Solved

RPC over HTTPS (Outlook Anywhere) doesn't work after switch from Netopia Router to SSG-5

Posted on 2008-06-19
5
4,694 Views
Last Modified: 2008-07-08
Hello Experts:

I am having a problem with RPC over HTTP (Outllook Anywhere).  Last night, I switched from using a Netopia Router to an SSG-5 Firewall (Juniper).  Until the switch over, Outlook Anywhere was working great.  Called Juniper and their techs spent the biggest part of the day on the phone--and remoting in to the firewall to check the firewall and the configuration looks correct for the simple setup I have.  They think that the Barracuda Spam Model 300 firewall is blocking the RPC over HTTP.  I am not to sure if they are correct.  Has any of you experts had a similiar problem?  I have made sure the HTTP and HTTPS ports are open.  Inside of my network, I can use outlook /rpcdiag-and it connects perfectly to Microsoft Exchange 2007 server with no problems.  Any thoughts are help is appreciated.  Juniper can't figure it out and Barracuda Techs give me the old upgrade the firmware bit--which I did--but it didn't slove the problem.

Thanks
Steve
0
Comment
Question by:huntersp3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21827587
RPC over HTTPS only requires port 443 to be open - in fact, that is the whole idea of it, it works over secure HTTP so will work anywhere. If you have both port 80 and port 443 forwarded to your Exchange server, there shouldn't be a problem.

If the ONLY thing that has changed on your network is the addition of the firewall, then that must be the cause of the problem if it was working before this.  There is something not configured correctly, or the firewall isn't working properly.

Was the firewall the only change to the network when RPC over HTTP stopped working?
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21827593
Actually, another thing to check...

If you browse to OWA (presuming this is enabled too?) from outside your network, do you get a security certificate warning, or is the security certificate accepted by the browser?
0
 

Author Comment

by:huntersp3
ID: 21829777
Hello Purple:

The changing of the firewall was the only change made to the network.  So, I agree, that the firewall is not working properly.  The juniper tech said I have everything setup correctly.  Put, you never know how much they really know.  In my policy, I have a VIP with port 443 opened and pointed right at my exchange server ip address.  Also, using the same VIP, I have a port opened for mail (25) pointed at my spam filter.  It just occured to me--I wonder if using the same VIP could be the issue?

Thanks
Steve
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 21829818
There shouldn't be a problem using the same VIP, but it is certainly something to try by giving OWA its own.

As an aside, I have just upgraded the firmware on a Juniper NS5GT (the existing firmware kept throwing an error when trying to add a basic firewall rule to one of the interfaces). It came back ok (as in all the external services seem to be reachable) with the exception of the VPN.  So now I am locked out of the system.  I knew it was a mistake remotely upgrading firmware...
0
 

Accepted Solution

by:
huntersp3 earned 0 total points
ID: 21898427
Hello Everyone:

I will close out this question.  The problem was the Juniper firewall was not honoring the 443 port.  I had to remove the port 443 reference under Config-->Admin-->Management
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question