Solved

RPC over HTTP to Exchange cluster

Posted on 2007-12-03
7
1,178 Views
Last Modified: 2012-05-05
Hi
We've been running Exchange in a cluster for a while now and we would like to get RPC over HTTP to work. OWA amd mobile synch is already running. They do not use HTTPS and we thought we'd get RPC over HTTP to work without certificates first.
Like hundreds before me I've tried following the recipies online, without any luck. Can't even get it to work in the LAN.

Our setup:
Firewall : Ports 80 and 443 open to domains external IP-adress, routed to exchange servers (SC2)  internal IP.

Exchange server: Two Windows 2003 SP2 Enterprise Edition servers (S1 and S2) in a cluster (SC2).
S2 is the standard physical server that owns the Exchange services whith S1 taking over in case of emergency.

Domain Controller: Two Windows 2003 SP2 Standard Edition. (D1 and D2)

The way I thought I'd set it up was to set Exchange server (SC2) as a back-end server in the Exchange System Manager, and connect directly to this server via RPC over HTTP on port 80.
In the IIS I have noticed though that the RPC "directory" was created in Default Web Site while the rest of exchange ones are in "Exchange Virtual Server (SC2)" Have tried making another RPC in the virtual server without any luck.

The RPC Directory Security is set to not allow anonymous access, Integrated and Basic authentication.
In the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy: Valid Ports" on the Exchange server (SC2) I set ports 593,6001-6002, and 6004 to different combinations of exchange server (SC2) and DC1 and DC2 with and without local domain. Also same ports to external domain.

On both DC in registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters" i set "NSPI interface protocol sequences"  to "ncacn_http:6004"

I have tried testing on a Windows Vista PC with outlook 2007. In the exchange proxy settings I have set "http://mail.externaldomain.com" as proxy server for exchange, no SSL, ticked to use HTTP first and NTLM authentication.
When trying to run outlook.exe /rpcdiag it tries to connect to SC2.internaldomain.com and all I get is window askin for username and password to the exchange server. Whatever I enter this just pops back with no error message. Haven't been able to find anything useful in any of the server logs either.

Does anyone have any experience with the same setup as I'm trying to get to work, or have an idea of where I'm going wrong? Don't quite know where and how to start testing to pin down the error.

Any assistance will be greatly appreciated :)






0
Comment
Question by:heilage
7 Comments
 
LVL 6

Expert Comment

by:msghaleb
ID: 20401449
Please download this Doc. and read it, it's very long but you will need may be 10% of it to get it working.

http://www.microsoft.com/downloads/details.aspx?FamilyId=F7D2D6E5-579F-4779-A6B8-7EF931EC02A5&displaylang=en

MG
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20401809
First - RPC over HTTPS cannot be used without an SSL certificate. There are few unsupported workarounds, but they are exactly that - unsupported. Otherwise the feature is expecting to use HTTPS.

Do you not have a frontend server? If you are using a cluster I would have thought you would have a frontend server. If you do, that makes things much easier to deploy, rather than hacking around with the registry.

It looks like you have everything configured, except for the lack of an SSL certificate. Don't try and waste your time with a self generated SSL certificate. Get a trial certificate from RapidSSL.com to test it with before purchasing a certificate.

Simon.
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20402281
I would also not recommend doing so since your credentials will be sent accross in plain text if using basic Auth...
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 1

Author Comment

by:heilage
ID: 20402300
Thanks for the prompt replies.

No we don't have a front end server.
I will try with a 3rd party certificate next and see how it works out.
Will keep you posted :)
0
 
LVL 1

Author Closing Comment

by:heilage
ID: 31412542
Hi again
Worked like a charm after I bought a certificate. Really angry with myself now for working for days trying to get it to work without SSL. For some reason I thought that would be easier to configure, and that I could just add the certificate later.

Thanks again :)
0
 
LVL 7

Expert Comment

by:ingetic
ID: 24471170
have you resolved your issue  ?

0
 
LVL 1

Author Comment

by:heilage
ID: 24524222
Hi
Yes the issue was resolved. My problem was that I was trying to make it work without an SSL certificate. Once I bought one of those it worked like a charm.

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question