RE: RPC Over HTTPS....

  • From: "Steve Moffat" <steve@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sat, 4 Dec 2004 13:19:06 -0400

the certificate HAS to be the same fqdn as the url you are using to
access.
 
Steve

________________________________

From: Roberts, Ian [mailto:Ian@xxxxxxxxxxxxxx] 
Sent: Saturday, December 04, 2004 1:12 PM
To: [ExchangeList]
Subject: RE: [exchangelist] RE: RPC Over HTTPS....


Steve, I have imported my SSL cert into my ISA Server.
Right clicked my ISA server, selected incoming web requests.
Configured a listener on my external ip address and imported my
cert there.
 
My SSL cert isn't my servername.domain.com but rather www.domain.com
However I was led to believe it will work like this as long as the
client
is configured correctly.
 
I think the connection is being dropped as it is failing to
authenticate.
My ISA Server log shows an attempted connection as:-
 
82.32.9.239 anonymous MSRPC N 2004-12-04 16:59:03 W3ReverseProxy
HQ-SERVER - www.nis-weston.com 192.168.0.1 443 206047 376 170 http TCP
RPC_OUT_DATA
http://www.nis-weston.com:443/rpc/rpcproxy.dll?hq-server.nis-weston.com:
593 application/rpc Inet 1115 0x40000008 Small Business RPC over HTTP
Publishing Rule -
82.32.9.239 anonymous MSRPC N 2004-12-04 16:59:03 W3ReverseProxy
HQ-SERVER - www.nis-weston.com 192.168.0.1 443 391703 377 230 http TCP
RPC_OUT_DATA
http://www.nis-weston.com:443/rpc/rpcproxy.dll?hq-server.nis-weston.com:
6002 application/rpc Inet 1115 0x40000008 Small Business RPC over HTTP
Publishing Rule -
82.32.9.239 anonymous MSRPC N 2004-12-04 16:59:03 w3proxy HQ-SERVER -
www.nis-weston.com - - - 70 3255 http TCP RPC_IN_DATA
http://www.nis-weston.com/rpc/rpcproxy.dll?hq-server.nis-weston.com:6004
- - 0 - - -
 
I would have expected my username there rather than anonymous.
 
Any ideas and many thanks for helping me with this, I've been looking at
this
for weeks now.
 

________________________________

From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Sat 04/12/2004 16:02
To: [ExchangeList]
Subject: [exchangelist] RE: RPC Over HTTPS....


http://www.MSExchange.org/

have you imported the ssl cert into isa, is the cert the same fqdn as
tour mail server?
 
Steve

________________________________

From: Roberts, Ian [mailto:Ian@xxxxxxxxxxxxxx] 
Sent: Saturday, December 04, 2004 11:15 AM
To: [ExchangeList]
Subject: RE: [exchangelist] RE: RPC Over HTTPS....


Steve, Hi ! Thanks for your reply. 
When I change the RPC over HTTP web publishing rule, action tab to
redirect the the request to either the external ip address or the FQDN.
When I then try to connect using RPC over HTTPS I then get the error
message 14200 in my application log saying:-
 
ISA Server failed to establish an SSL Connection with (either external
ip address
or FQDN) the target principalname is incorrect.
 
Any ideas ?
 
 

________________________________

From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Sat 04/12/2004 12:57
To: [ExchangeList]
Subject: [exchangelist] RE: RPC Over HTTPS....


http://www.MSExchange.org/

You need to select the external IP when you set up the publishing rule.
 
Steve

________________________________

From: Roberts, Ian [mailto:Ian@xxxxxxxxxxxxxx] 
Sent: Saturday, December 04, 2004 8:42 AM
To: [ExchangeList]
Subject: RE: [exchangelist] RE: RPC Over HTTPS....


Steve, So how would I do that ? All my other web services such
as OWA and OMA and of course my websites are working.
It was mostly set up by the SBS Internet connection wizard.

________________________________

From: Exchange Mailing List [mailto:ExchangeMailingList@xxxxxxxxxx]
Sent: Fri 03/12/2004 15:57
To: [ExchangeList]
Subject: [exchangelist] RE: RPC Over HTTPS....



http://www.MSExchange.org/

You're IP addresses are both the same, you should be publishing from the
external ip to the internal IP. And stop doubleposting...:))

Steve

-----Original Message-----
From: Ian Roberts [mailto:ian@xxxxxxxxxxxxxx]
Sent: Friday, December 03, 2004 10:54 AM
To: [ExchangeList]
Subject: [exchangelist] RPC Over HTTPS....

http://www.MSExchange.org/

Hi ! Been struggling to get RPC over HTTPS working for some time now.
Wondered if anyone in the group had a similar problem and hopefully was
able to fix it.

I'm running SBS 2003 Premium Edition. I can get it to work from within
my lan, by checking connection properties I can see I'm connected using
https, so I'm fairly sure my client configuration is correct. The rpc
over http proxy is installed and I've double checked my registry entries
and permissions on the rpc virtual directory.

When I try to connect to my Exchange Server using rpc over https
externally it will prompt me for my password then just hang and
eventually say "The Exchange Server is not available" or similar.

If I then go to %systemroot%\system32\Logfiles\HTTPERR in the logfile I
get an entry in the log like:-

2004-12-02 17:47:33 192.168.0.1 38434 192.168.0.1 443 HTTP/1.0
RPC_OUT_DATA /rpc/rpcproxy.dll?myserver.mydomain.com:6002 - 1
Connection_Dropped

Anyone have any ideas how I can get this to work ?

Many thanks in advance

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ExchangeMailingList@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above.

Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum IT Solutions Ltd disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum IT
Solutions Ltd or its subsidiaries or affiliates.

administrator@xxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ian@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ian@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 
________________________________


This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above.

Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum IT Solutions Ltd disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum IT
Solutions Ltd or its subsidiaries or affiliates.

administrator@xxxxxxxxxx <mailto:administrator@xxxxxxxxxx> 

________________________________

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ian@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 
________________________________


This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than the recipient named above.

Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum IT Solutions Ltd disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum IT
Solutions Ltd or its subsidiaries or affiliates.

administrator@xxxxxxxxxx <mailto:administrator@xxxxxxxxxx> 

________________________________

Other related posts: