Outlook over http
sfourtine
Server
I've a 1 DC W2k3SRV and 1 exch 2k3 SP1.
Add service Rpc over Http
in registry modify the key
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy\
Key name: ValidPort
ExchangeServer:593; ExchangeServerFQDN:593; ExchangeServer:6001-6002; ExchangeServerFQDN:6001-6002; ExchangeServer:6004; ExchangeServerFQDN:6004
in IIS in site by default, remove anonymous access and modify basic authentification in RPC virtual site
in registry add the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
NSPI interface protocol sequences : ncacn_http:6004
Client
My client XP sp1 up to date and outlook 2003
I applie Ms Kb 331320
Create an new Outlook account add the Exchange Server FQDN as the server name. Mark "Use Cache...."
In connection tab, add the exchange Server FQDN in the URL field.
mark "On fast networks, connect using HTTP first, then TCP/IP and
On slow networks, connect using HTTP first, then connect using TCP/IP"
In proxy authentication settings, use NTLM authentification
The PB i have is that once I be authenticated by the login screen, the same login screen start to loop without stopping so i have to re-do the authentication indefinitly.
Does anyone experienced the same error. I don't think it's a BUG but configuration error.
Thanks in advance
Jamelia
Jamelia
"sfourtine" <sfou...@discussions.microsoft.com> wrote in message news:F27E7DD2-8F00-4BC7...@microsoft.com...
sfourtine
When I setting in Outlook Basic Authentification,the url changes to HTTPS and i want it to authentificate in HTTP.
Do you have other suggestions.
Thanks
Jamelia
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/ex2k3rpc.mspx
Jamelia
"sfourtine" <sfou...@discussions.microsoft.com> wrote in message news:6AAE924C-89E8-4B03...@microsoft.com...
neo [mvp outlook]
anonymous access. Therefore you need to change the configuration in the IIS
snapin and accept the consequences that you are lowering security and
exposing the network to some risk.
Outside of that and since you are running Win2k3 internally, you really
should setup an internal certificate authority if you can't afford to
purchase public certificates. Just remember that if you go this route, all
machines must have a copy of the root certificate installed on them. (The
RPC/HTTP component needs to be able to verify the web server certificate +
every certificate above it to the signing certificate authority.)
"sfourtine" <sfou...@discussions.microsoft.com> wrote in message
news:6AAE924C-89E8-4B03...@microsoft.com...
sfourtine
Thanks in advance.
Matthew Tisdel
MS recommendations for the /RPC virtual directory are for Basic authentication only, no integrated and no anonymous. HTTPS is also required, there is no HTTP for this. Sorry. Setting up certificate services on a server takes less than 10 minutes and it will work fine.
--
Matthew Tisdel
South Carolina
neo [mvp outlook]
for the RPCProxy as well..
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/rpc_over_http_security.asp
should be helpful as to explain what is going on by default when this key is
missing or set to a non-zero value.
"sfourtine" <sfou...@discussions.microsoft.com> wrote in message
news:E3F00399-700F-46C6...@microsoft.com...
sfourtine
The following procedures did not resolve the issue of endless authentification screens. It's not normal that MS cannot produce a functional step-by-step guide for the deployment of Outlook over HTTP. This new feature is well demanded by many clients and till today i did'nt see a working configuration.
Any way thanks for your help. May be it'll be OK with the newt service pack ;-)
Jamelia
my earlier post).It really has some good information on how to configure both the Server and the Client side.
To configure the RPC over HTTP virtual directory
1. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS)
Manager.
2. In Internet Information Services (IIS) Manager, in the console tree, expand the server you want, expand Web Sites, expand
Default Web Site, right-click the RPC virtual directory, and then click Properties.
3. In RPC Virtual Directory Properties page, on the Directory Security tab, in the Authentication and access control pane,
click Edit.
4. On the Authentication Methods window, verify that the check box next to Enable anonymous access is cleared.
Note RPC over HTTP does not allow anonymous access by default despite what the user interface shows.
5. On the Authentication Methods window, under Authenticated access, select the check box next to Basic authentication
(password is sent in clear text), and ensure the check box next to Integrated Windows authentication (NTLM) is checked, and then
click OK.
6. To save your settings, click Apply, and then click OK.
7. Ensure that you have a valid SSL certificate installed on the virtual server
Your RPC virtual directory is now ready to use Basic and NTLM authentication.
Jamelia
"sfourtine" <sfou...@discussions.microsoft.com> wrote in message news:20E98712-9A96-4012...@microsoft.com...
sfourtine
This is exactly what I configured on the Front-end server. And when we test this configuration via the URL https:\\x.y.D.Z\rpc I have the 403.2 error msg.
But via Outlook i still have the same PB.
Jamelia
?
Jamelia
"sfourtine" <sfou...@discussions.microsoft.com> wrote in message news:A50D34AC-B72F-4B1C...@microsoft.com...
sfourtine
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/rpc_over_http_security.asp
Do you have another idea?
Jamelia
Exchange Server 2003SP1 installed on a Member Server.
This is how I got RPC over HTTP(S) to work:
Installed a CA Enterprise on my GC
Installed RCP over HTTP on the Exchange Server
Added a certificate on the Default Web Site with the common name ExchangeserverFQDN
Removed Anonymous Access and added Basic Authentication on the RPC Virtual Directory
In registry on my ExchangeServer I modified the key ValidPort under HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy\ with the
following value
ExchangeserverNetBIOS:593;ExchangeserverFQDN:593;ExchangeserverNetBIOS:6001-6002;ExchangeserverFQDN:6001-6002;ExchangeserverNetBIOS:
6004;ExchangeserverFQDN:6004;GCNetBIOS:593;GCFQDN:593;GCNetBIOS:6004;GCFQDN:6004
In the registry on my GC I added a Multi-String Value with the name "NSPI interface protocol sequences" and value ncacn_http:6004
under the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
For the proxy authentication settings in my Outlook Profile I used Basic Authentication.
You haven't added the settings for your GC in the key validport and that may be the reason for the problems you are having. Hope
this will help.
Jamelia
t...@fitit.be
Since SP1 you don't need to enter the 593 or even the GC at all. The
validports key is entered automatically anyway every 15 minutes.
However, I have another problem.
We migrated from a Windows 2000 - Exchange 2000 FE/BE configuration to
Windows 2003 - Exchange 2003. Went like a charm.
Now we want to use the RPC over HTTP so I made sure we were on
Exchange 2003 SP1 for both machines. I set my BE server to be BE for
RPC over HTTP. I set my FE server to be FE for RPC over HTTP.
My OWA is working normally. Certificate is ok.
* https://publicname/rpc is returning the expected result.
* rpcping to the RPC Proxy server (with the -E switch) returns 200
(OK)
* rpcping to the BE server (ex. with -e 6001) returns nothing. It is
just waiting. Which is the same we experience when trying to connect
through outlook. In the connections status windows the status remains
on 'connecting' but nothing happens.
* netstat -a on the BE server shows ports 6001, 6002 and 6004
listening.
* The FE is located in the DMZ but the FW shows no dropped packets.
* Before migrating our production systems, I did setup a test
environment, where I went through the complete migration +
configuration of RPC/HTTPs, without having encountered this problem.
Is there anyway to further troubleshoot this problem ?
Any help would be greatly appreciated.
Toon.
"Jamelia" <Jam...@discussions.microsoft.com> wrote in message news:<eVoua4Z...@tk2msftngp13.phx.gbl>...