Hi All, Having a problem getting RPC over HTTP to work in a single server environment at the moment and yes I've read and followed the MS instructions (along with various other guides) to try and set this up but one area they all seem to be vague about is the Certificates. Running Exchange 2003 SP2 on Server 2003Standard with a seperate2003 standard server acting as a DC. Heres what I have done so far: Added the RPC Proxy component to the mail server from add/remove windows components edited the RPC IIS Virtual directory to disable anonymous access and enable basic authentication tried to add a certificate on this virtual directory but it already had one installed (which it said was issued from our DC even though its only the mail server thats running the CA, is this normal?) Gone into Exchange System Manager and then properties of the server and then clicked the RPC-HTTP tab and ticked the RPC-HTTP Back End Server box. Edited the registry keys that describe what ports will be used (6001-6002 + 6004) Set up the external PCs with outlook profiles with the RPC settings in (using the external FQDN as the URL). I also tried accessing OWA from these machines (which works fine) and installing the certificate from there on the workstations but this made no difference. Anything I've missed?? I think I'm doing something wrong with the certificates but I dont know what... Thanks Chris

Just a thought but have you tried restarting the server? sometimes this makes a difference when enabling rpc/https on exchange 2003

I havent actually, I couldnt restart it when I was trying to set up RPC over HTTP yesterday cos there was too many users using the server but i'll give that a go when I can. So is there not anything you have to do with the internal CA to issue a certificate to the mail server with the external DNS name in it? I thought you had to do that but in IIS the button to create a new certificate for the RPC is greyed out

Just to let you know, I have resolved this now. The problem was that the certificate that had been issued previously for webmail did not have the correct name on it. I removed the certificate from the Default Website and then created a new one with the external DNS name of the network and then exported the root CA from the internal CA we were using and installed that certificate on the external clients. Shame there arent any easy to find guides on this process as I'm sure a lot of people will be in the same situation and wont want to buy a 3rd party certificate. All the instructions on setting up RPC over HTTP seem to miss this bit out or just say "make the clients trust the CA" but without telling you how on earth to do this. Ah well, all sorted now Cheers Chris