RE: rpc over http
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 23 Aug 2005 07:36:29 -0500
Hi Rick,
Exactly! You said it much better than I :)
Thanks!
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Rick Boza [mailto:rickb@xxxxxxxxxxxxxxx]
Sent: Tuesday, August 23, 2005 7:35 AM
To: [ExchangeList]
Subject: [exchangelist] RE: rpc over http
http://www.MSExchange.org/
It's also very easy to manage via a GPO for your corporate
systems (i.e., laptops).
It does present challenges for non-corporate managed systems,
but why would you want them hitting you via anything other than OWA
anyhow? If they are non-managed (or unmanaged) then they should be
classified as untrustworthy WRT virus, spyware, malware, and/or other
security concerns.
On 8/23/05 5:49 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
wrote:
http://www.MSExchange.org/
However, managing the PKI yourself is much more secure,
and isn't that why you're using SSL in the first place?
Tom
www.isaserver.org
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
<http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Simon Butler [mailto:simon@xxxxxxxxxxxx]
Sent: Tuesday, August 23, 2005 1:05 AM
To: [ExchangeList]
Subject: [exchangelist] RE: rpc over http
http://www.MSExchange.org/
Setting up RPC over HTTPS makes no difference to
the current users or the way that your network currently operates.
Until you are ready to deploy the feature the users will not see any
difference.
One server can act as the RPC over HTTPS server
for both internal and external clients. However if you don't want to
change the client configuration each time they come in to the office,
use a generic name for the certificate and name of the server
(mail.domain.com or something like that) and then configure split DNS.
Split DNS will allow you to resolve
mail.domain.com to the internal IP address on your network, while
mail.domain.com will resolve to the public IP address outside.
That will make it totally transparent to the
users. I have deployed it in the past where the first the users knew of
it was when they got email when they started Outlook before connecting
to the VPN.
The only other suggestion I strongly recommend
is to use a real purchased certificate instead of a home grown
certificate. While you can do it with a self issued certificate, it
causes more work and headaches, whereas a cheap purchased certificate
(rapidssl starterssl is perfect) gets round a lot of the problems.
Simon.
--
Simon Butler
MCP, MCSA, MVP:Exchange
Senior Systems Administrator
Amset IT Solutions Ltd.
e: simon@xxxxxxxxxxxx
w: www.amset-it.com
w: www.amset.info
________________________________
From: Jeff Bushberg [mailto:jeff@xxxxxxxxx]
Sent: 23 August 2005 06:35
To: [ExchangeList]
Subject: [exchangelist] rpc over http
http://www.MSExchange.org/
I am planning on implementing rpc over http
I have dc server and exchange server, will all
users
be forced to use rpc over http?
When I make registry changes on the exchange
server for RPC proxy
does that effect my current RPC authentication
or does that effect only
rpc over http requests?
Can one exchange server act as a internal
server for lan clients
and simultaneously act as a external rpc over
http server
Thanks in advance, Jeff
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our
other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org
Discussion List as: exchange-list3@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our
other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org
Discussion List as: tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other
sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org
Discussion List as: rickb@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
--
Rick Boza
Protechnica - Technology Solutions Simplified
email: rickb@xxxxxxxxxxxxxxx
407-656-9744
Visit us on the web at http://www.protechnica.net
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion
List as: tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
