Beat spammers with anti-spam software for Exchange
Server – GFI MailEssentials. Download FREE
trial
Introduction to Exchange Server 2003 - RPC over HTTP
Replace those VPN internet connections with Microsoft's RPC over HTTP. The idea is for the full Outlook 2003 client to
collect their email from Exchange Server by using just port 443. RPC over HTTP was voted one of the top three reasons to migrate from Exchange Server 2000 to 2003.
Back to basics. RPC means remote procedure call and while this technology has been around a long
time, there is a new twist in Exchange 2003. Let me explain; in this context RPC means that Outlook 2003 can remotely connect to
Exchange and open its mailbox on the server. What's new is the ability to encapsulate these RPC commands in HTTP.
The killer advantage of RPC over HTTP is that you only have to open up port 443 (or 80) on the outer firewall. With earlier versions of Outlook and Exchange you would also need to open port 135 and possibly
port 53. These are two ports that hackers love to attack. To get the best out of this arrangement have an ISA server in the perimeter network, and configure it to connect to a front-end server
inside the second firewall.
What makes RPC over HTTP even more secure, is that by default, Outlook 2003 clients connect to the server using SSL.
Exchange Server 2007 is a complex topic, do you need practical hands on training? As an MCT trainer, I can thoroughly recommend
TrainSignal. In particular, I like the way
that TrainSignal cover all learning methods, instructor lead, video and of course text
material. You can either take one module, for example Exchange 2007 or go for a combination of modules.
Learn more about Microsoft Exchange Server 2007 here
Remember that HTTP over RPC is new, so it's not available in Exchange Server 2000, or Outlook 2000.
Install the RPC over HTTP Proxy Service
I have to say that locating the server setting for RPC over HTTP had me in a spin. Then I remembered how Exchange 2003 relies on Windows 2003. Now it's easy, Add or Remove Programs, Windows
Components, Network Services and add RPC over HTTP Proxy.
Configure Basic Authentication in IIS
Your goal is to configure Basic Authentication. Launch the IIS snap-in. From there expand the ServerName, Default Web Site. The tricky part is right clicking and finding RPC.
Next, select properties make sure Basic Authentication is checked and Anonymous is disabled.
Optionally, you can configure the encryption level. On the Directory Service tab, click edit, secure communications and then require 128 Bit Encryption.
Deploy Front-end server inside the firewalls
Either position a front-end server in the perimeter network and then install the RPC Proxy service; or deploy an ISA server which then connects to the front-end server. (See Diagram above.)
Configuring for non-SSL connections
Your goal is edit the registry on the front-end server and add a DWORD called: AllowAnonymous
Getting Outlook 2003 to work with RPC over HTTP is not a trivial task. So for a large roll-out I suggest investigating the ORK (Office Resource Kit). Which ever method you employ, the steps
are similar, here is my checklist:
The XP clients, repeat XP, needs SP2 or hotfix Q331320
Head for the Control Panel, Mail icon. Create a new email account which uses Microsoft Exchange Server. So far so good.
Now for the first tricky part. Turn OFF Cached Exchange mode - just while you test and get it connected, later you can revert to the cached mode. Type in the username.
Here is the really difficult section. Our task is to find the 'Connect to my Exchange mailbox using HTTP'. Observe the Connection tab, note 4 options, but select the 'Connect to my
Exchange mailbox using HTTP' check box, and then click Exchange Proxy Settings.
This Outlook 2003 client needs the name of the Exchange 2003 server, so in the dialog box called: 'Use this URL to connect to my proxy server for Exchange', type in your server and domain name, for
example https://paris .cp.com (did you use HTTPS?). You should see another box called Connect Using SSL only, check this box and enable SSL.
Outlook 2003 is now ready to connect to Exchange 2003 using RPC over HTTP.
Guy Recommends:
The SolarWinds Exchange Monitor
Here is a
free tool to monitor your Exchange Server. Download and
install the utility, then inspect your mail queues, monitor the Exchange
server's memory, confirm there is enough disk space and check the CPU
utilization. This is the real deal - there is no catch. SolarWinds
provides this fully-functioning product for free, as part of their commitment to
supporting the network management community.
On the Exchange 2003 server, remember to install the RPC over HTTP network service.
Make sure that you have a Server certificate on the Exchange 2003 machine, not just on the domain controller.
If you navigate to the connections menu, but cannot see the 'Connect to my Exchange mailbox using HTTP'. tab, then apply SP2 to your Windows XP machine.
If you have problems connecting to Exchange 2003. From the Outlook 2003 client try: Run outlook rpcdiag.
No wonder RPC over HTTP was voted a top feature of Microsoft Exchange 2003. With RPC over HTTP the clients get simpler connections and less configuration on their XP machines. Meanwhile, the network is
more secure because you have to open fewer ports on the firewall. However, I found configuring RPC over HTTP difficult, my salvation was attention to detail.
Learn how to find settings in the Exchange System Manager. Advice configuring your Exchange Server. Tips on how to get the most from your Exchange 2003 server.
Over 50 printer friendly pages Word and PDF format
