Exchange 2003-RPC over HTTP-very odd network setup...

Posted on 2011-05-05
Last Modified: 2012-06-27
Greetings all...I'm about 6 weeks into a new permanent network admin position, and inherited one of the wackiest setups I've encountered in the past 20-odd years...Good luck trying to figure this one out-hence the max points offered.  Here goes...

Company is a mid-sized manufacturing concern; large plant operation, relatively small office portion.  Servers consist of the following (numbered for ease of reference):
NOTE:  All clients/servers are on same IP scheme & subnet: sub
Gateways differ as indicated-I'll explain further below

#1--Domain controller, Server 2003 Enterprise, AD, GC, DNS.  Has 2 NICs, only 1 in use, yet is assigned static IPs of .10 and .110, gateways of .5 & .254,

#2--Member server, Server 2003 Enterprise, Exchange 2003, DNS. 2 NICs, 1 in use, static IP .14, gateways .5 & .254.

#3--Member server, Server 2008 R2 Standard, File/Data Server, Print Server.  2 NICs, 1 in use, static IP .1, gateway .5.

#4--Member server, Win2000 Server, 3rd party fax server, 1 NIC, static IP .12, gateway .5.

#5--Member server, Server 2003 Enterprise, hosts our website store via Apache web server, 1 NIC. static IP .13, gateway .5.

Now, the REAL fun...our Internet pipe is supplied by Comcast via a SMC cable modem, with 4 RJ-45 ports, and FIVE static IPs: through 221, with the SMC box getting .222.  DHCP is enabled in the scheme.  3 Cat5e cables are plugged in:

#1 goes to a D-Link wireless router, uses .219 WAN address, assigns DHCP addresses of  Is only used for wireless Internet access for visitors/guests.

#2 goes to a Watchguard Firebox 700 hardware firewall gets the .218 WAN IP, LAN static IP of; acts as primary gateway/firewall/web policy restrictions for most clients.

#3 goes to a cheap Netgear wireless router w/4 Ethernet ports; this, believe it or not, acts as the 2nd gateway; WAN IP of .217, LAN static IP of, wireless function disabled.  It was installed by a previous "consultant" supposed to:
allow inbound access without firewall restrictions;
allow outbound access to clients who were permitted no restrictions; and,
permit Outlook Web Access to function.

But wait-it gets worse!  Our "main" Internet hosted by GoDaddy on one of their virtual servers, so their NAT handles redirects on their end; BUT-the website is registered through Network Solutions, and GoDaddy forced us to use their nameservers.  However, the "store" section of the website is hosted by us interally (server #5), and the EXTERNAL public domain URL is, and the GoDaddy DNS entries point to the correct public IP address ( note that "mail" designation!

To top it all off, all inbound emails route through Google Postini for spam filtering; why we're not performing this in-house is a big mystery...

So, now that you probably have a bad headache trying to picture this mess, you can only imagine the nightmare I'm having trying to configure the proper settings to get RPC over HTTP working for remote users.

I suspect that I will have to configure additional DNS pointers at GoDaddy to direct my outside Outlook clients to the correct server, but, what server names/IPs should I enter there?  Mind you, the OWA clients would follow a URL beginning with, which would route through the Netgear router to the exch box.

I have all the configurations completed on the Exchange server (registry settings, etc.), but getting this to work has been quite an adventure.

Thank you all in advance!!!
Question by:mporcellana
    LVL 31

    Accepted Solution

    Use the OWA name e.g.

    If you can open https OWA without a cert prompt from the Internet, then RPC/HTTPs should work for you

    Test it with manual server settings (not AutoDiscover) on
    LVL 14

    Assisted Solution

    in order to get rpc to work you need an autodiscover record; and a valid san certificate
    then you need to point to your wan ip which is in front of the exchange server

    Author Closing Comment

    Thanks for the info!

    Just a couple of tips for anyone setting this up:
    1--On the Outlook client, when adding the Exchange account, the email server entry must be your INTERNAL FQDN:  In my example, it should read

    2--It is in the "More Settings"-Advanced tab-Outlook Anywhere-RPC over HTTPS button where you enter the RPC proxy's EXTERNAL FQDN:  In my case, that's  Point your firewall and DNS to this machine's PUBLIC IP.

    3--Once you config the client, start Outlook, and be patient-it can take some time to get the first "connection" done.  Then, close and restart Outlook.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Don't lose your head updating email signatures!

    Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users should you!

    Find out how to use dynamic social media in email signatures with this top 10 DOs & DON’Ts.
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now