|
|
Exchange 2003 RPC Over HTTP
|
 |
|
The release of Exchange 2003 bought us some very good features such as
Intelligent Message Filtering (IMF) and my favourite RPC over HTTP. This allows
a user to access email using their outlook client without the use of VPN's or
dial up networking. For me this feature has been a god send as I spend alot of
time on customer sites and always need access to important documents stored in
my email. With RPC over HTTP I can just plug my laptop onto the network, open my
Outlook client and pull my emails down as if I was in the office.
|
|
|
|
|
The initial set up of RPC over HTTP is not simple and requires you follow a
strict process. I have a great many customers call me saing that they cannot get
it working so I decided to write an article dedicated to this feature.
|
|
RPC over HTTP System Requirements
To use RPC over HTTP, you must run
Windows Server 2003 on the following computers:
• All Exchange 2003 servers
that will be accessed with Outlook 2003 clients using RPC over HTTP.
• The
Exchange 2003 front-end server acting as the RPC Proxy server.
• The global
catalog server used by Outlook 2003 clients and the Exchange 2003 servers
configured to use RPC over HTTP.
|
|
|
Exchange 2003 must be installed on all Exchange servers that are used by the
computer designated as the RPC proxy server. Additionally, all client computers
running Outlook 2003 must also be running Microsoft Windows XP Service Pack 1
(SP1) or later.
|
|
|
------------------------------------------------------------
|
|
Deploying RPC over HTTP
This section provides detailed steps about how to
deploy RPC over HTTP in your Exchange 2003 organization. Complete the steps in
the following order.
1. Configure your Exchange front-end server as an RPC
Proxy server.
2. Configure the RPC virtual directory in Internet Information
Services (IIS) on the Exchange front-end server.
3. Configure the registry on
the Exchange 2003 computer that communicates with the RPC proxy server to use
the specific ports for RPC over HTTP communication.
4. Open the specific
ports on the internal firewall for RPC over HTTP, as well as the standard ports
for Exchange front-end communication.
5. Create a profile for each of your
users to use with RPC over HTTP. Each of these steps is detailed in the
following sections. After you have completed these steps, your users can begin
using RPC over HTTP to access the Exchange front-end server.
|
|
|
------------------------------------------------------------
|
|
|
Step 1: Configuring Your Exchange Front-End Server to Use RPC over HTTP The
RPC Proxy server processes the Outlook 2003 RPC requests that come in over the
Internet. In order for the RPC Proxy server to successfully process the RPC over
HTTP requests, you must install the Windows Server 2003 RPC over HTTP Proxy
networking component on your Exchange front-end server.
|
|
To configure your Exchange front-end server to use RPC over HTTP
1. On the
Exchange front-end server running Windows Server 2003, click Start, click
Control Panel, and then click Add or Remove Programs.
2. In Add or Remove
Programs, click Add/Remove Windows Components in the left pane.
3. In the
Windows Components Wizard, on the Windows Components page, highlight Networking
Services, and then click Details.
4. In Networking Services, select the RPC
over HTTP Proxy check box, and then click OK.
5. On the Windows Components
page, click Next to install the RPC over HTTP Proxy Windows component.
|
|
|
------------------------------------------------------------
|
|
Step 2: Configuring the RPC Virtual Directory in Internet Information
Services
Now that you have configured your Exchange front-end server to use
RPC over HTTP, you must configure the RPC virtual directory in IIS.
|
|
To configure the RPC virtual directory
1. Click Start, point to All
Programs, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.
2. In Internet Information Services (IIS) Manager, in
the console tree, expand the server you want, expand Web Sites, expand Default
Web Site, right-click the RPC virtual directory, and then click
Properties.
3. In RPC Properties, on the Directory Security tab, in the
Authentication and access control pane, click Edit.
Note: RPC over HTTP does
not allow anonymous access.
4. Under Authenticated access, select the check
box next to Basic authentication (password is sent in clear text), and then
click OK.
5. To save your settings, click Apply, and then click OK.
Your
RPC virtual directory is now set to use Basic authentication. If you plan to use
SSL, skip the following procedure For non-SSL configurations, however, the RPC
proxy server must be configured to allow non-SSL sessions to be forwarded. The
non-SSL sessions are able to be forwarded by adding a specific registry value to
the server.
Warning: Incorrectly editing the registry can cause serious
problems that may require you to reinstall your operating system. Problems
resulting from editing the registry incorrectly may not be able to be resolved.
Before editing the registry, back up any valuable data.
|
|
To allow non-SSL encrypted traffic with RPC over HTTP
1. On the RPC Proxy
server, start Registry Editor (regedit).
2. In the console tree, navigate to
the following registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftRpcRpcProxy
3.
In the details pane, right-click and add a new DWORD Value named AllowAnonymous,
and then right-click it and choose Modify.
4. In Edit DWORD Value, in the
Value data box, enter 1.
The RPC proxy server is now configured to allow
requests to be forwarded without the requirement to first establish an
SSL-encrypted session. The setting to enforce authenticated requests is still
controlled in the Authentication and access control settings.
|
|
|
------------------------------------------------------------
|
|
|
Step 3: Configuring the RPC Proxy Server to Use Specified Ports After you
enable the RPC over HTTP networking component for IIS, you should configure the
RPC proxy server to use specific port numbers to communicate with the servers in
the corporate network. In this scenario, the RPC proxy server is configured to
use specific ports and the individual computers that the RPC proxy server
communicates with are also configured to use specific ports when receiving
requests from the RPC proxy server. When you run Exchange 2003 Setup, Exchange
is automatically configured to use the ncacn_http ports listed in Table 2.1.
|
|
Step 3 involves the following two procedures.
1. Configure the RPC Proxy
server to use specified ports for RPC over HTTP requests to communicate with
servers inside the corporate network.
2. Configure the global catalog servers
to use specified ports for RPC over HTTP requests to communicate with the RPC
Proxy server inside the perimeter network.
Warning: Incorrectly editing the
registry can cause serious problems that may require you to reinstall your
operating system. Problems resulting from editing the registry incorrectly may
not be able to be resolved. Before editing the registry, back up any valuable
data.
|
|
To configure the RPC Proxy server to use the specified default ports for RPC
over HTTP
The following ports are the required ports for RPC over
HTTP.
Table 2.1 Required ports for RPC over HTTP
Server Ports
(Services)
Exchange back-end servers 593 (end point mapper)
6001
(Store)
6002 (DS referral)
6004 (DS proxy)
Global catalog server 593
and 6004
|
|
1. On the RPC Proxy server, start Registry Editor (regedit).
2. In the
console tree, navigate to the following registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftRpcRpcProxy
3. In the details pane,
right-click the ValidPorts subkey, and then click Modify.
Figure 2.4 The
RPCProxy registry settings
4. In Edit String, in the Value data box, type the
following information:
ExchangeBEServer:593;ExchangeBEServerFQDN:593;ExchangeBEServer:6001-6002;ExchangeBEServerFQDN:6001-6002;ExchangeBEServer:6004;ExchangeBEServerFQDN:6004;
GlobalCatalogServer:593;GlobalCatalogServerFQDN:593;GlobalCatalogServer:6004;GlobalCatalogServerFQDN:6004
•
ExchangeBEServer and GlobalCatalogServer are the NetBIOS names of your Exchange
back-end server and global catalog server.
• ExchangeBEFQDN and
GlobalCatalogServerFQDN are the fully qualified domain names (FQDNs) of your
Exchange back-end server and global catalog server.
|
|
In the registry key, continue to list all servers in the corporate network
with which the RPC Proxy server will need to communicate.
Important: To
communicate with the RPC Proxy server, all servers accessed by the Outlook
client must have set ports. If a server, such as an Exchange public folder
server, has not been configured to use the specified ports for RPC over HTTP
communication, the client will not be able to access the server.
|
|
To configure the global catalog servers to use specific ports for RPC over
HTTP
1. On the global catalog server, start Registry Editor (regedit).
2.
Navigate to the following registry key:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ServicesNTDSParameters
3. From the
Edit menu, point to New, and then click Multi-String value.
4. In the details
pane, create a multi-string value with the name NSPI interface protocol
sequences.
5. Right-click the NSPI interface protocol sequences multi-string
value, and then click Modify.
6. In Edit String, in the Value data box, type
ncacn_http:6004
7. Restart the global catalog server.
|
|
|
------------------------------------------------------------
|
|
Step 4: Create an Outlook Profile to Use With RPC over HTTP
In order for
your users to use RPC over HTTP from their client computer, they must create an
Outlook profile that uses the necessary RPC over HTTP settings. These settings
enable Secure Sockets Layer (SSL) communication with Basic authentication, which
is necessary when using RPC over HTTP. Although optional, it is highly
recommended that you use the "Use Cached Exchange Mode" option for all profiles
that will connect to Exchange using RPC over HTTP.
|
|
To create an Outlook profile to use with RPC over HTTP
1. Click Start and
then click Control Panel.
2. In Control Panel, perform one of the following
tasks:
• If you are using Category View, in the left pane, under See Also,
click Other Control Panel Options, and then click Mail.
• If you are using
Classic View, double-click Mail.
3. In Mail Setup, under Profiles, click Show
Profiles.
4. In Mail, click Add.
5. In New Profile, in the Profile Name
box, type a name for this profile, and then click OK.
6. In the E-mail
Accounts wizard, click Add a new e-mail account, and then click Next.
7. On
the Server Type page, click Microsoft Exchange Server, and then click
Next.
8. On the Exchange Server Settings page, perform the following
steps:
a. In the Microsoft Exchange Server box, type the name of your
back-end Exchange server where your mailbox resides.
b. Check the check box
next to Use Cached Exchange Mode.
c. In the User Name box, type the user
name.
d. Click More Settings.
9. On the Connection tab, in the Exchange
over the Internet pane, select the Connect to my Exchange mailbox using HTTP
check box.
10. Click Exchange Proxy Settings.
11. On the Exchange Proxy
Settings page, under Connections Settings, perform the following steps:
a.
Enter the fully qualified domain name (FQDN) of the RPC Proxy server in the Use
this URL to connect to my proxy server for Exchange box.
b. Select the
Connect using SSL only check box.
c. Select the Mutually authenticate the
session when connecting with SSL check box next.
d. Enter the FQDN of the RPC
Proxy server in the Principle name for proxy server box. Use the format:
msstd:FQDN of RPC Proxy Server.
e. As an optional step, you can configure
Outlook 2003 to connect to your Exchange server using RPC over HTTP by default
by checking the check box next to On fast networks, connect to Exchange using
HTTP first, then connect using TCP/IP.
12. On the Exchange Proxy Settings
page, in the Proxy authentication settings window, in the Use this
authentication when connecting to my proxy server for Exchange list, select
Basic Authentication.
13. Click OK
14. Enable RPC over HTTP by configuring
your user's profiles to allow for RPC over HTTP communication with Outlook 2003.
Alternatively, you can instruct your users on how to manually enable RPC over
HTTP for their Outlook 2003 profiles.
Note: If you have configured the client
to communicate using SSL, you must add the complete SSL certificate chain to the
Trusted Root Certificate Authorities on the client machine.
|
|
|
Your users are now configured to use RPC over HTTP.
|
|
|
Scott Croucher is an IT Consultant who runs S3 Solutions IT Ltd a UK based
solution provider. Scott has over 12 years consultancy experience. Visit http://www.s3-solutions.co.uk for more information.
|
|
|
Article Source: http://EzineArticles.com/?expert=Scott_Croucher
|
|
Article Source: EzineArticles.com
|