Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What are the proper security settings in IIS for Exchange and RPC using SSL

Posted on 2007-11-30
10
Medium Priority
?
765 Views
Last Modified: 2012-05-05
I have a clients server that I belive the security settings are all screwed up inside of IIS.
We recently purchased a SSL cert for them and are attempting to setup their Exchange OWA and RPC to use the SSL.  I can't seem to find an article that addresses ALL the settings from use SSL 128 and authentication and access types.
I remember reading a EE posting about this very thing, but cannot seem to find it.
Any help would be appreciated.
Our server is a Win2k3 sp1.
Thanks.
0
Comment
Question by:brian_appliedcpu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20383777
The simplest way to deal with this is to recreate the virtual directories for OWA using this article:
http://support.microsoft.com/default.aspx?kbid=883380

Remove the RPC Proxy component from Add/Remove Windows Components, then delete the RPC and RPCWITHCERT virtual directories from IIS Manager. Run IISRESET in a command prompt and then reinstall the component. You will then need to recreate the registry settings.

No other changes are required. Require SSL and the 128 bit settings are not required to work correctly and should be left alone. The SSL certificate will work correctly without those being set. Many people seem to think that require SSL turns SSL support on and off - it does not. All it does is force the server to generate a warning if the client does not come in on the HTTPS URL.

Simon.
0
 
LVL 2

Author Comment

by:brian_appliedcpu
ID: 20383806
Recreate what registry settings?
the rpc ports?  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20383909
RPC over HTTPS requires a ton of registry settings to be applied unless you are in a frontend/backend scenario. Those are wiped out when you remove the RPC Proxy component.

Simon.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:brian_appliedcpu
ID: 20384211
did the recreate the virtual directories for OWA using this article:
http://support.microsoft.com/default.aspx?kbid=883380
but still having the same 404 issue.
I do not have sharepoint installed.
I do have reporting services installed however.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20386698
Are you getting a 404 on both http and https?
Is that happening immediately, or do you get any kind of prompt?
Did the directories create correctly on their own?
Any errors in the event logs when the services were restarted?

Anything else installed on this machine that could have taken over the Default Web Site?
Have you checked the configuration of IIS to ensure that there is nothing else listening on the port on that IP address?

Simon.
0
 
LVL 2

Author Comment

by:brian_appliedcpu
ID: 20386846
We had sql 2000 reporting services installed and uninstalled them but i dont think that was the issue.
I did the recreate 3 times with no difference then i tried a different account rather than the administrator's and it worked fine.  Now i wonder if it was broken at all.....????
Thanks for your help and i will give you the points because you taught me something about recreating the iis virts.
0
 
LVL 2

Author Comment

by:brian_appliedcpu
ID: 20391011
I lied, i did not wait long enough to see if it finished loading...
Now all it says is that it is Loading the inbox....forever.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20391393
Microsoft have an extensive article on the "loading" issue:
http://support.microsoft.com/default.aspx?kbid=280823

Simon.
0
 
LVL 2

Author Comment

by:brian_appliedcpu
ID: 20391493
I now understand that i must reinstall exchange so i am in the process and since i have sp2 installed it keeps asking me to overwrite newer file?  Since i will immediately install sp2 should i say yes or no?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20392004
I tend to say no, and then install the service pack immediately. You must also install any updates that were on the machine that are dated after the service pack, before you look at putting the machine back in to production.

Simon.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question