Link to home
Start Free TrialLog in
Avatar of RBraat
RBraatFlag for Netherlands

asked on

Need help configuring Exchange 2003 RPC over HTTPS

I've used RPC over HTTPS for some time on my old exchange 2003 server. Working perfectly.
Recently installed a new Exchange 2003 server, full SP and updated. The certificate I used on my old server is now installed on the new one (also accompanying root and intermediates). I moved my mailboxes etc and finally removed old original Exchange server. Everything works fine, except Outlook cannot connect with RPC over HTTPS.
OWA over HTTPS is working normally.
I installed the RPC over HTTP proxy component on my exchange server. After that, in IIS I configured the proxy with basic autenticaton only.
In Exchange System manager in the RPC tab of the properties of the server, I selected "not part of a managed topology".
I ran RPCNoFrontEnd.exe, filled in de FQDN and let it make the registry changes.
In Outlook in the connection tab, I selected the checkbox to use HTTP. In the proxy settings I specified the FQDN of I used before in RPCNoFrontEnd.exe and select basic authentication.
The Exchange server is the only exchange server (no front-backend) and not a DC, the DC available is also GC.
What am I overlooking?
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of RBraat

ASKER

@alanhardisty integrated was not enabled (I found in the manual only basic). Now it is, I ran IISREST and the test "Outlook Anywhere (RPC over HTTP)" with no autosiscover to test RPC/HTTP connectivity. It tells me all "connectivity test succesfull". But Outlook is still not able to connect ...

@gaurav05: as far as I can see in a glance, I done all  these steps ...
Okay - Sounds good do far.  Is the SSL certificate a self-issued cert or a 3rd party purchased cert?

If self-issued, you will need to install the cert onto each and every client via IE to make RPC work happily.
Avatar of RBraat

ASKER

No it's a real one. It's the same certificate I used before on my old exchange server. The FQDN is now pointing to the new exchange server
Who issued the certificate?  The clients may not trust the cert?

Did you open up TCP port 443 on your firewall and forward the port to your Exchange server?
Avatar of RBraat

ASKER

It's the same certificate I used before on my old exchange server and clients did trust is.
443 is forwarded to the exchange srever.

Strangest thing: in one of my attemps, when I ran outlook rpcdiag, the connection succeeded. I could see a working HTTP connection. I closed outlook and after that was not able anymore to connect ...
If the test site works and the cert is trusted, then all should be well.

What are you using for the Proxy settings in Outlook?

Are you using the msstd:FQDN_of_your_SSL_Cert?
Avatar of RBraat

ASKER

In the proxy setting I specify the FQDN, but dit not specify msstd:FQDN. I'm sure I also not did this in the old situation.
I rebooted Exchange and rebooted my client. Tried again, and now there is a connection. I't takes some time and then I get a popup:

Privacy manager has configured your e-mail profile. Some of the new features will not be available until you restart Outlook. Do you want to restart Outlook now?

really don't know what that is?? So outlook restarted again and now it seems to work. Without msstd:FQDN.

During all the process, I  really did not make a significant change. I'm wondering how stable the connection will be.
Good news.  It should be fine - I usually add the msstd:fqdn part and if it works without, then that's fine.

The crucial part was the Integrated Authentication setting in IIS as without that - no dice.
Avatar of RBraat

ASKER

Thanks for helping!
You are most welcome.

Glad it is sorted.

Alan