RPC over HTTPS (Outlook Anywhere) doesn't work after switch from Netopia Router to SSG-5

Hello Experts:

I am having a problem with RPC over HTTP (Outllook Anywhere).  Last night, I switched from using a Netopia Router to an SSG-5 Firewall (Juniper).  Until the switch over, Outlook Anywhere was working great.  Called Juniper and their techs spent the biggest part of the day on the phone--and remoting in to the firewall to check the firewall and the configuration looks correct for the simple setup I have.  They think that the Barracuda Spam Model 300 firewall is blocking the RPC over HTTP.  I am not to sure if they are correct.  Has any of you experts had a similiar problem?  I have made sure the HTTP and HTTPS ports are open.  Inside of my network, I can use outlook /rpcdiag-and it connects perfectly to Microsoft Exchange 2007 server with no problems.  Any thoughts are help is appreciated.  Juniper can't figure it out and Barracuda Techs give me the old upgrade the firmware bit--which I did--but it didn't slove the problem.

Thanks
Steve
huntersp3Asked:
Who is Participating?
 
huntersp3Connect With a Mentor Author Commented:
Hello Everyone:

I will close out this question.  The problem was the Juniper firewall was not honoring the 443 port.  I had to remove the port 443 reference under Config-->Admin-->Management
0
 
purplepomegraniteCommented:
RPC over HTTPS only requires port 443 to be open - in fact, that is the whole idea of it, it works over secure HTTP so will work anywhere. If you have both port 80 and port 443 forwarded to your Exchange server, there shouldn't be a problem.

If the ONLY thing that has changed on your network is the addition of the firewall, then that must be the cause of the problem if it was working before this.  There is something not configured correctly, or the firewall isn't working properly.

Was the firewall the only change to the network when RPC over HTTP stopped working?
0
 
purplepomegraniteCommented:
Actually, another thing to check...

If you browse to OWA (presuming this is enabled too?) from outside your network, do you get a security certificate warning, or is the security certificate accepted by the browser?
0
 
huntersp3Author Commented:
Hello Purple:

The changing of the firewall was the only change made to the network.  So, I agree, that the firewall is not working properly.  The juniper tech said I have everything setup correctly.  Put, you never know how much they really know.  In my policy, I have a VIP with port 443 opened and pointed right at my exchange server ip address.  Also, using the same VIP, I have a port opened for mail (25) pointed at my spam filter.  It just occured to me--I wonder if using the same VIP could be the issue?

Thanks
Steve
0
 
purplepomegraniteCommented:
There shouldn't be a problem using the same VIP, but it is certainly something to try by giving OWA its own.

As an aside, I have just upgraded the firmware on a Juniper NS5GT (the existing firmware kept throwing an error when trying to add a basic firewall rule to one of the interfaces). It came back ok (as in all the external services seem to be reachable) with the exception of the VPN.  So now I am locked out of the system.  I knew it was a mistake remotely upgrading firmware...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.