Re: Outlook 2003 - RPC over HTTP

From: Adarsh Atikukke (AdarshAtikukke_at_discussions.microsoft.com)
Date: 07/01/04

• Next message: Sue Mosher [MVP-Outlook]: "Re: mark messages from someone in specified category"
• Previous message: Charles: "Re: Outlook 2003 Junk E-mail filtering"
• Next in thread: neo [mvp outlook]: "Re: Outlook 2003 - RPC over HTTP"
• Reply: neo [mvp outlook]: "Re: Outlook 2003 - RPC over HTTP"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 1 Jul 2004 09:52:02 -0700

Thanks a lot for the reply. It's greatly appreciated.

I feel I have sorted out all my SSL issues and moving beyond, I am referring to the Exchange 2003 Server Deployment Guide for instructions on configuring RPC over HTTP. I am slightly confused with step regarding "To configure the RPC Proxy server to use the specified default ports for RPC over HTTP Proxy inside the corporate network" mentioned on page 156 of the document.

We have 2 servers - one of them is the exchange server, web server, file server and all other watever servers and the other one is just the Global Catalog server. Therefore, there is no front-end/back-end scenario here. In such a case, is the above mentioned step necessary? Or since I am using just one Exchange server throughout, can I skip this step? Also, the instructions actually talk about editing the registry to include information for the GC server as well. Is this necessary in the given scenario?

Please advise.

Thank you.

Sincerely,
Adarsh Atikukke

"neo [mvp outlook]" wrote:

> This should be helpful in getting you started
> http://www.petri.co.il/configure_ssl_on_owa.htm
>
> some notes are below...
>
> "Adarsh Atikukke" <Adarsh Atikukke@discussions.microsoft.com> wrote in
> message news:07D987D1-2A6D-4634-B274-9BEA973D7FA3@microsoft.com...
> > Hello everyone,
> > This post may be a little out of place as the problem I am having is not
> related to Outlook, but I haven't gotten around to having problems with
> Outlook yet on this project!
> >
> > I need to configure Outlook 2003 (running on XP, with SP1 and the patch)
> to connect to my exchance server (2003) without needing to VPN in. I know
> the method is to use RPC over HTTP, and I am in the process of configuring
> the same, but I am confused regarding a few issues and would greatly
> appreciate any assistance in this regard.
> >
> > I do wish to use SSL as I am aware that otherwise passwords are sent in
> plain text across the network which is highly undesirable. For this purpose,
> I need a SSL certificate and we plan to use our own CA to issue the
> certificates and therefore, I have installed certificate services on the
> Exchange server making it the enterprise certificate authority. (Security
> concerns regarding having the CA on the exchange server is not an issue.)
> >
> > I am not sure what is the next immediate step after this - Do I need to
> create a (SSL) certificate first or is there a certificate already created
> for me as part of the Certificate Services installation?
>
> Once you get the Enterprise Root CA installed, then you would start
> requesting SSL certs. Link above will help you start securing OWA.
> Assuming that your single server is going to be OWA and a RPC/HTTP endpoint,
> you can use the same SSL certificate.
>
> One word of advice since you are going to be using an Internal CA. You must
> install a copy of the Root CA certificate on your machines. This is done
> manually for you if using an Enterprise Root CA that is part of your Active
> Directory domain. (The root certificate is published to all domain members.)
> If you went a stand-alone CA, then you have to install a copy of the signing
> root CA certificate on every machine.
>
> The reason a copy of the root CA must be installed on the clients machine is
> that if the RPC/HTTP server's SSL certificate can't be verified back up to
> the root (e.g. if it has to be acknowledged for any reason), Outlook 2003
> will not be able to connect over HTTP and not give any error messages as to
> why (it just fails the connection quietly).
>
> > What I understand is that the exchange virtual roots needed to be
> configured to use SSL and the default website hosting these roots needs to
> be configured to use SSL as well. Am I correct here?
>
> Yep, it is always best to get the data to go over SSL.
>
> > Assuming that a certificate is already created and that I am right in my
> previous understanding, I have couple more questions - 1) Our exchange
> server is our web-server as well and it is hosting our website. If I were to
> enable SSL for the "default website" in IIS Manager, will my website then
> also be configured to use SSL (only)? 2) If I were to enable SSL for the
> "default website" will my OWA also be configured to use SSL?
>
> You can toggle SSL on/off for each folder. For example, you can require SSL
> for the "/exchange", "/public", and "/rpc" (and any other) folders you can
> think of and still allow for anonymous access to the root
> (http://server.fqdn.com) and other areas.
>
> > If yes, is there a way to work around this, i,.e., to not have OWA and the
> website not be configured for SSL?
>
> OWA doesn't require SSL, it is just considered a best practice because you
> don't want data (e.g. user ids, passwords) flowing across the net in the
> clear.
>
> RPC/HTTP default configuration on the other hand states that it should be
> over SSL.
>
> FWIW, I run a single member server that offers a public web site that is
> accessible via a standard http call and allows OWA & RPC/HTTP calls over
> SSL. So a single server can do it all.
>
>
>

• Next message: Sue Mosher [MVP-Outlook]: "Re: mark messages from someone in specified category"
• Previous message: Charles: "Re: Outlook 2003 Junk E-mail filtering"
• Next in thread: neo [mvp outlook]: "Re: Outlook 2003 - RPC over HTTP"
• Reply: neo [mvp outlook]: "Re: Outlook 2003 - RPC over HTTP"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint