RE: Global Catalog Server

  • From: Rick Boza <rickb@xxxxxxxxxxxxxxx>
  • To: Exchange List <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 02 Mar 2005 15:48:58 -0500

Check 
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/p
roddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/stan
dard/proddocs/en-us/sag_pkpuncertroot.asp for some info on the GPO to which
I'm referring.


On 3/2/05 2:59 PM, "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> http://www.MSExchange.org/
> 
> Hi Rick, 
> 
> Yes I have created my own Cert which like under OWA with SSL you are
> prompted for the OKAY. But like you said RPC over HTTP doesn't support
> that. Were can I find some info on doing this "install your CA as a
> trusted source via GPO" so that the few clients I have don't have to go
> through the hassle (hopefully) of brining their machines to me so I can
> install the Cert for them??
> 
> Thanks
> Andrew
> 
> 
> -----Original Message-----
> From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx]
> Sent: Wednesday, March 02, 2005 2:47 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Global Catalog Server
> 
> http://www.MSExchange.org/
> 
> Wait, are you saying you're trying to get Outlook 2003 to hit your
> server
> over an SSL connection, yet you're using an untrusted root CA?  Well,
> that
> certainly could be your problem (although I recall you've mucked around
> with
> virtual servers and web sites from past messages you've sent out, but
> let's
> put that aside for the moment).
> 
> There's not a way for Outlook to prompt you as to the unverified
> certificate
> (IIRC) - instead the connection simply fails.  Having said that, you can
> install your CA as a trusted source via GPO, which is what I do for
> clients
> all the time if they want to use a cert of their own rather than one
> from
> verisign, Entrust, or whomever.
> 
> If the cert isn't installed, RPC/HTTPS is broken, without a doubt.
> 
> 
> On 3/2/05 2:36 PM, "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
> wrote:
> 
>> http://www.MSExchange.org/
>> 
>> What can cause Outlook 2003 to report that your Exchange server is
>> unavailable when you try to connect to it via an external source?
>> 
>> I have:
>> 
>> 
> exchange:6001-6002;exchange.myserver.ca:6001-6002;exchange:6004;exchange
>> .myserver.ca:6004
>> 
>> in my exchanges registry under ....rpc\rpcproxy
>> 
>> and
>> 
>> the other GC setting on my DC/GC box which is a multi string value
> with
>> NSPI interface protocol sequences, value of ncacn_http:6004 under
>> .....NTDS\Parameters in the registry.
>> 
>> The only thing I have not done is install the enterprise ca cert on
> the
>> client machine because I was hoping that I wouldn't have to do that
>> since I want to ideally have others access the site who are not going
> be
>> accessing RPC over HTTP from the inside ever.
>> 
>> Andrew
>> 
>> 
>> -----Original Message-----
>> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
>> Sent: Wednesday, March 02, 2005 1:57 PM
>> To: [ExchangeList]
>> Subject: [exchangelist] RE: Global Catalog Server
>> 
>> http://www.MSExchange.org/
>> 
>> Since no where that I know of is it required for rpc proxy that
> Exchange
>> has
>> to be on a DC, you can deduce the answer is yes.
>> 
>> John Tolmachoff
>> Engineer/Consultant/Owner
>> eServices For You
>> 
>> 
>>> -----Original Message-----
>>> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
>>> Sent: Wednesday, March 02, 2005 9:35 AM
>>> To: [ExchangeList]
>>> Subject: [exchangelist] RE: Global Catalog Server
>>> 
>>> http://www.MSExchange.org/
>>> 
>>> So using another box such as my DC as the GC for rpc proxy is okay?
>>> 
>>> Andrew
>>> 
>>> 
>>> -----Original Message-----
>>> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
>>> Sent: Wednesday, March 02, 2005 12:18 PM
>>> To: [ExchangeList]
>>> Subject: [exchangelist] RE: Global Catalog Server
>>> 
>>> http://www.MSExchange.org/
>>> 
>>> Then chances are you do not understand what you are doing.
>>> 
>>> That means the Exchange servers was a DC prior to installing Exchange
>>> but
>>> was not a GC. You did not follow installation instructions.
>>> 
>>> If you install Exchange on a DC, it must be a GC before installing
>>> otherwise
>>> you will have problems.
>>> 
>>> John Tolmachoff
>>> Engineer/Consultant/Owner
>>> eServices For You
>>> 
>>>> -----Original Message-----
>>>> From: Bruce J. Rose [mailto:brose@xxxxxxxxxxx]
>>>> Sent: Wednesday, March 02, 2005 5:52 AM
>>>> To: [ExchangeList]
>>>> Subject: [exchangelist] RE: Global Catalog Server
>>>> 
>>>> http://www.MSExchange.org/
>>>> 
>>>> I added GC to my rebuilt exchange box fixed problems and has not
>> seem
>>> to
>>>> cause any...Yet>
>>>> 
>>>> Bruce
>>>> 
>>>> -----Original Message-----
>>>> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
>>>> Sent: Tuesday, March 01, 2005 9:27 PM
>>>> To: [ExchangeList]
>>>> Subject: [exchangelist] RE: Global Catalog Server
>>>> 
>>>> http://www.MSExchange.org/
>>>> 
>>>> Andrew, if you have a stand alone Exchange server not belonging to a
>>>> domain...
>>>> 
>>>> GC server can only be a DC!
>>>> 
>>>> If making their Exchange server a GC fixed problems, their problems
>>> are
>>>> rooted deeper than they think.
>>>> 
>>>> If the Exchange server is going to be a DC, it must be fully
>>> configured
>>>> properly as a DC including GC BEFORE installing Exchange.
>>>> 
>>>> John Tolmachoff
>>>> Engineer/Consultant/Owner
>>>> eServices For You
>>>> 
>>>> 
>>>>> -----Original Message-----
>>>>> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
>>>>> Sent: Tuesday, March 01, 2005 4:32 PM
>>>>> To: [ExchangeList]
>>>>> Subject: [exchangelist] Global Catalog Server
>>>>> 
>>>>> http://www.MSExchange.org/
>>>>> 
>>>>> I am wondering how I would go about install the GC on my
>> standalone
>>>>> Exchange box? I've been having a lot of problems with RPC over
>> HTTP
>>>> and
>>>>> notice a lot people who install GC on their exchange servers
