RE: RPC-HTTP Setup Questions/Problems

  • From: "Simon Butler" <simon@xxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 28 Feb 2006 19:37:31 -0000

Turn off friendly http error messages in Internet Explorer so you can
see the real error. An error is expected. 

Do you get a certificate error when you connect to that server? 
Using a home grown certificate complicates matters considerably and I
have had very mixed success with them. Put a purchased certificate on
and everything works very well. 

Simon. 

-----Original Message-----
From: Mike [mailto:mjin23@xxxxxxxxx] 
Sent: 28 February 2006 19:22
To: [ExchangeList]
Subject: [exchangelist] RE: RPC-HTTP Setup Questions/Problems

http://www.MSExchange.org/

Simon,

The CA that's on the FE box is a home-grown cert.  

I get a page cannot be displayed message when I browse to that
directory.

My setup is FE/BE setup so no registry changes are needed.  

I don't have the SSL/CA setup on my BE server.  Does it need to be setup
before the FE SSL/CA can function properly?

And internally, it's still connection via TCP/IP and not HTTP/S.  

Thanks for your help.  

Mike



> There are two main areas that people have problems with RPC over
HTTPS.=20
> 
> 1. The certificate.=20
> 2. The registry settings.=20
> 
> Certificate.=20
> Is it a purchased certificate or a home-grown certificate? Ideally you
> should use a purchased certificate.=20
> If you browse to https://server.domain.com/rpc (where
server.domain.com
> is the name that you have put in to your Outlook configuration) - what
> happens? Do you get a certificate prompt? If not, you should get a
> username and password prompt. After three failures you will get an
> access denied error. That is normal.=20
> 
> Registry Settings.=20
> Unfortunately you haven't included the original message, and I cannot
> recall whether you are using a frontend backend or a single server. If
> you are using a frontend backend then you don't need to worry about
the
> registry settings.=20
> If you are on a single server then you have to configure the registry
by
> hand.=20
> 
> Do the testing internally, with a domain client to start with. Don't
try
> to complicate matters by going outside the firewall and using a
> non-domain member.=20
> Configure Outlook in the regular way and confirm it is working, then
> simply add the RPC over HTTPS settings - leaving everything else
alone.=20
> 
> Finally, make use of the rpcdiag switch, to ensure that you are
> connecting over HTTPS and not TCP/IP.=20
> Close Outlook totally and click start run and type:
> outlook.exe /rpcdiag=20
> 
> And press enter. You can also see the connection status by holding
down
> CTRL and right clicking on the Outlook icon next to the clock.
> Connection Status will be an option.=20
> 
> Simon.
> 
> 
> --
> Simon Butler
> MCP, MCSA, MVP:Exchange
> Amset IT Solutions Ltd.
> 
> e: simon@xxxxxxxxxxxx
> w: www.amset-it.com
> w: www.amset.info
> 
> -----Original Message-----
> From: Mike [mailto:mjin23@xxxxxxxxx]=20
> Sent: 28 February 2006 18:37
> To: [ExchangeList]
> Subject: [exchangelist] RE: RPC-HTTP Setup Questions/Problems
> 
> http://www.MSExchange.org/
> 
> Ok, I turned SSL on IIS on the FE server.  I'm still getting the
> "Connect
> to beserver.mail.com" login box and it won't authenticate my domain
> account.  What am I missing here?
> 
> ------------------------------------------------------
> List Archives: =
> http://www.webelists.com/cgi/lyris.pl?enter=3Dexchangelist
> Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp=20
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org Discussion List
as:
> exchange-list3@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=3Dexchangelist
> Report abuse to info@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
exchange-list3@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx


Other related posts: