• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 341
  • Last Modified:

Exchange 2003-RPC over HTTP-very odd network setup...

Greetings all...I'm about 6 weeks into a new permanent network admin position, and inherited one of the wackiest setups I've encountered in the past 20-odd years...Good luck trying to figure this one out-hence the max points offered.  Here goes...

Company is a mid-sized manufacturing concern; large plant operation, relatively small office portion.  Servers consist of the following (numbered for ease of reference):
NOTE:  All clients/servers are on same IP scheme & subnet:  192.168.200.xxx sub
Gateways differ as indicated-I'll explain further below

#1--Domain controller, Server 2003 Enterprise, AD, GC, DNS.  Has 2 NICs, only 1 in use, yet is assigned static IPs of .10 and .110, gateways of .5 & .254, FQDN-exchange2.domain.bizname.com

#2--Member server, Server 2003 Enterprise, Exchange 2003, DNS. 2 NICs, 1 in use, static IP .14, gateways .5 & .254.  FQDN-exch.domain.bizname.com

#3--Member server, Server 2008 R2 Standard, File/Data Server, Print Server.  2 NICs, 1 in use, static IP .1, gateway .5.  FQDN-server.domain.bizname.com

#4--Member server, Win2000 Server, 3rd party fax server, 1 NIC, static IP .12, gateway .5. FQDN-commserver2.domain.bizname.com

#5--Member server, Server 2003 Enterprise, hosts our website store via Apache web server, 1 NIC. static IP .13, gateway .5.  FQDN--store.domain.bizname.com

Now, the REAL fun...our Internet pipe is supplied by Comcast via a SMC cable modem, with 4 RJ-45 ports, and FIVE static IPs:  173.xxx.xxx.217 through 221, with the SMC box getting .222.  DHCP is enabled in the 10.1.10.xxx scheme.  3 Cat5e cables are plugged in:

#1 goes to a D-Link wireless router, uses .219 WAN address, assigns DHCP addresses of 192.168.211.xxx.  Is only used for wireless Internet access for visitors/guests.

#2 goes to a Watchguard Firebox 700 hardware firewall gets the .218 WAN IP, LAN static IP of; acts as primary gateway/firewall/web policy restrictions for most clients.

#3 goes to a cheap Netgear wireless router w/4 Ethernet ports; this, believe it or not, acts as the 2nd gateway; WAN IP of .217, LAN static IP of, wireless function disabled.  It was installed by a previous "consultant" supposed to:
allow inbound access without firewall restrictions;
allow outbound access to clients who were permitted no restrictions; and,
permit Outlook Web Access to function.

But wait-it gets worse!  Our "main" Internet website-www.bizname.com-is hosted by GoDaddy on one of their virtual servers, so their NAT handles redirects on their end; BUT-the website is registered through Network Solutions, and GoDaddy forced us to use their nameservers.  However, the "store" section of the website is hosted by us interally (server #5), and the EXTERNAL public domain URL is mail.bizname.com/xcart/blahblah, and the GoDaddy DNS entries point to the correct public IP address (173.xxx.xxx.217)...but note that "mail" designation!

To top it all off, all inbound emails route through Google Postini for spam filtering; why we're not performing this in-house is a big mystery...

So, now that you probably have a bad headache trying to picture this mess, you can only imagine the nightmare I'm having trying to configure the proper settings to get RPC over HTTP working for remote users.

I suspect that I will have to configure additional DNS pointers at GoDaddy to direct my outside Outlook clients to the correct server, but, what server names/IPs should I enter there?  Mind you, the OWA clients would follow a URL beginning with mail2.bizname.com, which would route through the Netgear router to the exch box.

I have all the configurations completed on the Exchange server (registry settings, etc.), but getting this to work has been quite an adventure.

Thank you all in advance!!!
2 Solutions
Use the OWA name e.g. Mail2.bizname.com

If you can open https OWA without a cert prompt from the Internet, then RPC/HTTPs should work for you

Test it with manual server settings (not AutoDiscover) on www.testexchangeconnectivity.com
in order to get rpc to work you need an autodiscover record; and a valid san certificate
then you need to point autodiscover.mail2.domain.com to your wan ip which is in front of the exchange server
mporcellanaAuthor Commented:
Thanks for the info!

Just a couple of tips for anyone setting this up:
1--On the Outlook client, when adding the Exchange account, the email server entry must be your INTERNAL FQDN:  In my example, it should read exch.domain.bizname.com.

2--It is in the "More Settings"-Advanced tab-Outlook Anywhere-RPC over HTTPS button where you enter the RPC proxy's EXTERNAL FQDN:  In my case, that's mail2.bizname.com.  Point your firewall and DNS to this machine's PUBLIC IP.

3--Once you config the client, start Outlook, and be patient-it can take some time to get the first "connection" done.  Then, close and restart Outlook.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now