>> (2003)
>>>>> noticed the problems got fixed.
>>>>> 
>>>>> Andrew
>>>>> 
>>>>> 
>>>>> ------------------------------------------------------
>>>>> List Archives:
>>>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>>>> Exchange Newsletters:
>> http://www.msexchange.org/pages/newsletter.asp
>>>>> Exchange FAQ:
>> http://www.msexchange.org/pages/larticle.asp?type=FAQ
>>>>> ------------------------------------------------------
>>>>> Other Internet Software Marketing Sites:
>>>>> World of Windows Networking: http://www.windowsnetworking.com
>>>>> Leading Network Software Directory: http://www.serverfiles.com
>>>>> No.1 ISA Server Resource Site: http://www.isaserver.org
>>>>> Windows Security Resource Site: http://www.windowsecurity.com/
>>>>> Network Security Library: http://www.secinf.net/
>>>>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>>>>> ------------------------------------------------------
>>>>> You are currently subscribed to this MSEXchange.org Discussion
>> List
>>>> as:
>>>>> johnlist@xxxxxxxxxxxxxxxxxxx
>>>>> To unsubscribe visit
>>>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>>>> Report abuse to listadmin@xxxxxxxxxxxxxx
>>>> 
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives:
>>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>>>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>>>> ------------------------------------------------------
>>>> Other Internet Software Marketing Sites:
>>>> World of Windows Networking: http://www.windowsnetworking.com
>>>> Leading Network Software Directory: http://www.serverfiles.com
>>>> No.1 ISA Server Resource Site: http://www.isaserver.org
>>>> Windows Security Resource Site: http://www.windowsecurity.com/
>>>> Network Security Library: http://www.secinf.net/
>>>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>>>> ------------------------------------------------------
>>>> You are currently subscribed to this MSEXchange.org Discussion List
>>> as:
>>>> brose@xxxxxxxxxxx
>>>> To unsubscribe visit
>>>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>>> Report abuse to listadmin@xxxxxxxxxxxxxx
>>>> 
>>>> 
>>>> 
>>>> ------------------------------------------------------
>>>> List Archives:
>>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>>>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>>>> ------------------------------------------------------
>>>> Other Internet Software Marketing Sites:
>>>> World of Windows Networking: http://www.windowsnetworking.com
>>>> Leading Network Software Directory: http://www.serverfiles.com
>>>> No.1 ISA Server Resource Site: http://www.isaserver.org
>>>> Windows Security Resource Site: http://www.windowsecurity.com/
>>>> Network Security Library: http://www.secinf.net/
>>>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>>>> ------------------------------------------------------
>>>> You are currently subscribed to this MSEXchange.org Discussion List
>>> as:
>>>> johnlist@xxxxxxxxxxxxxxxxxxx
>>>> To unsubscribe visit
>>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>>> Report abuse to listadmin@xxxxxxxxxxxxxx
>>> 
>>> 
>>> ------------------------------------------------------
>>> List Archives:
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>>> ------------------------------------------------------
>>> Other Internet Software Marketing Sites:
>>> World of Windows Networking: http://www.windowsnetworking.com
>>> Leading Network Software Directory: http://www.serverfiles.com
>>> No.1 ISA Server Resource Site: http://www.isaserver.org
>>> Windows Security Resource Site: http://www.windowsecurity.com/
>>> Network Security Library: http://www.secinf.net/
>>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>>> ------------------------------------------------------
>>> You are currently subscribed to this MSEXchange.org Discussion List
>> as:
>>> andrew@xxxxxxxxxxxxxxxxxxxxxx
>>> To unsubscribe visit
>>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>> Report abuse to listadmin@xxxxxxxxxxxxxx
>>> 
>>> ------------------------------------------------------
>>> List Archives:
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>>> ------------------------------------------------------
>>> Other Internet Software Marketing Sites:
>>> World of Windows Networking: http://www.windowsnetworking.com
>>> Leading Network Software Directory: http://www.serverfiles.com
>>> No.1 ISA Server Resource Site: http://www.isaserver.org
>>> Windows Security Resource Site: http://www.windowsecurity.com/
>>> Network Security Library: http://www.secinf.net/
>>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>>> ------------------------------------------------------
>>> You are currently subscribed to this MSEXchange.org Discussion List
>> as:
>>> johnlist@xxxxxxxxxxxxxxxxxxx
>>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> andrew@xxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe visit
>> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
>> 
>> ------------------------------------------------------
>> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
>> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
>> ------------------------------------------------------
>> Other Internet Software Marketing Sites:
>> World of Windows Networking: http://www.windowsnetworking.com
>> Leading Network Software Directory: http://www.serverfiles.com
>> No.1 ISA Server Resource Site: http://www.isaserver.org
>> Windows Security Resource Site: http://www.windowsecurity.com/
>> Network Security Library: http://www.secinf.net/
>> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
>> ------------------------------------------------------
>> You are currently subscribed to this MSEXchange.org Discussion List
> as:
>> rickb@xxxxxxxxxxxxxxx
>> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
>> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> rickb@xxxxxxxxxxxxxxx
> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx



Other related posts: