[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need help configuring Exchange 2003 RPC over HTTPS

Posted on 2011-10-19
12
Medium Priority
?
773 Views
Last Modified: 2012-05-12
I've used RPC over HTTPS for some time on my old exchange 2003 server. Working perfectly.
Recently installed a new Exchange 2003 server, full SP and updated. The certificate I used on my old server is now installed on the new one (also accompanying root and intermediates). I moved my mailboxes etc and finally removed old original Exchange server. Everything works fine, except Outlook cannot connect with RPC over HTTPS.
OWA over HTTPS is working normally.
I installed the RPC over HTTP proxy component on my exchange server. After that, in IIS I configured the proxy with basic autenticaton only.
In Exchange System manager in the RPC tab of the properties of the server, I selected "not part of a managed topology".
I ran RPCNoFrontEnd.exe, filled in de FQDN and let it make the registry changes.
In Outlook in the connection tab, I selected the checkbox to use HTTP. In the proxy settings I specified the FQDN of I used before in RPCNoFrontEnd.exe and select basic authentication.
The Exchange server is the only exchange server (no front-backend) and not a DC, the DC available is also GC.
What am I overlooking?
0
Comment
Question by:RBraat
  • 6
  • 5
12 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1000 total points
ID: 36991799
Do you have integrated and Basic authentication enabled on the RPC virtual directory under your default website in IIS manager?

If not - please enable both and run iisreset.

If they are - please visit https://testexchangeconnectivity.com and run the RPC test specifying manual server settings (no Autodiscover) and advise the results.

Thanks

Alan
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36991809
0
 

Author Comment

by:RBraat
ID: 36991905
@alanhardisty integrated was not enabled (I found in the manual only basic). Now it is, I ran IISREST and the test "Outlook Anywhere (RPC over HTTP)" with no autosiscover to test RPC/HTTP connectivity. It tells me all "connectivity test succesfull". But Outlook is still not able to connect ...

@gaurav05: as far as I can see in a glance, I done all  these steps ...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36991924
Okay - Sounds good do far.  Is the SSL certificate a self-issued cert or a 3rd party purchased cert?

If self-issued, you will need to install the cert onto each and every client via IE to make RPC work happily.
0
 

Author Comment

by:RBraat
ID: 36991939
No it's a real one. It's the same certificate I used before on my old exchange server. The FQDN is now pointing to the new exchange server
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36991960
Who issued the certificate?  The clients may not trust the cert?

Did you open up TCP port 443 on your firewall and forward the port to your Exchange server?
0
 

Author Comment

by:RBraat
ID: 36992579
It's the same certificate I used before on my old exchange server and clients did trust is.
443 is forwarded to the exchange srever.

Strangest thing: in one of my attemps, when I ran outlook rpcdiag, the connection succeeded. I could see a working HTTP connection. I closed outlook and after that was not able anymore to connect ...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36992596
If the test site works and the cert is trusted, then all should be well.

What are you using for the Proxy settings in Outlook?

Are you using the msstd:FQDN_of_your_SSL_Cert?
0
 

Author Comment

by:RBraat
ID: 36992781
In the proxy setting I specify the FQDN, but dit not specify msstd:FQDN. I'm sure I also not did this in the old situation.
I rebooted Exchange and rebooted my client. Tried again, and now there is a connection. I't takes some time and then I get a popup:

Privacy manager has configured your e-mail profile. Some of the new features will not be available until you restart Outlook. Do you want to restart Outlook now?

really don't know what that is?? So outlook restarted again and now it seems to work. Without msstd:FQDN.

During all the process, I  really did not make a significant change. I'm wondering how stable the connection will be.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36992788
Good news.  It should be fine - I usually add the msstd:fqdn part and if it works without, then that's fine.

The crucial part was the Integrated Authentication setting in IIS as without that - no dice.
0
 

Author Closing Comment

by:RBraat
ID: 36992925
Thanks for helping!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36993086
You are most welcome.

Glad it is sorted.

Alan
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question