Re: RPC over HTTPS woes

---

• From: "Jamestechman" <jamestechman@xxxxxxxxx>
• Date: 7 Mar 2007 12:20:29 -0800

---

You seem to have alot of rcp proxy entries. Download this utility
RPCNoFrontEnd which you can find here, it will automatically create
them for you. I would clear them out first.


http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm

James Chong (MVP)
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com


On Mar 7, 3:05 pm, brannon.kir...@xxxxxxxxx wrote:

Ok so i need a little help...
I have gone over just about every article in my attempt to set up RPC
over HTTPS service. I just cannot see why it does not work. Any help
would be appreciated!
I have one exchange 2003 sp1 backend and 2 DC/GCs windows 2003 R2
the only click is we have the OWA served in a different directory than
the default website
on the on the exchange server (we'll call it mail01):

1)Install Rpc service from windows Add/remove
2)Add rpcproxy registry entries:
mail01:593;mail01.domain.local:593;mail.external.com:
593;mail01:6001-6002;mail01.domain.local:6001-6002;mail.external.com:
6001-6002;mail01:6004;mail01.domain.local:6004;mail.external.com:
6004;gc01:593;gc01.domain.local:593;gc01:6004;gc01.domain.local:6004

3)system manager > admin groups > server> mail01 properties> rpc-http>
check rpc-http back-end server

4)IIS manager> default website> rpc > save config to file
5) IIS manager > mail.external.com > new virtual from file > rpc
6) IIS manager > mail.external.com properties > directory security>
install thawte ssl cert
7) IIS manager > mail.external.com > rpc properties > virtual
directory tab> application name rpc> execute permissions: scripts and
exe > application pool: defaultapppool
8) IIS manager > mail.external.com > rpc properties > virtual
directory tab> configure > remove davex > add windows\system32\rpcproxy
\rpcproxy.dll
9) IIS manager > mail.external.com > rpc properties > directory
security tab > edit authentication > only check basic & add default
domain: domain.local
10) IIS manager > mail.external.com > rpc properties > directory
security tab > edit secure comm > require ssl & require 128-bit
encrypt checked

On DC/GC01 server:
1) registry entry add
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTDS\PARAMETERS
REG_MULTI_SZ Record named NSPI interface protocol sequences with the
data NCACN_HTTP:6004

On Client Outlook 2003:
1) exchange server : mail01.domain.local
2) user name: AD account username
3) more settings > exchange proxy >
url: mail.external.com
check mutually auth
msstd:mail.external.com
check both boxes for fast and slow networks
authentication type: basic

-----------
Inside the network, this setup works, but rpcdiag shows all the
connections are tcp/ip.
Outside the the network, i receive the logon but never connects,
rpcdiag just keeps showing it trying to connect to mail01 and
mail01.domain.local.
OWA works fine on both inside and outside the network (setup as ssl
only, using same cert and virtual directory) no pop ups.
split dns set up for the mail.external.com address

IIS logs look ok:
192.168.1.4 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL01:6001 443 domain\user
99.6.232.160 MSRPC 200 0 0
192.168.1.4 RPC_IN_DATA /rpc/rpcproxy.dll MAIL01:6001 443 domain\user
99.6.232.160 MSRPC 200 0 0
192.168.1.4 RPC_OUT_DATA /rpc/rpcproxy.dll MAIL01:593 443 domain\user
99.6.232.160 MSRPC 200 0 0
192.168.1.4 RPC_IN_DATA /rpc/rpcproxy.dll MAIL01:593 443 domain\user
99.6.232.160 MSRPC 200 0 64
192.168.1.4 RPC_OUT_DATA /rpc/rpcproxy.dll mail01.domain.local:6001
443 domain\user 99.6.232.160 MSRPC 200 0 0
192.168.1.4 RPC_IN_DATA /rpc/rpcproxy.dll mail01.domain.local:6001 443
domain\user 99.6.232.160 MSRPC 200 0 0
192.168.1.4 RPC_OUT_DATA /rpc/rpcproxy.dll mail01.domain.local:593 443
domain\user 99.6.232.160 MSRPC 200 0 0
192.168.1.4 RPC_IN_DATA /rpc/rpcproxy.dll mail01.domain.local:593 443
domain\user 99.6.232.160 MSRPC 200 0 0

.

---

• Follow-Ups:
  • Re: RPC over HTTPS woes
    • From: brannon . kirsch

• References:
  • RPC over HTTPS woes
    • From: brannon . kirsch

• Prev by Date: Re: Exchange 5.5 and DST
• Next by Date: Re: May have applied 926666 too early? help please...
• Previous by thread: RPC over HTTPS woes
• Next by thread: Re: RPC over HTTPS woes
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Resources to Deploy RPC over https ... Using the Microsoft Windows RPC ... virtual private network to connect to their Exchange servers. ... directly to an Exchange server in a corporate environment from the ... The Windows RPC over HTTP feature enables an RPC client (such as ... (microsoft.public.exchange.setup) RE: Is it possible to send fax from Outlook over http/rpc ? ... can send fax via RPC over HTTP. ... Based on my knowledge, in a local area network, Outlook communicates ... RPC over TCP/IP. ... Exchange Server accounts from the Internet when they are working outside ... (microsoft.public.windows.server.sbs) RPC over HTTPS woes ... I have gone over just about every article in my attempt to set up RPC ... on the on the exchange server: ... directory tab> application name rpc> execute permissions: ... Outside the the network, i receive the logon but never connects, ... (microsoft.public.exchange.admin) RPC over HTTP ... Outlook 2003 if they are off the network and connected to ... the Exchange server using RPC over HTTP. ... (microsoft.public.exchange.connectivity) Re: RPC over HTTPS woes ... entry for my GC server (since the exchange server and GC server are ... and then eventually tells me my exchange server ... directory tab> application name rpc> execute permissions: ... Outside the the network, i receive the logon but never connects, ... (microsoft.public.exchange.admin)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.admin  > 2007-03