• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of Configuring Outlook 2003 RPC over HTTP client article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> RE: Discussion of Configuring Outlook 2003 RPC over HTTP client article Page: <<   < prev  1 2 3 [4] 5   next >   >>
Message << Older Topic   Newer Topic >>
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 16.Dec.2004 12:18:00 AM   


Posts: 1
Joined: 15.Dec.2004
From: WA
Status: offline
My scenario and solution - about Creating Outlook Profile for RPC over HTTP

Hi All - I found this forum when troubleshooting my scenario. I saw the same problems as you guys did û
1) When connect from Internet to Exchange HTTP Proxy, got prompted for user credential, input password but then got the Exchange not available error message.
2) It works when connect in the Exchange hosting network, but I see also some TCP/IP connections to the directory besides the HTTPS connections to mail.

Note: You really need to input the internal FQDN of the BE Exchange server name in the Exchange Server text fields. E.g. in my scenario, DC1.Domain.Local.

My Scenario û

In my AD domain, I have 2 Domain Controllers. I installed Exchange on one of the domain controller, DC1 and the other domain controller, DC2, is a Global Catalog.

I configure an Exchange FE, just as you guys did to make it as RPC FE.

Then I got the same problem as you guys do.

Later on, when I trouble shoot another problem in the same AD domain, I found that my Global Catalog is down on DC2. Then I configure DC1 also as a Global Catalog, this not only fixed the problem that triggered me to look into the Global Catalog, it also solves the problem with the Exchange RPC access! I can successfully connect to my Exchange server with outlook and the connections are all based on HTTPS!

I also find a white paper on Microsoft technet about Exchange Server is also a Domain Controller: http://www.microsoft.com/technet/prodtechnol/Exchange/ExBPA/92e23d0b-d52c-466e-b885-0e7e812efd56.mspx

So if you still have issues with the RPC over HTTP access issues, the Global Catalog may be somewhere you want to look into. ItÆs also important to look at the [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy] keys.



(in reply to tshinder)
Post #: 61
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 21.Jan.2005 4:18:00 AM   

I was trying to automate the complete process of configuring RPC over HTTP/S preferably using C++ but could not find anything anywhere.

I was doing some search on using MAPI but could not find any documentation on how to do it for RPC over HTTP/S.


(in reply to tshinder)
  Post #: 62
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 11.Feb.2005 1:02:00 PM   
Hello everyone.
As I now has tried everything (a lot) I now has to resign. I really need some input here.
My configuration is as followed:
Single server Exchange on the inside of a firewall.
I have opened port 80, 443, 6001-6004 through the FW against the exchangeserver. The RPC over HTTP proxy is up and running on the exchangeserver.
The computer on the outside have the servername.domain.local in the hosts file and if I telnet the 600x ports the ncacn_http is answering.
The certificate for SSL is selfeissued and downloaded to the client-pc.
I can connect if I move the server out on DMZ. Then I can connect and make a local copy of the mailbox.
But when the server is back on the LAN I get several enties in the FW log with traffic on the port 135. If I open that port I get traffic on port 1047 or another high port. But I have learned that the ports should be fixed to SSL(443) and 6001-4

What can be the problem here?

Btw since everything works with the server on DMZ I do not think the problem is DNS related. The traffic is going to the right place but not on the right ports.

Luke of Norway

(in reply to tshinder)
  Post #: 63
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 12.Feb.2005 1:41:00 PM   

Now it's working.
An article at: http://www.kuhnline.com/index.php?id=51 told me the importanse of making the SSL certificate in the right way.
I followed this and everything is allright now.
I think Outlook client defaults to port 135 if there's no trust with the server.

