Re: Outlook 2003 - RPC over HTTP
From: neo [mvp outlook] (neoheart_at_remove-heart.mvps.org)
Date: 07/02/04
- Next message: Mark 123: "Re: Third party software for contact management"
- Previous message: SteveMont: "Outlook Scheduling Problem"
- In reply to: Adarsh Atikukke: "Re: Outlook 2003 - RPC over HTTP"
- Next in thread: Adarsh Atikukke: "Re: Outlook 2003 - RPC over HTTP"
- Reply: Adarsh Atikukke: "Re: Outlook 2003 - RPC over HTTP"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Jul 2004 18:14:01 -0700
One question before I answer, have you applied SP1 for Exchange 2003? (Not
sure if the whitepaper has been updated to reflect the changes that SP1 for
Exchange 2003 brings to RPC over HTTPs, but I will look.)
/neo
ps - front/backend solution is not required for rpc/http. I have a setup
that is similar to what you are describing. :)
"Adarsh Atikukke" <AdarshAtikukke@discussions.microsoft.com> wrote in
message news:AA52579C-A6AA-442D-93A2-4D387171ADA5@microsoft.com...
> Thanks a lot for the reply. It's greatly appreciated.
>
> I feel I have sorted out all my SSL issues and moving beyond, I am
referring to the Exchange 2003 Server Deployment Guide for instructions on
configuring RPC over HTTP. I am slightly confused with step regarding "To
configure the RPC Proxy server to use the specified default ports for RPC
over HTTP Proxy inside the corporate network" mentioned on page 156 of the
document.
>
> We have 2 servers - one of them is the exchange server, web server, file
server and all other watever servers and the other one is just the Global
Catalog server. Therefore, there is no front-end/back-end scenario here. In
such a case, is the above mentioned step necessary? Or since I am using just
one Exchange server throughout, can I skip this step? Also, the
instructions actually talk about editing the registry to include information
for the GC server as well. Is this necessary in the given scenario?
>
> Please advise.
>
> Thank you.
>
> Sincerely,
> Adarsh Atikukke
>
> "neo [mvp outlook]" wrote:
>
> > This should be helpful in getting you started
> > http://www.petri.co.il/configure_ssl_on_owa.htm
> >
> > some notes are below...
> >
> > "Adarsh Atikukke" <Adarsh Atikukke@discussions.microsoft.com> wrote in
> > message news:07D987D1-2A6D-4634-B274-9BEA973D7FA3@microsoft.com...
> > > Hello everyone,
> > > This post may be a little out of place as the problem I am having is
not
> > related to Outlook, but I haven't gotten around to having problems with
> > Outlook yet on this project!
> > >
> > > I need to configure Outlook 2003 (running on XP, with SP1 and the
patch)
> > to connect to my exchance server (2003) without needing to VPN in. I
know
> > the method is to use RPC over HTTP, and I am in the process of
configuring
> > the same, but I am confused regarding a few issues and would greatly
> > appreciate any assistance in this regard.
> > >
> > > I do wish to use SSL as I am aware that otherwise passwords are sent
in
> > plain text across the network which is highly undesirable. For this
purpose,
> > I need a SSL certificate and we plan to use our own CA to issue the
> > certificates and therefore, I have installed certificate services on the
> > Exchange server making it the enterprise certificate authority.
(Security
> > concerns regarding having the CA on the exchange server is not an
issue.)
> > >
> > > I am not sure what is the next immediate step after this - Do I need
to
> > create a (SSL) certificate first or is there a certificate already
created
> > for me as part of the Certificate Services installation?
> >
> > Once you get the Enterprise Root CA installed, then you would start
> > requesting SSL certs. Link above will help you start securing OWA.
> > Assuming that your single server is going to be OWA and a RPC/HTTP
endpoint,
> > you can use the same SSL certificate.
> >
> > One word of advice since you are going to be using an Internal CA. You
must
> > install a copy of the Root CA certificate on your machines. This is
done
> > manually for you if using an Enterprise Root CA that is part of your
Active
> > Directory domain. (The root certificate is published to all domain
members.)
> > If you went a stand-alone CA, then you have to install a copy of the
signing
> > root CA certificate on every machine.
> >
> > The reason a copy of the root CA must be installed on the clients
machine is
> > that if the RPC/HTTP server's SSL certificate can't be verified back up
to
> > the root (e.g. if it has to be acknowledged for any reason), Outlook
2003
> > will not be able to connect over HTTP and not give any error messages as
to
> > why (it just fails the connection quietly).
> >
> > > What I understand is that the exchange virtual roots needed to be
> > configured to use SSL and the default website hosting these roots needs
to
> > be configured to use SSL as well. Am I correct here?
> >
> > Yep, it is always best to get the data to go over SSL.
> >
> > > Assuming that a certificate is already created and that I am right in
my
> > previous understanding, I have couple more questions - 1) Our exchange
> > server is our web-server as well and it is hosting our website. If I
were to
> > enable SSL for the "default website" in IIS Manager, will my website
then
> > also be configured to use SSL (only)? 2) If I were to enable SSL for the
> > "default website" will my OWA also be configured to use SSL?
> >
> > You can toggle SSL on/off for each folder. For example, you can require
SSL
> > for the "/exchange", "/public", and "/rpc" (and any other) folders you
can
> > think of and still allow for anonymous access to the root
> > (http://server.fqdn.com) and other areas.
> >
> > > If yes, is there a way to work around this, i,.e., to not have OWA and
the
> > website not be configured for SSL?
> >
> > OWA doesn't require SSL, it is just considered a best practice because
you
> > don't want data (e.g. user ids, passwords) flowing across the net in the
> > clear.
> >
> > RPC/HTTP default configuration on the other hand states that it should
be
> > over SSL.
> >
> > FWIW, I run a single member server that offers a public web site that is
> > accessible via a standard http call and allows OWA & RPC/HTTP calls over
> > SSL. So a single server can do it all.
> >
> >
> >
- Next message: Mark 123: "Re: Third party software for contact management"
- Previous message: SteveMont: "Outlook Scheduling Problem"
- In reply to: Adarsh Atikukke: "Re: Outlook 2003 - RPC over HTTP"
- Next in thread: Adarsh Atikukke: "Re: Outlook 2003 - RPC over HTTP"
- Reply: Adarsh Atikukke: "Re: Outlook 2003 - RPC over HTTP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
