Re: SBS 2003 and Outlook RPC over HTTP issues

Hi Gregg

Thank you so much for helping me

from inside the LAN https://servername/exchange brings up OWA after a
certificate error message. Same thing with https://domainname.com/exchange
after a certificate error on a machine that i dont have the cert installed.

Telnet inside the lan works fine i get a blinking cursor using 443. Same
with over the internet I get a blinking cursor at 443.

I checked the virtual directories that you mentioned, exchange-oma wasnt
setup for 128 bit encryption so i checked the box. All the others were
already using this. I am almost positive it has something to do with IIS as
CRM really screwed IIS up. Is there a simple way to re-install the exchange
portion of IIS safely? I know from testing a box if you remove IIS and
reinstall you have to reinstall exchange. Maybe thats not a good idea lol

Thanks so much for your help

Ted


"Gregg Hill" wrote:

Ted,

When you say that "OWA works fine from the LAN" are you referring to
https://servername/exchange using SSL? It absolutely has to work with the
https rather than just http.

Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory
security. They should have SSL required at 128-bit. I did nothing
manually...I just let the CEICW do it for me.

From the LAN, enter

telnet yourserverNetBIOSname 443

and make sure you get a blinking cursor. Do the same from a WAN computer to
your mail server's FQDN. If you post your mail server's FQDN, we can check
for you as well. No, it probably is not a security risk, since every spammer
and hacker on the planet is already using tools to harvest MX records, etc,
anyway.

Gregg Hill





"Ted" <Ted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C532B91A-C144-49B0-9231-E57DDFE375FB@xxxxxxxxxxxxxxxx
Hi Gregg,

Thanks for the reply, OWA works fine from the LAN and from the Internet.
The certificate is self signed not purchased. I was thinking of running
the
CEICW and unchecking everything to clear that out. I will give that a try
tonight after they leave. Sorry to all about my response I will remove
80
from my firewall port on that box and any others that arent hosting their
own
site. Why is it called RPC over HTTP if HTTP is not really needed to be
open? So for RPC to work you only need 443?

Thanks again for any help



"Gregg Hill" wrote:

Ted,

As pointed out by others, port 80 does NOT need to be open, and yes, it
is
FAR MORE of a risk than having SSL open. Port 80 is probably the
most-attacked port on the Internet.

Did you try Steve's suggestion to "Use https:// with the cert name you
setup
in the CEICW."?

For example, if your MX record is "mail.yourdomain.com" and you have an A
record pointing that to your SBS, and you have port 443 open and
forwarded
to your SBS, you should be able to have port 80 closed and use
https://mail.yourdomain.com/exchange to get to OWA.

On the LAN, can you go to https://servername/exchange and get to OWA? If
not, it will never work with SSL from the WAN side for RPC over HTTP.

Self-signed certificate or official SSL cert?

If you have a self-signed cert, re-run the CEICW and uncheck all the
items
to allow via the Internet. Then re-run it, create a new web cert that
matches your MX record FQDN, and re-enable all the items you want via the
Internet.

Test it with https://mail.yourdomain.com/exchange to get to OWA.

Let us know how it goes.

Gregg Hill





"Ted" <Ted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9BA0F1BD-DAA4-442C-829F-01893A44734B@xxxxxxxxxxxxxxxx
port 80 has to be open so users can get webmail, otherwise how in Gods
earth
are they going to get remote mail? i havent had any issues port
forwarding
this to my server it works fine, anytime a port is open it leaves a
security
risk. anytime a new user is assigned an account its a security risk,
any...need i go on...



"Colin" wrote:

Hi,

I haven't got the answer to your problem but I'd strongly recommend
closing
port 80 on your firewall, it is definitely not needed and only lowers
your
security.

Regards Colin.

"Ted" <Ted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ABD35145-C381-4DF7-A583-03AE7BEDE6BF@xxxxxxxxxxxxxxxx
Hi,

SBS 2003 that has been running for 3 years with minimal issues. I
have
setup SBS and configured exchange on this machine years ago.
Recently
I
tried to configure an Outlook 2003 client on Winxp with all updates
to
connect via RPC over HTTP with no luck.

I have about 20 of these SBS machines at other locations and have
never
had
an issue getting RPC over HTTP to work. I re-ran the email
connection
wizard
with no luck. Checked all ports on the firewall and 80 & 443 are
forwarding
to the server. I can initiate a session via HTTP only which works
fine.
However I can not get RPC to work. I have tried this on several
machines
and it is most definitely something that is screwed up on the
server.
I
know
for a fact that at one point this was working. I did install CRM
about
2
years ago but the customer didnt want to use this after a while so I
uninstalled this. I am thinking that the CRM did something to my
box
but
I
cannot seem to figure this out. I even tried my own laptop which I
use
to
test other customers machines with no luck. I am also unable to get
any
windows mobile devices to connect either. It may be an issue with
my
certificate, authentication is setup correctly. I checked the RPC
permissions in IIS and it is setup to use basic authentication for
RPC
requests.

Any ideas? Both the server 2003 and the XP pro clients are fully
patched,
office 2003 is up to SP3. I have also tried to run from a Vista
client
with
office 2007 and it still is failing. The windows mobile device is
version
5
with activesynch.

Any help is appreciated greatly...

Ted







.

Relevant Pages

  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... , but some of my clients do not want users to ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... manually...I just let the CEICW do it for me. ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... definitely closed now cause when I open it up http: ... the article is incorrect in stating that port 80 is needed. ... that port 443 and port 80 must be open to use RPC over HTTP. ... I have about 20 of these SBS machines at other locations and have ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites' directory ... Why is it called RPC over HTTP if HTTP is not really needed to be ... As pointed out by others, port 80 does NOT need to be open, and yes, it ... to your SBS, you should be able to have port 80 closed and use ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Outlook RPC over HTTP issues
    ... port 80 has to be open so users can get webmail, ... this to my server it works fine, anytime a port is open it leaves a security ... connect via RPC over HTTP with no luck. ... I have about 20 of these SBS machines at other locations and have never ...
    (microsoft.public.windows.server.sbs)