• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of Configuring Outlook 2003 RPC over HTTP client article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> RE: Discussion of Configuring Outlook 2003 RPC over HTTP client article Page: <<   < prev  1 2 [3] 4 5   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 7.May2004 3:55:00 PM   
matthew_nixon

 

Posts: 3
Joined: 6.May2004
Status: offline
I am having a problem logging in over HTTP. It does not work. Unless I turn of URL scan on ISA. When URL Scan is turned off it will login in but takes about a minute over a high speed connection and about 2 and a half over a low speed connection. The error I am recieving in the URL Scan log is as follows:

Client at "ip addr I'm conn. from": Content-Length 1073741824 exceeded maximum allowed. Request will be rejected. Site Instance='*****', Raw URL='/rpc/rpcproxy.dll'

Setup is as follows: ISA server, Front end exchange, backend exchange servers, and Seperate global catalog server.

Any help would be greatly appreciated

(in reply to tshinder)
Post #: 41
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 8.May2004 4:31:00 PM   
Chester441

 

Posts: 1
Joined: 8.May2004
From: Seattle, WA
Status: offline
Okay, so I'm confused...

Tom, the articles have been loads of help. I've been able to connect to Exchange 2003 when I'm on the client's LAN. However, the domain name used for the Exchange Server is only locally resolvable (i.e. server.domain.local).

There is only the SBS 2003 with ISA 2003 services sitting directly on an internet connection. No other appliance or router sits in between.

From my remote location, I'm able to configure RPC over HTTP, and test the RPC connection successfully using the IP address of the server.

But, I'm confused when I try to connect to the Exchange Server. I can't use the local address because that can't resolve (unless perhaps I create some sort of hosts file???). If I try the WAN IP of the server, that doesn't work either. I'm really not sure what the exchange address of the SBS 2003 is? How does one set this or determine this? How come the IP address isn't enough?

Any help would be greatly, greatly appreciated. I'm trying to get my client's laptop set up by the end of this weekend...

Thanks!

Glen

(in reply to tshinder)
Post #: 42
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 9.May2004 8:32:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Glen,

Exactly! This is why a split DNS is absolutely, postiively CRITICAL to making this solution work. Once I get some time, I'll do another series of articles on split DNS. Note that you need TWO DNS servers for the split DNS to work. One for your remote access clients, and one for the Internal network clients. The external DNS zone can be hosted by your ISP if you don't want to host it yourself.

Without a split DNS, RPC over HTTP just won't work right.

HTH,
Tom

(in reply to tshinder)
Post #: 43
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 10.May2004 2:31:00 PM   
Guest
I've got the solution for 25$ if you want [Wink] . We had the same problem and we resolve it. t was dues to the ssl certificate which was not accepted by outlook. So we set up the certificate and it's works fine with a linux proxy [Wink]

(in reply to tshinder)
  Post #: 44
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 10.May2004 3:59:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Flo,

Two problems with that solution:

1. Linux proxy can not do SSL to SSL bridging = poor security

2. Linux proxy doesn't fix the split DNS issue, which the primary problem.

HTH,
Tom

[ May 10, 2004, 04:00 PM: Message edited by: tshinder ]

(in reply to tshinder)
Post #: 45
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 10.May2004 4:02:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by matt173:
I am having a problem logging in over HTTP. It does not work. Unless I turn of URL scan on ISA. When URL Scan is turned off it will login in but takes about a minute over a high speed connection and about 2 and a half over a low speed connection. The error I am recieving in the URL Scan log is as follows:

Client at "ip addr I'm conn. from": Content-Length 1073741824 exceeded maximum allowed. Request will be rejected. Site Instance='*****', Raw URL='/rpc/rpcproxy.dll'

Setup is as follows: ISA server, Front end exchange, backend exchange servers, and Seperate global catalog server.

Any help would be greatly appreciated

Make sure to check out the RPC over HTTP doc in the ISA 2004/Exchange Deployment Kit. I cover the URLScan issues and provide the correct configuration requirements. Make sure you via the article online, as I had to disable the downloads for bandwidth cost reasons [Frown]

HTH,
Tom

(in reply to tshinder)
Post #: 46
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 10.May2004 4:05:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Maunder:
Hi guys,

I am fighting this issue right now. Tom's right in that I can get rpc over http to work IF I connect the client to the LAN & configure Outlook. Then, I can dial up & rpc over http works.

What doesnt work for me is the following; I have an employee located in the UK (I am in Australia). She can run Outlook 2003 fine if VPN'ed in. So, I got her to make the Outlook rpc over http changes while VPN'ed. (to simulate being connected to the LAN).

