Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange 2003 Front End RPC Proxy Only

Posted on 2009-02-16
5
Medium Priority
?
504 Views
Last Modified: 2012-05-06
My client has an Exchange 2003 Active/Passive cluster. No front end.  The majority of users access email remotely via iPhones w/ ActivSync or OWA. One remote user has been accessing email via POP3. A new policy states we cannot have POP3 open to the outside world, and its agreed that it would  be best to get his email back in the exchange store anyway (its currently set to remove messages from the server after downloading). He uses Outlook so RPC over HTTPS is the preferred solution.

So here is my issue: I found you cannot configure clustered Exchange servers as an RPC over HTTPS proxy so I created a VM (using Virtual Server 2005 R2) on a DC to act as a RPC over HTTPS proxy and exchange front end. This front end must ONLY act as an RPC PROXY and not be a critical piece of the mail chain for local users on Outlook or remote users with iPhones or OWA (uptime is paramount for them which is why we have a cluster configuration). We accept that this one user will have issues should the VM or host go down but it shouldnt affect the other users.

I have installed Windows Server 2003 R2, Exchange 2003 Enterprise, all service packs, and patches. Followed the RPC Proxy deployment guide to designate the VM as a front end server and the clustered virtual server as a backend. The guide kind of left me in the dark at this point as what to do next. I found the article at ww.petri.co.il/configure_rpc_over_https_on_a_single_server.htm  and used the configuration tool to set the registry keys (I know its for a single server but am told the settings are the same for front end). I've verified IIS permissions according to these two resources and cant get a local Outlook client to connect via RPC over HTTPS. I put a valid SSL cert on it.  I know Im missing something. At this point Im not even sure what I need to do in order to open port 443 to this virtual server and configure this one user.

I realize this configuration may not be a best practice but it should work right? Any help would be greatly appreciated. I cant find a step by step guide to accomplish this anywhere on the internets.
0
Comment
  • 3
  • 2
5 Comments
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 1500 total points
ID: 23653424
You don't need to set the registry settings if you are in a FE/BE scenario.
In FE/BE all you need to do is set the relevant entries in the GUI. Exchange does the rest. On the backend servers set the GUI as RPC-HTTP backend server, then set the frontend end. Thats it.

-M
0
 
LVL 1

Author Comment

by:dataworksconsultinginc
ID: 23653693
Hmm.. Where do I specify the servers as RPC-HTTP frontend/backend? Also, I am getting EventID 3092 replication error warnings 15 at a time, every 5 minutes logged to the backend application log.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 1500 total points
ID: 23654481
In the properties of the server in ESM, on the RPC-HTTP tab.

No idea what the error code is - error codes on their own are useless.

-M
0
 
LVL 1

Author Comment

by:dataworksconsultinginc
ID: 23655140
I  checked the RPC-HTTP thread in ESM and the front and back ends were both set appropriately.  At this point this is how I am testing and stating it is not working:
1. Create a DNS A record for rpc.mydomain.com (since we are using webmail.mydomain.com for iphones and OWA and we want 443 for RPC directed to this front end right?)
2. Open the associated public IP for rpc.mydomain.com port 443 inbound and directing it to the front end.
3. Configuring remote Outlook Exchange Proxy settings as follows:
a. "Use this URL to connect to my proxy server for Exchange" = https://rpc.mydomain.com
b. Checked: "Connect using SSL only"
c. checked "on slow networks connect using HTTP first....."
d. checked: "On fast networks connect using HTTP first....."
d. "Basic Authentication" selected.

For the name of the Exchange server on the general tab I am giving it the internal name of the Exchange backend.

I am prompted for credentials, where I supply myADdomain\username and password. After a few seconds a window pops up stating "Your Microsoft Exchange Server is unavailable",  And gives me options to either retry, work offline, or cancel.

Any suggestions?
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 1500 total points
ID: 23655175
Is there a certificate on that name, which is valid? Ie a trusted certificate not a home grown certificate?
If you have been playing around with the registry settings that can also cause problems. The rule is GUI or registry, not both.
Therefore set the GUI to not part of the RPC-HTTP configuration and then run iisreset on all Exchange servers. Then set the GUI again correctly without touching the registry.

Personally I would have everything remote going through the frontend, including the webmail support for the mobile devices. Makes life much easier and leaves the cluster to serve the mailboxes and nothing else.

-M
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question