Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1185
  • Last Modified:

RPC over HTTP to Exchange cluster

Hi
We've been running Exchange in a cluster for a while now and we would like to get RPC over HTTP to work. OWA amd mobile synch is already running. They do not use HTTPS and we thought we'd get RPC over HTTP to work without certificates first.
Like hundreds before me I've tried following the recipies online, without any luck. Can't even get it to work in the LAN.

Our setup:
Firewall : Ports 80 and 443 open to domains external IP-adress, routed to exchange servers (SC2)  internal IP.

Exchange server: Two Windows 2003 SP2 Enterprise Edition servers (S1 and S2) in a cluster (SC2).
S2 is the standard physical server that owns the Exchange services whith S1 taking over in case of emergency.

Domain Controller: Two Windows 2003 SP2 Standard Edition. (D1 and D2)

The way I thought I'd set it up was to set Exchange server (SC2) as a back-end server in the Exchange System Manager, and connect directly to this server via RPC over HTTP on port 80.
In the IIS I have noticed though that the RPC "directory" was created in Default Web Site while the rest of exchange ones are in "Exchange Virtual Server (SC2)" Have tried making another RPC in the virtual server without any luck.

The RPC Directory Security is set to not allow anonymous access, Integrated and Basic authentication.
In the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy: Valid Ports" on the Exchange server (SC2) I set ports 593,6001-6002, and 6004 to different combinations of exchange server (SC2) and DC1 and DC2 with and without local domain. Also same ports to external domain.

On both DC in registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters" i set "NSPI interface protocol sequences"  to "ncacn_http:6004"

I have tried testing on a Windows Vista PC with outlook 2007. In the exchange proxy settings I have set "http://mail.externaldomain.com" as proxy server for exchange, no SSL, ticked to use HTTP first and NTLM authentication.
When trying to run outlook.exe /rpcdiag it tries to connect to SC2.internaldomain.com and all I get is window askin for username and password to the exchange server. Whatever I enter this just pops back with no error message. Haven't been able to find anything useful in any of the server logs either.

Does anyone have any experience with the same setup as I'm trying to get to work, or have an idea of where I'm going wrong? Don't quite know where and how to start testing to pin down the error.

Any assistance will be greatly appreciated :)






0
heilage
Asked:
heilage
1 Solution
 
msghalebCommented:
Please download this Doc. and read it, it's very long but you will need may be 10% of it to get it working.

http://www.microsoft.com/downloads/details.aspx?FamilyId=F7D2D6E5-579F-4779-A6B8-7EF931EC02A5&displaylang=en

MG
0
 
SembeeCommented:
First - RPC over HTTPS cannot be used without an SSL certificate. There are few unsupported workarounds, but they are exactly that - unsupported. Otherwise the feature is expecting to use HTTPS.

Do you not have a frontend server? If you are using a cluster I would have thought you would have a frontend server. If you do, that makes things much easier to deploy, rather than hacking around with the registry.

It looks like you have everything configured, except for the lack of an SSL certificate. Don't try and waste your time with a self generated SSL certificate. Get a trial certificate from RapidSSL.com to test it with before purchasing a certificate.

Simon.
0
 
ATIGCommented:
I would also not recommend doing so since your credentials will be sent accross in plain text if using basic Auth...
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
heilageAuthor Commented:
Thanks for the prompt replies.

No we don't have a front end server.
I will try with a 3rd party certificate next and see how it works out.
Will keep you posted :)
0
 
heilageAuthor Commented:
Hi again
Worked like a charm after I bought a certificate. Really angry with myself now for working for days trying to get it to work without SSL. For some reason I thought that would be easier to configure, and that I could just add the certificate later.

Thanks again :)
0
 
ingeticCommented:
have you resolved your issue  ?

0
 
heilageAuthor Commented:
Hi
Yes the issue was resolved. My problem was that I was trying to make it work without an SSL certificate. Once I bought one of those it worked like a charm.

0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now