Re: RPC over HTTP, NAT firewall, authentication problems

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

This solution cost me $312.00 Mike, so enjoy.

I followed the white papers and these are the … inconsistencies.

In Exchange System Manager | RPC-HTTP tab, radial button “Not part of an
exchange man….” is selected.
Registry entry in the RPCProxy (valid ports) should have the local machine
name and internal FQDN, not the external name (or redirecting DNS name)
example (myservername:6001-6002;myservername.domainname:6001-6002 …. Etc)
In the IIS RPC properties take out “realms”.
Restart the server.

On the client (I remade the profile), use the internal FQDN and the
username.
Select more settings (allow the error), connections | exchange proxy
settings: https://externalserverFQDN,
proxy authentication (set to basic).

Let me know if that works kerberos128@xxxxxxxx



"Mike" wrote:

Seems like everything i found has ultimately pointed me back to the
documentation from Microsoft, Which I have read a thousand time to make sure
i am not missing something to no avail. It is so frustrating because i know
it is probably one little setting that we are missing.

I also did upgrade from a 2000 domain, so maybe there is something there.

Also, initially I had a mail server that had an different internal name than
external name and i thought maybe that was an issue. Well, luckily it was
due for a HW upgrade so i brought up a new server moved everything over to it
and am still experiencing the same issue.

I will also keep looking, hopefully we will come across something helpful.

"Wayne" wrote:

Misery loves company

I can tell you Mike, if you start to add the labour cost on this new
configuration, it may be cheaper to pay the $300 for a Microsoft support call.

I’ve found a couple of websites that give slightly different registry entry
information, even one that has a “utility” to make the entries for you.
Perhaps that the issue? I will check thru the information via Microsoft
again, but I’m pretty sure I’ve followed all steps correctly.

Is there any reason an upgrade from 2000 domain to 2003 domain that may
cause an issue?


"Mike" wrote:

I am having a similar problem and configuration (ie works internal, not
external, single exhcange 2003, NAT firewall) and I followed all the steps in
the recommended link. I cant figure out where i went wrong?? In the section
"To configure the RPC proxy server to use specified ports for RPC over HTTP"
it says to make the registry changes on the RPC proxy server, I did this on
my exchange server. Is that correct or incorrect? Thanks.

Mike

"John Oliver, Jr. [MVP]" wrote:

Port 80 and 443 is all you need open or NAT'ed to your Exchange Server. You
will need to make some registry changes on your Exchange Server with your
scenario which is Exchange 2003 with no Front End Server. See Exchange
Deployment Scenarios,

http://technet.microsoft.com/en-us/library/ee9b228f-db48-4860-8bfd-3195881b8980.aspx

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2007
Microsoft Certified Partner

"Wayne" <Wayne@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D3EB6621-D313-4FE8-8F05-236FF5FB6349@xxxxxxxxxxxxxxxx
Rpc over http NAT port directing

I have recently done an upgrade from 2000 domain to an entire 2003 domain
so
I can run rpc over http. I have one exchange 2003 member server two 2003
domain controllers and a NAT firewall. I've set up exchange server to use
rpc over http and triple checked my set up. The outlook 2003 client
connects
internally, but when I use an IP address outside the firewall I continue
to
get prompted for my authentication ( "connect to Xserver.domain.com" ). I
have port 80 and 443 forwarded to the mail server, and if I change the
setup
of the mail account to, "http, connect to an http e-mail server such
as ...",
I get a successful connection to the server, but I loose the extra
attributes
of exchange like the calendar, Global Address book, etc.

I've run a snmp trap on the outlook client to trouble shoot, there are
ports
1124, 1025, 1089, etc running. I'm wondering if there should be a port
forwarder to the domain controller / global catalog server on my firewall?

Any other trouble shooting recommendations?




.

Relevant Pages

  • RE: Connecting via RPC
    ... I understand that you encountered problem when trying RPC to your Exchange ... 825763 How to configure Internet access in Windows Small Business Server ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RPC over HTTP, Microsoft solution
    ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
    (microsoft.public.exchange.setup)
  • Re: Exchange Disaster Recovery Server
    ... The backup server is setup also in the lab so I ... >>> The Microsoft Exchange Server computer is not available. ... >>> Microsoft Exchange Server Information Store ...
    (microsoft.public.exchange2000.admin)
  • RE: RPC over HTTPS Problem!!!
    ... I want to send you the log results of RPCDUMP tool on the RPC Proxy Server ... (also front-end Exchange server). ... VersMajor 1 VersMinor 0 ...
    (microsoft.public.exchange.connectivity)
  • RE: RPC over HTTPS Problem!!!
    ... I want to send you the log results of RPCDUMP tool on the RPC Proxy Server ... (also front-end Exchange server). ... VersMajor 1 VersMinor 0 ...
    (microsoft.public.exchange.connectivity)