| Have your Exchange server installed, maintained or upgraded by Amset IT Solutions. Exchange 2000, 2003, 2003 SBS, 2007 More Information (UK only) |
Broadband - Exchange
Login Scripts - Net Admin
Outlook - Windows Mobile
Windows
Exchange and a
Dynamic IP Address
Global Mailbox Folder
Permissions from Server
Internal Email Address
for External People
Options when a Staff Member
Leaves
Prerequisites for Exchange
System Tools
Switching From POP3
to SMTP Delivery
| ||||||||||||
Author: Simon Butler, Exchange MVP, MCSE
Last Page Review: 02/05/2008
RPC over HTTPS Section Home Page
There have been lots of articles written about how to setup RPC/HTTPS on the server side. The settings and information on this page have been taken from a working implementation, and then tested on other installs.
- If you are using Exchange 2003 SP1 then you may not need the settings on this page.
- If you are using a front-end/back-end scenario (at least two Exchange servers), then you do not need these settings, unless you are having problems with the GUI.
If you have tried to use the GUI interface then you need to change it back to "Not Part of an Exchange Managed RPC-HTTP Topology" and then use the registry keys.
Remember: GUI or Registry - not both. - If you are using a single Exchange server then you need to make a setting change in the GUI and then make registry changes as well.
Server Requirements
- Windows 2003 Server
- Exchange 2003 Server or Small Business Server 2003 with Exchange 2003 installed.
- SSL Certificate (get a trial SSL from RapidSSL or a cheap certificate from GoDaddy )
These instructions are NOT required for Exchange 2007.
Required Components Setup
Install the "RPC over HTTP Proxy" on the server that is hosting the public facing web site. If this is a front-end/back-end then it is the front-end server. If if it a single server, then it will be the Exchange server.
You will find RPC Proxy in Add/remove Programs --> Add/Remove Windows Components --> Networking Services
You do NOT install this component on your domain controllers unless you are in a single server environment.
GUI Settings
Exchange Server Service Pack 1 introduced a new setting in Exchange System Manager (ESM) for configuring RPC/HTTP. A setting needs to be made, in all circumstances.
You can find the required GUI setting in "Administrative Groups, <your admin group>, Servers. Right click on your server and choose Properties.
- Single Server: You can either leave the GUI as it is "Not part of an Exchange managed topology" or set the GUI to Back-end Server. It doesn't seem to make a difference. With the latter, you will get one, maybe two error messages. Both of these should be acknowledged.
- Front-end / Back-end scenario: Adjust the GUI as required.
- For troubleshooting or configuring Front-end / Back-end scenario manually: Set the GUI to "Not part of an Exchange Managed RPC-HTTP topology"
Registry Changes
Two sets of registry changes are required and it is these settings that have caused most of the problems. While Microsoft aren't recommending all of these changes, they have come from a live working machine.
Usual registry disclaimer and warnings apply - Amset IT Solutions Ltd cannot be held responsible for any damage caused to your machine by a registry change outlined below. Always ensure that your registry is backed up before commencing any modifications.
The list of entries will be in one single line when entered in to the registry with no spaces, however they are here on separate lines for easy reading.
Domain Controller Registry Changes - All Scenarios
The domain controller needs to be a Global Catalog Server, but only requires one entry.
If this is a single server (Exchange and DC on the same machine - for example an SBS 2003) then you make this change on the same machine.
Copy and paste the following text in to notepad and save it as rpc-http-dc.reg, changing the file type to All Types so that it is saved as a registry file. Then double click on it to install.
That key is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Type REG_MULTI_SZ
Name: NSPI Interface protocol sequences
Value: ncacn_http:6004
You shouldn't have to reboot, but if the settings don't appear to work in initial testing, then you should reboot to ensure the settings have taken correctly.
Exchange Server Registry Changes
All the changes below are made in the same place, just pick the scenario that matches your environment, then replace the sample entries with the actual names of your environment.
Using the Samples
- Copy the sample in to notepad and then use "Replace" to replace the information.
- Remove Word wrap option (on the format menu).
- Set the cursor to to the top of the text, press "End" on your keyboard and then delete. Do not press any other keys. Then repeat (end and then delete). This will put all of the text on to one line. No spaces between the entries.
- Save the file as rpc-http-server.reg, changing the "File Type" to "All Types" so that the file is saved as a registry key
- Double click on the file to install.
Registry Location
For reference, the location in the registry where these entries are going is:
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy
Key:ValidPorts
NOTE: These are example registry entries, you need to adjust them to fit your particular domain, server name and FQDN - as per the notes beside each entry.
If you find that you already have an entry for 100-5000 then leave that in place.
Single Server Configuration
Exchange Server is also the domain controller
(Small Business Server fits in to this category)
Key:
server = domain controller/exchange server
domain.local = internal domain name
mail.external.com - external domain name - as per certificate and name configured in Outlook that the clients use for connection. If you are using the same domain name internally and externally, then change "domain.local" to match your domain.
(remember: single line before saving as a registry file)
Separate Exchange and Domain Controller Configuration
Where Exchange is on a member server - not the same server as the domain controller and NOT a front-end/back-end configuration.
Key:
exchange-server = Exchange Server
dc = Domain Controller with Global Catalog
domain.local = Internal domain name
mail.external.com = External certificate/domain name
(remember: single line before saving as a registry file)
Front-End / Back-end Server Configuration
Where there are two Exchange servers and a separate domain controller.
Key:
server-fe = Front-end Exchange Server
server-be = Back-end Exchange Server
server-dc = Domain Controller with Global Catalog
domain.local = Internal domain name
mail.external.com = External certificate/domain name
(remember: single line before saving as a registry file)
Questions
Q: We use a different domain name for external users than we do internally. This means that it only works outside of the network. How can we enable the service for staff on the network as well, so that they don't have to change their settings?
A: You need to make your internal DNS servers accept requests for your external domain name. This is known as "Split DNS". Setup a new zone for the domain name and then enter internal addresses for hosts. If you need to access a resource that is outside your network ( a web site for example) then enter the external IP address instead. More information.
Q: I have multiple domain controllers. Can I use more than one in the registry settings?
A: Yes you can use more than one domain controller. Make sure that the other domain controllers are global catalog domain controllers and are Windows 2003.
However before duplicating things, getting it working with a single domain controller. When you know it is working, switch the domain controller listed to your other domain controller. Repeat for any others. Once you have tested all domain controllers independently, combine the entries. For example:
More on RPC over HTTP: Client Setup - Client Diagnostics - Tips on Successful Implementation
02/05/2008
Back to the Top
Contact Us - Advertise on amset.info
Exchange Index - Home Page
Broadband - Exchange - Login Scripts - Network Admin - Outlook - Windows Mobile - Windows
© Amset IT Solutions Ltd. 1998 - 2008. All rights reserved. Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned on this site. This site is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.