| Have your Exchange server installed, maintained or upgraded by Amset IT Solutions. Exchange 2000, 2003, 2003 SBS, 2007 More Information (UK only) |
Broadband - Exchange
Login Scripts - Net Admin
Outlook - Windows Mobile
Windows
Exchange and a
Dynamic IP Address
Global Mailbox Folder
Permissions from Server
Internal Email Address
for External People
Options when a Staff Member
Leaves
Prerequisites for Exchange
System Tools
Switching From POP3
to SMTP Delivery
| ||||||||||||
Author: Simon Butler, Exchange MVP, MCSE
Last Page Review: 02/05/2008
RPC over HTTPS Section Home Page
This page outlines some of the information you need for RPC/HTTPS and some tips on what you can do to ensure that it is a success.
System Requirements
Domain Requirements
At least one Windows 2003 Global Catalog Domain Controller.
This feature does not work with Windows 2000 domain controllers.
Server Requirements
- Windows 2003 Server
- Exchange 2003 Server
- or Small Business Server 2003 with Exchange 2003 installed.
- Commercial SSL Certificate (get a trial SSL from RapidSSL or a cheap certificate from GoDaddy )
Client Requirements
- Outlook 2003
- Windows XP Service Pack 2 or higher (it is possible to use it with Windows XP SP1, with a hotfix, but you should have upgraded to Service Pack 2 by now)
- If you are using a home generated certificated (not recommended), then install the Certificate on your test machine.
Take your time...
When trying to get this feature operating do not attempt to rush too far ahead too quickly.
Test the web site first to ensure that you aren't getting any certificate errors.
Then test the client on the local area network. Only once you are sure that you getting https connections, can you think about using the facility from an external connection.
Certificates
Always use a commercial certificate - trying to use a self generated certificate will cause any number of problems which make it harder to troubleshoot. RapidSSL offer a free Trial certificates valid for 30 days, which is quick and easy to install. You could also purchase a cheap certificate from GoDaddy.
If you are using the default web site for both RPC and OWA, then the same certificate will protect both.
Using a real certificate provides two benefits.
- It is trusted by the web browser without having to install anything. This stops the prompt about trusting the certificate from appearing. You should attempt to get rid of that message from being seen by the users wherever possible. If users get used to accepting "OK" on your site, then they may do the same thing on other sites, sites that are impersonating legitimate sites. As network administrators we are responsible for some of the user education, and the message should be consistent - no exceptions.
- For RPC/HTTPS to work correctly, you cannot have the trust message prompt as you do not see it and Outlook cannot manage that prompt - so the process will fail and attempt to use TCP/IP connections.
Certificate Name Choice
When you are setting up the URL and naming convention for the certificate, use a generic name instead of the actual name of the server. Instead of "server1.domain.com" use "mail.domain.com".
In the event that you upgrade your Exchange server to a new machine, which has a new name, Outlook will redirect automatically to the new server. However the RPC over HTTPS configuration will NOT automatically update. By using a generic name you can simply move the certificate to the new machine and adjust the DNS.
Use Split DNS
If you decide to implement this technology then you should use a split DNS system. This will ensure that the name resolves correctly both internally and externally. The primary reason for this is to allow the users to use RPC/HTTPS both inside and outside the network without having to make changes. More Information on Split DNS
Configure Outlook to use RPC/HTTPS for both slow and fast connections
There is an option in the RPC/HTTPS configuration to use TCP/IP on fast connections, which sounds ideal for allowing direct connection when on the LAN and using RPC/HTTPS when away from the office. In our experience it is easily confused when the machine is connected to another network - which could be another corporate network or even a home network. Enable both options and this isn't an issue. You just need to make sure that the same name that works externally also works internally.
Configure Dumpster Always On All for all Users
If you use recover deleted items for Outlook users, you should be aware that it does not work for folders other than Deleted Items unless you have made the dumpster always on change first. This change is discussed in this kb article:http://support.microsoft.com/default.aspx?kbid=886205 and the registry key is available for easy import from our recover deleted items web page here.
02/05/2008
Back to the Top
Contact Us - Advertise on amset.info
Exchange Index - Home Page
Broadband - Exchange - Login Scripts - Network Admin - Outlook - Windows Mobile - Windows
© Amset IT Solutions Ltd. 1998 - 2008. All rights reserved. Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned on this site. This site is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.