We help IT Professionals succeed at work.

Exchange 2003 Front End RPC Proxy Only

Medium Priority
Last Modified: 2012-05-06
My client has an Exchange 2003 Active/Passive cluster. No front end.  The majority of users access email remotely via iPhones w/ ActivSync or OWA. One remote user has been accessing email via POP3. A new policy states we cannot have POP3 open to the outside world, and its agreed that it would  be best to get his email back in the exchange store anyway (its currently set to remove messages from the server after downloading). He uses Outlook so RPC over HTTPS is the preferred solution.

So here is my issue: I found you cannot configure clustered Exchange servers as an RPC over HTTPS proxy so I created a VM (using Virtual Server 2005 R2) on a DC to act as a RPC over HTTPS proxy and exchange front end. This front end must ONLY act as an RPC PROXY and not be a critical piece of the mail chain for local users on Outlook or remote users with iPhones or OWA (uptime is paramount for them which is why we have a cluster configuration). We accept that this one user will have issues should the VM or host go down but it shouldnt affect the other users.

I have installed Windows Server 2003 R2, Exchange 2003 Enterprise, all service packs, and patches. Followed the RPC Proxy deployment guide to designate the VM as a front end server and the clustered virtual server as a backend. The guide kind of left me in the dark at this point as what to do next. I found the article at ww.petri.co.il/configure_rpc_over_https_on_a_single_server.htm  and used the configuration tool to set the registry keys (I know its for a single server but am told the settings are the same for front end). I've verified IIS permissions according to these two resources and cant get a local Outlook client to connect via RPC over HTTPS. I put a valid SSL cert on it.  I know Im missing something. At this point Im not even sure what I need to do in order to open port 443 to this virtual server and configure this one user.

I realize this configuration may not be a best practice but it should work right? Any help would be greatly appreciated. I cant find a step by step guide to accomplish this anywhere on the internets.
Watch Question

Expert of the Quarter 2009
Expert of the Year 2009
You don't need to set the registry settings if you are in a FE/BE scenario.
In FE/BE all you need to do is set the relevant entries in the GUI. Exchange does the rest. On the backend servers set the GUI as RPC-HTTP backend server, then set the frontend end. Thats it.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Hmm.. Where do I specify the servers as RPC-HTTP frontend/backend? Also, I am getting EventID 3092 replication error warnings 15 at a time, every 5 minutes logged to the backend application log.
Expert of the Quarter 2009
Expert of the Year 2009
In the properties of the server in ESM, on the RPC-HTTP tab.

No idea what the error code is - error codes on their own are useless.

I  checked the RPC-HTTP thread in ESM and the front and back ends were both set appropriately.  At this point this is how I am testing and stating it is not working:
1. Create a DNS A record for rpc.mydomain.com (since we are using webmail.mydomain.com for iphones and OWA and we want 443 for RPC directed to this front end right?)
2. Open the associated public IP for rpc.mydomain.com port 443 inbound and directing it to the front end.
3. Configuring remote Outlook Exchange Proxy settings as follows:
a. "Use this URL to connect to my proxy server for Exchange" = https://rpc.mydomain.com
b. Checked: "Connect using SSL only"
c. checked "on slow networks connect using HTTP first....."
d. checked: "On fast networks connect using HTTP first....."
d. "Basic Authentication" selected.

For the name of the Exchange server on the general tab I am giving it the internal name of the Exchange backend.

I am prompted for credentials, where I supply myADdomain\username and password. After a few seconds a window pops up stating "Your Microsoft Exchange Server is unavailable",  And gives me options to either retry, work offline, or cancel.

Any suggestions?
Expert of the Quarter 2009
Expert of the Year 2009
Is there a certificate on that name, which is valid? Ie a trusted certificate not a home grown certificate?
If you have been playing around with the registry settings that can also cause problems. The rule is GUI or registry, not both.
Therefore set the GUI to not part of the RPC-HTTP configuration and then run iisreset on all Exchange servers. Then set the GUI again correctly without touching the registry.

Personally I would have everything remote going through the frontend, including the webmail support for the mobile devices. Makes life much easier and leaves the cluster to serve the mailboxes and nothing else.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.