How to set up RPC over HTTP without certificate?
Hi,is it possible to get RPC over HTTP working when I have no certificate installed?I have enabled Outlook Anywhere on exchange 2007 and installed RPC over HTTP proxy feature on windows server 2008, but I can't get it working.Is there anything else I should configure on server side? If no then how do I configure outlook to connect?
September 6th, 2008 9:36pm

Hi, No this is not possible from what I found. What is the exact error you getting ? What kind of certificate have you installed on the CAS ? Regards, Johan visit my site: www.johanveldhuis.nl
Free Windows Admin Tool Kit Click here and download it now
September 6th, 2008 11:31pm

Well if there is no way to make it work without certificate how then I make it work with certificate?I'm really new to all certificate stuff so I'll try to tell what I have tried.I have installed Trial certificate through IIS manager on my exchange server and bound it to "Default Web Site".Then I installed root certificate on my client computer into "Trusted Root Certification Authorities".After that when I go to https://mail.domain.com/owa I don't get the certificate warning.I have enabled "Outlook Anywhere" and chosen "Basic Authentication" as my Client authentication method.Before that I have installed "RPC over HTTP" feature on my 2008 server".Then on my client computer I configure exchange account for Outlook 2007:Control panel->Mail->email accountsMicrosoft Exchange server: mail.domain.comUser Name: mail.userMore Settings->Connection: Enable "Connect to Microsoft Exchange using HTTP"Exchange Proxy Settings: Use this URL to connect to my proxy server for exchange: https://mail.domain.comAnd chose "Basic Authentication".Click ok few times till I get back to "Add New E-mail Account" window. After I click next I get "The action cannot be completed. The connection to Microsoft Exchange is unavailable. Outlook must be online or connected to complete this action."AD and GC are on separate server.What else should I do or what am I doing wrong?
September 7th, 2008 1:08pm

Clarify: outlook anywhere is not working Collect info: 1. Is it a testing environment? 2. Is the testing client located in the domain when you tested it? 3. Where did you get the certificate for outlook anywhere, Microsoft CA? 4. Did you create CNAME record for your exchange servers external hostname? If the external hostname is set differently with the FQDN of the exchange server The steps to enable outlook anywhere: 1. Enable outlook from EMC, I suppose youve already done that. Notes: Please let me know the external hostname you set in its enable wizard 2. Add certificate to Default Web Site in IIS. Please let me know the values of the Subject and Subject Alternative Name fields a. Right-click Default Web Site->Directory Security->View Certificate button b. Details tab->check those fields Notes: Subject shall be the same one as your external hostname 3. Check RPC Virtual Directory in IIS a. Launch IE b. Enter URL https://servername/rpc c. It shall prompt for credential, cancel it d. The content of webpage shall only contain the words Error: Access is Denied 4. Try to create mail profile for test user in the domain at first Notes: After autodicover mail profile has been created, go to the setting window of Outlook Anywhere, and check the On fast networks, connect using HTTP first 5. Check if outlook anywhere is working in the Connection Status
Free Windows Admin Tool Kit Click here and download it now
September 10th, 2008 12:48pm

Hi, complexxLT, I assume your question has been answered, and I'd like to change the status to "Marked as answer", please feel free to post here if you have any update
September 12th, 2008 1:10pm

Hi, sorry I was busy with something else lately I'll check the suggestions above and will respond this weekend.
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2008 4:46pm

Hello,so here I goinfo:1. No2. I tested both inside and outside domain3. I ordered trial certificate from http://www.verisign.com (I don't really understand what type of certificate I need)4. External host name is the same as FQDN of exchange server.Steps1. Enabled. External hostname "mail.domain.lt"2."Subject"CN = mail.domain.ltOU = Terms of use at www.verisign.com/cps/testca (c)05OU = Mailer mailerO = DomainL = VilniusS = VilniusC = LT"Subject Alternative Name"No such field.. 3. I get "You do not have permission to view this directory or page."4,5. Tested it with user in the domain. Here are connection status http://i252.photobucket.com/albums/hh30/complexxL9/connectionstatus.jpg Guess my certificate does not fit here, where can I buy suitable certificate to be able to use "Outlook anywhere"? What else might be wrong?
September 13th, 2008 11:13am

It seems that you have some issue to contact Directory from HTTPS based on the picture Troubleshooting: Lets try the RPC Ping on the client, to test outlook anywhere connectivity between client and server [KB 831051]. Please provide the output for the following commands a. Download Resource Kit Tools from the link in the KB b. Install it on the client c. Launch cmd d. Testing RPC Proxy Server [rpcping -t ncacn_http -s ExchServer -o RpcProxy=RPCProxyServer -P "user,domain,*" -I "user,domain,*" -H 1 -u 10 -a connect -F 3 -v 3 -E -R none] Notes: It will prompt for password for exchange server first, and the password for RPCProxyServer Notes: RPC Proxy Server will be your Client Access Server [CAS], does the CAS role and MBX role stay on one box? e. Testing backend port For store: RpcPing t ncacn_http s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 F 3 a connect u 10 v 3 e 6001 For DSProxy: RpcPing t ncacn_http s ExchangeMBXServer -o RpcProxy=RpcProxyServer -P "user,domain,password" -I "user,domain,password" -H 1 F 3 a connect u 10 v 3 e 6004 Notes: I suggest that you read the KB to familiar with these commands at first
Free Windows Admin Tool Kit Click here and download it now
September 15th, 2008 5:54am

hi, sorry for replying so late.Yes CAS and MBX role stay on one box.here is my test resultsTesting RPC Proxy ServerSending ping to serverResponse from server received: 200Pinging successfully completed in 437 msFor store:RPCping v2.12 Copyright (C) Microsoft Corporation, 2002OS Version is: 5.1 Service Pack 3Completed 1 calls in 547 ms1 T/S or 547.000 ms/TFor DSProxy:Exception 1722 (0x000006BA)I opened regedit to check, everythng looks normal to me...HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parametersname: Rpc/HTTP NSPI Porttype: REG_DWORDdata: 0x00001774 (6004)
December 2nd, 2008 11:42pm

bump
Free Windows Admin Tool Kit Click here and download it now
December 7th, 2008 3:21pm

bump 2
December 14th, 2008 6:10am

still need to fix this..
Free Windows Admin Tool Kit Click here and download it now
February 11th, 2009 9:40am

Hi,You can install internal CA Server on Windows Server 2003 and generate SSL Certificate for your public FQDN (which is comman name). Do not install Enterprise CA.Now this certificate is not trusted by windows clients,Now you have to trust this certificate to client where you will be configuring RPC Over HTTPs. For the same you can use Group Policy or need import manually.Once above steps are done you can enable outlook anywhere on exchange Server, select NTLM authentication. Put your public FQDN.On your firewall open port 443 which is HTTPs Port and you are ready to go!!!!!!!!!!!!!!!!I have tested the same on single Server setup where customer doesn't want to spend money on SSL Certificates...but one more thing Self Singed Certificates doesn't work with Active Sync if you want to use, in that case you have to use Internet CA. e.g VeriSign.Abhishek
March 10th, 2009 1:18pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics