• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion about article on Outlook Access from Anywhere

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> RE: Discussion about article on Outlook Access from Anywhere Page: <<   < prev  1 2 3 4 [5]
Login
Message << Older Topic   Newer Topic >>
RE: Discussion about article on Outlook Access from Any... - 17.Aug.2006 3:20:38 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jeff,

You need to create a split DNS.

Check out the many articles on this site regarding split DNS so that internal and external clients resolve the exch.domain.com name differently.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jeffrozar)
Post #: 81
RE: Discussion about article on Outlook Access from Any... - 17.Aug.2006 5:17:17 AM   
jeffrozar

 

Posts: 18
Joined: 18.Apr.2006
Status: offline
Thanks for the response. The article says:
The ideal DNS configuration for supporting hosts that move between the corporate network and remote locations is the split DNS.
Since I don't have any clients that move btwn the corp network and remote locations, it seems like a hosts file should suffice:
If your organization does not use the same domain name for resources that are accessible both internally and externally, then you can still access the Exchange Server via the RPC publishing rule by using local host name resolution, which bypasses the need for a DNS server.

Furthermore, the article's section "Configuring the Outlook 2003 Client to Connect via Secure Exchange RPC" says to add this entry in the client's hosts file:
192.168.1.70 exchange2003be.msfirewall.org
Here is where I am confused because the client in the hotel can't resolve the 192 private address, so how can the Outlook client get to the server in the first place? 

(in reply to tshinder)
Post #: 82
RE: Discussion about article on Outlook Access from Any... - 17.Aug.2006 2:07:07 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jeff,

Read each word in the article and you'll see that:

1. The private addresses are used in the lab network to represent external addressess

2. The HOSTS file is used in the lab example only, production networks should use split DNS

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jeffrozar)
Post #: 83
RE: Discussion about article on Outlook Access from Any... - 17.Aug.2006 5:54:02 PM   
jeffrozar

 

Posts: 18
Joined: 18.Apr.2006
Status: offline
Now that makes sense, must've had brain freeze. :)

Ok, so I have split DNS working:
- my external DNS resolution (Exc2k3.internal.domain.com) correctly resolves to 1.2.3.4
- my internal DNS resolution (Exc2k3.internal.domain.com) correctly resolves to 10.0.0.5

The ISA2k4 server correctly resolves Exc2k3.internal.domain.com to 10.0.0.5, and on an internal client, it connects with Outlook 2k3 to Exc2k3.internal.domain.com with no problem.

On the external client it comes back with "name could not be resolved". Logging in ISA2k4 shows that a request comes in on port 135, protocol Exchange RPC Server, but the action it immediately takes is "Closed Connection". I do have a rule for accepting RPC and sending them to the exchange server.

I tried turning off the XP firewall on the external client, and turning off the RPC filter on the ISA2k4 server, both to no avail.

Also, is it required that my ISA2k4 server belong to the domain internal.domain.com?

< Message edited by jeffrozar -- 17.Aug.2006 6:36:20 PM >

(in reply to tshinder)
Post #: 84
RE: Discussion about article on Outlook Access from Any... - 21.Aug.2006 4:58:19 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jeff,

Is there a NAT device in front of the ISA firewall? That will break Secure Exchange RPC publishing.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jeffrozar)
Post #: 85
RE: Discussion about article on Outlook Access from Any... - 21.Aug.2006 9:55:51 PM   
jeffrozar

 

Posts: 18
Joined: 18.Apr.2006
Status: offline
Thanks for the reply - there is, and 135 is open. But, I gave up on straight RPC, and instead chose to do RPC over HTTP because of the security. I couldn't get that to work, either, after setting up the ISA box and client with Outlook. But with a little help, I discovered the RPC Proxy needed to be installed on the Exchange server. Once I installed that and created a certificate for non-domain laptops and the ISA server, everything worked great.

(in reply to tshinder)
Post #: 86
RE: Discussion about article on Outlook Access from Any... - 3.Sep.2006 5:53:33 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jeff,

What makes you think RPC/HTTP is more secure than Secure Exchange RPC publishing?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jeffrozar)
Post #: 87
RE: Discussion about article on Outlook Access from Any... - 15.Sep.2006 8:14:04 PM   
jeffrozar

 

Posts: 18
Joined: 18.Apr.2006
Status: offline
I called MS tech supp for help on configuring this setup, and they *strongly* recommended not to use RPC publishing and opening port 135. I also found that I didn't have RPC over HTTP installed on the Exchange 2k3 server.

(in reply to tshinder)
Post #: 88
RE: Discussion about article on Outlook Access from Any... - 18.Sep.2006 3:44:36 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jeff,

You kidding, right? MS tech support said that?

Do you have a ticket number? I think someone needs a very VERY strong tongue lashing and he gave you totally BOGUS information!!!

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jeffrozar)
Post #: 89
RE: Discussion about article on Outlook Access from Any... - 20.Oct.2006 7:25:11 PM   
ilkeryildiz

 

Posts: 5
Joined: 1.Dec.2002
From: turkey
Status: offline
Hi,
http://www.isaserver.org/articles/2004securerpc.html

I read and apply article but wireless client not connect exchange.I try local host file and dns.
I have one SBS 2003 SP1 (isa2004 and exchange2003 latest srv pack) server.

SBS External nic:
ip:10.0.0.201
gateway:10.0.0.138 ( my zyxel ADSL router DMZ port)
dns:192.168.0.1
-------------------
SBS  internal link:
ip:192.168.0.1
gateway: blank
dns:192.168.0.1
--------------------
Zyxel ADSL router:
DMZ port: 10.0.0.138
lan-Wlan: 192.168.1.1-192.168.1.254
lan to dmz and dmz to lan =allow
------------

< Message edited by ilkeryildiz -- 20.Oct.2006 7:30:03 PM >

(in reply to tshinder)
Post #: 90
RE: Discussion about article on Outlook Access from Any... - 21.Oct.2006 11:53:28 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Doesn't apply to SBS.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to ilkeryildiz)
Post #: 91
RE: Discussion about article on Outlook Access from Any... - 12.Dec.2006 2:37:36 AM   
Viktor

 

Posts: 1
Joined: 29.Nov.2006
Status: offline
Hi Thomas,

In our office we have established a RPC (not RPC over HTTP) connection to our Exchange based on your article “allowing Outlook MAPI client access from anywhere using the Secure Exchange RPC”

We use Exchange Server 2003 SE full patched, the ISA Server 2004 SE with Service Pack 2. Both are running on different Windows 2003 Servers. They are full patched as well.

Maybe I should note that the Exchange is running in a Virtual Machine.

The Clients are running Windows XP (all Clients have the latest Patches) and are using Outlook Professional 2003 (the “Service Pack 2” for Office 2003 Professional is also installed).

The problem is that some clients are able to connect to the Exchange over RPC but others not. The client is permanently trying to connect to the Exchange but cannot complete it. There are no entries in the event log on the Exchange Server. There are also no entries in the event log of the Client.  
I compared the settings on working clients with those that are not working more than 10 times. They are all identically.

The problem does not only exist with one client altogether. There are 6 or 7 Clients with this problem and approximately 15 or 18 clients which don’t have this problem.

If you need some more information, ask me!


Best Regards

Viktor

(in reply to tshinder)
Post #: 92
RE: Discussion about article on Outlook Access from Any... - 12.Dec.2006 6:37:56 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Viktor,

Most likely reason is the firewalls in front of the hosts that cannot connect are not intelligent firewalls and this don't have an RPC NAT editor or filter.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Viktor)
Post #: 93
RE: Discussion about article on Outlook Access from Any... - 5.Sep.2010 6:32:10 AM   
Dylac

 

Posts: 7
Joined: 21.May2007
Status: offline
Hello Tom,

Love Reading your articles.

I am having a problem publishing the Exchange RPC. Seems like DNS issue to me. I currently have the following set up:

Windows Server 2003 SBS (DC, Exchange 2003 only)
Windows Server 2003 Standard with ISA 2004 (Member Server)

I have a split DNS set up where my DC manages all internal DNS queries and forwards all external DNS queries to my ISP.

Domain name Set up with ISP with Host Records created.

Exchange 2003 Servername: server.chrysan.co.za A 192.168.25.1
ISA 2004 Server: ras.chrysan.co.za 192.168.25.1 (Internal Adapter)
196.211.51.186 (External Adapter)
(DNS addresses on external adapter point to 192.168.25.1)

The external host record is as folows server.chrysan.co.za A 196.211.51.186

Internal clients and External clients can resolve server.chrysan.co.za to the correct ips from their respective locations.

I have followed all instructions you said correctly. However outlook 2007 gives a error that it cannot connect to the exchange server and cannot be resolved.

Any help would be much appreciated.

Reards,
Dylan

(in reply to tshinder)
Post #: 94

Page:   <<   < prev  1 2 3 4 [5] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> RE: Discussion about article on Outlook Access from Anywhere Page: <<   < prev  1 2 3 4 [5]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts