RPC over HTTP to Exchange cluster

Hi
We've been running Exchange in a cluster for a while now and we would like to get RPC over HTTP to work. OWA amd mobile synch is already running. They do not use HTTPS and we thought we'd get RPC over HTTP to work without certificates first.
Like hundreds before me I've tried following the recipies online, without any luck. Can't even get it to work in the LAN.

Our setup:
Firewall : Ports 80 and 443 open to domains external IP-adress, routed to exchange servers (SC2)  internal IP.

Exchange server: Two Windows 2003 SP2 Enterprise Edition servers (S1 and S2) in a cluster (SC2).
S2 is the standard physical server that owns the Exchange services whith S1 taking over in case of emergency.

Domain Controller: Two Windows 2003 SP2 Standard Edition. (D1 and D2)

The way I thought I'd set it up was to set Exchange server (SC2) as a back-end server in the Exchange System Manager, and connect directly to this server via RPC over HTTP on port 80.
In the IIS I have noticed though that the RPC "directory" was created in Default Web Site while the rest of exchange ones are in "Exchange Virtual Server (SC2)" Have tried making another RPC in the virtual server without any luck.

The RPC Directory Security is set to not allow anonymous access, Integrated and Basic authentication.
In the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy: Valid Ports" on the Exchange server (SC2) I set ports 593,6001-6002, and 6004 to different combinations of exchange server (SC2) and DC1 and DC2 with and without local domain. Also same ports to external domain.

On both DC in registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters" i set "NSPI interface protocol sequences"  to "ncacn_http:6004"

I have tried testing on a Windows Vista PC with outlook 2007. In the exchange proxy settings I have set "http://mail.externaldomain.com" as proxy server for exchange, no SSL, ticked to use HTTP first and NTLM authentication.
When trying to run outlook.exe /rpcdiag it tries to connect to SC2.internaldomain.com and all I get is window askin for username and password to the exchange server. Whatever I enter this just pops back with no error message. Haven't been able to find anything useful in any of the server logs either.

Does anyone have any experience with the same setup as I'm trying to get to work, or have an idea of where I'm going wrong? Don't quite know where and how to start testing to pin down the error.

Any assistance will be greatly appreciated :)






LVL 1
heilageAsked:
Who is Participating?
 
SembeeCommented:
First - RPC over HTTPS cannot be used without an SSL certificate. There are few unsupported workarounds, but they are exactly that - unsupported. Otherwise the feature is expecting to use HTTPS.

Do you not have a frontend server? If you are using a cluster I would have thought you would have a frontend server. If you do, that makes things much easier to deploy, rather than hacking around with the registry.

It looks like you have everything configured, except for the lack of an SSL certificate. Don't try and waste your time with a self generated SSL certificate. Get a trial certificate from RapidSSL.com to test it with before purchasing a certificate.

Simon.
0
 
msghalebCommented:
Please download this Doc. and read it, it's very long but you will need may be 10% of it to get it working.

http://www.microsoft.com/downloads/details.aspx?FamilyId=F7D2D6E5-579F-4779-A6B8-7EF931EC02A5&displaylang=en

MG
0
 
ATIGCommented:
I would also not recommend doing so since your credentials will be sent accross in plain text if using basic Auth...
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
heilageAuthor Commented:
Thanks for the prompt replies.

No we don't have a front end server.
I will try with a 3rd party certificate next and see how it works out.
Will keep you posted :)
0
 
heilageAuthor Commented:
Hi again
Worked like a charm after I bought a certificate. Really angry with myself now for working for days trying to get it to work without SSL. For some reason I thought that would be easier to configure, and that I could just add the certificate later.

Thanks again :)
0
 
ingeticCommented:
have you resolved your issue  ?

0
 
heilageAuthor Commented:
Hi
Yes the issue was resolved. My problem was that I was trying to make it work without an SSL certificate. Once I bought one of those it worked like a charm.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.