RPC Over HTTP Reloaded

Readers ask for a good resource on configuring this useful but confusing feature of Exchange 2003.

• By Bill Boswell
• August 03, 2004

I get a basketful of questions every week but, recently, many have been questions concern problems with configuring the new RPC over HTTP feature in Exchange Server 2003. In case you aren't familiar with what I'm talking about, Outlook 2003 users can establish a secure connection to their Exchange mailbox servers through an RPC over HTTP proxy server without the need for a separate VPN. Just launch Outlook from a mobile hotspot in an airport and start reading your e-mail. It's very cool technology—when it works. Getting it to work, though, can be a little frustrating.

Exchange Server 2003 Service Pack 1 simplifies the setup a little by eliminating the tedious entry of Registry entries. SP1 also eliminates the need to run the RPC over HTTP Proxy service on your Global Catalog servers. Even with these changes, setting up a production environment in support of RPC over HTTP can be quite an exercise. For example, the improvements in SP1 assume that you have a distributed architecture—that is, a front-end RPC over HTTP proxy server and one or more back-end mailbox servers. If you have never worked with a distributed Exchange architecture, you can get snarled up in conflicting information from Microsoft about the requirements for configuring a front-end server.

Get Help from Bill Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:[email protected]; the best questions get answered in this column. When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Also, RPC over HTTP as implemented by Exchange 2003 requires an SSL connection between Outlook clients and the front-end server. (For this reason, many consultants and some Microsoft product managers refer to the feature as RPC over HTTPS.) The name formats used in the SSL certificate at the proxy server can cause configuration errors if you aren't careful about entering the information into Outlook.

Finally, production deployments of RPC over HTTP commonly incorporate an application firewall such as Microsoft's ISA Server in the DMZ to ferry connections to and from the front-end proxy server, which resides in the private network. This introduces a whole new layer of complexity to what is already a fairly mind-numbing operation. But it doesn't do much good to try to jump into a complex firewalled deployment of RPC over HTTP until you're sure that you can get a simple connection to work.

I've put together a document that describes how to set up a lab configuration, which demonstrates how the various moving parts in RPC over HTTP fit together while taking advantage of the SP1 improvements. The major configuration topics are:

• Installing RPC over HTTP on the front-end server
• Front-end and back-end server selection in ESM
• Configuring SSL and authentication on the front-end proxy server
• Configuring Outlook 2003 and verifying proper connections

Download the 498KB document in Adobe .PDF format by clicking here. (Download problems? E-mail Editor Michael Domingo at [email protected] to get your copy via e-mail.) Feel free to e-mail me at [email protected] if you have problems getting the features to work. I'll include additional information in upcoming columns based on your feedback.