RE: rpc over http

  • From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 24 Aug 2005 07:29:08 -0400

The only probably with RPC over HTTP thus far is if you are using some
kind of firewall/proxy server such as ISA Server which uses Basic
Authentication on the outside. Users will have to retype their password
while connecting to Exchange on the inside unless they change their
outlook settings when they are at the office, and change them back when
they are outside of the office.

 

Andrew

 

 

________________________________

From: Simon Butler [mailto:simon@xxxxxxxxxxxx] 
Sent: Tuesday, August 23, 2005 2:51 AM
To: [ExchangeList]
Subject: [exchangelist] RE: rpc over http

 

http://www.MSExchange.org/

It has no effect. The registry settings apply on to RPC over HTTPS,
nothing else. 

 

I have deployed the feature numerous times, I usually configure new
servers with the feature even if it isn't being used and it has no
effect. If it did have such an effect you would know about it - there
are 100s of articles written about RPC over HTTPS, along with countless
news and email list postings - non of which mention an issue with rpc
authentication. 

 

Simon.

 

________________________________

From: Jeff Bushberg [mailto:jeff@xxxxxxxxx] 
Sent: 23 August 2005 07:16
To: [ExchangeList]
Subject: [exchangelist] RE: rpc over http

http://www.MSExchange.org/

I guess my concern was when I adjusted port settings in the registry

it could cause RPC authentication failure on the local lan

________________________________

From: Simon Butler [mailto:simon@xxxxxxxxxxxx] 
Sent: Monday, August 22, 2005 11:05 PM
To: [ExchangeList]
Subject: [exchangelist] RE: rpc over http

http://www.MSExchange.org/

Setting up RPC over HTTPS makes no difference to the current users or
the way that your network currently operates. Until you are ready to
deploy the feature the users will not see any difference.  

 

One server can act as the RPC over HTTPS server for both internal and
external clients. However if you don't want to change the client
configuration each time they come in to the office, use a generic name
for the certificate and name of the server (mail.domain.com or something
like that) and then configure split DNS. 
Split DNS will allow you to resolve mail.domain.com to the internal IP
address on your network, while mail.domain.com will resolve to the
public IP address outside. 

That will make it totally transparent to the users. I have deployed it
in the past where the first the users knew of it was when they got email
when they started Outlook before connecting to the VPN. 

 

The only other suggestion I strongly recommend is to use a real
purchased certificate instead of a home grown certificate. While you can
do it with a self issued certificate, it causes more work and headaches,
whereas a cheap purchased certificate (rapidssl starterssl is perfect)
gets round a lot of the problems. 

 

Simon.

 

--
Simon Butler
MCP, MCSA, MVP:Exchange
Senior Systems Administrator
Amset IT Solutions Ltd.

e: simon@xxxxxxxxxxxx
w: www.amset-it.com
w: www.amset.info 

 

 

________________________________

From: Jeff Bushberg [mailto:jeff@xxxxxxxxx] 
Sent: 23 August 2005 06:35
To: [ExchangeList]
Subject: [exchangelist] rpc over http

http://www.MSExchange.org/

I am planning on implementing rpc over http
I have dc server and exchange server, will all users
be forced to use rpc over http? 

When I make registry changes on the exchange server for RPC proxy
does that effect my current RPC authentication or does that effect only
rpc over http requests?

Can one exchange server act as a internal server for lan clients
and simultaneously act as a external rpc over http server

 

Thanks in advance, Jeff

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
exchange-list3@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
jeff@xxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
exchange-list3@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 

Other related posts: