Re: RPC over HTTP
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Wed, 26 Sep 2007 04:23:10 GMT
Hi Phil,
Thanks for your reply.
First I need to double confirm you have ran the CEICW wizard to publish
Outlook via the Internet and fully followed the steps to configure RPC over
Http for Outlook.
Please let me know the following:
Did you get the same certificate error visit OWA by the link
https:\\FQDN\exchange? If yes, please check the following:
When the certificate error prompts, click View Certificate, you will see
Issued to item, such as mail.domain.com, please check if mail.domain.com
listed here is the same FQDN as when you visit OWA.
From the Internet client, browse to https://FQDN/rpc. In order for RPC overHTTPs to work, you must be able to browse to this URL without getting a
popup warning about the certificate. You will receive the following error
on the page:
The page cannot be displayed
HTTP Error 403.2 - Forbidden: Read access is denied.
Internet Information Services (IIS)
This is normal. The idea is to be able to get to that page without getting
the popup warning about the certificate.
I am looking forward to hear from you.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<Thread-Topic: RPC over HTTP
<thread-index: Acf/yXojg4PBmqvuTNKQDKCAyN8XGg==
<X-WBNR-Posting-Host: 207.46.19.168
<From: =?Utf-8?B?UGhpbFNjb3R0?= <PhilScott@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <D20F6A7C-2B17-478D-9D55-7163406855ED@xxxxxxxxxxxxx>
<1189589524.921572.15750@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<5C908891-8B45-40BE-B000-A3D7F18FB140@xxxxxxxxxxxxx>
<hZ6Tayb9HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<01929D75-1FD2-416A-AED2-1801505E72A8@xxxxxxxxxxxxx>
<aUIuPCs9HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<C97B748C-5586-497F-8BAC-D3AF0B2997A3@xxxxxxxxxxxxx>
<089D9CB8-08B9-44FC-8365-3F9D5DFB7C13@xxxxxxxxxxxxx>
<Subject: Re: RPC over HTTP
<Date: Tue, 25 Sep 2007 16:12:00 -0700
<Lines: 314
<Message-ID: <331A2AF1-E3F8-4ADF-8841-B39587ED3F91@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:65594
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Hi,
<
<We have already set up Outlook Web Access and purchase a SSL Certificate
<from Comodo. So this should not be a problem.
<
<I have also set up RPC over HTTP but the outlook client is still not
<connecting. I have used the "outlook.exe /rpcdiag" to see if it uses the
HTTP
<but it never connects.
<
<How can I test where the issue is? It obviously could be anything from our
<firewall through to the exchange server. Is there a way I can break each
<level down to try and troubleshoot the issue?
<"Patrick" wrote:
<
<> Phil,
<> rpc over http requires a valid SSL certificate that matches your
servers
<> public DNS name. That's the same name that will go in the URL field for
the
<> Exchange proxy section in your Outlook configuration per previous
<> instructions. You can rerun the CEIW and reissue a certificate from the
<> server pretty easily. Since it's not a "trusted authority", you will
need to
<> install it on the client computer first. Those instructions are also on
the
<> top of the document Configuring Outlook for Internet Email. make sure
you
<> redirect port 443 to your server from the outside, too.
<>
<> Patrick
<>
<>
<> "PhilScott" wrote:
<>
<> > Hi,
<> >
<> > I have followed these instructions, but I am still unable to access
the
<> > https://ourservername/remote. I get a certificate error and then
receive a
<> > HTTP 403 error. Are there any other ways of configuring the RPC over
HTTP?
<> >
<> > Phil
<> >
<> >
<> > "Robert Li [MSFT]" wrote:
<> >
<> > > Hi Phil,
<> > >
<> > > Thanks for your reply.
<> > >
<> > > I will help you with the PRC over Http issue in this thread. For the
RWW
<> > > issue, a suggestion is to open a new thread in our newsgroup. Thanks
for
<> > > your understanding.
<> > >
<> > > However, I'd like to give you some suggestions here:
<> > >
<> > > By default, RWW is installed automatically when running the SBS
integrated
<> > > setup. There is virtual directory named Remote under Default Website
in
<> > > IIS, please have a check.
<> > >
<> > > Please check the following steps to see if RWW can work again.
<> > >
<> > > Step 1: Please rerun the CEICW, this helps us to configure network
and IIS
<> > > correctly:
<> > >
<> > > 1. Click Start, click Server Management. Click To Do List and then
click
<> > > "Connect to the Internet". Click Next, and go through the Internet
option.
<> > > 2. Select Enable firewall and click Next.
<> > > 3. On the Web Services Configuration page shows, make sure Remote
Work
<> > > Webplace is selected. Click Next.
<> > > Note: You can select other items according to your needs, for
example:
<> > > Outlook Web Access, Business Website (wwwroot) and so on.
<> > > 4. On the Web Server Certificate page shows. Select "Create a new
Web
<> > > server certificate", and type your FQDN (mail.domain.com) in the
"Web
<> > > server name" text box. Click Next.
<> > >
<> > > IMPORTANT: The FQDN that you type in the "Web server name" box must
be the
<> > > same name that you use to connect to the Web site from the Internet.
For
<> > > example, if the URL that you use to connect to the RWW is
<> > > https://server.contoso.com/remote, type "server.contoso.com"
(without the
<> > > quotation marks) in the "Web server name" box. If you use
<> > > http://ipaddress/remote to access RWW, type the public IP address in
the
<> > > "Web server name".
<> > >
<> > > 5. Go through the steps to finish the wizard.
<> > >
<> > > More info:
<> > > 825763 How to configure Internet access in Windows Small Business
Server
<> > > 2003
<> > > http://support.microsoft.com/?id=825763
<> > >
<> > > Step 2: This may be caused by incorrect IIS setting, please have a
check:
<> > >
<> > > 1. Open IIS snap-in.
<> > > 2. Go to Default Web Site/Remote
<> > > 3. Right click Remote and click Properties.
<> > > 4. Click Virtual Directory tab.
<> > > 5. Please ensure you have input proper Local Path
(C:\Inetpub\remote) and
<> > > also ensure the checkbox of Read, Log Visit and Index this resource
are
<> > > checked.
<> > > And also ensure Application Settings as follows:
<> > > --Application Name: Remote
<> > > --Execute Permissions: Script only
<> > > --Application Pool: DefaultAppPool
<> > > 6. Click Directory Security tab.
<> > > 7. Click Edit under "Authentication and access control".
<> > > 8. Make sure that the option "Integrated Windows Authentication" and
Enable
<> > > anonymous access are checked.
<> > > 9. Click Edit under "IP address and domain name restriction".
<> > > 10. Make sure that "Granted access" has been selected.
<> > > 11. Click Edit under "Secure communications".
<> > > 12. Make sure that "Require secure channel (SSL)" is checked.
<> > > 13. On the ASP.NET tab, ensure version is 1.1.4322.
<> > >
<> > > Hope this helps.
<> > >
<> > > If you need further assistance, please don't hesitate to let me
know.
<> > >
<> > > Best regards,
<> > >
<> > > Robert Li(MSFT)
<> > >
<> > > Microsoft CSS Online Newsgroup Support
<> > >
<> > > Get Secure! - www.microsoft.com/security
<> > >
<> > > =====================================================
<> > >
<> > > This newsgroup only focuses on SBS technical issues. If you have
issues
<> > > regarding other Microsoft products, you'd better post in the
corresponding
<> > > newsgroups so that they can be resolved in an efficient and timely
manner.
<> > > You can locate the newsgroup here:
<> > > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<> > >
<> > > When opening a new thread via the web interface, we recommend you
check the
<> > > "Notify me of replies" box to receive e-mail notifications when
there are
<> > > any updates in your thread. When responding to posts via your
newsreader,
<> > > please "Reply to Group" so that others may learn and benefit from
your
<> > > issue.
<> > >
<> > > Microsoft engineers can only focus on one issue per thread. Although
we
<> > > provide other information for your reference, we recommend you post
<> > > different incidents in different threads to keep the thread clean.
In doing
<> > > so, it will ensure your issues are resolved in a timely manner.
<> > >
<> > > For urgent issues, you may want to contact Microsoft CSS directly.
Please
<> > > check http://support.microsoft.com for regional support phone
numbers.
<> > >
<> > > Any input or comments in this thread are highly appreciated.
<> > >
<> > > =====================================================
<> > >
<> > > This posting is provided "AS IS" with no warranties, and confers no
rights.
<> > >
<> > > --------------------
<> > > <Thread-Topic: RPC over HTTP
<> > > <thread-index: Acf2n/GSYBwaYqF/R2+tEDZw9xEPUQ==
<> > > <X-WBNR-Posting-Host: 207.46.192.207
<> > > <From: =?Utf-8?B?UGhpbFNjb3R0?= <PhilScott@xxxxxxxxxxxxxxxxxxxxxxxxx>
<> > > <References: <D20F6A7C-2B17-478D-9D55-7163406855ED@xxxxxxxxxxxxx>
<> > > <1189589524.921572.15750@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<> > > <5C908891-8B45-40BE-B000-A3D7F18FB140@xxxxxxxxxxxxx>
<> > > <hZ6Tayb9HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<> > > <Subject: Re: RPC over HTTP
<> > > <Date: Fri, 14 Sep 2007 00:22:01 -0700
<> > > <Lines: 290
<> > > <Message-ID: <01929D75-1FD2-416A-AED2-1801505E72A8@xxxxxxxxxxxxx>
<> > > <MIME-Version: 1.0
<> > > <Content-Type: text/plain;
<> > > < charset="Utf-8"
<> > > <Content-Transfer-Encoding: 7bit
<> > > <X-Newsreader: Microsoft CDO for Windows 2000
<> > > <Content-Class: urn:content-classes:message
<> > > <Importance: normal
<> > > <Priority: normal
<> > > <X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
<> > > <Newsgroups: microsoft.public.windows.server.sbs
<> > > <Path: TK2MSFTNGHUB02.phx.gbl
<> > > <Xref: TK2MSFTNGHUB02.phx.gbl
microsoft.public.windows.server.sbs:62922
<> > > <NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<> > > <X-Tomcat-NG: microsoft.public.windows.server.sbs
<> > > <
<> > > <
<> > > <Hi Robert,
<> > > <
<> > > <Thanks for the instructions, but I am uable to view the
<> > > <https://myservername/remote. I think that is where my problem is.
Our RWW
<> > > is
<> > > <not set up. This is why I cannot view it. It just comes up with a
Http 403
<> > > <error when I attempt to view it.
<> > > <
<> > > <Are there any more suggestions?
<> > > <
<> > > <Phil
<> > > <
<> > > <"Robert Li [MSFT]" wrote:
<> > > <
<> > > <> Hello Phil,
<> > > <>
<> > > <> Thanks for posting in our newsgroup.
<> > > <>
<> > > <> On how to configure RPC over Http for Outlook, please read the
following:
<> > > <>
<> > > <> To use Outlook via the Internet
<> > > <>
<> > > <> Ensure that the following requirements have been met on the
client
<> > > computer:
<> > > <>
<> > > <> Verify that the computer is running Microsoft Windows XP Service
Pack 1
<> > > or
<> > > <> later
<> > > <>
<> > > <> o Click Start, right-click My Computer, and then click Properties.
<> > > <> The version of the operating system and service pack is displayed
under
<> > > <> System. If you do not see a service pack version, there is no
service
<> > > pack
<> > > <> installed.
<> > > <>
<> > > <> Verify that Windows update Q331320 is installed on the computer
(not
<> > > <> required if you are running Windows XP Service Pack 2 or later)
<> > > <>
<> > > <> 1. Click Start, click Control Panel, and then open Add or Remove
<> > > Programs.
<> > > <> 2. Under Currently installed programs, search for the item
Windows XP
<> > > <> Hotfix (SP2) Q331320.
<> > > <> 3. If the item is not present, go to the Microsoft Web site
<> > > <> (http://go.microsoft.com/fwlink/?LinkId=18651) and follow the
<> > > instructions
<> > > <> to download and install it.
<> > > <>
<> > > <> Verify that the computer is running Outlook 2003 or later
<> > > <> 1. Open Outlook.
<> > > <> 2. Click the Help menu, and then click About Microsoft Office
Outlook.
<> > > The
<> > > <> version number appears at the top of the box.
<> > > <>
<> > > <> Verify that the computer trusts the certificate used by the server
<> > > <>
<> > > <> 1. Open Internet Explorer, and then in the address bar type:
<> > > <> https://sbssvr.sbs.com/remote
<> > > <> o If the certificate is trusted, a certificate warning does not
appear.
<> > > In
<> > > <> this case, continue with step 1 under Ensure that you have an
Outlook
<> > > <> profile configured for the server.
<> > > <> o If the certificate is not trusted, a warning appears. Click
View
<> > > <> Certificate, click Install Certificate, and then follow the
<> > > instructions.
<> > > <>
<> > > <> Ensure that you have an Outlook profile configured for the server
<> > > <>
<> > > <> 1. Click Start, and then click Control Panel.
<> > > <> o If you are viewing Control Panel in the default Category view,
switch
<> > > to
<> > > <> Classic view, and then double-click Mail.
<> > > <> o If you are viewing Control Panel in Classic view, double-click
Mail.
<> > > <> 2. In the Mail Setup dialog box, click Show Profiles. If your
profile
<> > > <> appears in the list, select your profile, click Properties, click
<> > > <> Accounts, select View or change existing e-mail accounts, and
then click
<> > > <> Next. If your profile does not appear, open Outlook and follow
the
<> > > <> instructions to create a profile before proceeding.
<> > > <>
<> > > <> o If Microsoft Exchange Server does not appear in the list, the
existing
<> > > <> profile is not associated with a Microsoft Exchange Server e-mail
<> > > account.
<> > > <> Click Cancel, and then click Close. Continue with step 3 to add a
<> > > profile.
<> > > <>
<> > > <> o If there is an existing Microsoft Exchange Server profile,
continue
<> > > with
<> > > <> step 3 under Configure the computer for RPC over HTTP.
<> > > <> 3. Click Add. The New Profile dialog box appears.
<> > > <> 4. In the Profile Name box, type a name for the new profile, and
then
<> > > click
<> > > <> OK. The E-mail Accounts dialog box appears.
<> > > <> 5. Under E-mail, select Add a new e-mail account, and then click
Next.
<> > > The
<> > > <> Server Type dialog box appears.
<> > > <> 6. Click Microsoft Exchange Server, and then click Next.
<> > > <> 7. Continue with step 4 under Configure the computer for RPC over
HTTP.
<> > > <>
<> > > <> Configure the computer for RPC over HTTP
<> > > <>
<> > > <> 1. Click Start, and then click Control Panel.
<> > > <> o If you are viewing Control Panel in the default Category view,
switch
<> > > to
<> > > <> Classic view, and then double-click Mail.
<> > > <> o If you are viewing Control Panel in Classic view, double-click
Mail.
<> > > <> 2. In the Mail Setup dialog box, click E-mail accounts, click
View or
<> > > <> change existing e-mail accounts, and then click Next.
<> > > <> 3. In the E-mail accounts dialog box, click Microsoft Exchange
Server,
<> > > and
<> > > <> then click Change.
<> > > <> 4. In the Microsoft Exchange Server box, type the local name of
the
<> > > <> Exchange server: sbssvr.sbs.local
<> > > <> 5. In the User Name box, type the user name that you use to log
on to
<> > > the
<> > > <> Remote Web Workplace. Do not click Check Name.
<> > > <> 6. In the Exchange Server settings page, click More Settings.
<> > > <> 7. On the Connection tab, under Exchange over the Internet,
select
<> > > Connect
<> > > <> to my Exchange mailbox using HTTP, and then click Exchange Proxy
<> > > Settings.
<> > > <> The Exchange Proxy Settings dialog box appears.
<> > > <> 8. Under Use this URL to connect to my proxy server for Exchange,
type
<> > > the
<> > > <> following URL:
<> > > <> sbssvr.sbs.com
<> > > <> 9. Select Connect using SSL only, and then select Mutually
authenticate
<> > > the
<> > > <> session when connecting with SSL.
<> > > <> 10. In the Principal name for proxy server box, type the
following text:
<> > > <> msstd:sbssvr.sbs.com
<> > > <> 11. Select On slow networks, connect using HTTP first, then
connect
<> > > using
<> > > <> TCP/IP.
<> > > <> 12. Under Proxy authentication settings, select Basic
Authentication.
<> > > <> 13. Click OK, and then click OK again. Click Next, and then click
<> > > Finish.
<> > > <> Click Close.
<> > > <> 14. In the Mail dialog box, if Always use this profile is
selected,
<
.
- Follow-Ups:
- Re: RPC over HTTP
- From: PhilScott
- Re: RPC over HTTP
- References:
- Re: RPC over HTTP
- From: ASL
- Re: RPC over HTTP
- From: Robert Li [MSFT]
- Re: RPC over HTTP
- From: PhilScott
- Re: RPC over HTTP
- From: Robert Li [MSFT]
- Re: RPC over HTTP
- From: PhilScott
- Re: RPC over HTTP
- From: Patrick
- Re: RPC over HTTP
- From: PhilScott
- Re: RPC over HTTP
- Prev by Date: RE: Multiple domain controllers in SBS 2003 R2
- Next by Date: Re: Restoring Information Store from Backup Tape (again)
- Previous by thread: Re: RPC over HTTP
- Next by thread: Re: RPC over HTTP
- Index(es):
Relevant Pages
|
Loading
