Introduction to Exchange Server 2003 – RPC over HTTP
Replace those VPN internet connections with Microsoft’s RPC over HTTP. The idea is for the full Outlook 2003 client to collect their email from Exchange Server by using just port 443. RPC over HTTP was voted one of the top three reasons to migrate from Exchange Server 2000 to 2003.
Topics for Exchange Server – RPC over HTTP
- Principles of RPC over HTTP
- Exchange 2003 Configuration for RPC over HTTP
- Configuring Outlook 2003 for RPC over HTTP
Back to basics. RPC means remote procedure call and while this technology has been around a long time, there is a new twist in Exchange 2003. Let me explain; in this context RPC means that Outlook 2003 can remotely connect to Exchange and open its mailbox on the server. What’s new is the ability to encapsulate these RPC commands in HTTP.
The killer advantage of RPC over HTTP is that you only have to open up port 443 (or 80) on the outer firewall. With earlier versions of Outlook and Exchange you would also need to open port 135 and possibly port 53. These are two ports that hackers love to attack. To get the best out of this arrangement have an ISA server in the perimeter network, and configure it to connect to a front-end server inside the second firewall.
What makes RPC over HTTP even more secure, is that by default, Outlook 2003 clients connect to the server using SSL.
The best feature of this new this new version of SolarWinds VM Monitor is that it checks Windows Hyper-V. Naturally, it still works with virtual machines on VMware ESX Servers. VM Monitor is a clever desktop tool that not only tests that your server is online, but also displays the CPU and memory utilization for each node.
It’s easy to install and to configure this virtual machine monitor, all you need the host server’s IP address or hostname and the logon info. Give this virtual machine monitor a try – it’s free.
Remember that HTTP over RPC is new, so it’s not available in Exchange Server 2000, or Outlook 2000.
Install the RPC over HTTP Proxy Service
I have to say that locating the server setting for RPC over HTTP had me in a spin. Then I remembered how Exchange 2003 relies on Windows 2003. Now it’s easy, Add or Remove Programs, Windows Components, Network Services and add RPC over HTTP Proxy.
Configure Basic Authentication in IIS
Your goal is to configure Basic Authentication. Launch the IIS snap-in. From there expand the ServerName, Default Web Site. The tricky part is right-clicking and finding RPC. Next, select properties make sure Basic Authentication is checked and Anonymous is disabled.
Optionally, you can configure the encryption level. On the Directory Service tab, click edit, secure communications and then require 128 Bit Encryption.
Deploy Front-end server inside the firewalls
Either position a front-end server in the perimeter network and then install the RPC Proxy service; or deploy an ISA server which then connects to the front-end server. (See Diagram above.)
Configuring for non-SSL connections
Your goal is edit the registry on the front-end server and add a DWORD called: AllowAnonymous
Launch Regedit, Navigate to this registry key:
Add a new REG_DWORD called: AllowAnonymous
Set the value = 1 (Meaning Enabled)
Here is a free tool to monitor your Exchange Server. Download and install the utility, then inspect your mail queues, monitor the Exchange server’s memory, confirm there is enough disk space and check the CPU utilization.
This is the real deal – there is no catch. SolarWinds provides this fully-functioning freebie, as part of their commitment to supporting the network management community.
Getting Outlook 2003 to work with RPC over HTTP is not a trivial task. So for a large roll-out I suggest investigating the ORK (Office Resource Kit). Which ever method you employ, the steps are similar, here is my checklist:
- The XP clients, repeat XP, needs SP2 or hotfix Q331320
- Head for the Control Panel, Mail icon. Create a new email account which uses Microsoft Exchange Server. So far so good.
- Now for the first tricky part. Turn OFF Cached Exchange mode – just while you test and get it connected, later you can revert to the cached mode. Type in the username.
- Here is the really difficult section. Our task is to find the ‘Connect to my Exchange mailbox using HTTP’. Observe the Connection tab, note 4 options, but select the ‘Connect to my Exchange mailbox using HTTP’ check box, and then click Exchange Proxy Settings.
- This Outlook 2003 client needs the name of the Exchange 2003 server, so in the dialog box called: ‘Use this URL to connect to my proxy server for Exchange’, type in your server and domain name, for example https://paris .cp.com (did you use HTTPS?). You should see another box called Connect Using SSL only, check this box and enable SSL.
- Outlook 2003 is now ready to connect to Exchange 2003 using RPC over HTTP.
TroubleshootingRPC over HTTP
On the Exchange 2003 server, remember to install the RPC over HTTP network service.
Make sure that you have a Server certificate on the Exchange 2003 machine, not just on the domain controller.
If you navigate to the connections menu, but cannot see the ‘Connect to my Exchange mailbox using HTTP’. tab, then apply SP2 to your Windows XP machine.
If you have problems connecting to Exchange 2003. From the Outlook 2003 client try: Run outlook rpcdiag.
Guy Recommends SolarWinds’ Free Network Monitor
Thus utility makes it easy to check the health of a router or firewall. Check the real-time performance, and availability statistics, for any device on your network. Get started with an extensive collection of "out-of-the-box" monitors for popular network devices. Give Network Monitor a whirl – it’s free. Download your free Network Device Monitor
If you need more comprehensive network analysis software:
Download a free trial of NPM (Network Performance Monitor)
Summaryof RPC over HTTPin Microsoft Exchange
No wonder RPC over HTTP was voted a top feature of Microsoft Exchange 2003. With RPC over HTTP the clients get simpler connections and less configuration on their XP machines. Meanwhile, the network is more secure because you have to open fewer ports on the firewall. However, I found configuring RPC over HTTP difficult, my salvation was attention to detail.
If you like this page then please share it with your friends