2011-10-03
We are setting up a new office and need to implement rpc over http.  All the back end configuration on the server has been done and the client machines can connect to the exchange server through a vpn.  We want to eliminate the vpn hence the need for RPC.  I went ahead and set up all the outlook 2003 clients with the correct server information and installed the server certificate on them as well but it will not connect.  The server certificate says exchange.mydomain.com but it says it was issued by server5.mydomain.com.  My question is do the issued to field and the issued by field have to be the same?  If that is the case I would need to change my CA to the exchange server, correct? Thanks in advance.
0
Comment
Question by:ccarmichael7
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 3
  • +3
15 Comments
 
LVL 2

Expert Comment

by:Haxus
ID: 20375813
I just wanted to verify your settings under "Exchange Proxy Settings"  within outlook options.

Use this URL to connect to my proxy server for exchange:
exchange.mydomain.com

Mutually authenticate the session with SSL (checked)

Principal name for proxy server: msstd:exchange.mydomain.com

No check in "On fast networks, connect using HTTP first"
Check in "On slow networks connect using HTTP first"

Authentication set to basic.

0
 

Author Comment

by:ccarmichael7
ID: 20375832
Yes you are correct, those are the current settings.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20376127
I presume this is a self generated certificate?
The first thing I would suggest is that you use a commercial SSL certificate. I have spent many hours trying to get the feature to work with home grown, only to switch to a commercial SSL certificate and have it working in minutes. When you can get an SSL certificate for US$20, it seems silly to spend hours trying to get it to work.

Have you tested the feature internally to ensure that it is connecting over HTTPS?

Simon.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 4

Expert Comment

by:mdcsea
ID: 20376166
Enable OWA temporarily and see if you can connect to the site:  https:\\exchange.mydomain.com\exchange without sing a certificate warning.  If you can, the correct certificate is installed on the workstation(s).

Double-check the server configuration.  Open ESM, expand as needed, right-click on the server name choose Properties.  Click on the RPC-HTTP tab and confirm that the first radio button is NOT selected (one of the others should be).

If all seems well, try starting outlook from the command line as follows:  "outlook.exe /rpcdiag" (no quotes) and see if there are any clues in the RPC diagnostics window.
0
 

Author Comment

by:ccarmichael7
ID: 20376837
I checked the rpc-http settings in ESM and see that the first option IS check, but the second one is greyed out and the only other option is to have this server as a backend server.  The problem is there is only one exchange server in the entire domain and this is it.
0
 
LVL 4

Expert Comment

by:mdcsea
ID: 20376896
Choose the third option - that's the correct choice.
0
 

Author Comment

by:ccarmichael7
ID: 20376922
Ok, chose the third option then it says that ports are not configured properly on the server, if i click yes it will change the ports for me, then it needs to reboot.  I have not problem doing this as long as it does not affect the rest of the organization's e-mail after the change is complete.
0
 
LVL 4

Expert Comment

by:mdcsea
ID: 20377041
This is going to make the needed changes to allow RPC over HTTP to access the GC and Information Store.  You used to have to do this manually but thanks to E2K3 SP1, we now have this tab to help with the configuration.

To put your mind at ease, look through this piece by Daniel Petri:  http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm  Scroll down to the section:  
Configure all your global catalogs to use specific ports for RPC over HTTP for directory services
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20377893
This feature cannot be enabled through the GUI on a single server, you have to make registry changes. Daniel Petri and I differ on the settings required. My version is here: http://www.amset.info/exchange/rpc-http.asp
It does not affect operation of the server while you make these changes.

Simon.
0
 

Author Comment

by:ccarmichael7
ID: 20384229
Hey Sembee we went ahead and purchased a certificate and set it up on our server, imported it into the client workstations but the connection still does not work.  
0
 

Author Comment

by:ccarmichael7
ID: 20384454
Sembee you were right in the end, i did have to change the registry keys manually.  Thanks so much for you help.
0
 

Author Comment

by:ccarmichael7
ID: 20384489
Hey Sembee, just one more question.  On other systems we have set this up on there was always an option to save the password when it prompted you.  It would never save the password but it would save the domain.  Is there a setting that needs to be checked in order for this to happen?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20386645
I have never seen a save password option for Outlook with RPC over HTTPS.

Simon.
0
 
LVL 11

Expert Comment

by:f_o_o_k_y
ID: 21113881
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:
Accept Sembee's comment as answer

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

f_o_o_k_y Experts Exchange Cleanup Volunteer
0
 
LVL 1

Expert Comment

by:Computer101
ID: 21146791
Forced accept.

Computer101
EE Admin
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question