Solved

RPC over HTTP configuration in exchange 2003 through NAT in firewall

Posted on 2010-08-31
18
909 Views
Last Modified: 2013-11-16
we have an exchange server 2003SP2 running in windows server 2003 ..we are running the exchange in a single server but its is integrated with our ADS. The exchange computer name is myexserver.mydomain (mydomain is single label domain name of our ADS ). The OWA is running in IIS in the default website under a virtual directory called exchange we can access this website through http://myexserver/exchange. we are configured a NAT in our router to expose the OWA through our public IP.

we are in the middle of installing RPC over HTTP/s in the server, because we need to get exchange access from outlook through WAN without VPN.I have checked in the exchange server and can see that there is already the RPC over HTTP proxy component is installed and can see the RPC over HTTP tab under my server properties in exchange system manager but it is not enabled.

Here are my questions

1 Is there any issues the can be occurred when enabling the RPC over HTTP proxy in exchange server?
2 I can see the RPC virtual directory under the default website in IIS and the default website is already port forwarded (NAT) in firewall to get OWA from external.  How I can configure the firewall to get RPC proxy outside access? .There is a domain name already mapped to our public IP for ftp access ftp.mycompany.com.
3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
4 can I use the GUI in exchange system manger to configure RPC over HTTP or do i need the manual modification in the registry?
0
Comment
Question by:sumeshbnr
  • 8
  • 4
  • 3
  • +2
18 Comments
 
LVL 1

Expert Comment

by:tfrache
Comment Utility
you have to go to this website and follow the article :
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

good luck!
0
 
LVL 11

Accepted Solution

by:
Coast-IT earned 300 total points
Comment Utility
1. Is there any issues the can be occurred when enabling the RPC over HTTP proxy in exchange server?
No problem

2 I can see the RPC virtual directory under the default website in IIS and the default website is already port forwarded (NAT) in firewall to get OWA from external.  How I can configure the firewall to get RPC proxy outside access? .There is a domain name already mapped to our public IP for ftp access ftp.mycompany.com.
If you already have a good A record to use, just forward port 443 onto your Exchange server as it travels over HTTPs

3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
You just add an a new DNS zone for your public zone into DNS and then use that to configure all email both internally and externally

4 can I use the GUI in exchange system manger to configure RPC over HTTP or do i need the manual modification in the registry?
There are a lot more steps than this simple changes, its looks daunting but its easy ;

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
0
 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility


3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
You just add an a new DNS zone for your public zone into DNS and then use that to configure all email both internally and externally

Is this really need?

I can forward the 443 port in firewall to my exchange server then why don't i can simply use the public ip address as the proxy server  in out look clients? (or a domain name is still required) .
0
 
LVL 11

Expert Comment

by:Coast-IT
Comment Utility
The reason for this, is when the laptops come into the office, their Outlook will be trying to connect to xxx.mycompany.com, however the DNS zone if not added will force this out externally and try and go to the outside resolved IP address.

All I ever do, which is standard practice is ;

1. Create a new A record externally, let's say mail.mycompany.com
2. set this to point to a public IP address on your router
3. make a port forwarding rule for port 443 for this public IP address to point to your Exchange server.
4. setup RPC over HTTPS as the link suggests
5. Add a new DNS zone internally for mycompany.com
    set mail.mycompany.com to go to your Exchange server's internal IP
    set www.mycompany.com to go to the www external IP address


I hope this makes sense?
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
I'd go with coast-it's suggestions above. That's the accepted practice.

you can also test it.
https://mail.domain.com/exchange/rpc/rpcproxy.dll

Does it give you a username / pass prompt
And when you login - it will give you a blank screen.
0
 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility
can you please more descriptive . we have only one public IP can I use the same .I dont want domain name I am ready to use Ip
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
if you have one public IP - is it set to mail.domain.com

when you go here
www.mxtoolbox.com
enter your domain name
what is the first MX record listed.
What is the public IP associated with it.

use that @ with CoastIT's suggestions.
0
 
LVL 11

Expert Comment

by:Coast-IT
Comment Utility
You need to use an A record to associate with a certificate, hence the reason for a name and not an IP address.

just ask your hosting company if you have no access to set up an additional A record with the name of "mail" to the same as the ftp IP address.

You then need to buy a certificate or use a self signed one with this name on it.
0
 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility
Is it common/possible to add multiple host A record for one domain to one IP ?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility
I already have ftp.mycompany.com pointed to my public IP.can I associate a SSL with this domain name and can add the ssl certificate to my exchange server's default website?
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 100 total points
Comment Utility
yes you can
You can have
mail.domain.com
ftp.domain.com
autodiscover.domain.com >> all pointing to the same IP
0
 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility
In this case do I need the following also?

5. Add a new DNS zone internally for mycompany.com
    set mail.mycompany.com to go to your Exchange server's internal IP
    set www.mycompany.com to go to the www external IP address
0
 
LVL 28

Expert Comment

by:sunnyc7
Comment Utility
Yes.
http:#33565669

when you configure outlook laptops with RPC/HTTPS - they will look for mail.domain.com when they are outside the network.
When they get inside the network, their outlook will stop working.
So, create a mail.domain.com - to point to the internal LAN IP of Exchange SErver (192.168.x.y) - so that RPC/HTTPS works no matter if the laptops are outside / inside the network.

thanks
0
 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility
this make more sense now. I have one last question ;The RPC and exchange virtual directory are in the same default website in IIS of my exchange server. can I use one SSL certificate for both OWA and RPC over HTTP?
0
 
LVL 7

Expert Comment

by:Waseems
Comment Utility
for comment 33566937 I think it is better to configure outlook on fast connection to use IP and on slow connection to use http, then no need to create additional local dns domain, and for certificate you will have to use the same certificate becase RPC and exchange are virtual directories into the same web site and certificate is linked to site not to virtual directory
0
 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility
One more thing  what is the use of OMA virtual directory and what is the use of it?
0
 
LVL 7

Assisted Solution

by:Waseems
Waseems earned 100 total points
Comment Utility
it is website for mobile use same as owa but light for mobiles
0
 
LVL 11

Author Comment

by:sumeshbnr
Comment Utility
Thank you all
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Outlook Free & Paid Tools
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now