Http over Rpc connection issue SBS2003 .LOCAL Domain

Also in the RWW there is a document called: "Configure your computer to use outlook via internet" that explains the whole setup.
I assume your outside users can access the Rww: https://your external domain/remote
Ports 443,444and 4125 need to be opened.
Hope that helps,
Olaf

Olafdc : I have went that route and the instructions on that link doesn't work either. And yes, users can access RWW from outside.

Renazones: I checked out the link you provided, but It doesn't refer to creating a multi-domain certificate using the SBS2003 CA? I would like to use the Server CA. Asking client to spend money is a headache.

The article i posted is for creating it with a self signed cert... should be what you need.

Please run the SBS BPA and fix the issues it comes up. Try again after that.
http://www.microsoft.com/downloads/en/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Olaf

I looked through all the links again. I don't see where it explains how to create a domain.Local & a domain.Com certificate using the SBS2003 CA.

funny thing i had this same problem last week and got it fixed with and documented it.

first some pointers
 internal domain should be .local.
external  in my case.co.nz
you must have the sbs certificat installed and working properly before going further. (google it if you have trouble.)
next follow my walkthrough.

1-      Install the certificate from the server onto the local PC from the following location
a.      SBS08        \\servername\Public\Public Downloads
b.      sbs2k3   \\servername\clientaps\SBScert\sbscert.cer
i.      <Gotchas> when using vista install the certificate using internet explorer
ii.      When using sbs08 install the certificate using the install package
iii.      Make sure the certificate are working properly before continuing EG make sure you can visit the  outlook web access  and not receive any certificate warnings before you proceed or it will not work.
Setting up outlook over RPC (both internal and external)
2-      Start, control Panel, Mail
3-       [if present] remove any profiles
4-       Add...
5-       Enter a profile name and click "OK"
6-       The 'Add New E-mail Account' wizard screen appears,
7-       Tick the "Manually configure server settings or additional server types", and click on "Next >"
8-       Select 'Microsoft Exchange' and click "Next >"
9-       The 'Microsoft Exchange Settings' screen appears
10-       Enter the Internal name of your SBS server [eg: servername.myco.local]
11-       Leave 'use Cached Exchange Mode' ticked
12-       Enter the users mailbox name (look in system manager at the mailboxes, as this may not be the same as the logon username)
13-       ** Do Not click on 'Check Name' **
14-       Click on "More Settings..."
15-       If you get a 'Connect to ...' dialogue box, click on 'Cancel'
16-      You (may) get a 'The action could not be completed. The connection to Microsoft Exchan...' modal box - click "OK"
17-       You (may) get a "Microsoft Exchange" window with just a 'General' tab and boxes for the server and mailbox and a 'check name' button.. - Click on "Cancel"
18-       You then should get the (more familiar) 'Microsoft Exchange' window with the General, Advanced, Security Connection and Remote Mail tabs.
19-       Goto the 'connection' tab
20-       Tick the box (at the bottom) 'Connect to Microsoft Exchange using HTTP'
21-       The 'Exchange Proxy Settings Button' should become 'un-greyed-out' - Click on it
22-       We get to the 'Microsoft Exchange Proxy Settings' window
23-       For the "Use this URL to connect to my proxy..." - enter the FQDN of your exchange server. EG: remote.company.co.nz
24-      Tick only connect to proxy servers....
25-      Enter the flowing msstd:remote.companyname.co.nz
26-      Tick BOTH "on fast networks..." and "on slow networks..."
27-      Change the 'Proxy authentication settings' (at the bottom) to "Basic Authentication"
28-      "OK"
29-      "OK"
30-      We should be back at the "Add New E-mail Account" window..  
31-      "Next >"
32-      "Finish"
33-      "OK" out of the "Mail" (profiles) window
34-      Close Control Panel
35-      When opening outlook it will always prompt you for the username and password use  username@domain.local  or domain.local/username  ----<domain.local is FQD internal domain name.>

as for certificates just use the one you create buy running the connect to internet wizard

You're right. Sorry about that. I sent you the wrong article...copied the wrong link.

Basically, you just have to import the certificate to the local store. Here's the MSExchange.org article I tried to send you before.

http://www.msexchange.org/tutorials/Outlook_2003_Connect_Exchange_2003.html

armeniospinola: I followed your instructions and still no luck connecting. I even added the servername.domain.local to the host file on my test system and it still did not connect.

check this on server http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

Configure outlook http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm

If it is a self signed certificate then install it on the local system in the truster root.

R--R: I looked at those articles already and the certificate is installed on the local system in the Trusted Root folder. I know I'm not the only one who has been in this situation.

Stupid question but did you reboot the server? RPC/HTTPS after the configuration does not work until the server has been restarted.

Server has been restarted numerous times since this has been setup.

From here I would go to add/remove programs -> add/remove windows components -> uninstall RPC Proxy -> reboot -> re-install RPC Proxy and start from scratch with the RPC/HTTPS configuration...sounds like there's some sort of issue with the RPC virtual directory on the server...Or, if forms authentication is enabled in Exchange turn it off.

Ok will try this when I get back into the office.

when you using sbs use the wizards for any of your configurations els you are going to make your life very complicated. run through the connect to Internet wizard.  again.
,make sure your certificates work can you access outlook web access internally from internet explorer and externally wit out it prompting you about the certificate. if this does not work perfectly with out prompting you at all. Eg you just type remote.companyname.co.nz/exchange  and you go straight in with out it prompting you about certificates bioth internally this must work adn externally.  can you confirm this works properly.

I totally understand using the wizards with SBS2003. The problem I have here is the person who initially setup the server didn't use the wizards to setup the system. It's been a headache so far dealing with this server. I can access Outlook Web Access internally and externally without any certificate errors. One thing I did notice is if I use IE to access OWA from inside the network I can't use domain.com in the URL. I have to use domain.local to access OWA from the inside network.

You cannot access the inside URL at the .com address unless there has been a static entry created in the internal DNS for the .com domain...otherwise, most firewalls will not allow the traffic to the .com domain to go outside to query the internet and then come back in on the public interface of the router. If you want to access OWA from the public address you'll need to add the entries statically in DNS to point the .com domain name to the private address of the server to prevent it from trying to go out to the internet and back in through the firewall.

mmm i see so you have the certificate working correctly well that a start. (as dofr internal if you want to access the .com internally you need a static entry in DNS.
the important thing is you can access the OWA with out it prompting to accept the certificate.
next thing is to set up  following the instructions above. and see if it gets to th part of actually seeing the server  were it can resolve your user name against the server.  similar to if you were inside the network.
If you want you could create a temporary user name and give me your domian details and i can have a look for you and check out teh certificate see if i can see any problems.
If you want me to  ill need  the FQD internal name the external name and a user name i can use.
Note this is only an offer and i completely understand if you are security conscious and do not want to. alternatively send me your email address and ill email you if you do not want that sort of info on this forum.

if all else fails run through the connect to Internet wizard again maybe it will fix any outstanding issues.
one more thing you have teh system fully up to date including any exchange service packs and they need to be applied separately.

Sorry it took so long to get back to everyone but I was on vacation for the holidays. The Multi-domain certificate from godaddy did the trick.