(in reply to tshinder)
  Post #: 64
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 21.Mar.2005 11:39:00 AM   


Posts: 1
Joined: 18.Mar.2005
From: Newcastle England
Status: offline
Hi Tom,
Thanks for the articles, they have been a great help.
My situation is this::-
we have managed to configure outlook to use rpc over http internally connecting to the exchange serverk3.
However we are struggling to get this to work external clients. We are trying to set this up with only a router between the exchange server and the internet (no ISA firewall). Is this a possibility.

Any help on this would be greatly appreciated.



(in reply to tshinder)
Post #: 65
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 5.Apr.2005 4:36:00 PM   
Hi Tom,
I have the setup as follows
1)Internal DNS
2)Dc+Global Catlog server
3)ISA server 2000
4)Exchange 2k3 server

all the server are seprate server ,serveing there services individually.
we have cofigured the OWA and RPC/Http a year back but since 3 month we cant able to connect the Outlook 2003 from outside using RPC/http.

i checked all the setting it seems that every thing is perfect. all the mobile usere who used to connect our mail server are now complaining that they cant able to connect to the server and use th e outlook for the email.
but i can see that my oWA is working very and they are using now-a-days the owa.

i have checked the whole configuration seems that it is quite fine .

so could you please tell me why this is happening and how to solve this issue.

The Reg setting in the exchange server is like this

i hope u have gone through this type of issue many time and you can give the respnse very quickly.
it will be very appreacting for me ,for helping in the above matter
Thanking you

(in reply to tshinder)
  Post #: 66
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 12.Apr.2005 11:45:00 PM   


Posts: 4
Joined: 12.Apr.2005
From: Amman, Jordan
Status: offline
hello Mr. Schnider,
i have red the article(RPC over HTTP) and its very interesting, i have a simple network with one server that has: windows 2003, ISA 2000, Exchange 2003 installed.

some of the users travel a lot and have laptops, and need to be able to send and receive emails from there exchange accounts, i need a simple way to make them relay their email through the server while using outlook2003 ofcourse, i dont wana use certificates.
can you plz tell me how could i use RPC over HTTP in my case.

thank you

(in reply to tshinder)
Post #: 67
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 25.Apr.2005 1:00:00 AM   


Posts: 2
Joined: 5.Feb.2005
Status: offline
I stumbled on this thread while trying to figure out why RPC-HTTP was not working on one of the networks I administer. (Note: I inherited this network, and all it's problems.) From reading people's posts, I was able to solve half the problem and I figured out the rest so I figured I'd share what worked for me...
Our situation:
1 ISA 2000 Firewall (on w2k), 1 Stand-Alone Exchange 2003 server with RPC-HTTP "enabled" (on w2003) also acting as the only dc and gc. Outlook 2003 clients all using RPC-HTTP over the LAN but unable to use RPC-HTTP over WAN due to "crappy Microsoft software" (or so claimed the outgoing IT guy)!
First thing I did was verify that RPC-HTTP was installed and enabled on the exchange server. Then I did some testing and discovered that the LAN clients were actually connecting via unencapsulated TCP/IP*! The previous IT guy had set Outlook to use RPC-HTTP, but did not realize that in the absense of a working HTTP connection, Outlook falls back to normal RPC. Note: If your exchange connection manager claims "TCP/IP" you're using unencapsulated RPC, if it claims HTTPS then RPC-HTTP is working.
After some sluthing and reading of this, and other forums, I determined that the ValidPorts registry key for the RPC proxy was incorrect. I cheated, and copied the key value from a SBS server that I also administer, and then changed the names as appropriate. This is the key that worked for me for a stand-alone Exchange RPC-HTTP implementation:
Once I changed that, then LAN clients could connect via RCP-HTTP.
ThenI turned my attention to WAN clients. That proved to be very simple. I trouble-shot like crazy, and could not figure why it was not connecting. OWA worked, and I could access the RPC directory via the Internet. I was so frustraited, it was not even funny. Turns out I had overlooked something incredibly simple. When the previous guy had installed URLScan on the ISA server, he claimed that he had installed the OWA configuration and then modified it to allow RPC-HTTP. I had briefly scanned the ini and it looked correct. It was my bad, and I should ahve read it more closely. He had made all the appropriate changes, except one. He forgot to add RPC_OUT_DATA to the Allow Verbs. He had added RPC_IN_DATA, but apparently did not think that the RPC_OUT_DATA was important.
So yeah, what fixed it for me was getting the ValidPorts key fixed, and making sure URLScan.ini was correct.
As a thought for those of you able to connect VIA LAN but not WAN, make sure that your URLScan.ini files are correct. And not just on the firewall either. Did any of you install it on your RPC-HTTP server? There is an IIS version as well as an ISA version. If so, chack those as well.
Hope this helps someone!

