Solved

RPC over HTTPS (Outlook Anywhere) doesn't work after switch from Netopia Router to SSG-5

Posted on 2008-06-19
5
4,641 Views
Last Modified: 2008-07-08
Hello Experts:

I am having a problem with RPC over HTTP (Outllook Anywhere).  Last night, I switched from using a Netopia Router to an SSG-5 Firewall (Juniper).  Until the switch over, Outlook Anywhere was working great.  Called Juniper and their techs spent the biggest part of the day on the phone--and remoting in to the firewall to check the firewall and the configuration looks correct for the simple setup I have.  They think that the Barracuda Spam Model 300 firewall is blocking the RPC over HTTP.  I am not to sure if they are correct.  Has any of you experts had a similiar problem?  I have made sure the HTTP and HTTPS ports are open.  Inside of my network, I can use outlook /rpcdiag-and it connects perfectly to Microsoft Exchange 2007 server with no problems.  Any thoughts are help is appreciated.  Juniper can't figure it out and Barracuda Techs give me the old upgrade the firmware bit--which I did--but it didn't slove the problem.

Thanks
Steve
0
Comment
Question by:huntersp3
  • 3
  • 2
5 Comments
 
LVL 24

Expert Comment

by:purplepomegranite
Comment Utility
RPC over HTTPS only requires port 443 to be open - in fact, that is the whole idea of it, it works over secure HTTP so will work anywhere. If you have both port 80 and port 443 forwarded to your Exchange server, there shouldn't be a problem.

If the ONLY thing that has changed on your network is the addition of the firewall, then that must be the cause of the problem if it was working before this.  There is something not configured correctly, or the firewall isn't working properly.

Was the firewall the only change to the network when RPC over HTTP stopped working?
0
 
LVL 24

Expert Comment

by:purplepomegranite
Comment Utility
Actually, another thing to check...

If you browse to OWA (presuming this is enabled too?) from outside your network, do you get a security certificate warning, or is the security certificate accepted by the browser?
0
 

Author Comment

by:huntersp3
Comment Utility
Hello Purple:

The changing of the firewall was the only change made to the network.  So, I agree, that the firewall is not working properly.  The juniper tech said I have everything setup correctly.  Put, you never know how much they really know.  In my policy, I have a VIP with port 443 opened and pointed right at my exchange server ip address.  Also, using the same VIP, I have a port opened for mail (25) pointed at my spam filter.  It just occured to me--I wonder if using the same VIP could be the issue?

Thanks
Steve
0
 
LVL 24

Expert Comment

by:purplepomegranite
Comment Utility
There shouldn't be a problem using the same VIP, but it is certainly something to try by giving OWA its own.

As an aside, I have just upgraded the firmware on a Juniper NS5GT (the existing firmware kept throwing an error when trying to add a basic firewall rule to one of the interfaces). It came back ok (as in all the external services seem to be reachable) with the exception of the VPN.  So now I am locked out of the system.  I knew it was a mistake remotely upgrading firmware...
0
 

Accepted Solution

by:
huntersp3 earned 0 total points
Comment Utility
Hello Everyone:

I will close out this question.  The problem was the Juniper firewall was not honoring the 443 port.  I had to remove the port 443 reference under Config-->Admin-->Management
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now