Praveen, Like Tom.S mentioned, the easiest way to rollout this configuration to clients would be to use ORK and create a configuration file, then tell the users to run the config file in their workstations. The Outlook will get configured automatically. The users will not have to go through the error messages. From client to FE, you need only port 80 and 443. Actually only 443 is sufficient. From FE in the DMZ to your BE and AD, you need a whole lot of other ports to be opened. I suggest you download and read the following article. It tells you the possible RPC over HTTP deployment scenarios and ports that needs to opened for these scenarios, http://support.microsoft.com/default.aspx?scid=kb;en-us;840255 HTH. Regards, Raj Periyasamy Systems Administrator MCSE(Messaging), CCNA ________________________________ From: Praveen Ramaswamy [mailto:ramaswamy_praveen@xxxxxxxxx] Sent: Tuesday, June 28, 2005 6:52 AM To: [ExchangeList] Subject: [exchangelist] RE: RPC over HTTP unable to configure the client--Please help http://www.MSExchange.org/ Raj thanks for the response. If I give BE as server name and FE as proxy server then following thing happens: Client connected on same network as BE will work, but when I check the traffic from client to server, it is still TCP instead of HTTPS. And on server I checked with exchange monitor and it shows the client is connecting from NATed public IP address. Hope I am clear.. Can you please let me know what ports need to be open between FE to BE and from client to FE, BE, ADS for me to configure this profile. My users sit in different building and connect to this server via internet. That is the reason I wanted to give them this solution. But if they have to be connected to BE directly for configuring the profile then it will be difficult. Please suggest me the best method to rollout this solution. Regards Praveen R "Periyasamy, Raj" <Raj.Periyasamy@xxxxxxxxxxxx> wrote: http://www.MSExchange.org/ Praveen, When you configure an Outlook profile, the Outlook always tries to connect to Exchange server using RPC to resolve the user name. Hence if you are trying to create a profile from outside of a DMZ, your profile creation will give errors since the RPC protocol is blocked. Yes, you need to have RPC protocol enabled between your FE and BE servers. When you create the Outlook profile, your Exchange server name should be the BE server name, not the FE server name. If you use the FE server name, Outlook will not recognize your user name and Exchange server name. If you are trying to create the profile from outside the DMZ, then you have click OK ..OK as the error messages pop up about un resolvable name. But make sure the exchange server name you put in is the BE server name not the FE. Once the profile creation ends, you can verify the profile settings again. Although the names are not resolved, the profile should be pointing to the BE server, and your RPC/HTTP settings should be pointing to the FE server, which I believe is also your RPC proxy. Then, you can open Outlook normally, if every thing is configured correctly in your FE server, then your Outlook NOW RESOLVE YOUR USERNAME. Your Outlook should work normally. Another suggestion, its not a good idea or good practice to place the FE server in the DMZ. By doing this, you are bringing the presence of your corporate domain to the DMZ. Its always best to leave the FE server in the corporate domain, and use an ISA server in the DMZ to publish OWA and RPCoHTTP. HTH. Regards, Raj Periyasamy Systems Administrator MCSE(Messaging), CCNA ________________________________ From: Praveen Ramaswamy [mailto:ramaswamy_praveen@xxxxxxxxx] Sent: Friday, June 24, 2005 5:23 AM To: [ExchangeList] Subject: [exchangelist] RPC over HTTP unable to configure the client--Please help http://www.MSExchange.org/ Hi, I am trying to setup RPC over HTTP. My FE server is in DMZ and BE server in internal network. I have followed the procedure in Microsoft RPC over HTTP deployment guide. I am facing problem while configuring mail profile. I am using Exchange 2003 With SP1 on Windows 2003 server. 1. From PC located in internal net work I tried to configure the profile. When I try to do "check name" it keeps asking for username and password and nothing happens 2. Tried to configure profile on PC in DMZ and it doesn't resolve my account name and it doesn't even prompt for user name and password OWA access through FE is working fine and MAPI access to BE is also fine. Additionally I have allowed ports 6001, 6002 & 6004 from FE to BE. In fact I can see traffic on these ports from FE to BE on firewall log (Firewall Rules is applied on internal IP of FE and BE). In understand that I should have RPC 135 open from the client PC to FE server for me to configure the profile. I am trying to give the FE's FQDN as server name which resolves to my FE public IP. I am following the document in exchange.org to configure the client. Should I allow RPC 135 to my FE external IP from my PC in internal network?? What is that I am missing ?? Please help. Regards Praveen R ________________________________ Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football <http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=33539/*http://football. fantasysports.yahoo.com?ovchn=YAH&ovcpn=Integration&ovcrn=Mail+footer&ov rfd=YAH&ovtac=AD> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: ramaswamy_praveen@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ________________________________ Do you Yahoo!? Make Yahoo! your home page <http://us.rd.yahoo.com/my/navbar/sethp/*http://www.yahoo.com/r/hs> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx