Cannot get RPC over HTTP to work out of office

I have OWA working perfectly internally and externally via port 443. I also have RPC over HTTP working within the office. I setup an A Record with my domain registrar with mail.domain.com i also setup a CNAME within DNS so mail.domain.com can resolve to the exhange servers internal IP.

I also have port 6001-6004 open. Not sure wether i need to have a trusted ssl certificate for this work out of the office. If anyone can help me out i would much appreciate it.
bkcaliAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkhaterCommented:
you do NOT need to open ports 6001-6004

do you have a firewall or isa/TMG ?

if you go to https://www.testexchangeconnectivity.com/ and test rpc/http what is the restults
0
bkcaliAuthor Commented:
I have a sonicwall firewall, i won't be able to utilize the testexchangeconnectivity yet until the exchange server comes. I put a test machine on the network to get familiar with the owa and rpc over http functionality. I know with that being said its hard to gauge what is causing the problem.
0
AkhaterCommented:
and how are you testing rpc/http then ?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Hilal1924Commented:
" I also have port 6001-6004 open" These ports are not required to be open. RPC/HTTPS works on port 443, Which you have already opened. I assume that your Exchange is 2003 version.
Having a Third Party certificate is highly desirable. and it would make sense to have it installed on the server. It will not give any warnings or errors when you launch web services from Exchange.
When the Outlook starts please use the following command and let me know what is the result:
Start ==> Run ===> outlook /rpcdiag
If you have outlook 2007 Press CTRL key and right click on the Outlook 2007 icon in Taskbar and click "Test Email Auto-Configuration" and also "Connection Status"
Let me know the result please so that we can help you better.
For more Information on Outlook RPC/HTTPS Please refer to the following link:
http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
 
Hilal
0
bkcaliAuthor Commented:
Hilal1924 ill do that now and let you know. Akhater, i installed 2008 server on and old pc and installed exchange on it. Made it part of a member server and made sure it resolved correctly. I can setup a outlook profile no problem and connects to the exchange no problem. I was reading up on getting rpc over http to work within the office and found out i had to create a CNAME for it to resolve mail.domain.com correctly. it seems like that worked for the internal side as far as externally i dont know where to begin.
0
AkhaterCommented:
so

1. you did enable  outlook anywhere on the exchange
2. in you external dns zone you have mail.domain.com pointing to the external IP address forwarded to the IP of your exchange server ?
3. are you using the self singed certificate of exchange ? or an internal certificate ?
4. you said OWA is working from outside are the client getting a certificate warning when they are connecting to OWA ?
0
bkcaliAuthor Commented:
1. Outlook Anywhere is enabled
2. Yes
3. Self Signed
4. Yeah they are getting the certificate warning

Below i attached what the connection status is. I could of been wrong that the rpc over http is working. I assumed it was b/c when i created a profile on my computer and went into the outlook anywhere proxy and put in a bogus address is the https field it took forever for it to connect and when i typed in the proper one mail.domain.com it let me in right away.
Exchange-Server-Connection-Statu.doc
0
AkhaterCommented:
Don't lose your time trying to work with Outlook anywhere with a self-signed certificate, if you cannot buy a 3rd party at the moment you need at least an internal certificate.

For Outlook anywhere to work you need to be able to access owa with no certificate warning at all as a start
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hilal1924Commented:
OK It is Official, RPC/HTTPS is not working for you. And it should not work from inside either since all connections are established via TCP/IP and not via RPC. Scrap whatever you have done till now and follow the above link from start. It has good step by step info which you can use.
http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html 
HIlal
 
0
bkcaliAuthor Commented:
Ill keep you guys posted tomorrow since the server comes in than. Hilal1924 is it possible to get rpc over https to work inside. Reason i ask is bc alot of the partners here have laptops and are in and out of the office all week. id like to make it as easy as possible for them to when they launch outlook in or out of the office it works.
0
AkhaterCommented:
you do not need rpc/https internally, outlook can be configured to use both and it will automatically switch from tcp/ip to rpc/http alone.

The link provided by Hilal is for exchange 2003, for exchange 2007 all you need to do is to enable it from the management console and you already did that.

As I previously said as long as you are getting warnings when you are connecting to OWA you are not likely to get rpc/https working.

Finally are you sure you are configuring outlook to use rpc/http?
0
bkcaliAuthor Commented:
Thanks akhater, Im pretty sure i am. I went into more setting and checked off connect to mailbox using http.

