Solved

RPC over HTTPS (Outlook Anywhere) doesn't work after switch from Netopia Router to SSG-5

Posted on 2008-06-19
5
4,677 Views
Last Modified: 2008-07-08
Hello Experts:

I am having a problem with RPC over HTTP (Outllook Anywhere).  Last night, I switched from using a Netopia Router to an SSG-5 Firewall (Juniper).  Until the switch over, Outlook Anywhere was working great.  Called Juniper and their techs spent the biggest part of the day on the phone--and remoting in to the firewall to check the firewall and the configuration looks correct for the simple setup I have.  They think that the Barracuda Spam Model 300 firewall is blocking the RPC over HTTP.  I am not to sure if they are correct.  Has any of you experts had a similiar problem?  I have made sure the HTTP and HTTPS ports are open.  Inside of my network, I can use outlook /rpcdiag-and it connects perfectly to Microsoft Exchange 2007 server with no problems.  Any thoughts are help is appreciated.  Juniper can't figure it out and Barracuda Techs give me the old upgrade the firmware bit--which I did--but it didn't slove the problem.

Thanks
Steve
0
Comment
Question by:huntersp3
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21827587
RPC over HTTPS only requires port 443 to be open - in fact, that is the whole idea of it, it works over secure HTTP so will work anywhere. If you have both port 80 and port 443 forwarded to your Exchange server, there shouldn't be a problem.

If the ONLY thing that has changed on your network is the addition of the firewall, then that must be the cause of the problem if it was working before this.  There is something not configured correctly, or the firewall isn't working properly.

Was the firewall the only change to the network when RPC over HTTP stopped working?
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21827593
Actually, another thing to check...

If you browse to OWA (presuming this is enabled too?) from outside your network, do you get a security certificate warning, or is the security certificate accepted by the browser?
0
 

Author Comment

by:huntersp3
ID: 21829777
Hello Purple:

The changing of the firewall was the only change made to the network.  So, I agree, that the firewall is not working properly.  The juniper tech said I have everything setup correctly.  Put, you never know how much they really know.  In my policy, I have a VIP with port 443 opened and pointed right at my exchange server ip address.  Also, using the same VIP, I have a port opened for mail (25) pointed at my spam filter.  It just occured to me--I wonder if using the same VIP could be the issue?

Thanks
Steve
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21829818
There shouldn't be a problem using the same VIP, but it is certainly something to try by giving OWA its own.

As an aside, I have just upgraded the firmware on a Juniper NS5GT (the existing firmware kept throwing an error when trying to add a basic firewall rule to one of the interfaces). It came back ok (as in all the external services seem to be reachable) with the exception of the VPN.  So now I am locked out of the system.  I knew it was a mistake remotely upgrading firmware...
0
 

Accepted Solution

by:
huntersp3 earned 0 total points
ID: 21898427
Hello Everyone:

I will close out this question.  The problem was the Juniper firewall was not honoring the 443 port.  I had to remove the port 443 reference under Config-->Admin-->Management
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video discusses moving either the default database or any database to a new volume.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question