RE: RPC over HTTP unable to configure the client--Please help

  • From: Praveen Ramaswamy <ramaswamy_praveen@xxxxxxxxx>
  • To: "\[ExchangeList\]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 28 Jun 2005 03:52:00 -0700 (PDT)

Raj thanks for the response.

 

If I give BE as server name and FE as proxy server then following thing happens:

 

Client connected on same network as BE will work, but when I check the traffic 
from client to server, it is still TCP instead of HTTPS. And on server I 
checked with exchange monitor and it shows the client is connecting from NATed 
public IP address.

Hope I am clear..

 

Can you please let me know what ports need to be open between FE to BE and from 
client to FE, BE, ADS for me to configure this profile. 

 

My users sit in different building and connect to this server via internet. 
That is the reason I wanted to give them this solution. But if they have to be 
connected to BE directly for configuring the profile then it will be difficult. 
Please suggest me the best method to rollout this solution.

 

Regards

Praveen R


"Periyasamy, Raj" <Raj.Periyasamy@xxxxxxxxxxxx> wrote:http://www.MSExchange.org/
Praveen,
 
When you configure an Outlook profile, the Outlook always tries to connect to 
Exchange server using RPC to resolve the user name. Hence if you are trying to 
create a profile from outside of a DMZ, your profile creation will give errors 
since the RPC protocol is blocked. Yes, you need to have RPC protocol enabled 
between your FE and BE servers. When you create the Outlook profile, your 
Exchange server name should be the BE server name, not the FE server name. If 
you use the FE server name, Outlook will not recognize your user name and 
Exchange server name. If you are trying to create the profile from outside the 
DMZ, then you have click OK ..OK as the error messages pop up about un 
resolvable name. But make sure the exchange server name you put in is the BE 
server name not the FE. Once the profile creation ends, you can verify the 
profile settings again. Although the names are not resolved, the profile should 
be pointing to the BE server, and your RPC/HTTP settings should be pointing
 to the FE server, which I believe is also your RPC proxy. Then, you can open 
Outlook normally, if every thing is configured correctly in your FE server, 
then your Outlook NOW RESOLVE YOUR USERNAME. Your Outlook should work normally. 
Another suggestion, its not a good idea or good practice to place the FE server 
in the DMZ. By doing this, you are bringing the presence of your corporate 
domain to the DMZ. Its always best to leave the FE server in the corporate 
domain, and use an ISA server in the DMZ to publish OWA and RPCoHTTP.
 
HTH. 
Regards, 
Raj Periyasamy 
Systems Administrator 
MCSE(Messaging), CCNA 


---------------------------------
From: Praveen Ramaswamy [mailto:ramaswamy_praveen@xxxxxxxxx] 
Sent: Friday, June 24, 2005 5:23 AM
To: [ExchangeList]
Subject: [exchangelist] RPC over HTTP unable to configure the client--Please 
help



http://www.MSExchange.org/ 
Hi,

 

I am trying to setup RPC over HTTP. My FE server is in DMZ and BE server in 
internal network. I have followed the procedure in Microsoft RPC over HTTP 
deployment guide. I am facing problem while configuring mail profile. 

 

I am using Exchange 2003 With SP1 on Windows 2003 server. 

 

   From PC located in internal net work I tried to configure the profile. When 
I try to do ?check name? it keeps asking for username and password and nothing 
happens 
   Tried to configure profile on PC in DMZ and it doesn?t resolve my account 
name and it doesn?t even prompt for user name and password

 

OWA access through FE is working fine and MAPI access to BE is also fine. 
Additionally I have allowed ports 6001, 6002 & 6004 from FE to BE. In fact I 
can see traffic on these ports from FE to BE on firewall log (Firewall Rules is 
applied on internal IP of FE and BE). 

 

In understand that I should have RPC 135 open from the client PC to FE server 
for me to configure the profile. I am trying to give the FE?s FQDN as server 
name which resolves to my FE public IP. I am following the document in 
exchange.org to configure the client. 

 

Should I allow RPC 135 to my FE external IP from my PC in internal network??

What is that I am missing ??

 

Please help.

 

Regards

Praveen R



---------------------------------
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football 
------------------------------------------------------ List Archives: 
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: 
http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: 
http://www.msexchange.org/pages/larticle.asp?type=FAQ 
------------------------------------------------------ Other Internet Software 
Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com 
Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server 
Resource Site: http://www.isaserver.org Windows Security Resource Site: 
http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ 
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com 
------------------------------------------------------ You are currently 
subscribed to this MSEXchange.org Discussion List as: 
raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
 Report abuse to listadmin@xxxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as: 
ramaswamy_praveen@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 

                
---------------------------------
Do you Yahoo!?
 Make Yahoo! your home page   

Other related posts: