RPC over HTTPS Help... 1

[pQi]

Hello Everyone,

I hope someone can give me some insight on this problem. Setting up RPC over HTTPS does not work on our network. For some reason it worked for a little while before my arrival to this company, and now all of a sudden it stopped working.

Everything on the server appears to be setup correctly with registry modifications, rpc virtual directory on IIS and SSL/128, etc...

When trying to connect from the LAN for starters, I am unable to connect using name/pass. I won't get into WAN yet. I just want to test it internally...

Does anyone have any simple quick ideas that I can look into to get this thing to work? I have check a number of sites and downloaded deployment guides, but still I am having a problem with this...

Looking forward to your response

Thank you

 

[markdmac]

Make sure that all global catalogs are Windows 2003 and that they all have RPC over HTTP installed.

Setup an Outlook profile to use Outlook over HTTP and launch outlook in the RPC Diagnositc mode to see what it reports.

OUTLOOK.EXE /RPCDIAG

Make sure that your certificate is installed, current and not expired.

Do you have a firewall that could be blocking it?

I hope you find this post helpful.

Regards,

Mark

 

[pQi]

Hello Mark,

I have checked to make sure its enabled and that my certificate is not expired. Everything appears fine. Would you know if using a Dynamic IP does this effect anything?

In order for us to access our exchange server we use:

abc(Our domain).domain.net(ISP Server)/exchange(our server) instead of using a registered domain on our network. Does this pose any difference?

Looking forward to your response

Thank you
George

 

[markdmac]

The certificate needs to match the FQDN of the server.

Having a Dynamic IP will mess you up. You are best to have static IP with an MX record in public DNS. Then use the host name used for the MX record as the name used in the certificate.

I hope you find this post helpful.

Regards,

Mark

 

[pQi]

thank you for following up Mark.

we are not using a static IP, only dynamic IP. Is there no way around this?

Looking forward to your response

George

 

[markdmac]

Yes, you can go to DYNDNS.ORG and register a FQDN with them. You will need to load software on your server unless your firewall supports DDNS. You can then recreate your cert and have it match the DDNS Host name you created. I'd also have your public MX record point to this record.

The service is free if you are willing to use their domain names. For example: servername.dyndns.org, or you can use their pay service to have an entry such as servername.yourdomainname.com

I hope you find this post helpful.

Regards,

Mark

 

[pQi]

This information may just be perfect for what I need to do! I will give it a run this week and let you know how it went...

I appreciate your help on this Mark


George

 

[pQi]

Hello Mark,

Here is my configuration:

abc(servername).lcgtechabc(domainname).redirectme.net(isp provider),this is how I have the certificate setup on CA.

For some reason I still cannot connect to the server using RPC over HTTPS. Do you have any helpful tips for me to follow through to resolve this. I just don't know what I else to look at to get this thing to work. I have researched this on the web and followed the steps on setting up RPC over HTTPS but I am just not having any luck.

I hope you can help me.

George

 

[markdmac]

So does your MX record point to
abc.lcgtechabc.redirectme.net?

Is that the real domain name? I just looked it up and there is no MX record.

Here is what I would do for starters.

1. Use Dyndns.org to create an host entry to your servers dynamic IP.
2. Modify public DNS MX record to point to the above created host name. Set a low TTL value (60 would be good).
3. On your server create a new certificate and give it the name created in step 1.
4. Install the certificate on a test PC.
5. Configure the client to use Outlook over http.
A. In the server name filed, type the INTERNAL DNS name of the server, such as abc.lcgtechabc.local.
B. Click More Settings. Click Connection tab.
C. Click the box to connect over HTTP and click the button to configure the HTTP Proxy.
D. In the top box type the FQDN created in step 1.
E. Check the next two boxes and fill in the following for the principal name msstd://abc.lcgtechabc.com where "abc.lcgtechabc.com" is the FQDN from step 1.
F. Check the next two boxes and set authentication type to BASIC.

Note: If you do not INSTALL the cert on the local PC this will never work.

I hope you find this post helpful.

Regards,

Mark

 

[pQi]

thank you for your support.
There is no MX record in our DNS, we are popping our email from mail.lcgohio.com, Now if you do an nslookup this will work: mail.lcgohio.com

So, here is what we currently have setup:

1. mail.lcgohio.com is where we pop our mail; however we have a SBS2003 with exchange running on it using the pop connector.

2. The name of our server is lcgtech-dc1

3. Domain name lcgohio.local

4. Here is what we have registered with our ISP host: lcgtechohio.redirectme.net

5. My Certificate of Authority is setup: lcgohio-dc1.lcgtechohio.redirectme.net this is how I have obtained the certificate like above.

6. I have verified connectivity with rpingC & rpingS

Do you see anything that doesn't make sense in my setup thus far? Please let me know

I will follow your instructions coming tomorrow morning and make any changes necessary.

Your help is very much appreciated!

George

 

[markdmac]

If your ISP has registered your SBS server with host name lcgtechohio.redirectme.net then your certificate needs to have the name lcgtechohio.redirectme.net.



I hope you find this post helpful.

Regards,

Mark

 

[pQi]

Mark,

I am up and running!
Thank you for your patience and continued support on this matter.

George

 

[markdmac]

Glad to be of service.

I hope you find this post helpful.

Regards,

Mark