* Tom, I wanted to give you a heads-up... In your great (saved my bacon a couple of times) Exchange 2003/ISA 2000 deployment kit on the page for "Connection to Exchange via RPC over HTTP through ISA Server 2000" (http://www.isaserver.org/img/upl/exchangekit/2003rpchttp/2003rpchttp.htm) you write "This is an interesting setting, as its unclear what a ôLANö protocol is in contrast to an ôHTTPö protocol. I assume it means to use unencapsulated RPC messages, but I canÆt say that for sure." when talking about configuring the client, the production version of Outlook 2003 is less confusing. Its choice is to connect via HTTP or TCP/IP, which means HTTP encapsulated RPC or straight RPC over TCP/IP. Just as an FYI, don't know if that helps at all.

(in reply to tshinder)
Post #: 68
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 25.Apr.2005 1:39:00 PM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Thanks! Exchange 2003 was in beta when that article was written. The instructions in the ISA 2004 kit are more up to date.


(in reply to tshinder)
Post #: 69
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 8.May2005 10:51:00 AM   


Posts: 4
Joined: 12.Apr.2005
From: Amman, Jordan
Status: offline

i want my users to be able to Relay mail through my server, Im trying to configure RPC over Http on a server that runs windows 2003 ISA 2000 Exchange 2003 and the AD, ALL on the same server, would it work? coz i have tried using authentication on the SMTP virtueal connector but the authentication screen kept popping up(due to the ISA), any help would be appreciated.

thank you

(in reply to tshinder)
Post #: 70
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 28.May2005 4:19:00 AM   

My name's Juanan Barcelo. Nice post about rpc issues! Obvioulsy I'm having lots of problems try to make it roll. I've got a FE - BE Exchange topology that's working properly.

But Rpc over Http Outlook clients just don't work even on LAN. I've got this in IIS log file

2005-05-28 08:19:48 172.19.xxx.xxx RPC_OUT_DATA /rpc/rpcproxy.dll "server":6004 443 - 172.19.xxx.xxx MSRPC 401 2 2148074254

On a local eventvwr mmc, I've got "outlook 19 warnings" and I think that's because of Certificate name problems. But the common name of the front end certificate is right...

Any suggestion getlemen?

(in reply to tshinder)
  Post #: 71
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 9.Jun.2005 4:06:00 AM   


Posts: 5
Joined: 17.Dec.2002
Status: offline
Originally posted by <Steen Kirkby>:
Originally posted by eegon:
Hi Everyone. I have port 135 blocked by my ISP. I have NEVER had the computer I'm setting up the Outlook profile, on the internal network. I have tried everything I can think of, and cannot get a connection using ONLY Rpc over HTTP. It does however work great from another external site that DOES have 135 open and able to resolve the internal server name. Anyway, I'm ready to try the ORK solution, but I don't understand how others have gotten this to work, and why Microsoft would design it not to connect if the machine never sees port 135. ANY help is most appreciated. It seems there must be something I'm missing as I am for certain that if 135 goes through, I can connect, using the same settings on another computer just on a different cable modem with a different ISP. I am also FOR CERTAIN that when it connects it is using HTTPS - so I know the servers are correct.

Thanks for any thoughts anyone has on the subject.

Hi everybody,

Please take note of this when connecting with a new Outlook 2003 rpc over http profile for the first time:

It is important to note that you must create the Outlook 2003 profile while the Outlook 2003 computer is on the internal network, or while the Outlook 2003 computer is on the Internet and can access the Exchange Server using RPC (TCP 135 û typically through an ISA Server 2000 secure Exchange RPC Publishing rule). You will not be able to create a new profile or change an existing profile to use RPC over HTTP if is does not have access to the Exchange Server via RPC (TCP 135).


Right, but there are people here who have found out how to bypass this?


(in reply to tshinder)
Post #: 72
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 12.Jun.2005 7:41:00 AM   


Posts: 5
Joined: 17.Dec.2002
Status: offline
Nevermind, I figured it out.

All I had to do was import the Root CA certificate from my certificate server on the internal network.

That's the only difference and the reason why it is said you have to be on the internal network and logged in to the domain for the initial profile creation, because when you're authenticated with AD it automatically imports the Root CA certificate from your domain's CA to your computer account.

No messing around with the hosts file necessary or anything.

(in reply to tshinder)
Post #: 73
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 13.Aug.2005 4:37:00 PM   


Posts: 3
Joined: 13.Aug.2005
From: Perth, Western Australia
Status: offline
Hmm - I have recently done a server rebuild due to problems after changing isp's (the external adapter doesn't like being changed with ISA 2000)

I am having some similar problems with RPC over HTTP now that I have ISA2004 installed.

Unfortunately budgetry requirements enable me to have only one SBS2003 premium server to do everything (ISA, IIS, Exchange etc...)

I have previously had OWA and RPC over HTTP working in this single server environment (with ISA 2000) by following the relevent documents found on the web....

I have had major problems getting OWA to work but have found a work around by tunneling SSL requests through to IIS (where they are authenticated) I realised bridging is better but I can't work out a way to publish a cert to both IIS and ISA on the same server

Anyway OWA is working and RPC behaves correctly when tested via a webpage (ie enter username/password three times and get appropriate error) Outlook client has same settings and cert has been imported into trusted on client pc.

Outlook accepts username/password but will not connect outlook to exchange. Naturally it works fine if I connect to my VPN

If I put a different Domain/Password - outlook comes back and asks again so I can assume its authenticating.... Any clues anyone?

(in reply to tshinder)
Post #: 74
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 8.Sep.2005 10:18:00 PM   
I got it! Who ever posted the reg info was right. It looks like it is set to be internal access only by default.

Mod key @ [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
Key = [ValidPorts]

OLD Value:


(in reply to tshinder)
  Post #: 75
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 13.Sep.2005 9:31:00 AM   
It's not possible to have Outlook 2003 loaded on a Windows 2000 machine and have RPC over HTTP work, is it? From what I can tell, the "Exchange over the Internet" area on the Connection tab doesn't even show up on 2K machines...

(in reply to tshinder)
  Post #: 76
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 17.Mar.2006 7:35:58 PM   


Posts: 1
Joined: 17.Mar.2006
Status: offline
Wonderful solution!  You enabled me to setup users at a remote location without opening port 135.  Thanks,

(in reply to eakthecat)
Post #: 77
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 31.Mar.2006 2:56:02 PM   


Posts: 1
Joined: 29.Dec.2003
From: Ahmedabad
Status: offline
Dear All, Still i am not able to configure RPC over HTTP, i have chekced with netstat, it's start connecting with https and them 135. it may be server side configuration problem or at client side. how can i force to connect through only https

My configuration,

Only one single machine with DC, First machine in forest no any other DC's, Exchange server, IIS with OWA, not FE/BE configuration, no any ISA configuration, Two LAN card, one with local ip and one with public ip,
computername is mail and domain name is clarispartners.com, and this is also my public domain name so there is no DNS problem
installed trial certificate taken from verisign on same machine
installed RPC over HTTP component on same machine from add/remove windows component,
configured as RPC-HTTP back-end server on RPC-HTTP tab of exchange servername propery in exchage system manager

Please help me to avoid the use of 135.

