Re: RPC over HTTPS - need help!

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Boris Lokhvitsky (msexpert_at_gmail.com)
Date: 08/06/04 

Date: Fri, 6 Aug 2004 09:41:55 -0700

"Mark Arnold [MVP]" <mark@mvps.org> wrote in message
news:76u6h0dc6v9kn62m669jd2sdomo3ebsnn3@4ax.com...
>
> I've battles through this and the first question I need to ask of you
> is around the certificates.
> Are the PC's on the same domain as the Exchange server?
> Do the PCs on which you are attempting access from have the Root
> Certificate and Server certificate loaded?
>
> If you don't have the certificate loaded then you will not get access
> to RPC over HTTPS.
> If you use OWA do you get the old box with the 3 questions about
> certificate trustworthiness, date validity and name validity? OWA will
> pop that box up and let you say yes, RPC over HTTPS, like ActiveSync
> will not give you that box and will refuse to connect.
>
>
> Mark Arnold MCSA MCSE+M MVP,
> FAQ: http://www.swinc.com/resource/exchange.htm
> Blog: http://www.msexchange.me.uk

Hello Mark,

Thanks a lot for answering, I'm lucky to get an answer from you.
I do suspect myself that the problem is around certificates.
Yes all servers and the client are members of the same domain.
On teh client PC, I have installed a certificate for using mail encryption
and digital ID. What I did - I requested the certificate using the web
enrollment (http:// domain name>/certsrv) and installed it. As far as I
understand, this is a different certificate from the one that had been
installed on the front-end Exchange server. Should I use exactly the same
certificate on each client? If so, what could be the best procedure to
deploy them on multiple machines? It could become a mess with numerous
clients.
Another querstion is - what is the difference between the Root and Server
certificates? How do i install both of them?

For the certificate trustworthiness, I have read the KB article saying what
you mentioned (that RPC over HTTPS cannot popup the window about certificate
validity and hence silently refuse the connection), and I think this could
be a problem. I have a certificate issued to the public FQDN of the
front-end server (say, public.domain.com), but the actual server name is
private.domain.com, this is what is registered with DNS. Name
"public.domain.com" is set up in DNS as CNAME. I keep receiving the pop-up
window you mentioned complaining about name validity when I use OWA. I am
not sure what I have to do to fix this problem (which is especially
important if this is the root of the evil with RPC over HTTPS). Please
advise.

Thanks a lot again,
Boris

Relevant Pages

  • Re: New Event Log Errors!
    ... Somehow along those lines I'd also installed the Certificate Authority ... Did you apply the last Server Pack for SBS Server? ... Please install Windows Support Tools on the win2k3 sp1 problematic ... Microsoft is providing this information only as a convenience to you: ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... We are making this a virtual server (someone is going on-site on Thursday to install VMWare (which will kill everything on this box) and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)
  • Re: Cant disable "Trusted" for Certificates Issued by MS Certificate Server
    ... >>> Certificate Server) was created when I installed MS Certificate ... >>> Did not install DNS Server as part of this. ... >>> I think that you're asking if the client machine that I'm testing with ...
    (microsoft.public.platformsdk.security)
  • Re: Need for encryption in WSE 3.0 if using SS-avoid man-in-middle
    ... SSL only validates you are talking to a SSL certified server; ... They can simply edit the URL the client program ... can be done by using a X.509 certificate on both ends, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: LDP client authentication fails
    ... I got the LDP working with LDAP server under server client authentication ... I did not installed the certificate in pfx format .. ... Client cert auth won't work without that. ...
    (microsoft.public.windows.server.active_directory)