Solved

RPC over HTTP to Exchange cluster

Posted on 2007-12-03
7
1,181 Views
Last Modified: 2012-05-05
Hi
We've been running Exchange in a cluster for a while now and we would like to get RPC over HTTP to work. OWA amd mobile synch is already running. They do not use HTTPS and we thought we'd get RPC over HTTP to work without certificates first.
Like hundreds before me I've tried following the recipies online, without any luck. Can't even get it to work in the LAN.

Our setup:
Firewall : Ports 80 and 443 open to domains external IP-adress, routed to exchange servers (SC2)  internal IP.

Exchange server: Two Windows 2003 SP2 Enterprise Edition servers (S1 and S2) in a cluster (SC2).
S2 is the standard physical server that owns the Exchange services whith S1 taking over in case of emergency.

Domain Controller: Two Windows 2003 SP2 Standard Edition. (D1 and D2)

The way I thought I'd set it up was to set Exchange server (SC2) as a back-end server in the Exchange System Manager, and connect directly to this server via RPC over HTTP on port 80.
In the IIS I have noticed though that the RPC "directory" was created in Default Web Site while the rest of exchange ones are in "Exchange Virtual Server (SC2)" Have tried making another RPC in the virtual server without any luck.

The RPC Directory Security is set to not allow anonymous access, Integrated and Basic authentication.
In the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy: Valid Ports" on the Exchange server (SC2) I set ports 593,6001-6002, and 6004 to different combinations of exchange server (SC2) and DC1 and DC2 with and without local domain. Also same ports to external domain.

On both DC in registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters" i set "NSPI interface protocol sequences"  to "ncacn_http:6004"

I have tried testing on a Windows Vista PC with outlook 2007. In the exchange proxy settings I have set "http://mail.externaldomain.com" as proxy server for exchange, no SSL, ticked to use HTTP first and NTLM authentication.
When trying to run outlook.exe /rpcdiag it tries to connect to SC2.internaldomain.com and all I get is window askin for username and password to the exchange server. Whatever I enter this just pops back with no error message. Haven't been able to find anything useful in any of the server logs either.

Does anyone have any experience with the same setup as I'm trying to get to work, or have an idea of where I'm going wrong? Don't quite know where and how to start testing to pin down the error.

Any assistance will be greatly appreciated :)






0
Comment
Question by:heilage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 6

Expert Comment

by:msghaleb
ID: 20401449
Please download this Doc. and read it, it's very long but you will need may be 10% of it to get it working.

http://www.microsoft.com/downloads/details.aspx?FamilyId=F7D2D6E5-579F-4779-A6B8-7EF931EC02A5&displaylang=en

MG
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 20401809
First - RPC over HTTPS cannot be used without an SSL certificate. There are few unsupported workarounds, but they are exactly that - unsupported. Otherwise the feature is expecting to use HTTPS.

Do you not have a frontend server? If you are using a cluster I would have thought you would have a frontend server. If you do, that makes things much easier to deploy, rather than hacking around with the registry.

It looks like you have everything configured, except for the lack of an SSL certificate. Don't try and waste your time with a self generated SSL certificate. Get a trial certificate from RapidSSL.com to test it with before purchasing a certificate.

Simon.
0
 
LVL 22

Expert Comment

by:ATIG
ID: 20402281
I would also not recommend doing so since your credentials will be sent accross in plain text if using basic Auth...
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:heilage
ID: 20402300
Thanks for the prompt replies.

No we don't have a front end server.
I will try with a 3rd party certificate next and see how it works out.
Will keep you posted :)
0
 
LVL 1

Author Closing Comment

by:heilage
ID: 31412542
Hi again
Worked like a charm after I bought a certificate. Really angry with myself now for working for days trying to get it to work without SSL. For some reason I thought that would be easier to configure, and that I could just add the certificate later.

Thanks again :)
0
 
LVL 7

Expert Comment

by:ingetic
ID: 24471170
have you resolved your issue  ?

0
 
LVL 1

Author Comment

by:heilage
ID: 24524222
Hi
Yes the issue was resolved. My problem was that I was trying to make it work without an SSL certificate. Once I bought one of those it worked like a charm.

0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses
Course of the Month8 days, 5 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question