The Temple of Fu

code, systems and games

Archive for the ‘Exchange’ Category

Exchange 2003 RPC Over Http Setup – Outlook 2007 Outlook Anywhere Client Setup

with 5 comments

Wow, so this has been around 4 hours since I started this configuration but I finally got it! These notes are here for you in hopes that some piece of this will help you out.

So what is RPC over Http?

“RPC over HTTP/S is a cool method for connecting your Outlook 2003 client to the corporate Exchange Server 2003 from the Internet or WAN, without the need to establish a VPN session to the corporate LAN and/or needing to open many ports on your corporate firewall. The only ports you’ll need to open on your firewall are TCP 80 and, if using SSL, TCP 443.”

Note: This procedure is not required on SBS and that SBS fully configures Exchange for RPC over HTTPS and also provides instructions to connect an Outlook client on the ‘Configure Outlook over the internet’ link on RWW https://sbs/remote.

Another Note: The example provided here is for a Single server setup – In this scenario, you have only one server that is configured to function as a Domain Controller, a Global Catalog, an Exchange computer, and an RPC proxy server. This article discusses the single-server configuration in detail.

Install the RPC component on the Exchange server

   1. On the Exchange Server 2003 computer that is running Windows Server 2003, click Start, point to Control Panel, and then click Add or Remove Programs.
   2. Click Add Remove Windows Components, click Networking Services, and then click Details.
   3. Click to select the RPC over HTTP Proxy check box, click OK, and then click Next. Note that you must have either the Windows Server 2003 installation CD ready, or the i386 folder from that CD accessible while installing this component.
When Windows Component Wizard has completed configuring components, click Finish.

Configure the RPC virtual directory in Internet Information Services

After you configure the Exchange computer to use RPC over HTTP/S, you must configure the RPC virtual directory in Internet Information Services (IIS).

To do this, follow these steps:
   1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
   2. Expand servername (local computer), expand Web Sites, expand Default Web Site, right-click Rpc, and then click Properties.

Note: Windows Server 2003 Service Pack 1 (SP1) adds a new virtual directory called RpcWithCert. This virtual directory points to the same location as the Rpc virtual directory. You do NOT need to modify this virtual directory.

   1. Click the Directory Security tab, and then click Edit under Authentication and access control.
   2. Click to clear the Enable anonymous access check box.
   3. Click to select the Basic authentication (password is sent in clear text) check box.You will receive the following message:

“The authentication option you have selected results in passwords being transmitted over the network without data encryption. Someone attempting to compromise your system security could use a protocol analyzer to examine user passwords during the authentication process. For more detail on user authentication, consult the online help. This warning does not apply to HTTPS(orSSL) connections. Are you sure you want to continue?” Click Yes

   4. Enter the domain name in the Default Domain box (you can press Select to browse to the domain name).
   5. Click OK.
   6. Click Apply, and then click OK.
   7. Click the Directory Security tab, and then click Edit under Secure communications.
   8. Click to select the Require secure channel (SSL) check box and the Require 128-bit encryption check box.

Configure the RPC proxy server to use specific ports

After you configure the RPC over HTTP networking component for Internet Information Services, configure the RPC proxy server. Configure the RPC proxy server to use specific ports to communicate with the directory service and with the information store on the Exchange computer.

Download this tool RpcNoFrontEnd

Run the tool on your Exchange server, the defaults were fine for my situation.

Configure all your global catalogs to use specific ports for RPC over HTTP for directory services

Exchange Server 2003 Service Pack 1 note: Exchange Server 2003 Service Pack 1 has a new built-in RPC over HTTP/S GUI setting on the Exchange Server properties page in Exchange System Manager. If you configure the RPC over HTTP/S option from the GUI, there is NOT need to make any manual changes in the Registry.

To make the changes via the GUI follow these steps:

   1. Click Start, point to Microsoft Exchange, and then click System Manager.
   2. Expand your organization, expand Administrative Groups > First Administrative Group > Servers.
   3. Right-click on your server name and select Properties.
   4. Verify that a tab called RPC-HTTP is present.
   5. On the RPC-HTTP tab, click on RPC-HTTP Back-End Server.
You get an error:
Exchange System Manager There is no RPC-HTTP front-end in your Exchange organization. There must be at least one RPC-HTTP front-end server in the organization before the RPC-HTTP back-end server can be accessed.
Acknowledge the error.
   1. Click Ok all the way out.
   2. You need to reboot your server for the settings to take place.

Note: You can also use the Rpccfg tool to set and to troubleshoot port assignments. The Rpccfg tool is included in the Windows Server 2003 Resource Kit tools
To use the tool open a command prompt and enter
rpccfg /hd

Note: If you do not see output from the above ‘rpccfg /hd’ comman when you run it then you have a configuration issue, repeat the above steps untill you get output. Once you get the desired output then take note of it, you will use it when setting up the Outlook Anywhere client.

Congrats!!!, the Exchange server is now set up to use RPC-HTTP! 🙂

Outlook Anywhere Client Setup

After configuring RPC over HTTP/S you’ll need to configure your Outlook 2003 client to use the RPC over HTTP/S connection method instead of the regular TCP/IP method.

To set up a new Outlook profile that uses RPC over HTTP/S:

  1. Open Control Panel and run the Mail applet.
  2. In the Mail applet click on Show Profiles.
  3. In the Mail window click on Add.
  4. In the New Profile window type a descriptive name and click Ok.
  5. In the E-Mail Accounts window select Add a new e-mail account and click Next.
  6. In the E-Mail Accounts window, select Microsoft Exchange Server and click Next.
  7. In the E-Mail Accounts window, under the Microsoft Exchange Server box, type the Internal NetBIOS name of the Exchange server. Next, in the User Name box type the logon name of the test user account, the one you’ll be connecting with.
  8. In the Microsoft Exchange Server window, go to the Connection tab. Notice that you should have a section called “Exchange over the Internet” at the bottom of the tab. If this section does not appear, it means that you might not have met the requirements for setting up an RPC over HTTP/S connection. In the Exchange over the Internet section click to select the Connect to my Exchange mailbox using HTTP, and then click on the Exchange Proxy Settings button.
  9. In the Exchange Proxy Settings tab in the Connection Settings box, type the FQDN (Fully Qualified Domain Name) of the Exchange server.

Note: For LAN testing you CAN type the Internal FQDN i.e.(servername.domain.local)of the server. For WAN connections you MUST type the External FQDN of the server i.e.(servername.domain.com) See Testing RPC over HTTP/S Connection for more on this issue. The external FQDN of the server is the fully qualified domain name that is used by the Outlook clients to connect to the server from outside the LAN, and must be resolved to the IP address of the server, or in most cases, resolved to the IP address of your Firewall (or NAT device) that is configured to transfer the requests to the internal IP address of the Exchange 2003 server.When done, click Ok.
  10. Back in the Microsoft Exchange Server window click Ok.
  11. Back in the E-Mail Accounts window click Next.
  12.Back in the Mail window, click to select Prompt for a profile to be used (unless you only have one profile, duh…), then click Ok.

Now, open Outlook and try to connect to the server. If you have problems connecting it usually is a FQDN issue or user credentials issue.

Resources:
http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm#gc
http://www.petri.co.il/configure_outlook_2003_to_use_rpc_over_http.htm

Written by lordfu

January 24, 2010 at 4:26 pm

Posted in Exchange, Outlook, Windows