Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Another RPC over HTTPS Thread - Help Needed

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Another RPC over HTTPS Thread - Help Needed Page: [1]
Login
Message << Older Topic   Newer Topic >>
Another RPC over HTTPS Thread - Help Needed - 28.Aug.2007 12:56:47 PM   
zebo51

 

Posts: 22
Joined: 27.Aug.2007
Status: offline 		I know, not another thread on this topic, but I am not having any luck.

My setup

ISA 2004 running on 2003.  Configured inline, so External NIC and one Internal NIC.  Not a domain member.  Only one external IP.  I can't recall if I have install any service packs.  Help about on ISA2004 shows version 4.0.2163.213.

One main server running 2003.  This server is a DC and host Exchange 2003 and a handful of website.  It does mail for two domains.  These domains are different than the DC domain.  So lets say it is srv1.xxx.com.  One FQDN is www.yyy.com and mail.yyy.com; the other is www.zzz.com and mail.zzz.com.  Mail is and has been working just fine for a few years.  SMTP/POP3/OWA access.  I use host headers for all my sites.  Up until now the default website has been disabled.  My website and OWA sites all have there own sites created. 

For now I am just trying to make this work with the yyy.com domain.

I have found a few articles that have helped me to get where I am today.  I setup the server to be a CA. I enabled the default website.  I followed this article http://www.petri.co.il/configure_rpc_over_https_on_a_single_server.htm to setup RPC. I used the recommended RPCNoFrontEnd utility to make registry changes.

I then created my cert following this example http://www.petri.co.il/configure_ssl_on_your_website_with_iis.htm.  I set the common name to mail.yyy.com.  At this point I just applied the cert to the entire default website and turned off anonymous access. I verified SSL is working by going to https://mail.yyy.com in a browser on the computer out on the WAN and got the prompt for the cert.  I installed it.  I used mmc and made sure the cert was in the Trusted Root CA, both Local Computer and Current User. 

I followed this article http://www.petri.co.il/testing_rpc_over_http_connection.htm on how to test rpc over http/s on the local lan and it worked.  Using outlook /rpcdiag I show my connections as https.

So now on my ISA2004.  I installed ther cert and made sure it was under Trusted Root CA.  I created an RPC over HTTP Web Listener.  External network is set to my exact IP. Perferences have both http and SSL enabled.  Under SSL I selected my mail.yyy.com cert.  Under authentication I have both Integrated and SSL Cert checked and require all users to auth. 

I then ran the Publish a Mail server wizzard.  I choose Client Access: RPC, IMAP ...  Then checked Outlook (RPC) under Standard ports.  Put in the internal address of my exchange server.  Then choose my external nic and selected the exact IP.  Finished and applied changes.

Now testing with a computer on ther internet not within my network I get prompted to log in, but then after a second it errors out and give the option to retry, work offline or cancel.

Help Please

Thanks
Post #: 1
RE: Another RPC over HTTPS Thread - Help Needed - 29.Aug.2007 8:41:39 AM   
zebo51

 

Posts: 22
Joined: 27.Aug.2007
Status: offline 		I tried a few more things.  One is I disabled the RCP rule I made above with the publish exchange server wizzard and created one using the web publishing wizzard.  Still no luck.

I installed isa2004 sp3 mainly for the better logging.  Now I can see failed connection attempts.  Here are the details of the error.  IPs have been changed to random numbers. 





Failed Connection Attempt
srv1 8/29/2007 8:29:08 AM

Log type: Web Proxy (Reverse)

Status: 0x80090325

Rule: RPC over HTTP

Source: External ( 123.1.23.45:0)

Destination: ( 10.0.0.5:443)

Request: RPC_IN_DATA https://10.0.0.5:443/rpc/rpcproxy.dll?srv1.xxx.com:6002

Filter information: Req ID: 00e4533d

Protocol: https


User: anonymous





Failed Connection Attempt
               srv1 8/29/2007 8:29:08 AM

Log type: Web Proxy (Reverse)

Status: 0x80090325

Rule: RPC over HTTP

Source: External ( 123.1.23.45:0)

Destination: ( 10.0.0.5:443)

Request: RPC_IN_DATA https://10.0.0.5:443/rpc/rpcproxy.dll?srv1.xxx.com:593

Filter information: Req ID: 00e45342

Protocol: https

User: anonymous

(in reply to zebo51)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Another RPC over HTTPS Thread - Help Needed Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts