Solved

RPC over https for Outlook - Single Server Implementation

Posted on 2008-10-29
7
335 Views
Last Modified: 2009-06-22
I would like to setup my external customers (on the internet) to use Outlook using RPC over https.  I would like to do the single exhange server deployment.  I no perimeter network, no ISA server, or front end proxy server.  We have one firewall.

Is it reasonable to use our Sonicwall to filter the RPC traffic from the outside to our exchange server.  Essentially, I would have to open up ports 6001, 6002, and 6004 (443 is already open)?

client --> sonicwall --> exchange server with rpc over http (configured for https, forced 128bit encryption)
0
Comment
Question by:katfpi
  • 3
7 Comments
 
LVL 15

Accepted Solution

by:
tenaj-207 earned 250 total points
ID: 22837081
The first time I did this I used this walk through;
http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm

The only suggestion I would make is that you purchase a certificate from Network solutions, GoDaddy or somewhere else.  The self made certificates can cause more problems then what there worth.

If this is a SBS server then you can use a wizard to set this up very easily (even with a self made certificate).
http://technet.microsoft.com/en-us/library/bb123622(EXCHG.65).aspx
0
 
LVL 15

Assisted Solution

by:HayesJupe
HayesJupe earned 250 total points
ID: 22838317
you only need to open 443 to the outside world - the other ports you mention are internal use only.
0
 

Author Comment

by:katfpi
ID: 22841974
Thank you for your response.  I have a 3rd party cert in place for that server already, so it will be a pretty simple process once I feel good about the firewall aspects.

I feel like more research is needed.  The perimeter network accepts incoming traffic and re-routes it specifically and securely inside.

You don't think it's too much of a risk to take out the middle man?  I would be exposing the exchange ports to the outside world.  Having the ISA server would allow us simply to expose those ports via that server only.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22842648
Since the middle man is forwarding all the ports anyway then the additional risk is minimal, assuming your firewall is configured properly.
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 24651993
Thanks for all your clean up work angelIII!!!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Read this checklist to learn more about the 15 things you should never include in an email signature.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question