RE: RPC/HTTPS GC question

Hi Dan,

I believe you can. To answer some of your questions and give you some
background information on the changes in Exchange 2003 SP1/2:

1) RPC over HTTP Interactions on the Back-End Servers:

Outlook requires access to three types of back-end servers:

o Mailbox and Public Folder servers. Mailbox servers store user mailboxes,
including any mailboxes that a user must access as a delegate. Public folder
servers store public folder data, including Free/Busy and the Offline Address
Book. The Microsoft Exchange Information Store service listens for incoming
RPC requests on port 6001.

o Global catalog servers. Outlook does not connect directly to global
catalog servers when you use RPC over HTTP, so you do not have to add global
catalog servers to the list of servers that the RPC proxy server can access.
Instead, the users’ mailbox server forwards directory RPC requests to the
global catalog servers. However, because of product version changes in the
RPC protocol that are designed to support RPC over HTTP, these servers must
also meet the requirements for RPC over HTTP.

o DSProxy. Directory Service Proxy is an internal component of the Exchange
system attendant. It provides an address book service to Outlook clients.
When RpcProxy.dll forwards an RPC request to port 6002 or port 6004, DSProxy
receives that request. A client computer cannot connect to a global catalog
server directly over the Internet. Therefore, the referral service of DSProxy
replies to the request with the local Exchange server on which DSProxy is
running. The client uses the local Exchange server on which DSProxy is
running, instead of the global catalog server. The client computer then uses
the DSProxy proxy service port (6004) on the local Exchange server for
requests for directory information. The local Exchange server forwards the
request to the global catalog server.


2) Ensure you configure your Exchange servers using the RPC/HTTPS
configuration tab. This ensures that configuration settings (i.e. the
addition of back end servers) is done (and maintained) automatically. No
need to mess around with the registry. Exchange 2003 SP1 includes an updated
System Attendant function. On front-end servers that are part of the managed
RPC over HTTP topology, the System Attendant scans AD every 15 minutes to
locate Exchange 2003 back-end servers whose Heuristics values are configured
to make them part of the managed topology. On the front-end server, the
System Attendant updates the ValidPorts subkey for each participating
back-end server that it discovers. The beauty of this approach is apparent
when you add new Exchange 2003 back-end servers to the environment. As long
as you configure them to participate in the managed RPC over HTTP topology by
selecting the appropriate radio button, the front-end servers automatically
detect the back-end servers and keep the configuration up-to-date. Similarly,
if you add new front-end servers to your environment and configure them to
participate in the managed topology, they automatically detect all relevant
back-end servers.

3) It is recommended that your RPC proxy server is an Exchange front-end
server

4) You must run Windows Server 2003 on the following computers

o All Exchange Server 2003 servers that Outlook 2003 clients will access
using RPC over HTTP, such as mailbox servers and public folder servers.

o All Exchange Server 2003 front-end servers that act as RPC proxy servers.

o All global catalog servers that Outlook 2003 clients and Exchange Server
2003 servers (that are configured to use RPC over HTTP) use


So in the latter case, you need the Exchange backend server(s) to be looking
at Windows 2003 GCs. It is the job of DSAccess to discover these. Easiest
way is to use the Directory Access tab on the Server object in ESM and then
override the automatic, removing the W2K boxes and leaving only the W2K3 boxes

HTH

"Dan" wrote:

I'm looking to implement rpc over https. I have multiple FE and BE servers
all running Exchange 2k3 sp2.

How is the GC determined in a RPC/HTTPS configuration when the Exchange
server is running 2k3 sp2 (and how is that different the sp1?)

only about half of my 20 GCs have been upgraded to 2k3. Is the proxy server
connecting to the GC? Can I tell it to only connect to a list of GCs? It
looked like this use to be controlled by a reg. key, but some articles make
is seem as though this behavior has changed for sp2. Is this the case? Is
there any way for me to implement rpc over https in my current environment
with half of my GCs being 2k?

Thanks
.