Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange via VPN

Status
Not open for further replies.

JeffITman

IS-IT--Management
Nov 20, 2005
164
US
Hey Guys...

I am opening a new office and will be working out of that office. I'm trying to connect a new computer to my exchange account/server via VPN and it's giving me an error of:

"Cannot open your default e-mail folders. You must connect to Exchange with the current profile before you can synchronize your folders with you offline folder file"

When connecting to my other office via VPN when i type in my server name and my name it populates correctly. It's currently a software VPN as I'm awaiting my router to do a site-to-site VPN.

Any thoughts?
 
I can not ping by name. I had to close all ports on my firewall except for port 25 and 80 due to a huge spamming issue. I did not open 53 back up... do you think that could be the problem?

I worked and just recently in the past 2 months has decided to stop working.
 
Well, closing all ports to combat spam, but leaving 25 open really isn't going to help much. You should limit port 25 traffic to/from your Exchange box only. That will greatly help.

If you can't resolve the name of your Exchange server, you can't expect Outlook to be able to connect to it. You'll need the RPC ports open as well, unless you're trying to connect to Exchange via RPC over HTTPS

Pat Richard
Microsoft Exchange MVP
 
Don't open port 53.

Skip Exchange via VPN - you'd not need to open ports there anyway as it is a VPN!! - use RPC over HTTPs instead. Much safer and simpler.
 
I know I know... but here's the deal Zel.. I'm setting up a new exchange server at my new office and I don't want to put any more work in to the server at my other office. Unfortunately, my fiber Internet won't be in for another 15 days and I'm currently borrowing a t-1 from the building. Once I have my new server online, I am planning on doing RPC over HTTPs for the other office but I need something for the time being.

I got it to work last night. Not really sure how. I wasn't able to ping my server by name so I opened up port 1723, 389 and 139 and now it's working like a champ!
 
With a VPN you shouldn't need to open additional ports on a firewall.

Sounds like you are opening yourself up to attack.

And saying that RPC is additional makes it sound like more than a radio button selection.
 
ok, and a tick in add/remove too. But not rocket science for sure.
 
Is there any way to set it up without a Cert? Just RPC over HTTP?
 
Yeah - in add/remove you've got a tick box for RPC over HTTP or RPC proxy, can't recall.
Then in ESM you change the radio button from "I'm not an RPX proxy".
Then on the client, you go to Outlook Web Access FIRST and see the "This web site can't be trusted" and view the cert and install it to the trusted root physical store.
Then configure Outlook on the client as per which explains things in greater detail.
 
Zel - When I go to ESM and press the RPC-HTTP tab, the only 2 radios available "Not part of an Exchange managed RPC-HTTP topology" and " RPC-HTTP back-end server"

The RPC-HTTP front-end server is grayed out. FYI.. I'm using only one server for exchange.

I do not see the radio for "I'm not an RPC Proxy
 
Zel - When I press the Exchange Back-End button, this is the error I get:

There is no RPC-HTTP front-end in your Exchange organization.

There must be at least one RPC-HTTP front-end server in the organization before the RPC-HTTP back-end server can be accessed.

Is it required to have 2 exchange servers running to get RPC over HTTP working?
 
So I clicked OK and Then Apply and this is what it brought up. I am leaving this up and not pressing OK.

"Server(s) GA-EXCH-01 do(es) not have the correct ports configured for services being used by RPC-HTTP. To continue you must configure these ports.

If you want these ports configured automatically, click OK. The server will need to be rebooted to make the new port settings effective.

If you do not want the ports changed at this time, click Cancel. The server will not be configured as an Exchange managed RPC-HTTP back-end server."


What ports is trying to be opened? Should I just click OK, and let MS do what it's trying to do?

Thanks for your help.

P.S. Do I need to open any other ports on my router other than 80 and 25?
 
Have you installed the RPC proxy service in add/remove?
It should allow you to select front end (my mistake!) and stop that error showing or at least simplify things.

You only need ports 80 and 25 open - RPC over HTTP only uses port 80.
 
Yes. I have installed those services. Just in case I went and looked again and the box is check for the RPC Proxy.
 
Hmm. Odd. Now I'm not sure - by all means click OK to continue and see what happens :)
 
I'll have to do it tonight. You do not think that this could possibly mess anything up, do you? That's my only concern. I do trust you as you've given me nothing but great advice throughout the last 3 years with Exchange.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top