Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

rpc over https front end back end

Status
Not open for further replies.

johncan20

IS-IT--Management
Sep 1, 2004
132
GB
hi,

i want to set up roc over https with a front end owa server on the DMZ and exchnage backend, i am not using ISA server. can find lots on how to do this with 1 server but not this front end/back end config.

any ideas?

thanks

John
 
this is the MS RPC over Http deployment guide
This covers all supported scenrios. You can have your OWA server in your DMZ but with 2003 its recommended that it be installed in the LAN install a SSL and then only have port 443 open to the from the dmz. When your OWA is in your DMZ there is as you know a load of ports that end to be only. Anyway back to you RPC Q.. download this guide and run the exe. this will extract the documentation on RPC and includes all of the setting to the ISA, Exchange and DC servers that you need to make.

good luck
 
thanks i have done this to stage. I tested remotely but didnt work - could not connect. Tried on the LAN but it just uses TCP/IP. What ports do i need to have open on the DMZ?

John
 
Also, one thing that seems to elude most people is that all of your Global catalog servers need to be Windows 2003.

Each GC needs to have RPC over http installed. And you need to make a registry change on each GC. Have you done that?

I hope you find this post helpful.

Regards,

Mark
 
All of the settings for RPC which includes the GC RPC/http settings are in the doc that asktheman gave the link for. Make sure that you ISA is configured correctly, depending on your scenrio
 
thanksi have it working now - needed top open the ports in from the RPC proxy to exchange across the DMZ - 6001 to 6004.

can anyone tell me why it is recomended to use it over ISA rather than my set up in a DMZ? what role would ISA play? does it work as a DMZ? i have ISA 2000 installed but only use it for outbound traffic - just proxy really - and keeping the real firewall stuff for a hardware firewall - stonegate.

thanks

John
 
Zelandakh, are you referring to Exchange SP1 or Windows 2003 SP1? Do you have any supporting docs that it is no longer needed, I would like to read up on it. Thanks.

I hope you find this post helpful.

Regards,

Mark
 
Zelandakh,
Looking at the doc you linked to I see nothing contrary to what I posted. In fact it specifically says:
Step 4: (Optional) Setting the NTDS Port for Global Catalog Servers Acting as Exchange 2003 Back-End Servers
If you are using your global catalog servers as Exchange back-end mailbox servers that are contacted by clients using RPC over HTTP, you will need to modify the registry setting on these servers. This step is also required if you are using a single Exchange server installation.
Warning Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.
To configure the global catalog server acting as an Exchange back-end server to use a specified port for RPC over HTTP
1. On the RPC proxy server, start Registry Editor (regedit).
2. In the console tree, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\
Parameters
3. Click Edit, click New, and then select Multi String value.
4. Create a multi-string value with the name NSPI interface protocol sequences.
5. Right-click the NSPI interface protocol sequences multi-string value and then select Modify.
6. In the Value data field, enter ncacn_http:6004.
7. In Registry Editor, click File, and then select Exit to save your settings.
8. You must now restart your server for the settings to be applied.

Am I missing something here? You still need to modify the registry of the GCs like I posted above.

I hope you find this post helpful.

Regards,

Mark
 
Yeah I know - the thing is that I wrote it prior to SP1 and then only partially updated it :)

So whilst it shows vaguely how to do it, it is half SP0 and half SP1!

I really must get around to rewriting it fully. Sorry if it has confused you, but I'm sure that SP1 adds in the extra options for you and that you don't need to edit the reg any more, but I left it in the notes as I have not tested a standard SP1 box for a while.
 
The thing is that you are talking about Exchange SP1 which would not touch the Global Catalogs unless of course you have loaded the Exchange Tools on there in which case you would then also load the service pack on the GC. Otherwise the registry settings would still need to be made manually.

So, by your comments above are you saying that you are the author of this document? Do you work for MS or are you a contractor? I'm currently working on the Medium IT Solution for MS, I authored the Deployment Document and set up the original Group Policies for the solution. Wondering if we have crossed paths before.

Regards.

I hope you find this post helpful.

Regards,

Mark
 
Markdmac and Zelandakh,

This is a case of my mighty dragon kung fu is mighter that you mighty dragon knug fu :D



 
Not at all. If zelandakh is the author of the document then that is a great thing to know. I've been on a few MS support calls that have had to reference this document. If my guess is correct zelendakh is either an MS employee or contractor and we might be working similar projects for Microsoft. This subject has a direct correlation to the project I am working on for Microsoft and we want to make sure that all docs are both consistent and accurate. Ego is not a part of this, if I ma wrong I need to know it so I can help my customers better and the users in these forums.

I hope you find this post helpful.

Regards,

Mark
 
Erm, quite embarrassed now...

I am not an employee of MS nor am I a contractor. I am an Exchange MVP who sits on Tek Tips, sees what gets asked a lot and writes documents to solve your problems.

With service packs changing the way things work this means I have a lot of work to do to keep everything up to date so not all of my docs are perfect for current thinking but I give out the URLs where it may help.

Still don't understand that asktheman meant despite reading it about 10 times.
 
I think what asktheman was saying was that we were getting in a one upmanship contest, but I don't think either of us feels that way.

Very cool that you are an Exchange MVP. Congratulations on that.

Back on topic, regarding the registry changes for the Global Catalogs, do you agree that those changes will not take place unless you do them manually OR if you were to install Exchange SP1 on the box? Or did MS perhaps move this into Windows 2003 SP1 as well?

We do a lot of Exchange installs and giving access via Outlook over HTTP is a big part of what our customers want so it is imortant to me to know the facts. Thanks.

I hope you find this post helpful.

Regards,

Mark
 
No, last seen it was only Exchange SP1 that adds the RPC over HTTP functionality. I wonder if it will be in Windows 2003 SP2? Might create as many probs as it cures.

I find ISA2004 makes things a lot better, but a lot of places are still using Cisco Pix firewalls (I used to until last month) so you have to do it this way.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top