RPC Over HTTP Reloaded

Readers ask for a good resource on configuring this useful but confusing feature of Exchange 2003.

I get a basketful of questions every week but, recently, many have been questions concern problems with configuring the new RPC over HTTP feature in Exchange Server 2003. In case you aren't familiar with what I'm talking about, Outlook 2003 users can establish a secure connection to their Exchange mailbox servers through an RPC over HTTP proxy server without the need for a separate VPN. Just launch Outlook from a mobile hotspot in an airport and start reading your e-mail. It's very cool technology—when it works. Getting it to work, though, can be a little frustrating.

Exchange Server 2003 Service Pack 1 simplifies the setup a little by eliminating the tedious entry of Registry entries. SP1 also eliminates the need to run the RPC over HTTP Proxy service on your Global Catalog servers. Even with these changes, setting up a production environment in support of RPC over HTTP can be quite an exercise. For example, the improvements in SP1 assume that you have a distributed architecture—that is, a front-end RPC over HTTP proxy server and one or more back-end mailbox servers. If you have never worked with a distributed Exchange architecture, you can get snarled up in conflicting information from Microsoft about the requirements for configuring a front-end server.

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Also, RPC over HTTP as implemented by Exchange 2003 requires an SSL connection between Outlook clients and the front-end server. (For this reason, many consultants and some Microsoft product managers refer to the feature as RPC over HTTPS.) The name formats used in the SSL certificate at the proxy server can cause configuration errors if you aren't careful about entering the information into Outlook.

Finally, production deployments of RPC over HTTP commonly incorporate an application firewall such as Microsoft's ISA Server in the DMZ to ferry connections to and from the front-end proxy server, which resides in the private network. This introduces a whole new layer of complexity to what is already a fairly mind-numbing operation. But it doesn't do much good to try to jump into a complex firewalled deployment of RPC over HTTP until you're sure that you can get a simple connection to work.

I've put together a document that describes how to set up a lab configuration, which demonstrates how the various moving parts in RPC over HTTP fit together while taking advantage of the SP1 improvements. The major configuration topics are:

  • Installing RPC over HTTP on the front-end server
  • Front-end and back-end server selection in ESM
  • Configuring SSL and authentication on the front-end proxy server
  • Configuring Outlook 2003 and verifying proper connections

Download the 498KB document in Adobe .PDF format by clicking here. (Download problems? E-mail Editor Michael Domingo at mdomingo@101com.com to get your copy via e-mail.) Feel free to e-mail me at boswell@101com.com if you have problems getting the features to work. I'll include additional information in upcoming columns based on your feedback.

About the Author

Contributing Editor Bill Boswell, MCSE, is the principal of Bill Boswell Consulting, Inc. He's the author of Inside Windows Server 2003 and Learning Exchange Server 2003 both from Addison Wesley. Bill is also Redmond magazine's "Windows Insider" columnist and a speaker at MCP Magazine's TechMentor Conferences.

comments powered by Disqus

Reader Comments:

Tue, Aug 8, 2006 Brandon Orlando

Sorry I got back into RPC over HTTPs for another company and ran across this article again and saw that someone had asked me what I meant when I said that you don't need a Front End Server. Here is my explanation: For a long time we tried to get it to work in a 2 node MSCS cluster and Microsoft said we must have a front end server because of the way the dll is handled. So, I said ok I'll go ahead and set that up. I did this and notice that there is a button that tells the server that it is a front end RPC server. I realized quickly what this button did because I had been messing around with the RPCProxy registry settings for quite some time. It automatically setup the settings in here...which made me think I wonder if I turned off exchange to see if it would still pass traffic since it was a registry setting. Of course it worked. So, I contacted Microsoft and got an answer of -- well you could do that but it's not "managed". Well if they count a button being management, I'll save my $3000 and put the registry key in myself! So, that my fellow techies is how you save yourself the extra Exchange license.

Fri, Jan 13, 2006 Chris Geegan Houston, TX

I went through countless articles and conflicting instructions on how to do this. Must have tried twenty different approaches. This answered the little questions that were never covered anywhere else. I'm looking for Bill's articles first for any other issue I have.

Wed, Nov 2, 2005 Anonymous Maastricht Netherlands

After 1,5 days work this article finaly had the correct answer in this fuzzy RPC over HTTP bussiness

Sun, Sep 11, 2005 Adrian Houston, TX

Awesome document. I spent hours researching why my setup was not working - I wish I had seen this first!

Tue, Jun 14, 2005 Roy Anonymous

Great, article, very well-written. I was curious about the last comment above from Brandon that claims that there is no need for Exchange on the front-end server. We have two Win 2003 SBS servers on our network, with one of them running Exchange 2003 SP1. I'd like to set up the proxy service on the server that does not have Exchange 2003 for obvious reasons, however I don't see any way to install RPC using System Manager on this server (the RPC tab does not display on the non-Exchange server). Brandon, please let me know if there's something I'm missing (rabitbol@agsi.com). Thanks!

Roy

Mon, Apr 11, 2005 Brandon Orlando, FL

I wanted to put it out there on the web that Exchange 2003 RPC over HTTPs on a cluster will not work without a Front-End/Back-end configuration. We spent a weekend to finally have Microsoft tell us that it doesn't work because of the way that the .dll is handled. Also, there is no need for Exchange on the front end server (unless you want to waste a couple thousand dollars).

Had a couple of courses with you at TechMentor last week Bill, abundant amount of information that is in that head of yours!

Great article by the way.

Fri, Dec 10, 2004 David Sipp Plano, TX

The best step by step guide I came accross. Was up and running shortly after this article was found. Thanks Bill!

Fri, Sep 17, 2004 Anonymous Anonymous

Indead a very good paper, very important to identify the diferences between configuration with and without sp1

Fri, Aug 6, 2004 Anonymous Anonymous

good

Wed, Aug 4, 2004 Anonymous Anonymous

Well-written and complete.

Wed, Aug 4, 2004 Anonymous Anonymous

Great Article. A sigle server how to setup
for RPC-HTTP would be great as well.

Wed, Aug 4, 2004 Anonymous Anonymous

Fantastic!!!

Tue, Aug 3, 2004 Gill S'Pore

I had set-up a few RPC-HTTP configurations. Sometimes they work and sometimes they fail. Finally , your article provides a great check list on the do and dont's. Like Bon Marsh, a single server setup how-to would be great. Anyway, Bob, if you have a ISA in-front of your Ex2K3, then the ISA could be your RPC-HTTP proxy front-end while you still run a single server Ex2K3.

Tue, Aug 3, 2004 Anonymous Anonymous

Need more Articles like this in other fuzzy areas.

Tue, Aug 3, 2004 bob marsh Barton Healthcare System, south lake tahoe, ca

Great article, please address a single server setup (no front-back end server) and how to use OWA 2003 using RPC over HTTP (is it possible?).

thanks again,

bob

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.