Hi Rick, Exactly! You said it much better than I :) Thanks! Tom www.isaserver.org Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx] Sent: Tuesday, August 23, 2005 7:35 AM To: [ExchangeList] Subject: [exchangelist] RE: rpc over http http://www.MSExchange.org/ It's also very easy to manage via a GPO for your corporate systems (i.e., laptops). It does present challenges for non-corporate managed systems, but why would you want them hitting you via anything other than OWA anyhow? If they are non-managed (or unmanaged) then they should be classified as untrustworthy WRT virus, spyware, malware, and/or other security concerns. On 8/23/05 5:49 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote: http://www.MSExchange.org/ However, managing the PKI yourself is much more secure, and isn't that why you're using SSL in the first place? Tom www.isaserver.org Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Simon Butler [mailto:simon@xxxxxxxxxxxx] Sent: Tuesday, August 23, 2005 1:05 AM To: [ExchangeList] Subject: [exchangelist] RE: rpc over http http://www.MSExchange.org/ Setting up RPC over HTTPS makes no difference to the current users or the way that your network currently operates. Until you are ready to deploy the feature the users will not see any difference. One server can act as the RPC over HTTPS server for both internal and external clients. However if you don't want to change the client configuration each time they come in to the office, use a generic name for the certificate and name of the server (mail.domain.com or something like that) and then configure split DNS. Split DNS will allow you to resolve mail.domain.com to the internal IP address on your network, while mail.domain.com will resolve to the public IP address outside. That will make it totally transparent to the users. I have deployed it in the past where the first the users knew of it was when they got email when they started Outlook before connecting to the VPN. The only other suggestion I strongly recommend is to use a real purchased certificate instead of a home grown certificate. While you can do it with a self issued certificate, it causes more work and headaches, whereas a cheap purchased certificate (rapidssl starterssl is perfect) gets round a lot of the problems. Simon. -- Simon Butler MCP, MCSA, MVP:Exchange Senior Systems Administrator Amset IT Solutions Ltd. e: simon@xxxxxxxxxxxx w: www.amset-it.com w: www.amset.info ________________________________ From: Jeff Bushberg [mailto:jeff@xxxxxxxxx] Sent: 23 August 2005 06:35 To: [ExchangeList] Subject: [exchangelist] rpc over http http://www.MSExchange.org/ I am planning on implementing rpc over http I have dc server and exchange server, will all users be forced to use rpc over http? When I make registry changes on the exchange server for RPC proxy does that effect my current RPC authentication or does that effect only rpc over http requests? Can one exchange server act as a internal server for lan clients and simultaneously act as a external rpc over http server Thanks in advance, Jeff ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: exchange-list3@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: rickb@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx -- Rick Boza Protechnica - Technology Solutions Simplified email: rickb@xxxxxxxxxxxxxxx 407-656-9744 Visit us on the web at http://www.protechnica.net ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: tshinder@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx