Setting up RPC over HTTP

50 pts.
Tags:
HTTP
Microsoft Exchange
Microsoft Outlook 2003
Microsoft Windows Server 2003
Routers
RPC
We run a 2003 server with exchange 2003 ( one PC ). We have a leased line. Our router has an external IP which is nated to our servers internal IP. When we setup the remote outlook 2003 it won't connect to the exchange. We can load the SSL certificate and view the website in the "Default Web site " in IIS. RPC is setup. Port 80 and 443 are open. We have checked outlookexchange.com. Any suggestions ?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Are you trying to run two different web sites over SSL on a single IP address? You can not use host headers with SSL.

<a href=”http://itknowledgeexchange.techtarget.com/profile/TomWahl”>TomWahl </a> | Mar 7 2008 3:57PM GMT

OK. So if I undertand your problem, you cannot connect Outlook via HTTP over the Internet. To make that work, you have to have access to TCP port 135 at the time you create the Outlook profile. Take the following steps:
1. Make sure that you can access OWA from a web-browser from both the Internet and inside your network.
2. Make sure that the SSL certificate of the server is trusted by your client. If you get a certificate warning from a web-browser, then it is not trusted. I would suggest that you use a cert from a known CA, rather than an internally generated cert.
3. Connect the computer in question to the inside network directly or over a VPN connection and configure the Outlook profile to connect via HTTPS using basic authentication.

Alternatively, you can set up static port mappings in Exchange and Outlook described

Discuss This Question: 12  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomWahl
    OK. So if I undertand your problem, you cannot connect Outlook via HTTP over the Internet. To make that work, you have to have access to TCP port 135 at the time you create the Outlook profile. Take the following steps: 1. Make sure that you can access OWA from a web-browser from both the Internet and inside your network. 2. Make sure that the SSL certificate of the server is trusted by your client. If you get a certificate warning from a web-browser, then it is not trusted. I would suggest that you use a cert from a known CA, rather than an internally generated cert. 3. Connect the computer in question to the inside network directly or over a VPN connection and configure the Outlook profile to connect via HTTPS using basic authentication. Alternatively, you can set up static port mappings in Exchange and Outlook described here If you can't connect to the inside network, I would suggest that you set up a cheap VPN appliance. Don't open TCP port 135 to the Internet.
    85 pointsBadges:
    report
  • TomWahl
    ...described here: http://support.microsoft.com/kb/833799. Don't open TCP port 135 to the Internet.
    85 pointsBadges:
    report
  • Ifconfig
    I think there's something missing here: what exactly are the errors you're getting? Have you checked the web logs to see what's going on? That's where I'd start. Report back with what you're seeing and perhaps we can help you further.
    90 pointsBadges:
    report
  • Easybrian
    Replying to TomWahl. I can access OWA from the web-browser from the internet , but not inside our network.
    50 pointsBadges:
    report
  • Buddyfarr
    Easybrian - are you using the same web address inside as you are outside? like: mail.companyname.com/exchange if so try using this //servername/exchange to see if it works going directly to the server from inside.
    6,850 pointsBadges:
    report
  • Easybrian
    from inside i cannot access it via mail.companyname.com/exchange, but i can access it via //servername/exchange. The external IP address on the router has an A record specified which is different than the internal server name. Is this a problem ? When I setup a VPN connection I can access the exhange via Outlook ( PRC over HTTP ) We want to beable to use just the leased line and not VPN. DO I need to open port 135 on the router ?
    50 pointsBadges:
    report
  • TomWahl
    Hi Easybrian. Sorry for the delay (just back from vacation). You do not need to open port 135 and in fact you shouldn't. However, if you can connect via the VPN and set up RPC over HTTP once, you should then be able to connect without the VPN. You may have to change your connection settings slightly. Make sure that you are connecting via HTTP, that you give the outside name of the machine, uncheck the 'Mutually authenticate the session when connecting with SSL' box, check both boxes indicating to use HTTP to connect first, and ensure that you set the 'Proxy authentication settings' to 'Basic Authentication'. That should do it. Post again to let me know whether it worked out. Cheers, Tom
    85 pointsBadges:
    report
  • Easybrian
    Hi Tom, Tried what you said, but still does not work. When I Open Outlook it asks for a password , which i put in. It opens my outlook , but in the bottom right corner it says, Trying to connect and then disconnected.
    50 pointsBadges:
    report
  • TomWahl
    Hmmm. Something else is going on then. If you are getting a password dialog, you are making the initial connection. Let's go back to the basic setup. What is the exact version of Windows Server and Exchange (i.e. what service packs)? Is this the only Exchange server involved? Are you using a software firewall like Microsoft ISA? Is the RPC over HTTP Proxy service installed? (To check, look on your Exchange server in Control Panel | Add/Remove Programs | Windows Components | Network Services | Details you should see a check beside RPC over HTTP Proxy) Have you changed any of the RPC port settings in the registry of the Exchange server? Does your default web site in IIS have a virtual directory named RPC? What is the authentication method for the RPC virtual directory? (Look at the properties in IIS Mananger | Directory Security | Edit Anonymous Access Control) What is the exact version of Windows and Outlook on the client side? Is .Net installed on the client side...what version? Finally, have a look at the application, security and system event logs on the client side right after an attempt to connect and let me know what, if any, errors appear. Cheers, Tom
    85 pointsBadges:
    report
  • TomWahl
    ...one more thing. When you connect to OWA with a web browser, do you get a certificate warning?
    85 pointsBadges:
    report
  • Easybrian
    Tom, we are running windows 2003 server SP1, Exchange server 2003 SP2. We run only one Exchange. We have an Anti-Virus software package with built in firewall. Windows firewall disabled. RPC over HTTP proxy is installed. Registry entry RPC edit as follows :globalcatalogserver:593; Exchangeservername:593; globalcatalogserver:6001-6002; Exchangeservername:6001-6002; globalcatalogserver:6004; Exchangeservername:6004; IIS has virual directory named RPC. Under Default Website | directory sercurity | set to anonymous access. Under RPC | Directory Security | Set to Basic Authentication. Client running windows XP PRO SP2, with Outlook 2003. CHecked the event and no logs are created after conection attemp. When loging onto OWA no Certificate warnings appear. Hope this helps
    50 pointsBadges:
    report
  • TomWahl
    If you want to walk through it together, send your e-mail address to tom@twltd.com and I'll reply with a phone number.
    85 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following