In the first box that says https:// i typed in the mail.domain.com and unchecked the ssl and selected basic authentication. But like you said its a certificate issue. i may just buy an ssl from Go Daddy seems like they are the cheapest.
0
Hilal1924Commented:
Yes Go Daddy is very cheap. Try to get a SAN certificate which can make use of multiple domain names and will be very useful in future. In Exchange 2007, all you need is to use this command to enable Outlook anywhere
Enable-Outlookanywhere
 :)
Or just enable it from Exchange Management Console.
Hilal
0
AkhaterCommented:
GoDaddy are cheap and they work just fine, if you want to buy one make sure to include

CN=mail.domain.com
SAN=autodiscover.domain.com

this will allow you in the future to enable autodiscover features
0
bkcaliAuthor Commented:
since I created a A Record for mail.domain.com i could get by with buying a single domain ssl certificate right?
0
bkcaliAuthor Commented:
Akhater so would it be wise to just go with a multiple domain SSL Certificate or a single domain? Looking at Go Daddy's selections now.
0
AkhaterCommented:
yes you can of course it i just that in the future you might want to have autodiscover also and you will need to re-buy
0
bkcaliAuthor Commented:
Alright, sounds good. Ill buy the ssl today and keep you guys posted on the progress tomorrow. Atleast i know where my boundaries are on this instead of sitting here trying to get it to work with a self signed.

Quick question on the OWA, the external address is setup as https://mail.domain.com/owa once the trusted certificate is installed and i create CN=mail.domain.com for GoDaddy i wont run into the certificate warning any more correct?
0
AkhaterCommented:
sure CN=mail.domain.com

use https://www.digicert.com/easy-csr/exchange2007.htm to generate your CSR
0
bkcaliAuthor Commented:
I was actually looking at that the other day. As for it automatically switching from tcp/ip to rcp/http, for that to work i have to have the exchange proxy correctly configured with the ssl certificate.
0
AkhaterCommented:
exactly
0
bkcaliAuthor Commented:
I appreciate you answering all these questions for me. I may just might go with the multiple domains so i dont get shot in the foot with this. What does the autodiscover.domain.com necassarily do?
0
AkhaterCommented:
it is for autodiscover services, the serivices allowing outlook profile to be automatically configured without the need of an IT admin intervention
0
bkcaliAuthor Commented:
Thanks again Akhater and Hilal1924. Ill let you know how it goes tomorrow.
0
bkcaliAuthor Commented:
Server should be here this afternoon. Didnt know Exchange 2010 has a certficate wizard like Digicert. Akhater as for the autodiscover name our internal domain is domain.local but the A record is mail.domain.com which points our exchange server here. What Im asking does the SAN name have to be autodiscover.domain.com or autodiscover.domain.local?
0
AkhaterCommented:
autodiscover.domain.com
0
bkcaliAuthor Commented:
One of my friends said you could use a wildcard certificate to cover the mail.domain.com and autodiscover.domain.com. Is that correct?
0
Hilal1924Commented:
Yes you can. it looks something like this
*@domain.com
It is a bit expensive though.
 
Hilal
0
bkcaliAuthor Commented:
you mean *.domain.com?
0
Hilal1924Commented:
Yes right :)
0
bkcaliAuthor Commented:
I saw it on Godaddy relatively cheap like 12.99 cheap
0
Hilal1924Commented:
I am actually using GoDaddy on my own Mail Servers and they work Just fine. So I can assure you it will work as nicely as the expensive ones.
Hilal
0
bkcaliAuthor Commented:
Great just got the server in now
0
AkhaterCommented:
So you created the SCR and got the certificate and installed it on exchange and used it for IIS ?
0
bkcaliAuthor Commented:
Had a server down emergency call for a client yesterday when i was about to installed exchange. Just got back in now. Waiting for it to finish installed. Im about the get the certificate now.
0
bkcaliAuthor Commented:
Thanks again guys, owa and outlook anywhere are working flawlessly now that i installed the GoDaddy Certificate. Went with the SAN certificate.
0
AkhaterCommented:
Glad to know it is working Way to go!!!
0
bkcaliAuthor Commented:
As of right now everything is working, ran into some certificate issues. Certificate warnings kept coming up while in outlook saying the name was invalid or something along those lines. I removhatered the certificate to stop getting them since we wont be doing the cut over until mid may but trying to rethink if i did something wrong while generating the certificate from GoDaddy.

 Akhater not sure if this has something to do with it but at our office we have a domain which is for example contoso.local. I setup the OWA and Outlookanywhere to point to mail.contosonj.com. Like i mentioned before if you ping mail.contosonj.com it resolves to the exchange correctly. It works perfectly fine (OWA and Outlook Anywhere but i get certificate warnings that pop on the workstations while in outlook.

Not sure if i need to add some more Alternative Names in the Certificate or what. I know i should probably add exchangeservername.contoso.local in there.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.