Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up RPC over HTTP/S on Exchange 2003 single server 1

Status
Not open for further replies.

glamprecht1

IS-IT--Management
Mar 23, 2007
116
US
This is a new server with 2003 server Ent; Exchange 2003 Ent; all updates and patches.

This server is a fully functional server that is working well. I am attempting to set up RPC over HTTP/S. Following the advice from numerous posts on the subject at Petri, Microsoft and msexchnge.org.
With the exchange server configured per the articles and my outlook 2007 client configured with local and RPC profile.
When I attempt to use the RPC profile I get the windows authentication box that asks for username and password. No combination of any kind will work. Such as domain\username with password; Username with password and so on. It just keeps prompting me to enter in my username and password. This is only the case when using the RPC profile, the regular profile continues to work internally.
Any ideas?
 
We are running dual ASA's.

It’s interesting that you suggest changing from NTLM to basic. All the articles recommended using basic in the outlook profile so this is how it was set. I did try to reverse and use NTLM but get the same logon box. It’s still unable to authenticate me.
But the article that you supplied implies that NTLM is used regardless of the local settings when using RPC over http. Not sure how to change that. BTW, thanks for that link. Good stuff

After reading this I tried a couple of settings changes. In the Microsoft Exchange Proxy Settings for the RPC outlook config I un-ticked the box next to "Only Connect to proxy servers that have this principle name in their certificate". With that feature not being used I can now connect. I was using mail.mydomain.com with “mydomain” being my actual domain. This is the url that we would use to access mail externally and it is in the cert.??? Did I goof on the principle name? Or is the principle name supposed to be hostname.mydomain.com??

When viewing the connection status it shows that I am connecting via HTTPS.
 
Outlook /rpcdiag shows that it now connects over https. Does this mean that it is working? I am testing from inside the network.

There are two ways I can get past the repeated authentication box. I have discoverd this since posting.

1) Untick the box next to "Only Connect to proxy servers that have this principle name in their certificate" in the Outlook Config for the RPC connection.
2) Append "msstd:" in front of the principal name. Prior to posting this I was using "mail.mydomain.com". Further research seemed to point to needing the "msstd:" in front. such as "msstd:mail.mydomain.com" ???

 
msstd is a good plan. Do you have a proper certificate for your OWA on your proxy server?
 
Zelandakh

Yes, we generated a request from the server and had a cert created. This cert is installed on the server. OWA seems to work fine and we do force https.

Inspecting the cert says that it is good for another year and shows the cert is issued to mail.mydomain.com with mydomain being my actual domain.

Is there a way to tell if it is properly created/installed/working?
 
I meant a public cert rather than self certified.

Turn off the proxy and use msstd and you'll be fine.
 
I believe that it is a public cert. Its from Equifax. We just generated the request from the exchange server and emailed in the request. That would be a public cert right???

The cert portion is very important to me since my next project is to set up mobile device access.

I will test the config from home later tonight. Thanks for your help.
 
Thanks for the support on this thread. The RPC over HTTPS feature is now working. The trick seems to be appending msstd: in front of the principle name.

Thanks

Gary
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top