But then when she disconnects from the LAN & runs Outlook over the dialup &/or broadband, rpc over http doesnt work!

She gets the authentication box but after entering her a/c & p/w she keeps seeing the "cant connect to exchange server" message. She clicks Retry but it immediately reappears & no matter how many times she clicks Retry, it just reappears immediately (as if it has no affect at all).

Any thoughts/feedback would be welcome. Its pretty difficult to tell her to fly home so I can connect her to the LAN for 30 secs:)

Tom, I thought that you had solved the problem & you referred to your article of 'today' being 7th Feb but I couldnt find it. Can you point me to this please?

Hi Maunder,

This is a split DNS issue; the Outlook RPC over HTTP client must be able to resolve both the FQDN of the RPC over HTTP Proxy machine AND the FQDN of the Exchange Server to the external IP address on the ISA 2000 firewall.

A split DNS is the way, the truth and the light to any and all remote access solutions.

HTH,
Tom

(in reply to tshinder)
Post #: 47
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 12.May2004 2:00:00 PM   
Guest
I have been following the discussions on configuring Outlook2003 (outside the firewall) to work with RPC/HTTP-proxy. But still haven't been able to get this to work in my setup.

Assuming a Firewall (FW.company.com), an internal Front-end exchange server (FE.company.com) running the RPC/HTTP proxy and a back-end exchange server (BE.company.com).

- It appears that one needs to configure a split
dns configuration such that FE.company.com,
BE.company.com & FW.company.com resolve
to the same public address from outside.

My questions:

While creating a new outlook2003 profile what should I enter as the exchange server (FW.company.com or FE.company.com or BE.company.com)?? And, what should I enter as the RPC proxy server (FE.company.com)??

How do these names relate to the server to which SSL certificate is issued? (In my configuration, the SSL cert is issued to the front-end exchange server FE.company.com)

Further, what set of ports need to be specified in the Rpcproxy ValidKey registry seting? Depending on the article I read, there is a slightly different answer.

Any help will be greatly appreciated.

Regards,

Sam

(in reply to tshinder)
  Post #: 48
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 13.May2004 12:12:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Sam,

Inline...

While creating a new outlook2003 profile what should I enter as the exchange server (FW.company.com or FE.company.com or BE.company.com)?? And, what should I enter as the RPC proxy server (FE.company.com)??
-->IP address of the Web Proxy listener used in the Web Publishing Rule for the RPC proxy address. For the Exchange Server name, the actual FQDN of the Exchange Server. Both must be resolvable to the external interface of the ISA firewall.

How do these names relate to the server to which SSL certificate is issued? (In my configuration, the SSL cert is issued to the front-end exchange server FE.company.com)
-->SSL certificate applies to the public name used to access the RPC over HTTP site.

Further, what set of ports need to be specified in the Rpcproxy ValidKey registry seting? Depending on the article I read, there is a slightly different answer
-->I know mine work and I've demonstrated it online with screen shots showing it working (plus I used it in production sites). However, other ports may works too; not saying there's only one way to do it [Big Grin]

HTH<
Tom

(in reply to tshinder)
Post #: 49
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 13.May2004 8:58:00 PM   
matthew_nixon

 

Posts: 3
Joined: 6.May2004
Status: offline
Tom,

Apperantly I cant read so well. Thanks for pointing that bit of the article out to me.

After messing around with the ports for a while (following your configuration not MS's) I am able to get the login time down to about 10 sec. over a high speed connection and 30 sec. over dial up. Is that normal? Also if I start Outlook with the \rpcdiag switch it shows one failure in the "req\fail" column on the directory server. Is that normal - I am thinking that if found out what that error was I would be able to log in faster.

As a side note RPCPing works fine however on a high speed connection I am getting response times of somewhere between 1000 - 1600 ms on all ports.

Thanks for the help again.
Matthew

(in reply to tshinder)
Post #: 50
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 16.May2004 9:17:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Matthew,

No problem! I typically see a few dropped connections before the entire process is complete. Modem connections are always going to be slower, so that doesn't seem out of line.

Good to hear you got it working and thanks for the follow up!

Tom

(in reply to tshinder)
Post #: 51
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 24.May2004 10:55:00 PM   
Guest
I am running Exchange 2003 as a single server on a Windows 2003 Server that has a copy of the global catalog. I have this setup with RPC over HTTPS working fine in the lab. I cannot get it to work in production. The difference between the lab and production is that in production there are two more global catalog servers running Windows 2000. My question is... because I am running a single Exchange 2003 Server (Not front-end back-end) on a Windows 2003 Server with global catalog should this not work or do ALL catalog servers need to be 2003?

Thanks,

Tim

(in reply to tshinder)
  Post #: 52
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 26.May2004 11:23:00 AM   
Guest
quote:
Originally posted by eegon:
Hi Everyone. I have port 135 blocked by my ISP. I have NEVER had the computer I'm setting up the Outlook profile, on the internal network. I have tried everything I can think of, and cannot get a connection using ONLY Rpc over HTTP. It does however work great from another external site that DOES have 135 open and able to resolve the internal server name. Anyway, I'm ready to try the ORK solution, but I don't understand how others have gotten this to work, and why Microsoft would design it not to connect if the machine never sees port 135. ANY help is most appreciated. It seems there must be something I'm missing as I am for certain that if 135 goes through, I can connect, using the same settings on another computer just on a different cable modem with a different ISP. I am also FOR CERTAIN that when it connects it is using HTTPS - so I know the servers are correct.

Thanks for any thoughts anyone has on the subject.

Hi everybody,

Please take note of this when connecting with a new Outlook 2003 rpc over http profile for the first time:

It is important to note that you must create the Outlook 2003 profile while the Outlook 2003 computer is on the internal network, or while the Outlook 2003 computer is on the Internet and can access the Exchange Server using RPC (TCP 135 typically through an ISA Server 2000 secure Exchange RPC Publishing rule). You will not be able to create a new profile or change an existing profile to use RPC over HTTP if is does not have access to the Exchange Server via RPC (TCP 135).

http://www.msexchange.org/tutorials/outlookrpchttp.html

(in reply to tshinder)
  Post #: 53
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 26.May2004 11:26:00 AM   
Guest
After connecting with your new Outlook 2003 profile you can connect from everywhere using only HTTPS (TCP port 443). No other ports needed.

If somebody knows how to get rid of the "first time connecting" issue - please post a reply to this board

(in reply to tshinder)
  Post #: 54
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 13.Jul.2004 1:47:00 AM   
Guest
I think this RPC over HTTP is probably the most undocumented, buggiest thing microsoft came out with yet.

I still cannot get mine working. I point to our FE server and cannot connect. Any ideas?

I have followed the documentation here, and on Microsoft which none helps.

Thanks
Mike

(in reply to tshinder)
  Post #: 55
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 13.Jul.2004 2:07:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by <Tim>:
I am running Exchange 2003 as a single server on a Windows 2003 Server that has a copy of the global catalog. I have this setup with RPC over HTTPS working fine in the lab. I cannot get it to work in production. The difference between the lab and production is that in production there are two more global catalog servers running Windows 2000. My question is... because I am running a single Exchange 2003 Server (Not front-end back-end) on a Windows 2003 Server with global catalog should this not work or do ALL catalog servers need to be 2003?

Thanks,

Tim

Hi Tim,

ALL machines must be Win2003 -- all GCs, DCs and RPC over HTTP proxies must be Win2003. The ISA firewall however does not need to be Win2003.

HTH,
Tom

(in reply to tshinder)
Post #: 56
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 29.Aug.2004 10:37:00 PM   
mmancini

 

Posts: 7
Joined: 29.Aug.2004
From: Acworth, GA
Status: offline
I think the problem some people are having (or maybe just me!) is this. SBS2003 and the AD name is domain.local but the domain is domain.com. External dns points to server.domain.com and the FQDN of AD is server.domain.local. I install the cert but if I got to https://remote.domain.com/rpc I get the cert prompt which I KNOW i shouldn't! Since the cert and the public FQDN are different the cert is having an issue.

I have also seen conflicting info on the Exchange server name being the AD or the FQDN.

HELP?

(in reply to tshinder)
Post #: 57
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 6.Sep.2004 2:21:00 PM   
Guest
I am having a lot of the same problems with the internal vs. external dns names. Can someone tell us more about the split DNS?? I have a single server config also.

Is ANYONE having luck with the single server config??

(in reply to tshinder)
  Post #: 58
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 15.Sep.2004 3:39:00 AM   
matthew_nixon

 

Posts: 3
Joined: 6.May2004
Status: offline
Hello Tom,

I have a client that has to connect through a squid proxy running on Linux. Unfortunatly he is not able to connect, are you aware of any special configuration on the outlook client to connect to the rpc proxy server through a regular proxy server?

Thanks for the help
Matthew

(in reply to tshinder)
Post #: 59
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 29.Sep.2004 1:35:00 PM   
Guest
Is it possible to run the rpc over https on a nondefault port (other port than 443)?

Sren Knudsen

(in reply to tshinder)
  Post #: 60

Page:   <<   < prev  1 2 [3] 4 5   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> RE: Discussion of Configuring Outlook 2003 RPC over HTTP client article Page: <<   < prev  1 2 [3] 4 5   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts