?
Solved

RPC over HTTP configuration in exchange 2003 through NAT in firewall

Posted on 2010-08-31
18
Medium Priority
?
917 Views
Last Modified: 2013-11-16
we have an exchange server 2003SP2 running in windows server 2003 ..we are running the exchange in a single server but its is integrated with our ADS. The exchange computer name is myexserver.mydomain (mydomain is single label domain name of our ADS ). The OWA is running in IIS in the default website under a virtual directory called exchange we can access this website through http://myexserver/exchange. we are configured a NAT in our router to expose the OWA through our public IP.

we are in the middle of installing RPC over HTTP/s in the server, because we need to get exchange access from outlook through WAN without VPN.I have checked in the exchange server and can see that there is already the RPC over HTTP proxy component is installed and can see the RPC over HTTP tab under my server properties in exchange system manager but it is not enabled.

Here are my questions

1 Is there any issues the can be occurred when enabling the RPC over HTTP proxy in exchange server?
2 I can see the RPC virtual directory under the default website in IIS and the default website is already port forwarded (NAT) in firewall to get OWA from external.  How I can configure the firewall to get RPC proxy outside access? .There is a domain name already mapped to our public IP for ftp access ftp.mycompany.com.
3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
4 can I use the GUI in exchange system manger to configure RPC over HTTP or do i need the manual modification in the registry?
0
Comment
Question by:sumeshbnr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
  • +2
18 Comments
 
LVL 1

Expert Comment

by:tfrache
ID: 33565345
you have to go to this website and follow the article :
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

good luck!
0
 
LVL 11

Accepted Solution

by:
Coast-IT earned 1200 total points
ID: 33565355
1. Is there any issues the can be occurred when enabling the RPC over HTTP proxy in exchange server?
No problem

2 I can see the RPC virtual directory under the default website in IIS and the default website is already port forwarded (NAT) in firewall to get OWA from external.  How I can configure the firewall to get RPC proxy outside access? .There is a domain name already mapped to our public IP for ftp access ftp.mycompany.com.
If you already have a good A record to use, just forward port 443 onto your Exchange server as it travels over HTTPs

3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
You just add an a new DNS zone for your public zone into DNS and then use that to configure all email both internally and externally

4 can I use the GUI in exchange system manger to configure RPC over HTTP or do i need the manual modification in the registry?
There are a lot more steps than this simple changes, its looks daunting but its easy ;

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33565390


3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
You just add an a new DNS zone for your public zone into DNS and then use that to configure all email both internally and externally

Is this really need?

I can forward the 443 port in firewall to my exchange server then why don't i can simply use the public ip address as the proxy server  in out look clients? (or a domain name is still required) .
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 11

Expert Comment

by:Coast-IT
ID: 33565669
The reason for this, is when the laptops come into the office, their Outlook will be trying to connect to xxx.mycompany.com, however the DNS zone if not added will force this out externally and try and go to the outside resolved IP address.

All I ever do, which is standard practice is ;

1. Create a new A record externally, let's say mail.mycompany.com
2. set this to point to a public IP address on your router
3. make a port forwarding rule for port 443 for this public IP address to point to your Exchange server.
4. setup RPC over HTTPS as the link suggests
5. Add a new DNS zone internally for mycompany.com
    set mail.mycompany.com to go to your Exchange server's internal IP
    set www.mycompany.com to go to the www external IP address


I hope this makes sense?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33566109
I'd go with coast-it's suggestions above. That's the accepted practice.

you can also test it.
https://mail.domain.com/exchange/rpc/rpcproxy.dll

Does it give you a username / pass prompt
And when you login - it will give you a blank screen.
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33566266
can you please more descriptive . we have only one public IP can I use the same .I dont want domain name I am ready to use Ip
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33566340
if you have one public IP - is it set to mail.domain.com

when you go here
www.mxtoolbox.com
enter your domain name
what is the first MX record listed.
What is the public IP associated with it.

use that @ with CoastIT's suggestions.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33566629
You need to use an A record to associate with a certificate, hence the reason for a name and not an IP address.

just ask your hosting company if you have no access to set up an additional A record with the name of "mail" to the same as the ftp IP address.

You then need to buy a certificate or use a self signed one with this name on it.
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33566780
Is it common/possible to add multiple host A record for one domain to one IP ?
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33566814
I already have ftp.mycompany.com pointed to my public IP.can I associate a SSL with this domain name and can add the ssl certificate to my exchange server's default website?
0
 
LVL 28

Assisted Solution

by:sunnyc7
sunnyc7 earned 400 total points
ID: 33566826
yes you can
You can have
mail.domain.com
ftp.domain.com
autodiscover.domain.com >> all pointing to the same IP
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33566887
In this case do I need the following also?

5. Add a new DNS zone internally for mycompany.com
    set mail.mycompany.com to go to your Exchange server's internal IP
    set www.mycompany.com to go to the www external IP address
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33566937
Yes.
http:#33565669

when you configure outlook laptops with RPC/HTTPS - they will look for mail.domain.com when they are outside the network.
When they get inside the network, their outlook will stop working.
So, create a mail.domain.com - to point to the internal LAN IP of Exchange SErver (192.168.x.y) - so that RPC/HTTPS works no matter if the laptops are outside / inside the network.

thanks
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33573617
this make more sense now. I have one last question ;The RPC and exchange virtual directory are in the same default website in IIS of my exchange server. can I use one SSL certificate for both OWA and RPC over HTTP?
0
 
LVL 7

Expert Comment

by:Waseems
ID: 33574481
for comment 33566937 I think it is better to configure outlook on fast connection to use IP and on slow connection to use http, then no need to create additional local dns domain, and for certificate you will have to use the same certificate becase RPC and exchange are virtual directories into the same web site and certificate is linked to site not to virtual directory
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33574577
One more thing  what is the use of OMA virtual directory and what is the use of it?
0
 
LVL 7

Assisted Solution

by:Waseems
Waseems earned 400 total points
ID: 33574616
it is website for mobile use same as owa but light for mobiles
0
 
LVL 11

Author Comment

by:sumeshbnr
ID: 33574723
Thank you all
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video discusses moving either the default database or any database to a new volume.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month12 days, 5 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question