RPC over HTTP configuration in exchange 2003 through NAT in firewall

we have an exchange server 2003SP2 running in windows server 2003 ..we are running the exchange in a single server but its is integrated with our ADS. The exchange computer name is myexserver.mydomain (mydomain is single label domain name of our ADS ). The OWA is running in IIS in the default website under a virtual directory called exchange we can access this website through http://myexserver/exchange. we are configured a NAT in our router to expose the OWA through our public IP.

we are in the middle of installing RPC over HTTP/s in the server, because we need to get exchange access from outlook through WAN without VPN.I have checked in the exchange server and can see that there is already the RPC over HTTP proxy component is installed and can see the RPC over HTTP tab under my server properties in exchange system manager but it is not enabled.

Here are my questions

1 Is there any issues the can be occurred when enabling the RPC over HTTP proxy in exchange server?
2 I can see the RPC virtual directory under the default website in IIS and the default website is already port forwarded (NAT) in firewall to get OWA from external.  How I can configure the firewall to get RPC proxy outside access? .There is a domain name already mapped to our public IP for ftp access ftp.mycompany.com.
3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
4 can I use the GUI in exchange system manger to configure RPC over HTTP or do i need the manual modification in the registry?
LVL 11
sumeshbnrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tfracheCommented:
you have to go to this website and follow the article :
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

good luck!
0
Coast-ITCommented:
1. Is there any issues the can be occurred when enabling the RPC over HTTP proxy in exchange server?
No problem

2 I can see the RPC virtual directory under the default website in IIS and the default website is already port forwarded (NAT) in firewall to get OWA from external.  How I can configure the firewall to get RPC proxy outside access? .There is a domain name already mapped to our public IP for ftp access ftp.mycompany.com.
If you already have a good A record to use, just forward port 443 onto your Exchange server as it travels over HTTPs

3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
You just add an a new DNS zone for your public zone into DNS and then use that to configure all email both internally and externally

4 can I use the GUI in exchange system manger to configure RPC over HTTP or do i need the manual modification in the registry?
There are a lot more steps than this simple changes, its looks daunting but its easy ;

http://www.msexchange.org/tutorials/Implementing-RPC-over-HTTPS-single-Exchange-Server-2003-environment.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sumeshbnrAuthor Commented:


3 can I use the public IP in as proxy server in the outlook client when configuring exchange account from outside my domain?
You just add an a new DNS zone for your public zone into DNS and then use that to configure all email both internally and externally

Is this really need?

I can forward the 443 port in firewall to my exchange server then why don't i can simply use the public ip address as the proxy server  in out look clients? (or a domain name is still required) .
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Coast-ITCommented:
The reason for this, is when the laptops come into the office, their Outlook will be trying to connect to xxx.mycompany.com, however the DNS zone if not added will force this out externally and try and go to the outside resolved IP address.

All I ever do, which is standard practice is ;

1. Create a new A record externally, let's say mail.mycompany.com
2. set this to point to a public IP address on your router
3. make a port forwarding rule for port 443 for this public IP address to point to your Exchange server.
4. setup RPC over HTTPS as the link suggests
5. Add a new DNS zone internally for mycompany.com
    set mail.mycompany.com to go to your Exchange server's internal IP
    set www.mycompany.com to go to the www external IP address


I hope this makes sense?
0
sunnyc7Commented:
I'd go with coast-it's suggestions above. That's the accepted practice.

you can also test it.
https://mail.domain.com/exchange/rpc/rpcproxy.dll

Does it give you a username / pass prompt
And when you login - it will give you a blank screen.
0
sumeshbnrAuthor Commented:
can you please more descriptive . we have only one public IP can I use the same .I dont want domain name I am ready to use Ip
0
sunnyc7Commented:
if you have one public IP - is it set to mail.domain.com

when you go here
www.mxtoolbox.com
enter your domain name
what is the first MX record listed.
What is the public IP associated with it.

use that @ with CoastIT's suggestions.
0
Coast-ITCommented:
You need to use an A record to associate with a certificate, hence the reason for a name and not an IP address.

just ask your hosting company if you have no access to set up an additional A record with the name of "mail" to the same as the ftp IP address.

You then need to buy a certificate or use a self signed one with this name on it.
0
sumeshbnrAuthor Commented:
Is it common/possible to add multiple host A record for one domain to one IP ?
0
sumeshbnrAuthor Commented:
I already have ftp.mycompany.com pointed to my public IP.can I associate a SSL with this domain name and can add the ssl certificate to my exchange server's default website?
0
sunnyc7Commented:
yes you can
You can have
mail.domain.com
ftp.domain.com
autodiscover.domain.com >> all pointing to the same IP
0
sumeshbnrAuthor Commented:
In this case do I need the following also?

5. Add a new DNS zone internally for mycompany.com
    set mail.mycompany.com to go to your Exchange server's internal IP
    set www.mycompany.com to go to the www external IP address
0
sunnyc7Commented:
Yes.
http:#33565669

when you configure outlook laptops with RPC/HTTPS - they will look for mail.domain.com when they are outside the network.
When they get inside the network, their outlook will stop working.
So, create a mail.domain.com - to point to the internal LAN IP of Exchange SErver (192.168.x.y) - so that RPC/HTTPS works no matter if the laptops are outside / inside the network.

thanks
0
sumeshbnrAuthor Commented:
this make more sense now. I have one last question ;The RPC and exchange virtual directory are in the same default website in IIS of my exchange server. can I use one SSL certificate for both OWA and RPC over HTTP?
0
WaseemsCommented:
for comment 33566937 I think it is better to configure outlook on fast connection to use IP and on slow connection to use http, then no need to create additional local dns domain, and for certificate you will have to use the same certificate becase RPC and exchange are virtual directories into the same web site and certificate is linked to site not to virtual directory
0
sumeshbnrAuthor Commented:
One more thing  what is the use of OMA virtual directory and what is the use of it?
0
WaseemsCommented:
it is website for mobile use same as owa but light for mobiles
0
sumeshbnrAuthor Commented:
Thank you all
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.