RE: RPC over HTTPS and Outlook 2003

  • From: "Periyasamy, Raj" <Raj.Periyasamy@xxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 16 Sep 2004 10:10:59 -0400

Have you applied SP1 for Exchange 2003?
When you say you published RPC over HTTPS, did you create a separate new
publishing rule, or added the /rpc/* path to the OWA publishing rule
that was created by the OWA wizard ? 



-----Original Message-----
From: Mustafa Cicek [mailto:mbcicek@xxxxxxxxx] 
Sent: Thursday, September 16, 2004 11:04 AM
To: [ExchangeList]
Subject: [exchangelist] RE: RPC over HTTPS and Outlook 2003

Hi all!

First off all I have checked all certificate configuration, etc.. THere
NO problem with certificates!

You know, I have the following network for my test lab:

INTERNAL NETWORK with Exchange front-end + Exchange back-end and Global
Catalog server.

My steps were:
1) I installed exchange front-end as RPC-proxy
2) All mailboxes and public folders are on exchange back-end
3) I installed an own Certificate Authority on Global Catalog server
Domain Controller). It is Enterpreise Root Certificate Authority.
4) I created a certificate for the web site on front-end becauese of OWA
and RPC over HTTPS. The common name on certificate is
5) I copied the same certificate to ISA server and exported also private
6) On ISA server I created publishing for OWA and RPC over HTTPS.
7) I installed CA certificate and and certificate
on the client computers which will access Exchange services.
8) The clients are located in Internet, not in LAN!
9) I have also internal clients in lab.
10) I configured front-end (not back-end) for RPC over HTTPS and also
11) NETSCREEN FIREWALL 2 has NAT for Exchange front-end. Exchange
front-end has the NAT IP address:
12) I configured the HOSTS file on the ISA server that makes mapping on
the NAT IP address of front-end:
13) The external DNS has the name record that
points the external IP address of ISA server:

I have tested until now only two client access: Outlook Web Access (OWA)
and RPC over HTTPS.
1) I tried on external and internal clients OWA to connect Exchange:
are SUCCESSFULL. No certificate Warning, nor error!
2) I tried on internal clients RPC over HTTPS to connect Exchange: It is
3) I tried on external clients RPC over HTTPS to connect Exchange: It is
NOT successfull.

My configuration for RPC over HTTPS on client:
1) On client computer I typed as Exchange Server

2) On client computer, in proxy field I have typed also Also under msstd I have written

If I try on external client computer RPC over HTTPS to connect Exchange,
cannot connect to Exchange server. I have listed below the ISA server
protocol for this connection:

https..Initiated Connection.. (Here is standard rule applied!!! Why? I
have Publishing for RPC over HTTPS)
https..Denied ((Here is standard rule applied!!! Why? I have Publishing
for RPC over HTTPS)
or 6001-6004 depending on attempt]
https..Deneid (Here is standard rule applied!!! Why? I have Publishing
or 6001-6004 depending on attempt]

It is perhaps interesting to know:
EXCHBE: Exchange back-end.
W3KDC: Global Catalog/Domain Controller.
On Exchange front-end I looked at the ValidPorts in registry:;EXCHBE:6004;

Then I added the following ports to ValidPorts, but I don't know if I
them really?!:

If I stop and start the the Exchange services on front-end, the modified
ports (ValidPorts) are overwritten with the default ValidPorts above.

Now , here are the questions for experts:
1) Why doesn't apply ISA the Publishing rule? Why does standard rule
the connection?
2) Is the name of server where is typed on the field of Exchange Server
(on client computer) correct? Must this name be back-end or frond-end
3) Why are modified ValidPorts overwritten? Do I need ports 593 under
4) Is my entry in the HOSTS file on ISA correct?

I hope the problem is clearer now.
I HOPE also soulution tipps!!!!

Best Regards

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: