Solved

Http over Rpc connection issue SBS2003 .LOCAL Domain

Posted on 2010-11-28
21
441 Views
Last Modified: 2012-05-10
I have a client that has a SBS2003 Server. The previous IT support person initially setup the server with the Domain.Local naming convention. So when connecting to Exchange the server name is domain.Local. I setup a self signed certificate for outside access using Domain.com. The problem I'm having is I have a user who is on the road a lot and they would rather use Outlook than OWA. So when I tried to setup Outlook using Http over RPC it only works on the inside network. When tested on the outside network I constantly get the logon screen for Outlook and a message saying the server could not be contacted. I'm pretty sure this has something to do with the Internal domain being .Local and the external being .COM. How do I resolve this issue? I do not want to start over from square one. This server has been a nightmare to get working properly since I inherited it. This would be the finally kink worked out of this server.
0
Comment
Question by:Djrobluv
  • 8
  • 6
  • 4
  • +2
21 Comments
 
LVL 30

Accepted Solution

by:
renazonse earned 500 total points
Comment Utility
When using RPC on HTTPS you want a legit certificate with the public domain name as the principal name on the certificate. You can get these single domain certs for 2003 server dirt cheap (from GoDaddy) or get a multi-domain cert with server, server.domain.local and mail.domain.com as the names on the certificate for internal and external use.

Here's an article that explains how to do it with a self-signed cert: http://www.networksteve.com/exchange/topic.php/Exchange_Rpc/Http_with_self_signed_certificate/?TopicId=8321&Posts=6
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
Comment Utility
Also in the RWW there is a document called: "Configure your computer to use outlook via internet" that explains the whole setup.
I assume your outside users can access the Rww: https://your external domain/remote
Ports 443,444and 4125 need to be opened.
Hope that helps,
Olaf
0
 

Author Comment

by:Djrobluv
Comment Utility
Olafdc : I have went that route and the instructions on that link doesn't work either. And yes, users can access RWW from outside.

Renazones: I checked out the link you provided, but It doesn't refer to creating a multi-domain certificate using the SBS2003 CA? I would like to use the Server CA. Asking client to spend money is a headache.
0
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
The article i posted is for creating it with a self signed cert... should be what you need.
0
 
LVL 22

Expert Comment

by:Olaf De Ceuster
Comment Utility
Please run the SBS BPA and fix the issues it comes up. Try again after that.
http://www.microsoft.com/downloads/en/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en
Olaf
0
 

Author Comment

by:Djrobluv
Comment Utility
I looked through all the links again. I don't see where it explains how to create a domain.Local & a domain.Com certificate using the SBS2003 CA.
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
funny thing i had this same problem last week and got it fixed with and documented it.

first some pointers
 internal domain should be .local.
external  in my case.co.nz
you must have the sbs certificat installed and working properly before going further. (google it if you have trouble.)
next follow my walkthrough.

1-      Install the certificate from the server onto the local PC from the following location
a.      SBS08        \\servername\Public\Public Downloads
b.      sbs2k3   \\servername\clientaps\SBScert\sbscert.cer
i.      <Gotchas> when using vista install the certificate using internet explorer
ii.      When using sbs08 install the certificate using the install package
iii.      Make sure the certificate are working properly before continuing EG make sure you can visit the  outlook web access  and not receive any certificate warnings before you proceed or it will not work.
Setting up outlook over RPC (both internal and external)
2-      Start, control Panel, Mail
3-       [if present] remove any profiles
4-       Add...
5-       Enter a profile name and click "OK"
6-       The 'Add New E-mail Account' wizard screen appears,
7-       Tick the "Manually configure server settings or additional server types", and click on "Next >"
8-       Select 'Microsoft Exchange' and click "Next >"
9-       The 'Microsoft Exchange Settings' screen appears
10-       Enter the Internal name of your SBS server [eg: servername.myco.local]
11-       Leave 'use Cached Exchange Mode' ticked
12-       Enter the users mailbox name (look in system manager at the mailboxes, as this may not be the same as the logon username)
13-       ** Do Not click on 'Check Name' **
14-       Click on "More Settings..."
15-       If you get a 'Connect to ...' dialogue box, click on 'Cancel'
16-      You (may) get a 'The action could not be completed. The connection to Microsoft Exchan...' modal box - click "OK"
17-       You (may) get a "Microsoft Exchange" window with just a 'General' tab and boxes for the server and mailbox and a 'check name' button.. - Click on "Cancel"
18-       You then should get the (more familiar) 'Microsoft Exchange' window with the General, Advanced, Security Connection and Remote Mail tabs.
19-       Goto the 'connection' tab
20-       Tick the box (at the bottom) 'Connect to Microsoft Exchange using HTTP'
21-       The 'Exchange Proxy Settings Button' should become 'un-greyed-out' - Click on it
22-       We get to the 'Microsoft Exchange Proxy Settings' window
23-       For the "Use this URL to connect to my proxy..." - enter the FQDN of your exchange server. EG: remote.company.co.nz
24-      Tick only connect to proxy servers....
25-      Enter the flowing msstd:remote.companyname.co.nz
26-      Tick BOTH "on fast networks..." and "on slow networks..."
27-      Change the 'Proxy authentication settings' (at the bottom) to "Basic Authentication"
28-      "OK"
29-      "OK"
30-      We should be back at the "Add New E-mail Account" window..  
31-      "Next >"
32-      "Finish"
33-      "OK" out of the "Mail" (profiles) window
34-      Close Control Panel
35-      When opening outlook it will always prompt you for the username and password use  username@domain.local  or domain.local/username  ----<domain.local is FQD internal domain name.>
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
as for certificates just use the one you create buy running the connect to internet wizard
0
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
You're right. Sorry about that. I sent you the wrong article...copied the wrong link.

Basically, you just have to import the certificate to the local store. Here's the MSExchange.org article I tried to send you before.

http://www.msexchange.org/tutorials/Outlook_2003_Connect_Exchange_2003.html
0
 

Author Comment

by:Djrobluv
Comment Utility
armeniospinola: I followed your instructions and still no luck connecting. I even added the servername.domain.local to the host file on my test system and it still did not connect.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 19

Expert Comment

by:R--R
Comment Utility
check this on server http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

Configure outlook http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm

If it is a self signed certificate then install it on the local system in the truster root.
0
 

Author Comment

by:Djrobluv
Comment Utility
R--R: I looked at those articles already and the certificate is installed on the local system in the Trusted Root folder. I know I'm not the only one who has been in this situation.
0
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
Stupid question but did you reboot the server? RPC/HTTPS after the configuration does not work until the server has been restarted.
0
 

Author Comment

by:Djrobluv
Comment Utility
Server has been restarted numerous times since this has been setup.
0
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
From here I would go to add/remove programs -> add/remove windows components -> uninstall RPC Proxy -> reboot -> re-install RPC Proxy and start from scratch with the RPC/HTTPS configuration...sounds like there's some sort of issue with the RPC virtual directory on the server...Or, if forms authentication is enabled in Exchange turn it off.
0
 

Author Comment

by:Djrobluv
Comment Utility
Ok will try this when I get back into the office.
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
when you using sbs use the wizards for any of your configurations els you are going to make your life very complicated. run through the connect to Internet wizard.  again.
,make sure your certificates work can you access outlook web access internally from internet explorer and externally wit out it prompting you about the certificate. if this does not work perfectly with out prompting you at all. Eg you just type remote.companyname.co.nz/exchange  and you go straight in with out it prompting you about certificates bioth internally this must work adn externally.  can you confirm this works properly.
0
 

Author Comment

by:Djrobluv
Comment Utility
I totally understand using the wizards with SBS2003. The problem I have here is the person who initially setup the server didn't use the wizards to setup the system. It's been a headache so far dealing with this server. I can access Outlook Web Access internally and externally without any certificate errors. One thing I did notice is if I use IE to access OWA from inside the network I can't use domain.com in the URL. I have to use domain.local to access OWA from the inside network.
0
 
LVL 30

Expert Comment

by:renazonse
Comment Utility
You cannot access the inside URL at the .com address unless there has been a static entry created in the internal DNS for the .com domain...otherwise, most firewalls will not allow the traffic to the .com domain to go outside to query the internet and then come back in on the public interface of the router. If you want to access OWA from the public address you'll need to add the entries statically in DNS to point the .com domain name to the private address of the server to prevent it from trying to go out to the internet and back in through the firewall.
0
 
LVL 5

Expert Comment

by:Armenio
Comment Utility
mmm i see so you have the certificate working correctly well that a start. (as dofr internal if you want to access the .com internally you need a static entry in DNS.
the important thing is you can access the OWA with out it prompting to accept the certificate.
next thing is to set up  following the instructions above. and see if it gets to th part of actually seeing the server  were it can resolve your user name against the server.  similar to if you were inside the network.
If you want you could create a temporary user name and give me your domian details and i can have a look for you and check out teh certificate see if i can see any problems.
If you want me to  ill need  the FQD internal name the external name and a user name i can use.
Note this is only an offer and i completely understand if you are security conscious and do not want to. alternatively send me your email address and ill email you if you do not want that sort of info on this forum.

if all else fails run through the connect to Internet wizard again maybe it will fix any outstanding issues.
one more thing you have teh system fully up to date including any exchange service packs and they need to be applied separately.
0
 

Author Closing Comment

by:Djrobluv
Comment Utility
Sorry it took so long to get back to everyone but I was on vacation for the holidays. The Multi-domain certificate from godaddy did the trick.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now