Solved

rpc over http with single gc and single dc

Posted on 2009-04-06
24
610 Views
Last Modified: 2012-05-06
helloo
what's the registry keys must be added and where for these cases:
single exchange + single DC + Single GC
Exchange BE + exchangeFE + Single DC + GC installed im same compute of exchange FE
thanks.
0
Comment
Question by:Rawasi
  • 15
  • 8
24 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24080278
As per the instructions on my web site:
http://www.amset.info/exchange/rpc-http-server.asp

Simon.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24081166
so the keys for 1 are:
on gc :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
on Exchange:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"ValidPorts"="
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.local:6001-6002;
gc:6001-6002;
gc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.local:6004;
gc:6004;
gc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
gc:593;
gc.domain.local:593;
exchange-server:593;
exchange-server.domain.local:593;
mail.external.com:593;"
and for 2 are:
on gc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
on fe
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
"ValidPorts"="fe:100-5000;
be:6001-6002;
be.domain.local:6001-6002;
gc:6001-6002;
gc.domain.local:6001-6002;
be:6004;
be.domain.local:6004;
gc:6004;
gc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
gc:593;
gc.domain.local:593;
be:593;
server-be.domain.local:593;
mail.external.com:593;"
on be
nothings
 
right ?
thanks.
 
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24083020
Frontend/Backend are two separate machines. You cannot have a server with both roles. Therefore if you have two servers, one a domain controller and one an Exchange server you make the changes that are on my web site for a single server with a separate domain controller.

I am also going to have to be strict here - if you want further assistance you will have to increase the points. 50 points is the minimum so you get minimum answers.

Simon.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24083055
it's 200 now
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24083063
i have one dc and be and gc with fe in the same computer.
thanks.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24104764
hello any answer ?
i try to have one exchange in single server ang one dc and gc in single server too
so i set the ports on the single exchange server:
exchange-server:100-5000;
exchange-server:6001-6002;
exchange-server.domain.local:6001-6002;
gc:6001-6002;
gc.domain.local:6001-6002;
exchange-server:6004;
exchange-server.domain.local:6004;
gc:6004;
gc.domain.local:6004;
mail.external.com:6001-6002;
mail.external.com:6004;
gc:593;
gc.domain.local:593;
exchange-server:593;
exchange-server.domain.local:593;
mail.external.com:593;  and this for dc :

on gc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
 
and set the exchange rpc-http proprties to  rpc-http backend server
and set the authentications option for rpc directory on the iis
don't work !!!
any way to trublshoting the problem to know if the problem from exchange or the cert or the reg keys ?
not's: i have exchange 2003 sp1+2 and windows 2003 without sp's
thanks.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24109386
You don't have a frontend and a backend in the same computer.
You either have a frontend server and a backend server, or you have a single Exchange server.

Furthermore, you either set the GUI or the registry, not both.
On a single Exchange server the ONLY option is to use the registry. Alas this feature either works, or it doesn't.

Therefore I would suggest that you reset everything back to the defaults.
Change the GUI to not part of the topology, remove the RPC over HTTP component from Windows components, go back in to IIS manager and delete the RPC and RPC-WITH-CERT virtual directories and run IISRESET to write the change to the IIS metabase.
Then reinstall the RPC over HTTP proxy component and setup the feature again.

Any reason why the Windows servers are not on the latest service packs? You should have everything on SP2 ideally.

Simon.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24124862

Hello
I installed sp1 and sp2
I enter the registry keys on DC and Exchange Server.
I thinks the problem is form the certificate, I have my Enterprise local CA
I try to export the cert with private key then import it to laptop that is out of domain  and installed the cert in trust area , the certificate give that is expired.
So any help to do it with steps?
Thanks.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24125951
I only deploy RPC over HTTPS with a commercial certificate from an outside vendor. I have never used an internal CA, never even set one up. I find they are simply too much hassle to save US$30.

Simon.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24135344
i want to do it with internal Ca
becuze it's lab !
thanks.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24135631
other things:
how can i test the rpc if it's work ?
i mean i want to confirm if the ports configrations are ok.
thanks.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24137320
You can test it with the Microsoft test site:
https://testexchangeconnectivity.com/

However trying to get it to work with an internal CA is like banging your head against the wall. Get a 30 day trial certificate from rapidSSL.com, it will save you a lot of hair loss.

Simon.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 1

Author Comment

by:Rawasi
ID: 24137750
it's give there is a problem with ssl cert
now i want to use rpc over http not over https.
i try to use rpcping tools:
 
C:\Program Files\Windows Resource Kits\Tools>rpcping -t ncacn_http -s "server2" -o RpcProxy=rpc.domain.com  -P "administrator.domain.local,*" -I "administrator,domain.local,*" -H 2 -u 10 -a connect -F 2 -v 3 -E -R none
 
it's give me this in the result:
RPCPing v2.12. Copyright (C) Microsoft Corporation, 2002
OS Version is: 5.2, Service Pack 2
Enter password for server:
Enter password for RPC/HTTP proxy:

RPCPinging proxy server rpc.domain.com with Echo Request Packet
Sending ping to server
Error 12029 returned in the WinHttpSendRequest.
Ping failed.
notesi have these sever:
server1:dc and gc
server2:exchange 2003 with sp2 (BE)
server3:additional domain + exchange 2003 with sp2 (FE)
server4:ISA Server
so what's the problem ?
thanks
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24140439
Oh those an ISA server involved?
Anything else you haven't said?

I don't tend to get involved with ISA servers as I prefer to use a real firewall.

Simon.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24140512
sorry but i don't understand your first qustions.
no nothing? but can u wirte the steps that i should do be do it with out anyexternal link ?
my problem is not with the isa server.
my problem is in settings.
anu command can i exeuted ?
thanks.
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 333 total points
ID: 24158489
As you are using an ISA server, I cannot assist any further. I do not use RPC over HTTPS through ISA server. The ISA server is a factor in the setup, and you should have mentioned that to begin with.

Simon.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24176726
the problem is not from the isa server
the problem is with rpc over http setup or the system
any way for testing and trublshoting ?
thanks.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 333 total points
ID: 24179190
Unless you have removed the ISA server, then the ISA server is a factor in the configuration process, because ISA server works in a different way to a regular firewall with the way that it "publishes" features.

The testexchangeconnectivity site is the only way to test this feature from outside the firewall without using Outlook.

However as you are using ISA server I am unable to assist you further and will be unsubscribing from this question.

Simon.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24182505

I remove the is the same problem happing.
I can't use testexchangeconnectivity becuse it's requiring ssl and i want to use rpc over http not on https
Can u give me tools and commands to troubleshooting this problem?
Thanks.
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24235921
any solution ?
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24361748
any solution ?
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24699059
any solution ?
0
 
LVL 1

Author Comment

by:Rawasi
ID: 24752203
any solution ?
0
 
LVL 2

Assisted Solution

by:anuragshankar
anuragshankar earned 167 total points
ID: 24991583
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now