Thanks in advance

(in reply to dbeutler)
Post #: 78
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 22.May2006 8:24:45 AM   


Posts: 2
Joined: 17.May2006
Status: offline
I am an Outlook 2003 user and would immensely benefit if I could get the RPC over HTTP feature to work.
During the course of my daily work we frequently connect to our client’s network over VPN.
But then we are disconnected from servers on the local LAN (which includes our Exchange server)
            In these cases we currently use Outlook Web Access and read/ reply-to emails via the browser interface.
            (Which works differently between IE and FireFox)
                        In my company OWA is accessible from inside and outside the firewall in 2 different ways:
                                https://mschicxchub1 where mschicxchub1 is the name of the exchange server specified in the Outlook settings
                                    (eg; https://chicagowebaccess.microsoft.com/exchange
Following instructions in your article;
            I tried to configure my client to use RPC over HTTP and in the “exchange proxy server settings” my administrator told me to use the value used for OWA. But it refuses something like chicagowebaccess.company.com/exchange but acepts chicagowebaccess.company.com with “NTLM authentication”
But later when sending emails/ synchronizing, outlook reports timeout problems on the RPC over HTTP channel.
Could you enlighten me on where Ms Outlook stores the configuration values, (registry keys or …)?
Maybe I can manually tweak them.
Is OWA and RPC very different when it comes to the FQDN you mention in your article.
PS: The about box of my cleint shows Ms Office Outlook@2003 (11.6359.6360) SP1

(in reply to tshinder)
Post #: 79
RE: Discussion of Configuring Outlook 2003 RPC over HTT... - 16.Jun.2006 1:29:00 PM   


Posts: 1
Joined: 16.Jun.2006
Status: offline

I' have some troubles getting an RPC over HTTPS setup running while using a reverse proxy.
I started with this setup which works fine :

client on internet ---> firewall/router ---> exchange (sbs) on lan

The firewall /router performs a portforwarding for 443 to the exchange server.
An HTTPS session is user between client and firewall/router, an HTTP session is used between router and exchange. The authentication is set to basic authentication at client side.
configured name of exchange server in client w2003sbs.domain.local. Configured url for RPC is https://w2003sbs.domain.be

This setup works fine (owa + activesync + rpc works fine)

However, now I activate an apache reverse proxy on the firewall/router and deactivate the port forwarding. (ssl ofloading is configured on the exchange)

Normal owa and active sync keeps working, RPC over HTTPS however doesn't, i.e. after a while (5 or 10 minutes) I get an HTTPS connected on the client and a synchronisation is very slowly done (the original setup did this very fast).
While inspecting dumps of the traffic between the router and the exchange, following errors show up :

HTTP/1.0 503 RPC Error: c0021012
HTTP/1.1 504 Proxy Timeout ( This operation returned because the timeout period expired. )
HTTP/1.1 500 ( The specified network name is no longer available. )
MAPi Unknown?! requests

Split dns was setup correctly : owa.domain.be resolves externally to the IP of the router/firewall and internal to the exchange.
The apache reverse proxy does some rewrites and has the ProxyPreserveHost on. However removing these things doesn't solve the problem (simple rewrite URl without modifying hust header)

I even tried setting the DNS cache server over the firewall/router to the DNS of the exchange (sbs) server, no changes.

Has annyone seen/solved this problem ? Apparantly after waiting a long time the connection succeeds and the mailbox is synched. However this isn't really a solution.

kind regards

(in reply to jnsunkersett)
Post #: 80

Page:   <<   < prev  1 2 3 [4] 5   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> RE: Discussion of Configuring Outlook 2003 RPC over HTTP client article Page: <<   < prev  1 2 3 [4] 5   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts