I am having a problem logging in over HTTP. It does not work. Unless I turn of URL scan on ISA. When URL Scan is turned off it will login in but takes about a minute over a high speed connection and about 2 and a half over a low speed connection. The error I am recieving in the URL Scan log is as follows:
Client at "ip addr I'm conn. from": Content-Length 1073741824 exceeded maximum allowed. Request will be rejected. Site Instance='*****', Raw URL='/rpc/rpcproxy.dll'
Setup is as follows: ISA server, Front end exchange, backend exchange servers, and Seperate global catalog server.
Posts: 1
Joined: 8.May2004
From: Seattle, WA
Status: offline
Okay, so I'm confused...
Tom, the articles have been loads of help. I've been able to connect to Exchange 2003 when I'm on the client's LAN. However, the domain name used for the Exchange Server is only locally resolvable (i.e. server.domain.local).
There is only the SBS 2003 with ISA 2003 services sitting directly on an internet connection. No other appliance or router sits in between.
From my remote location, I'm able to configure RPC over HTTP, and test the RPC connection successfully using the IP address of the server.
But, I'm confused when I try to connect to the Exchange Server. I can't use the local address because that can't resolve (unless perhaps I create some sort of hosts file???). If I try the WAN IP of the server, that doesn't work either. I'm really not sure what the exchange address of the SBS 2003 is? How does one set this or determine this? How come the IP address isn't enough?
Any help would be greatly, greatly appreciated. I'm trying to get my client's laptop set up by the end of this weekend...
Exactly! This is why a split DNS is absolutely, postiively CRITICAL to making this solution work. Once I get some time, I'll do another series of articles on split DNS. Note that you need TWO DNS servers for the split DNS to work. One for your remote access clients, and one for the Internal network clients. The external DNS zone can be hosted by your ISP if you don't want to host it yourself.
Without a split DNS, RPC over HTTP just won't work right.
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 10.May2004 2:31:00 PM
Guest
I've got the solution for 25$ if you want . We had the same problem and we resolve it. t was dues to the ssl certificate which was not accepted by outlook. So we set up the certificate and it's works fine with a linux proxy
quote:Originally posted by matt173: I am having a problem logging in over HTTP. It does not work. Unless I turn of URL scan on ISA. When URL Scan is turned off it will login in but takes about a minute over a high speed connection and about 2 and a half over a low speed connection. The error I am recieving in the URL Scan log is as follows:
Client at "ip addr I'm conn. from": Content-Length 1073741824 exceeded maximum allowed. Request will be rejected. Site Instance='*****', Raw URL='/rpc/rpcproxy.dll'
Setup is as follows: ISA server, Front end exchange, backend exchange servers, and Seperate global catalog server.
Any help would be greatly appreciated
Make sure to check out the RPC over HTTP doc in the ISA 2004/Exchange Deployment Kit. I cover the URLScan issues and provide the correct configuration requirements. Make sure you via the article online, as I had to disable the downloads for bandwidth cost reasons
I am fighting this issue right now. Tom's right in that I can get rpc over http to work IF I connect the client to the LAN & configure Outlook. Then, I can dial up & rpc over http works.
What doesnt work for me is the following; I have an employee located in the UK (I am in Australia). She can run Outlook 2003 fine if VPN'ed in. So, I got her to make the Outlook rpc over http changes while VPN'ed. (to simulate being connected to the LAN).
But then when she disconnects from the LAN & runs Outlook over the dialup &/or broadband, rpc over http doesnt work!
She gets the authentication box but after entering her a/c & p/w she keeps seeing the "cant connect to exchange server" message. She clicks Retry but it immediately reappears & no matter how many times she clicks Retry, it just reappears immediately (as if it has no affect at all).
Any thoughts/feedback would be welcome. Its pretty difficult to tell her to fly home so I can connect her to the LAN for 30 secs:)
Tom, I thought that you had solved the problem & you referred to your article of 'today' being 7th Feb but I couldnt find it. Can you point me to this please?
Hi Maunder,
This is a split DNS issue; the Outlook RPC over HTTP client must be able to resolve both the FQDN of the RPC over HTTP Proxy machine AND the FQDN of the Exchange Server to the external IP address on the ISA 2000 firewall.
A split DNS is the way, the truth and the light to any and all remote access solutions.
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 12.May2004 2:00:00 PM
Guest
I have been following the discussions on configuring Outlook2003 (outside the firewall) to work with RPC/HTTP-proxy. But still haven't been able to get this to work in my setup.
Assuming a Firewall (FW.company.com), an internal Front-end exchange server (FE.company.com) running the RPC/HTTP proxy and a back-end exchange server (BE.company.com).
- It appears that one needs to configure a split dns configuration such that FE.company.com, BE.company.com & FW.company.com resolve to the same public address from outside.
My questions:
While creating a new outlook2003 profile what should I enter as the exchange server (FW.company.com or FE.company.com or BE.company.com)?? And, what should I enter as the RPC proxy server (FE.company.com)??
How do these names relate to the server to which SSL certificate is issued? (In my configuration, the SSL cert is issued to the front-end exchange server FE.company.com)
Further, what set of ports need to be specified in the Rpcproxy ValidKey registry seting? Depending on the article I read, there is a slightly different answer.
While creating a new outlook2003 profile what should I enter as the exchange server (FW.company.com or FE.company.com or BE.company.com)?? And, what should I enter as the RPC proxy server (FE.company.com)?? -->IP address of the Web Proxy listener used in the Web Publishing Rule for the RPC proxy address. For the Exchange Server name, the actual FQDN of the Exchange Server. Both must be resolvable to the external interface of the ISA firewall.
How do these names relate to the server to which SSL certificate is issued? (In my configuration, the SSL cert is issued to the front-end exchange server FE.company.com) -->SSL certificate applies to the public name used to access the RPC over HTTP site.
Further, what set of ports need to be specified in the Rpcproxy ValidKey registry seting? Depending on the article I read, there is a slightly different answer -->I know mine work and I've demonstrated it online with screen shots showing it working (plus I used it in production sites). However, other ports may works too; not saying there's only one way to do it
Apperantly I cant read so well. Thanks for pointing that bit of the article out to me.
After messing around with the ports for a while (following your configuration not MS's) I am able to get the login time down to about 10 sec. over a high speed connection and 30 sec. over dial up. Is that normal? Also if I start Outlook with the \rpcdiag switch it shows one failure in the "req\fail" column on the directory server. Is that normal - I am thinking that if found out what that error was I would be able to log in faster.
As a side note RPCPing works fine however on a high speed connection I am getting response times of somewhere between 1000 - 1600 ms on all ports.
No problem! I typically see a few dropped connections before the entire process is complete. Modem connections are always going to be slower, so that doesn't seem out of line.
Good to hear you got it working and thanks for the follow up!
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 24.May2004 10:55:00 PM
Guest
I am running Exchange 2003 as a single server on a Windows 2003 Server that has a copy of the global catalog. I have this setup with RPC over HTTPS working fine in the lab. I cannot get it to work in production. The difference between the lab and production is that in production there are two more global catalog servers running Windows 2000. My question is... because I am running a single Exchange 2003 Server (Not front-end back-end) on a Windows 2003 Server with global catalog should this not work or do ALL catalog servers need to be 2003?
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 26.May2004 11:23:00 AM
Guest
quote:Originally posted by eegon: Hi Everyone. I have port 135 blocked by my ISP. I have NEVER had the computer I'm setting up the Outlook profile, on the internal network. I have tried everything I can think of, and cannot get a connection using ONLY Rpc over HTTP. It does however work great from another external site that DOES have 135 open and able to resolve the internal server name. Anyway, I'm ready to try the ORK solution, but I don't understand how others have gotten this to work, and why Microsoft would design it not to connect if the machine never sees port 135. ANY help is most appreciated. It seems there must be something I'm missing as I am for certain that if 135 goes through, I can connect, using the same settings on another computer just on a different cable modem with a different ISP. I am also FOR CERTAIN that when it connects it is using HTTPS - so I know the servers are correct.
Thanks for any thoughts anyone has on the subject.
Hi everybody,
Please take note of this when connecting with a new Outlook 2003 rpc over http profile for the first time:
It is important to note that you must create the Outlook 2003 profile while the Outlook 2003 computer is on the internal network, or while the Outlook 2003 computer is on the Internet and can access the Exchange Server using RPC (TCP 135 û typically through an ISA Server 2000 secure Exchange RPC Publishing rule). You will not be able to create a new profile or change an existing profile to use RPC over HTTP if is does not have access to the Exchange Server via RPC (TCP 135).
quote:Originally posted by <Tim>: I am running Exchange 2003 as a single server on a Windows 2003 Server that has a copy of the global catalog. I have this setup with RPC over HTTPS working fine in the lab. I cannot get it to work in production. The difference between the lab and production is that in production there are two more global catalog servers running Windows 2000. My question is... because I am running a single Exchange 2003 Server (Not front-end back-end) on a Windows 2003 Server with global catalog should this not work or do ALL catalog servers need to be 2003?
Thanks,
Tim
Hi Tim,
ALL machines must be Win2003 -- all GCs, DCs and RPC over HTTP proxies must be Win2003. The ISA firewall however does not need to be Win2003.
Posts: 7
Joined: 29.Aug.2004
From: Acworth, GA
Status: offline
I think the problem some people are having (or maybe just me!) is this. SBS2003 and the AD name is domain.local but the domain is domain.com. External dns points to server.domain.com and the FQDN of AD is server.domain.local. I install the cert but if I got to https://remote.domain.com/rpc I get the cert prompt which I KNOW i shouldn't! Since the cert and the public FQDN are different the cert is having an issue.
I have also seen conflicting info on the Exchange server name being the AD or the FQDN.
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 6.Sep.2004 2:21:00 PM
Guest
I am having a lot of the same problems with the internal vs. external dns names. Can someone tell us more about the split DNS?? I have a single server config also.
Is ANYONE having luck with the single server config??
I have a client that has to connect through a squid proxy running on Linux. Unfortunatly he is not able to connect, are you aware of any special configuration on the outlook client to connect to the rpc proxy server through a regular proxy server?