Re: SBS 2003 and Outlook RPC over HTTP issues

Your cert is barfing due to the fact that the names do not match. You are
accessing your SBS with

https://mail.dds1978.com/exchange

but your certificate is issued to

mainserver.mail.dds1978.com

Did you do that in the CEICW? The cert that you create in the CEICW should
match your MX record FQDN. Issue the cert to mail.dds1978.com and see what
happens.

BTW, why do you have two MX records with the same 10 priority?

Gregg Hill








"Ted" <Ted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5B5CB827-ABF2-4758-9168-D5AC0A40218B@xxxxxxxxxxxxxxxx
by the way I just re-ran the CEICW with blank values to clear it out and
ran
it again to put the correct values back in there with no luck. I am
getting
some weird certificate error now though...if you want to see it
https://mail.dds1978.com/exchange

not worried about the spammers they have a million spams a day anyway :)



"Gregg Hill" wrote:

Ted,

When you say that "OWA works fine from the LAN" are you referring to
https://servername/exchange using SSL? It absolutely has to work with the
https rather than just http.

Look in IIS at your Exchweb, Exadmin, exchange-oma, and RPC sites'
directory
security. They should have SSL required at 128-bit. I did nothing
manually...I just let the CEICW do it for me.

From the LAN, enter

telnet yourserverNetBIOSname 443

and make sure you get a blinking cursor. Do the same from a WAN computer
to
your mail server's FQDN. If you post your mail server's FQDN, we can
check
for you as well. No, it probably is not a security risk, since every
spammer
and hacker on the planet is already using tools to harvest MX records,
etc,
anyway.

Gregg Hill





"Ted" <Ted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C532B91A-C144-49B0-9231-E57DDFE375FB@xxxxxxxxxxxxxxxx
Hi Gregg,

Thanks for the reply, OWA works fine from the LAN and from the
Internet.
The certificate is self signed not purchased. I was thinking of
running
the
CEICW and unchecking everything to clear that out. I will give that a
try
tonight after they leave. Sorry to all about my response I will
remove
80
from my firewall port on that box and any others that arent hosting
their
own
site. Why is it called RPC over HTTP if HTTP is not really needed to
be
open? So for RPC to work you only need 443?

Thanks again for any help



"Gregg Hill" wrote:

Ted,

As pointed out by others, port 80 does NOT need to be open, and yes,
it
is
FAR MORE of a risk than having SSL open. Port 80 is probably the
most-attacked port on the Internet.

Did you try Steve's suggestion to "Use https:// with the cert name you
setup
in the CEICW."?

For example, if your MX record is "mail.yourdomain.com" and you have
an A
record pointing that to your SBS, and you have port 443 open and
forwarded
to your SBS, you should be able to have port 80 closed and use
https://mail.yourdomain.com/exchange to get to OWA.

On the LAN, can you go to https://servername/exchange and get to OWA?
If
not, it will never work with SSL from the WAN side for RPC over HTTP.

Self-signed certificate or official SSL cert?

If you have a self-signed cert, re-run the CEICW and uncheck all the
items
to allow via the Internet. Then re-run it, create a new web cert that
matches your MX record FQDN, and re-enable all the items you want via
the
Internet.

Test it with https://mail.yourdomain.com/exchange to get to OWA.

Let us know how it goes.

Gregg Hill





"Ted" <Ted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9BA0F1BD-DAA4-442C-829F-01893A44734B@xxxxxxxxxxxxxxxx
port 80 has to be open so users can get webmail, otherwise how in
Gods
earth
are they going to get remote mail? i havent had any issues port
forwarding
this to my server it works fine, anytime a port is open it leaves a
security
risk. anytime a new user is assigned an account its a security
risk,
any...need i go on...



"Colin" wrote:

Hi,

I haven't got the answer to your problem but I'd strongly recommend
closing
port 80 on your firewall, it is definitely not needed and only
lowers
your
security.

Regards Colin.

"Ted" <Ted@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ABD35145-C381-4DF7-A583-03AE7BEDE6BF@xxxxxxxxxxxxxxxx
Hi,

SBS 2003 that has been running for 3 years with minimal issues.
I
have
setup SBS and configured exchange on this machine years ago.
Recently
I
tried to configure an Outlook 2003 client on Winxp with all
updates
to
connect via RPC over HTTP with no luck.

I have about 20 of these SBS machines at other locations and have
never
had
an issue getting RPC over HTTP to work. I re-ran the email
connection
wizard
with no luck. Checked all ports on the firewall and 80 & 443 are
forwarding
to the server. I can initiate a session via HTTP only which
works
fine.
However I can not get RPC to work. I have tried this on several
machines
and it is most definitely something that is screwed up on the
server.
I
know
for a fact that at one point this was working. I did install CRM
about
2
years ago but the customer didnt want to use this after a while
so I
uninstalled this. I am thinking that the CRM did something to my
box
but
I
cannot seem to figure this out. I even tried my own laptop which
I
use
to
test other customers machines with no luck. I am also unable to
get
any
windows mobile devices to connect either. It may be an issue
with
my
certificate, authentication is setup correctly. I checked the
RPC
permissions in IIS and it is setup to use basic authentication
for
RPC
requests.

Any ideas? Both the server 2003 and the XP pro clients are fully
patched,
office 2003 is up to SP3. I have also tried to run from a Vista
client
with
office 2007 and it still is failing. The windows mobile device
is
version
5
with activesynch.

Any help is appreciated greatly...

Ted









.

Relevant Pages

  • Re: Not able to connect to SBS using both domain mane or IP remote
    ... >>> connection using SBS. ... >>> Certificate but it's still not working. ... >>> but not to the server or any of the services. ... >> Your server is answering on port 25, ...
    (microsoft.public.windows.server.sbs)
  • Re: Publishing Versus Mail for CSR on SBS 2003 Premium
    ... and what makes you think the self signed SSL cert can't be installed on the Mobile devices? ... Cris Hanna [SBS - MVP] ... >> After difficulty installing a third party certificate, ... the Organization Unit should likely also have this ...
    (microsoft.public.windows.server.sbs)
  • Re: Not able to connect to SBS using both domain mane or IP remote
    ... The way I had things setup worked before, as far as for the www record ... >> I setup SBS 2003 Standard and everything was working fine, ... >> " Cannot manage Certificate Services. ... > Your server is answering on port 25, ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA published in ISA (SBS 2000)
    ... yes, the cert is linked to the name, not the IP. ... > Merv Porter [SBS MVP] ... 1) the name on the certificate matches the name of the ... >> publisher that generated the SSL certificate. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Outlook 2007 rpc over http
    ... You don't need port 80 forwarded to your SBS for anything, ... HTTP2 444 - Second SSL Secured on alternate port for SharePoint ... Even after I install the certificate ...
    (microsoft.public.windows.server.sbs)