RPC Over HTTP Reloaded
Readers ask for a good resource on configuring this useful but confusing feature of Exchange 2003.
- By Bill Boswell
- August 03, 2004
I get a basketful of questions every week but, recently, many have been
questions concern problems with configuring the new RPC over HTTP feature
in Exchange Server 2003. In case you aren't familiar with what I'm talking
about, Outlook 2003 users can establish a secure connection to their Exchange
mailbox servers through an RPC over HTTP proxy server without the need
for a separate VPN. Just launch Outlook from a mobile hotspot in an airport
and start reading your e-mail. It's very cool technology—when it
works. Getting it to work, though, can be a little frustrating.
Exchange Server 2003 Service Pack 1 simplifies the setup a little by
eliminating the tedious entry of Registry entries. SP1 also eliminates
the need to run the RPC over HTTP Proxy service on your Global Catalog
servers. Even with these changes, setting up a production environment
in support of RPC over HTTP can be quite an exercise. For example, the
improvements in SP1 assume that you have a distributed architecture—that
is, a front-end RPC over HTTP proxy server and one or more back-end mailbox
servers. If you have never worked with a distributed Exchange architecture,
you can get snarled up in conflicting information from Microsoft about
the requirements for configuring a front-end server.
Help from Bill
Got a Windows or Exchange question or need troubleshooting
help? Or maybe you want a better explanation than provided
in the manuals? Describe your dilemma in an e-mail
to Bill at mailto:email@example.com;
the best questions get answered in this column.
When you send your questions, please include your
full first and last name, location, certifications (if
any) with your message. (If you prefer to remain anonymous,
specify this in your message but submit the requested
information for verification purposes.)
Also, RPC over HTTP as implemented by Exchange 2003 requires an SSL connection
between Outlook clients and the front-end server. (For this reason, many
consultants and some Microsoft product managers refer to the feature as
RPC over HTTPS.) The name formats used in the SSL certificate at the proxy
server can cause configuration errors if you aren't careful about entering
the information into Outlook.
Finally, production deployments of RPC over HTTP commonly incorporate
an application firewall such as Microsoft's ISA Server in the DMZ to ferry
connections to and from the front-end proxy server, which resides in the
private network. This introduces a whole new layer of complexity to what
is already a fairly mind-numbing operation. But it doesn't do much good
to try to jump into a complex firewalled deployment of RPC over HTTP until
you're sure that you can get a simple connection to work.
I've put together a document that describes how to set up a lab configuration,
which demonstrates how the various moving parts in RPC over HTTP fit together
while taking advantage of the SP1 improvements. The major configuration
- Installing RPC over HTTP on the front-end server
- Front-end and back-end server selection in ESM
- Configuring SSL and authentication on the front-end proxy server
- Configuring Outlook 2003 and verifying proper connections
Download the 498KB document in Adobe .PDF format by clicking
here. (Download problems? E-mail Editor Michael Domingo at
firstname.lastname@example.org to get your
copy via e-mail.) Feel free to e-mail me at email@example.com
if you have problems getting the features to work. I'll include additional
information in upcoming columns based on your feedback.
Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.